Java加密技术(十)——单向认证

Posted on

Java加密技术(十)——单向认证

在**[Java 加密技术(九)](http://snowolf.iteye.com/blog/397693)**中,我们使用自签名证书完成了认证。接下来,我们使用第三方CA签名机构完成证书签名。
这里我们使用[thawte](https://www.thawte.com/)提供的测试用21天免费ca证书。
1.要在该网站上注明你的域名,这里使用**www.zlex.org**作为测试用域名(请勿使用该域名作为你的域名地址,该域名受法律保护!请使用其他非注册域名!)。
2.如果域名有效,你会收到邮件要求你访问[https://www.thawte.com/cgi/server/try.exe](https://www.thawte.com/cgi/server/try.exe)获得ca证书。
3.复述密钥库的创建。

Shell代码 复制代码 收藏代码

  1. keytool -genkey -validity 36000 -alias www.zlex.org -keyalg RSA -keystore d:\zlex.keystore
    keytool -genkey -validity 36000 -alias www.zlex.org -keyalg RSA -keystore d:\zlex.keystore 在这里我使用的密码为 123456 控制台输出: Console代码 复制代码 收藏代码

  2. 输入keystore密码:

  3. 再次输入新密码:
  4. 您的名字与姓氏是什么?
  5. [Unknown]: www.zlex.org
  6. 您的组织单位名称是什么?
  7. [Unknown]: zlex
  8. 您的组织名称是什么?
  9. [Unknown]: zlex
  10. 您所在的城市或区域名称是什么?
  11. [Unknown]: BJ
  12. 您所在的州或省份名称是什么?
  13. [Unknown]: BJ
  14. 该单位的两字母国家代码是什么
  15. [Unknown]: CN
  16. CN=www.zlex.org, OU=zlex, O=zlex, L=BJ, ST=BJ, C=CN 正确吗?
  17. [否]: Y
  19. 输入的主密码
  20. (如果和 keystore 密码相同,按回车):
  21. 再次输入新密码:

输入keystore密码:

再次输入新密码: 您的名字与姓氏是什么?

[Unknown]: www.zlex.org 您的组织单位名称是什么?

[Unknown]: zlex 您的组织名称是什么?

[Unknown]: zlex 您所在的城市或区域名称是什么?

[Unknown]: BJ 您所在的州或省份名称是什么?

[Unknown]: BJ 该单位的两字母国家代码是什么

[Unknown]: CN CN=www.zlex.org, OU=zlex, O=zlex, L=BJ, ST=BJ, C=CN 正确吗?

[否]: Y

输入的主密码 (如果和 keystore 密码相同,按回车):

再次输入新密码:

4.通过如下命令,从zlex.keystore中导出CA证书申请。

Shell代码 复制代码 收藏代码

  1. keytool -certreq -alias www.zlex.org -file d:\zlex.csr -keystore d:\zlex.keystore -v
    keytool -certreq -alias www.zlex.org -file d:\zlex.csr -keystore d:\zlex.keystore -v你会获得zlex.csr文件,可以用记事本打开,内容如下格式:

Text代码 复制代码 收藏代码

  1. -----BEGIN NEW CERTIFICATE REQUEST-----
  2. MIIBnDCCAQUCAQAwXDELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAkJKMQswCQYDVQQHEwJCSjENMAsG
  3. A1UEChMEemxleDENMAsGA1UECxMEemxleDEVMBMGA1UEAxMMd3d3LnpsZXgub3JnMIGfMA0GCSqG
  4. SIb3DQEBAQUAA4GNADCBiQKBgQCR6DXU9Mp+mCKO7cv9JPsj0n1Ec/GpM09qvhpgX3FNad/ZWSDc
  5. vU77YXZSoF9hQp3w1LC+eeKgd2MlVpXTvbVwBNVd2HiQPp37ic6BUUjSaX8LHtCl7l0BIEye9qQ2
  6. j8G0kak7e8ZA0s7nb3Ymq/K8BV7v0MQIdhIc1bifK9ZDewIDAQABoAAwDQYJKoZIhvcNAQEFBQAD
  7. gYEAMA1r2fbZPtNx37U9TRwadCH2TZZecwKJS/hskNm6ryPKIAp9APWwAyj8WJHRBz5SpZM4zmYO
  8. oMCI8BcnY2A4JP+R7/SwXTdH/xcg7NVghd9A2SCgqMpF7KMfc5dE3iygdiPu+UhY200Dvpjx8gmJ
  9. 1UbH3+nqMUyCrZgURFslOUY=
  10. -----END NEW CERTIFICATE REQUEST-----
    -----BEGIN NEW CERTIFICATE REQUEST-----

MIIBnDCCAQUCAQAwXDELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAkJKMQswCQYDVQQHEwJCSjENMAsG A1UEChMEemxleDENMAsGA1UECxMEemxleDEVMBMGA1UEAxMMd3d3LnpsZXgub3JnMIGfMA0GCSqG

SIb3DQEBAQUAA4GNADCBiQKBgQCR6DXU9Mp+mCKO7cv9JPsj0n1Ec/GpM09qvhpgX3FNad/ZWSDc vU77YXZSoF9hQp3w1LC+eeKgd2MlVpXTvbVwBNVd2HiQPp37ic6BUUjSaX8LHtCl7l0BIEye9qQ2

j8G0kak7e8ZA0s7nb3Ymq/K8BV7v0MQIdhIc1bifK9ZDewIDAQABoAAwDQYJKoZIhvcNAQEFBQAD gYEAMA1r2fbZPtNx37U9TRwadCH2TZZecwKJS/hskNm6ryPKIAp9APWwAyj8WJHRBz5SpZM4zmYO

oMCI8BcnY2A4JP+R7/SwXTdH/xcg7NVghd9A2SCgqMpF7KMfc5dE3iygdiPu+UhY200Dvpjx8gmJ 1UbH3+nqMUyCrZgURFslOUY=

-----END NEW CERTIFICATE REQUEST----- 5.将上述文件内容拷贝到https://www.thawte.com/cgi/server/try.exe中,点击next,获得回应内容,这里是p7b格式。 内容如下:

Text代码 复制代码 收藏代码

  1. -----BEGIN PKCS7-----
  2. MIIF3AYJKoZIhvcNAQcCoIIFzTCCBckCAQExADALBgkqhkiG9w0BBwGgggWxMIID
  3. EDCCAnmgAwIBAgIQA/mx/pKoaB+KGX2hveFU9zANBgkqhkiG9w0BAQUFADCBhzEL
  4. MAkGA1UEBhMCWkExIjAgBgNVBAgTGUZPUiBURVNUSU5HIFBVUlBPU0VTIE9OTFkx
  5. HTAbBgNVBAoTFFRoYXd0ZSBDZXJ0aWZpY2F0aW9uMRcwFQYDVQQLEw5URVNUIFRF
  6. U1QgVEVTVDEcMBoGA1UEAxMTVGhhd3RlIFRlc3QgQ0EgUm9vdDAeFw0wOTA1Mjgw
  7. MDIxMzlaFw0wOTA2MTgwMDIxMzlaMFwxCzAJBgNVBAYTAkNOMQswCQYDVQQIEwJC
  8. SjELMAkGA1UEBxMCQkoxDTALBgNVBAoTBHpsZXgxDTALBgNVBAsTBHpsZXgxFTAT
  9. BgNVBAMTDHd3dy56bGV4Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
  10. keg11PTKfpgiju3L/ST7I9J9RHPxqTNPar4aYF9xTWnf2Vkg3L1O+2F2UqBfYUKd
  11. 8NSwvnnioHdjJVaV0721cATVXdh4kD6d+4nOgVFI0ml/Cx7Qpe5dASBMnvakNo/B
  12. tJGpO3vGQNLO5292JqvyvAVe79DECHYSHNW4nyvWQ3sCAwEAAaOBpjCBozAMBgNV
  13. HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBABgNVHR8E
  14. OTA3MDWgM6Axhi9odHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNl
  15. cnZlckNBLmNybDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9v
  16. Y3NwLnRoYXd0ZS5jb20wDQYJKoZIhvcNAQEFBQADgYEATPuxZbtJJSPmXvfrr1yz
  17. xqM06IwTZ6UU0lZRG7I0WufMjNMKdpn8hklUhE17mxAhGSpewLVVeLR7uzBLFkuC
  18. X7wMXxhoYdJZtNai72izU6Rd1oknao7diahvRxPK4IuQ7y2oZ511/4T4vgY6iRAj
  19. q4q76HhPJrVRL/sduaiu+gYwggKZMIICAqADAgECAgEAMA0GCSqGSIb3DQEBBAUA
  20. MIGHMQswCQYDVQQGEwJaQTEiMCAGA1UECBMZRk9SIFRFU1RJTkcgUFVSUE9TRVMg
  21. T05MWTEdMBsGA1UEChMUVGhhd3RlIENlcnRpZmljYXRpb24xFzAVBgNVBAsTDlRF
  22. U1QgVEVTVCBURVNUMRwwGgYDVQQDExNUaGF3dGUgVGVzdCBDQSBSb290MB4XDTk2
  23. MDgwMTAwMDAwMFoXDTIwMTIzMTIxNTk1OVowgYcxCzAJBgNVBAYTAlpBMSIwIAYD
  24. VQQIExlGT1IgVEVTVElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQKExRUaGF3dGUg
  25. Q2VydGlmaWNhdGlvbjEXMBUGA1UECxMOVEVTVCBURVNUIFRFU1QxHDAaBgNVBAMT
  26. E1RoYXd0ZSBUZXN0IENBIFJvb3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
  27. ALV9kG+Os6x/DOhm+tKUQfzVMWGhE95sFmEtkMMTX2Zi4n6i6BvzoReJ5njzt1LF
  28. cqu4EUk9Ji20egKKfmqRzmQFLP7+1niSdfJEUE7cKY40QoI99270PTrLjJeaMcCl
  29. +AYl+kD+RL5BtuKKU3PurYcsCsre6aTvjMcqpTJOGeSPAgMBAAGjEzARMA8GA1Ud
  30. EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAgozj7BkD9O8si2V0v+EZ/t7E
  31. fz/LC8y6mD7IBUziHy5/53ymGAGLtyhXHvX+UIE6UWbHro3IqVkrmY5uC93Z2Wew
  32. A/6edK3KFUcUikrLeewM7gmqsiASEKx2mKRKlu12jXyNS5tXrPWRDvUKtFC1uL9a
  33. 12rFAQS2BkIk7aU+ghYxAA==
  34. -----END PKCS7-----
    -----BEGIN PKCS7-----

MIIF3AYJKoZIhvcNAQcCoIIFzTCCBckCAQExADALBgkqhkiG9w0BBwGgggWxMIID EDCCAnmgAwIBAgIQA/mx/pKoaB+KGX2hveFU9zANBgkqhkiG9w0BAQUFADCBhzEL

MAkGA1UEBhMCWkExIjAgBgNVBAgTGUZPUiBURVNUSU5HIFBVUlBPU0VTIE9OTFkx HTAbBgNVBAoTFFRoYXd0ZSBDZXJ0aWZpY2F0aW9uMRcwFQYDVQQLEw5URVNUIFRF

U1QgVEVTVDEcMBoGA1UEAxMTVGhhd3RlIFRlc3QgQ0EgUm9vdDAeFw0wOTA1Mjgw MDIxMzlaFw0wOTA2MTgwMDIxMzlaMFwxCzAJBgNVBAYTAkNOMQswCQYDVQQIEwJC

SjELMAkGA1UEBxMCQkoxDTALBgNVBAoTBHpsZXgxDTALBgNVBAsTBHpsZXgxFTAT BgNVBAMTDHd3dy56bGV4Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA

keg11PTKfpgiju3L/ST7I9J9RHPxqTNPar4aYF9xTWnf2Vkg3L1O+2F2UqBfYUKd 8NSwvnnioHdjJVaV0721cATVXdh4kD6d+4nOgVFI0ml/Cx7Qpe5dASBMnvakNo/B

tJGpO3vGQNLO5292JqvyvAVe79DECHYSHNW4nyvWQ3sCAwEAAaOBpjCBozAMBgNV HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBABgNVHR8E

OTA3MDWgM6Axhi9odHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNl cnZlckNBLmNybDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9v

Y3NwLnRoYXd0ZS5jb20wDQYJKoZIhvcNAQEFBQADgYEATPuxZbtJJSPmXvfrr1yz xqM06IwTZ6UU0lZRG7I0WufMjNMKdpn8hklUhE17mxAhGSpewLVVeLR7uzBLFkuC

X7wMXxhoYdJZtNai72izU6Rd1oknao7diahvRxPK4IuQ7y2oZ511/4T4vgY6iRAj q4q76HhPJrVRL/sduaiu+gYwggKZMIICAqADAgECAgEAMA0GCSqGSIb3DQEBBAUA

MIGHMQswCQYDVQQGEwJaQTEiMCAGA1UECBMZRk9SIFRFU1RJTkcgUFVSUE9TRVMg T05MWTEdMBsGA1UEChMUVGhhd3RlIENlcnRpZmljYXRpb24xFzAVBgNVBAsTDlRF

U1QgVEVTVCBURVNUMRwwGgYDVQQDExNUaGF3dGUgVGVzdCBDQSBSb290MB4XDTk2 MDgwMTAwMDAwMFoXDTIwMTIzMTIxNTk1OVowgYcxCzAJBgNVBAYTAlpBMSIwIAYD

VQQIExlGT1IgVEVTVElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQKExRUaGF3dGUg Q2VydGlmaWNhdGlvbjEXMBUGA1UECxMOVEVTVCBURVNUIFRFU1QxHDAaBgNVBAMT

E1RoYXd0ZSBUZXN0IENBIFJvb3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB ALV9kG+Os6x/DOhm+tKUQfzVMWGhE95sFmEtkMMTX2Zi4n6i6BvzoReJ5njzt1LF

cqu4EUk9Ji20egKKfmqRzmQFLP7+1niSdfJEUE7cKY40QoI99270PTrLjJeaMcCl +AYl+kD+RL5BtuKKU3PurYcsCsre6aTvjMcqpTJOGeSPAgMBAAGjEzARMA8GA1Ud

EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAgozj7BkD9O8si2V0v+EZ/t7E fz/LC8y6mD7IBUziHy5/53ymGAGLtyhXHvX+UIE6UWbHro3IqVkrmY5uC93Z2Wew

A/6edK3KFUcUikrLeewM7gmqsiASEKx2mKRKlu12jXyNS5tXrPWRDvUKtFC1uL9a 12rFAQS2BkIk7aU+ghYxAA==

-----END PKCS7----- 将其存储为zlex.p7b 6.将由CA签发的证书导入密钥库。

Shell代码 复制代码 收藏代码

  1. keytool -import -trustcacerts -alias www.zlex.org -file d:\zlex.p7b -keystore d:\zlex.keystore -v
    keytool -import -trustcacerts -alias www.zlex.org -file d:\zlex.p7b -keystore d:\zlex.keystore -v 在这里我使用的密码为 123456 控制台输出: Console代码 复制代码 收藏代码

  2. 输入keystore密码:

  4. 回复中的最高级认证:
  6. 所有者:CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR
  7. TESTING PURPOSES ONLY, C=ZA
  8. 签发人:CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR
  9. TESTING PURPOSES ONLY, C=ZA
  10. 序列号:0
  11. 有效期: Thu Aug 01 08:00:00 CST 1996 至Fri Jan 01 05:59:59 CST 2021
  12. 证书指纹:
  13. MD5:5E:E0:0E:1D:17:B7:CA:A5:7D:36:D6:02:DF:4D:26:A4
  14. SHA1:39:C6:9D:27:AF:DC:EB:47:D6:33:36:6A:B2:05:F1:47:A9:B4:DA:EA
  15. 签名算法名称:MD5withRSA
  16. 版本: 3
  18. 扩展:
  20. /#1: ObjectId: 2.5.29.19 Criticality=true
  21. BasicConstraints:[
  22. CA:true
  23. PathLen:2147483647
  24. ]
  27. ... 是不可信的。 还是要安装回复? [否]: Y
  28. 认证回复已安装在 keystore中
  29. [正在存储 d:\zlex.keystore]

输入keystore密码:

回复中的最高级认证:

所有者:CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR

TESTING PURPOSES ONLY, C=ZA 签发人:CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR

TESTING PURPOSES ONLY, C=ZA 序列号:0

有效期: Thu Aug 01 08:00:00 CST 1996 至Fri Jan 01 05:59:59 CST 2021 证书指纹:

     MD5:5E:E0:0E:1D:17:B7:CA:A5:7D:36:D6:02:DF:4D:26:A4
     SHA1:39:C6:9D:27:AF:DC:EB:47:D6:33:36:6A:B2:05:F1:47:A9:B4:DA:EA

     签名算法名称:MD5withRSA
     版本: 3

扩展:

/#1: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[ CA:true

PathLen:2147483647 ]

... 是不可信的。 还是要安装回复? [否]: Y 认证回复已安装在 keystore中

[正在存储 d:\zlex.keystore] 7.域名定位 将域名www.zlex.org定位到本机上。打开C:\Windows\System32\drivers\etc\hosts文件,将www.zlex.org绑定在本机上。在文件末尾追加127.0.0.1 www.zlex.org。现在通过地址栏访问http://www.zlex.org,或者通过ping命令,如果能够定位到本机,域名映射就搞定了。 8.配置server.xml Xml代码 复制代码 收藏代码

  1. <Connector
  2. keystoreFile="conf/zlex.keystore"
  3. keystorePass="123456"
  4. truststoreFile="conf/zlex.keystore"
  5. truststorePass="123456"
  6. SSLEnabled="true"
  7. URIEncoding="UTF-8"
  8. clientAuth="false"
  9. maxThreads="150"
  10. port="443"
  11. protocol="HTTP/1.1"
  12. scheme="https"
  13. secure="true"

  14. sslProtocol="TLS" />

    <Connector

     keystoreFile="conf/zlex.keystore"
 keystorePass="123456"

 truststoreFile="conf/zlex.keystore"   
 truststorePass="123456"    

 SSLEnabled="true"
 URIEncoding="UTF-8"

 clientAuth="false"           
 maxThreads="150"

 port="443"
 protocol="HTTP/1.1"

 scheme="https"
 secure="true"

 sslProtocol="TLS" />

    将文件zlex.keystore拷贝到tomcat的conf目录下,重新启动tomcat。访问https://www.zlex.org/,我们发现联网有些迟钝。大约5秒钟后,网页正常显示,同时有如下图所示: 浏览器验证了该CA机构的有效性。 打开证书,如下图所示: 调整测试类: Java代码 复制代码 收藏代码

  15. import static org.junit.Assert./*;

  17. import java.io.DataInputStream;
  18. import java.io.InputStream;
  19. import java.net.URL;
  21. import javax.net.ssl.HttpsURLConnection;
  23. import org.junit.Test;
  25. ///
  26. /*
  27. /* @author 梁栋
  28. /* @version 1.0
  29. /* @since 1.0
  30. /*/
  31. public class CertificateCoderTest {
  32. private String password = "123456";
  33. private String alias = "www.zlex.org";
  34. private String certificatePath = "d:/zlex.cer";
  35. private String keyStorePath = "d:/zlex.keystore";
  37. @Test
  38. public void test() throws Exception {
  39. System.err.println("公钥加密——私钥解密");
  40. String inputStr = "Ceritifcate";
  41. byte[] data = inputStr.getBytes();
  43. byte[] encrypt = CertificateCoder.encryptByPublicKey(data,
  44. certificatePath);
  46. byte[] decrypt = CertificateCoder.decryptByPrivateKey(encrypt,
  47. keyStorePath, alias, password);
  48. String outputStr = new String(decrypt);
  50. System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);
  52. // 验证数据一致
  53. assertArrayEquals(data, decrypt);
  55. // 验证证书有效
  56. assertTrue(CertificateCoder.verifyCertificate(certificatePath));
  58. }
  60. @Test
  61. public void testSign() throws Exception {
  62. System.err.println("私钥加密——公钥解密");
  64. String inputStr = "sign";
  65. byte[] data = inputStr.getBytes();
  67. byte[] encodedData = CertificateCoder.encryptByPrivateKey(data,
  68. keyStorePath, alias, password);
  70. byte[] decodedData = CertificateCoder.decryptByPublicKey(encodedData,
  71. certificatePath);
  73. String outputStr = new String(decodedData);
  74. System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);
  75. assertEquals(inputStr, outputStr);
  77. System.err.println("私钥签名——公钥验证签名");
  78. // 产生签名
  79. String sign = CertificateCoder.sign(encodedData, keyStorePath, alias,
  80. password);
  81. System.err.println("签名:\r" + sign);
  83. // 验证签名
  84. boolean status = CertificateCoder.verify(encodedData, sign,
  85. certificatePath);
  86. System.err.println("状态:\r" + status);
  87. assertTrue(status);
  89. }
  91. @Test
  92. public void testHttps() throws Exception {
  93. URL url = new URL("https://www.zlex.org/examples/");
  94. HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
  96. conn.setDoInput(true);
  97. conn.setDoOutput(true);
  99. CertificateCoder.configSSLSocketFactory(conn, password, keyStorePath,
  100. keyStorePath);
  102. InputStream is = conn.getInputStream();
  104. int length = conn.getContentLength();
  106. DataInputStream dis = new DataInputStream(is);
  107. byte[] data = new byte[length];
  108. dis.readFully(data);
  110. dis.close();
  111. conn.disconnect();
  112. System.err.println(new String(data));
  113. }
  114. }

import static org.junit.Assert./*;

import java.io.DataInputStream;

import java.io.InputStream; import java.net.URL;

import javax.net.ssl.HttpsURLConnection;

import org.junit.Test;

///

/ / @author 梁栋

/ @version 1.0 / @since 1.0

/*/ public class CertificateCoderTest {

private String password = "123456";
private String alias = "www.zlex.org";

private String certificatePath = "d:/zlex.cer";
private String keyStorePath = "d:/zlex.keystore";


@Test

public void test() throws Exception {
    System.err.println("公钥加密——私钥解密");

    String inputStr = "Ceritifcate";
    byte[] data = inputStr.getBytes();


    byte[] encrypt = CertificateCoder.encryptByPublicKey(data,

            certificatePath);


    byte[] decrypt = CertificateCoder.decryptByPrivateKey(encrypt,
            keyStorePath, alias, password);

    String outputStr = new String(decrypt);


    System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);


    // 验证数据一致
    assertArrayEquals(data, decrypt);


    // 验证证书有效

    assertTrue(CertificateCoder.verifyCertificate(certificatePath));


}


@Test
public void testSign() throws Exception {

    System.err.println("私钥加密——公钥解密");


    String inputStr = "sign";
    byte[] data = inputStr.getBytes();


    byte[] encodedData = CertificateCoder.encryptByPrivateKey(data,

            keyStorePath, alias, password);


    byte[] decodedData = CertificateCoder.decryptByPublicKey(encodedData,
            certificatePath);


    String outputStr = new String(decodedData);

    System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);
    assertEquals(inputStr, outputStr);


    System.err.println("私钥签名——公钥验证签名");

    // 产生签名
    String sign = CertificateCoder.sign(encodedData, keyStorePath, alias,

            password);
    System.err.println("签名:\r" + sign);


    // 验证签名

    boolean status = CertificateCoder.verify(encodedData, sign,
            certificatePath);

    System.err.println("状态:\r" + status);
    assertTrue(status);


}


@Test

public void testHttps() throws Exception {
    URL url = new URL("https://www.zlex.org/examples/");

    HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();


    conn.setDoInput(true);
    conn.setDoOutput(true);


    CertificateCoder.configSSLSocketFactory(conn, password, keyStorePath,

            keyStorePath);


    InputStream is = conn.getInputStream();


    int length = conn.getContentLength();


    DataInputStream dis = new DataInputStream(is);
    byte[] data = new byte[length];

    dis.readFully(data);


    dis.close();
    conn.disconnect();

    System.err.println(new String(data));
}

} 再次执行,验证通过! 由此,我们了基于SSL协议的认证过程。测试类的testHttps方法模拟了一次浏览器的HTTPS访问。 相关链接: Java加密技术(一)——BASE64与单向加密算法MD5&SHA&MAC Java加密技术(二)——对称加密DES&AES Java加密技术(三)——PBE算法 Java加密技术(四)——非对称加密算法RSA Java加密技术(五)——非对称加密算法的由来 Java加密技术(六)——数字签名算法DSA Java加密技术(七)——非对称加密算法最高ECC Java加密技术(八)——数字证书 Java加密技术(九)——初探SSL Java加密技术(十)——单向认证 Java加密技术(十一)——双向认证 Java加密技术(十二)——/.PFX(/.p12)&个人信息交换文件

希望本站内容对您有点用处,有什么疑问或建议请在后面留言评论
转载请注明作者(RobinChia)和出处 It so life ,请勿用于任何商业用途
本文链接: Java加密技术(十)——单向认证