本文目录一览:
Java 代码操作带SSL的FTP服务器
参考
client = new FTPSClient(implictSSL);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(KeyStore.getInstance("BKS"), "wshr.ut".toCharArray());
client.setTrustManager(new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() { return null; }
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { }
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { }
});
client.setKeyManager(kmf.getKeyManagers()[0]);
client.setNeedClientAuth(false);
client.setUseClientMode(false);
如何用Java代码来把SSL的证书自动导入到Jav
下面这个Java类可以帮助我们做这个事情。同时我们还可以把这个帮助方法开发一个可视化的程序,这样就更加方便:
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.x500.X500Principal;
public class KeyStoreHelper {
public static void createTrustJKSKeyStore(final String originalTrustFolder, final String jksTrustStoreLocation, final String password) {
File keyStoreFile = new File(jksTrustStoreLocation);
if (!keyStoreFile.exists()) {
try {
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null, password.toCharArray());
File trustedFolder = new File(originalTrustFolder);
File[] certs = trustedFolder.listFiles();
if (certs != null) {
for (File cert : certs) {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
try {
X509Certificate certificate = (X509Certificate) factory.generateCertificate(new FileInputStream(cert));
X500Principal principal = certificate.getSubjectX500Principal();
LdapName ldapDN = new LdapName(principal.getName());
List<Rdn> rdns = ldapDN.getRdns();
for (Rdn rdn : rdns) {
String type = rdn.getType();
if (type.equals("CN")) {
keystore.setCertificateEntry((String) rdn.getValue(), certificate);
break;
}
}
} catch (Exception ex) {
continue;
}
}
}
FileOutputStream fos = new FileOutputStream(jksTrustStoreLocation);
keystore.store(fos, password.toCharArray());
fos.close();
} catch (Exception exp) {
}
}
}
/**
* @param args
*/
public static void main(String[] args) {
KeyStoreHelper.createTrustJKSKeyStore("D:\\cacerts", "D:\\cacerts\\test.jks", "test123");
}
}
如何在Java SE使用SSL设定相互验证
这个要考虑并发,即使两个用户同时请求,请求的也是你底层的一段代码,在这个代码上面加锁,一个访问结束之前另一个不能访问。 Java实现ssl,需要将ssl证书导入jvm,才能正常工作,否则不行。 导入命令参考如下:
keytool -import -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit -keypass 123456 -alias 45alias -file D:/test.cer
JAVA怎样调用https类型的webservice
- 打开webService链接,右键属性—》证书—》详细信息—》复制到文件,保存cer格式的文件。
- 复制下面的cmd命令,执行keytool命令,生成keystore文件,例如:
c:\nciic.keystore
keytool -import -alias nciic -file c:\jswszx.cer -keystore c:\nciic.keystore
它会提示输入密码,随便输入,例如:123456,回车 4. 他会提示是否信任这个认证,输入Y,回车,指定目录下就会生成nciic.keystore文件 5. 修改Java代码 在调用接口方法之前,添加如下代码:
System.setProperty("javax.NET.ssl.trustStore","c://nciic.keystore");
System.setProperty("java.protocol.handler.pkgs","com.sun.Net.ssl.internal.");
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
