2

要在 android 上创建 SSL 服务器套接字,您需要提供两个 KeyStore。

  • keyManager 密钥库。
  • 信任管理器密钥库。

创建密钥管理器。

要创建 keyManager,您需要PKCS12使用.crtand.key文件生成。

openssl pkcs12 -export -in [cert_file]-inkey [key_file] -out store.p12

然后你必须JKS用这个命令创建文件。

keytool -importkeystore \-srckeystore store.p12 -srcstoretype PKCS12 \-destkeystore store.jks -deststoretype BKS \-providerclass org.bouncycastle.jce.provider.BouncyCastleProvider \-providerpath [bouncy file like :”bcprov-jdk15on-167.jar”]

提示:要创建此文件,您需要BouncyCastleProvider

现在您的文件密钥管理器已准备就绪。您可以将其放入您的资源中并与此代码一起使用。

爪哇:

private KeyManager[] createKeyManagers(InputStream keyStoreIS, String keystorePassword, String keyPassword) throws Exception {
    KeyStore keyStore = KeyStore.getInstance(CERTIFICATE_TYPE);
    keyStore.load(keyStoreIS, keystorePassword.toCharArray());
    keyStoreIS.close();
    KeyManagerFactory kmf =    KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(keyStore, keyPassword.toCharArray());
    return kmf.getKeyManagers();
}

科特林:

@Throws(java.lang.Exception::class)
fun createKeyManagers(keyStoreIS: InputStream, keystorePassword: String, keyPassword: String): Array<KeyManager> {
    val keyStore = KeyStore.getInstance("BKS")
    keyStore.load(keyStoreIS, keystorePassword.toCharArray())
    keyStoreIS.close()
    val algorithm = KeyManagerFactory.getDefaultAlgorithm()
    val kmf = KeyManagerFactory.getInstance(algorithm)
    kmf.init(keyStore, keyPassword.toCharArray())
    return kmf.keyManagers
}

创建信任管理器。

您需要使用此命令创建一个 BKS 文件。

keytool -importcert -v -trustcacerts -file [cer_file] -alias IntermediateCA -keystore [output.bks] -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath [bouncy file like :”bcprov-jdk15on-159.jar”] -storetype BKS -storepass mysecret

现在您的密钥信任已准备就绪。您可以将其放入您的资源中并与此代码一起使用。

爪哇:

private TrustManager[] createTrustManagers(InputStream trustStoreIS, String keystorePassword) throws Exception {
    KeyStore trustStore = KeyStore.getInstance("BKS");
    trustStore.load(trustStoreIS, keystorePassword.toCharArray());
    trustStoreIS.close();
    String algorithm = TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(algorithm);
    trustFactory.init(trustStore);
    return trustFactory.getTrustManagers();
}

科特林:

@Throws(java.lang.Exception::class)
fun createTrustManagers(trustStoreIS: InputStream, keystorePassword: String): Array<TrustManager> {
    val trustStore = KeyStore.getInstance("BKS")
    trustStore.load(trustStoreIS, keystorePassword.toCharArray())
    trustStoreIS.close()
    val algorithm = TrustManagerFactory.getDefaultAlgorithm()
    val trustFactory = TrustManagerFactory.getInstance(algorithm);
    trustFactory.init(trustStore);
    return trustFactory.trustManagers
}

创建 SSLServerSocket。

然后您可以使用此代码创建 SSLServerSocket。

爪哇:

public static SSLServerSocket getSSLServerSocket(InputStream server, InputStream cacerts, Integer port) throws Exception {
    String keyPass = "mysecret";
    String keyStorePass = "mysecret";
    SSLContext context = SSLContext.getInstance("TLSv1.2");
    context.init(createKeyManagers(server, keyStorePass, keyPass), createTrustManagers(cacerts, keyPass), new SecureRandom());
    SSLServerSocketFactory factory = context.getServerSocketFactory();
    SSLServerSocket serverSocket = (SSLServerSocket)factory.createServerSocket(port);
    serverSocket.setEnabledProtocols(serverSocket.getSupportedProtocols());
    serverSocket.setEnabledCipherSuites(serverSocket.getSupportedCipherSuites());
    serverSocket.setNeedClientAuth(false);
    serverSocket.setWantClientAuth(false);
    serverSocket.setUseClientMode(false);
    return serverSocket;
}

科特林:

@Throws(Exception::class)
fun getSSLServerSocket(server: InputStream, cacerts: InputStream, port: Int): SSLServerSocket {
    val keyPass = "mysecret"
    val keyStorePass = "mysecret"
    val context = SSLContext.getInstance("TLSv1.2")
    context.init(
        createKeyManagers(server, keyStorePass, keyPass),
        createTrustManagers(cacerts, keyPass),
        SecureRandom()
    )
    val factory = context.serverSocketFactory
    val serverSocket = factory.createServerSocket(port) as SSLServerSocket
    serverSocket.enabledProtocols = serverSocket.supportedProtocols
    serverSocket.enabledCipherSuites = serverSocket.supportedCipherSuites
    serverSocket.needClientAuth = false
    serverSocket.wantClientAuth = false
    serverSocket.useClientMode = false
    return serverSocket
}

您的服务器套接字现在已准备就绪,您可以开始收听了。由于这个目的,您需要在线程中运行套接字,并且通过使用此代码,您可以等待新客户端连接并与客户端握手。

爪哇:

SSLSocket socket = (SSLSocket) serverSocket.accept();
socket.addHandshakeCompletedListener(event -> {
        //start to communicate
});
socket.startHandshake();

科特林:

val socket = serverSocket.accept() as SSLSocket
socket.addHandshakeCompletedListener { handShake ->
  //start to communicate
}
socket.startHandshake()
4

0 回答 0