วันพุธที่ 30 พฤศจิกายน พ.ศ. 2554

Java TLS/SSL #2

ตัวอย่าง code JSSE


ตัวอย่างในการ Run
Server:
D:\java\TLS>java ClassFileServer 80 . TLS true

Client:
D:\java\TLS>java SSLSocketClientWithClientAuth 147.127.xxx.90 80 /index.html


Modify to support Client authentication:

ClassFileServer:
ks.load(new FileInputStream("keystore-147.127.xxx.90"), passphrase);
kmf.init(ks, passphrase);
KeyStore ksTrust = KeyStore.getInstance("JKS");
ksTrust.load(new FileInputStream("truststore-147.127.xxx.91"), null);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ksTrust);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
===========================

SSLSocketClientWithClientAuth:
ks.load(new FileInputStream("keystore-147.127.xxx.91"), passphrase);
kmf.init(ks, passphrase);
KeyStore ksTrust = KeyStore.getInstance("JKS");
ksTrust.load(new FileInputStream("truststore-147.127.xxx.90"), null);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ksTrust);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

===========================
Just swap truststore and keystore for each other.



Trust store เหมือน public key แต่ทำไมจึงมี password?
Ans:
NOTE: Trust stores often have passwords but for validation of credentials the password is not needed because public key certificates are publicly accessible in any key or trust store. If you supply a password, the KeyStore.load method will use it when loading the store but only to validate the integrity of non-public information during the load – never during actual use of public key certificates in the store. Thus, you may always pass null in the second argument to KeyStore.load. If you do so, only public information will be loaded from the store.

ไม่มีความคิดเห็น: