ตัวอย่างในการ Run
Server:
Server:
D:\java\TLS>java ClassFileServer 80 . TLS true
Client:
D:\java\TLS>java SSLSocketClientWithClientAuth 147.127.xxx.90 80 /index.html
Modify to support Client authentication:
ClassFileServer:
ks.load(new FileInputStream("keystore-147.127.xxx.90"), passphrase);
kmf.init(ks, passphrase);
KeyStore ksTrust = KeyStore.getInstance("JKS");
ksTrust.load(new FileInputStream("truststore-147.127.xxx.91"), null);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ksTrust);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
===========================
SSLSocketClientWithClientAuth:
ks.load(new FileInputStream("keystore-147.127.xxx.91"), passphrase);
kmf.init(ks, passphrase);
KeyStore ksTrust = KeyStore.getInstance("JKS");
ksTrust.load(new FileInputStream("truststore-147.127.xxx.90"), null);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ksTrust);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
===========================
Just swap truststore and keystore for each other.
Trust store เหมือน public key แต่ทำไมจึงมี password?
Ans:
Ans:
NOTE: Trust stores often have passwords but for validation of credentials the password is not needed because public key certificates are publicly accessible in any key or trust store. If you supply a password, the
KeyStore.load
method will use it when loading the store but only to validate the integrity of non-public information during the load – never during actual use of public key certificates in the store. Thus, you may always pass null
in the second argument to KeyStore.load
. If you do so, only public information will be loaded from the store.