手摸手帶你認識https涉及的知識並實現通訊
@[toc]
看完整的代碼,直接去完整代碼實現,看實現完後會遇到的坑,直接去測試過程當中的問題,包括通過代理服務器訪問https,經過ip訪問https等。html
http訪問流程
咱們開發java web項目時,打好war包放到tomcat應用服務器的webapps目錄下,tomcat的訪問端口是8080,啓動tomcat,在瀏覽器的地址欄輸入http://localhost:8080。就會看到以下
java
那麼,看看服務器到底返回了什麼內容,在web項目中,運行代碼nginx
package com.lgx.http;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
public class t1 {
/*
測試http請求服務器,看服務器返回了什麼東西。
*/
public static void main(String[] args) {
try {
URL url = new URL("http://localhost:8080");
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.connect();
InputStream input = connection.getInputStream();
// 默認的index.jsp頁面字節數遠遠小於1024
byte[] bytes = new byte[1024];
int bytesLength = input.read(bytes);
System.out.println("服務器返回:\n" + new String(bytes, 0, bytesLength));
connection.disconnect();
} catch (Exception e) {
e.printStackTrace();
}
}
}
獲得結果以下git
上面其實並非完整的服務器返回給瀏覽器的內容,被咱們輸出的只是http報文體,但這並不重要!能夠看出數據並未加密。web
https訪問流程
更改上述代碼,把URL的http改成https,會報錯。須要配置一下tomcat服務器算法
配置
tomcat配置支持https訪問,若是使用nginx還需配nginx。apache
建立密鑰庫
用Java自帶的keytool生成一個祕鑰庫編程
keytool -genkey -alias "tomcat" -keyalg "RSA" -keysize 1024 -validity 365 -keystore "/Users/liguoxi/Public/tomcat.keystore"
祕密設置爲123456
注:KeyStore通常用JDK中的keytool生成。Keytool使用RSA或DSA KeyPairGenerator生成一個祕鑰對並連同新生成的證書一塊兒存入KeyStore文件中。json
修改XML文件
server.xml的Https配置默認是註釋掉的,乾脆手動加上。windows
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/Users/liguoxi/Public/tomcat.keystore"
keystorePass="123456"/>
更改http訪問代碼爲https訪問代碼,啓動項目,再以Java運行下述代碼。
package com.lgx.https;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import java.io.InputStream;
import java.net.URL;
public class t1 {
public static void main(String[] args) {
// 輸出https握手過程
System.setProperty("javax.net.debug", "all");
// 值配置成與tomcat keyStoreFile一致,服務器發過來的證書,要存在於信任祕鑰庫中
System.setProperty("javax.net.ssl.trustStore", "/Users/liguoxi/Public/tomcat.keystore");
// 信任祕鑰庫密碼
System.setProperty("javax.net.ssl.trustStorePassword", "123456");
// https協議版本
System.setProperty("https.protocols", "TLSv1");
try {
URL url = new URL("https://localhost:8443");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
// 證書裏面有個擴展域,記錄了服務器ip,若是與訪問url裏面的ip不一致不報錯
//實際上是由於用keytool生成的證書,並無這個擴展域
return true;
}
});
connection.connect();
InputStream input = connection.getInputStream();
byte[] bytes = new byte[1024];
int bytesLength = input.read(bytes);
System.out.println("服務器返回:\n" + new String(bytes, 0, bytesLength));
connection.disconnect();
} catch (Exception e) {
e.printStackTrace();
}
}
}
輸出一大堆
trustStore is: /Users/liguoxi/Public/tomcat.keystore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=LGX, OU=LGX, O=LGX, L=LGX, ST=LGX, C=LGX
Issuer: CN=LGX, OU=LGX, O=LGX, L=LGX, ST=LGX, C=LGX
Algorithm: RSA; Serial number: 0x21e45f2c
Valid from Sun Oct 07 21:27:58 CST 2018 until Mon Oct 07 21:27:58 CST 2019
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1522146822 bytes = { 206, 221, 190, 215, 203, 75, 100, 29, 253, 204, 139, 195, 132, 250, 231, 86, 226, 225, 94, 88, 154, 174, 37, 73, 148, 29, 117, 165 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension extended_master_secret
***
[write] MD5 and SHA1 hashes: len = 125
0000: 01 00 00 79 03 01 5B BA 1E 06 CE DD BE D7 CB 4B ...y..[........K
0010: 64 1D FD CC 8B C3 84 FA E7 56 E2 E1 5E 58 9A AE d........V..^X..
0020: 25 49 94 1D 75 A5 00 00 2C C0 0A C0 14 00 35 C0 %I..u...,.....5.
0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...
0040: 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 0D 00 ..3.2...........
0050: 16 00 13 00 FF 01 00 00 24 00 0A 00 16 00 14 00 ........$.......
0060: 17 00 18 00 19 00 09 00 0A 00 0B 00 0C 00 0D 00 ................
0070: 0E 00 16 00 0B 00 02 01 00 00 17 00 00 .............
main, WRITE: TLSv1 Handshake, length = 125
[Raw write]: length = 130
0000: 16 03 01 00 7D 01 00 00 79 03 01 5B BA 1E 06 CE ........y..[....
0010: DD BE D7 CB 4B 64 1D FD CC 8B C3 84 FA E7 56 E2 ....Kd........V.
0020: E1 5E 58 9A AE 25 49 94 1D 75 A5 00 00 2C C0 0A .^X..%I..u...,..
0030: C0 14 00 35 C0 05 C0 0F 00 39 00 38 C0 09 C0 13 ...5.....9.8....
0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A ./.....3.2......
0050: C0 03 C0 0D 00 16 00 13 00 FF 01 00 00 24 00 0A .............$..
0060: 00 16 00 14 00 17 00 18 00 19 00 09 00 0A 00 0B ................
0070: 00 0C 00 0D 00 0E 00 16 00 0B 00 02 01 00 00 17 ................
0080: 00 00 ..
[Raw read]: length = 5
0000: 16 03 01 03 74 ....t
[Raw read]: length = 884
0000: 02 00 00 51 03 01 5B BA 1E 06 88 96 19 DB 9A CF ...Q..[.........
0010: 95 E3 75 CB 71 6F 48 8E 06 80 97 2A 74 AE D2 D1 ..u.qoH....*t...
0020: 16 84 AA 11 C5 A9 20 5B BA 1E 06 D6 62 98 69 C8 ...... [....b.i.
0030: 8C 1E 30 F0 DA B6 5D B6 C8 6E 35 D1 A0 D0 83 0B ..0...]..n5.....
0040: F7 FB 3A D5 A1 65 3C C0 14 00 00 09 FF 01 00 01 ..:..e<.........
0050: 00 00 17 00 00 0B 00 02 4C 00 02 49 00 02 46 30 ........L..I..F0
0060: 82 02 42 30 82 01 AB A0 03 02 01 02 02 04 21 E4 ..B0..........!.
0070: 5F 2C 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 _,0...*.H.......
0080: 00 30 54 31 0C 30 0A 06 03 55 04 06 13 03 4C 47 .0T1.0...U....LG
0090: 58 31 0C 30 0A 06 03 55 04 08 13 03 4C 47 58 31 X1.0...U....LGX1
00A0: 0C 30 0A 06 03 55 04 07 13 03 4C 47 58 31 0C 30 .0...U....LGX1.0
00B0: 0A 06 03 55 04 0A 13 03 4C 47 58 31 0C 30 0A 06 ...U....LGX1.0..
00C0: 03 55 04 0B 13 03 4C 47 58 31 0C 30 0A 06 03 55 .U....LGX1.0...U
00D0: 04 03 13 03 4C 47 58 30 1E 17 0D 31 38 31 30 30 ....LGX0...18100
00E0: 37 31 33 32 37 35 38 5A 17 0D 31 39 31 30 30 37 7132758Z..191007
00F0: 31 33 32 37 35 38 5A 30 54 31 0C 30 0A 06 03 55 132758Z0T1.0...U
0100: 04 06 13 03 4C 47 58 31 0C 30 0A 06 03 55 04 08 ....LGX1.0...U..
0110: 13 03 4C 47 58 31 0C 30 0A 06 03 55 04 07 13 03 ..LGX1.0...U....
0120: 4C 47 58 31 0C 30 0A 06 03 55 04 0A 13 03 4C 47 LGX1.0...U....LG
0130: 58 31 0C 30 0A 06 03 55 04 0B 13 03 4C 47 58 31 X1.0...U....LGX1
0140: 0C 30 0A 06 03 55 04 03 13 03 4C 47 58 30 81 9F .0...U....LGX0..
0150: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 0...*.H.........
0160: 81 8D 00 30 81 89 02 81 81 00 9C 61 24 6E EC D3 ...0.......a$n..
0170: A1 6B 6A 12 36 D6 CB 03 9A 9B 6C 9F A7 C6 B8 FD .kj.6.....l.....
0180: 19 5D 91 F8 16 EB D5 06 7E A6 1E 09 DB 1F EA 95 .]..............
0190: F3 3A 73 21 DA A5 B6 BD 2A 46 40 20 BD 6E 55 83 .:s!....*F@ .nU.
01A0: 42 86 F7 8E 5B 84 C7 45 0E 02 F8 76 75 DE 41 FD B...[..E...vu.A.
01B0: 6D B6 A7 50 09 04 71 0D A8 AA F4 73 59 2C C0 36 m..P..q....sY,.6
01C0: 5C 68 2E BA 99 43 2D DF C0 4D 70 66 EC 93 08 D7 \h...C-..Mpf....
01D0: 05 0D 75 5A C3 0D 04 CC 18 F9 5D E5 73 E4 E9 14 ..uZ......].s...
01E0: 53 5D D5 0C 6F 16 E4 2C AE 47 02 03 01 00 01 A3 S]..o..,.G......
01F0: 21 30 1F 30 1D 06 03 55 1D 0E 04 16 04 14 E0 A4 !0.0...U........
0200: 47 46 87 0B 8D 4F A6 B2 29 57 D7 1D 59 78 02 F1 GF...O..)W..Yx..
0210: D8 2B 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 .+0...*.H.......
0220: 00 03 81 81 00 4D 14 33 08 83 64 F8 90 E5 27 AA .....M.3..d...'.
0230: CC FC 54 1C 20 B9 84 A6 D0 53 47 F1 98 F7 CF 20 ..T. ....SG....
0240: D7 81 34 12 84 2E 0F E2 A9 2D 26 21 4B E0 EA A6 ..4......-&!K...
0250: F4 57 87 AB EF CB C8 86 A1 D3 29 80 CA 49 9F EF .W........)..I..
0260: 61 BF BB F6 62 0F 15 EF 5C 19 F2 D7 C7 5E DC F3 a...b...\....^..
0270: FD F6 A1 F3 30 69 DA F9 AA 4C 7C CC DE 8F B2 D6 ....0i...L......
0280: 96 43 72 BC B9 F7 00 25 43 37 8B E0 8A A7 76 CF .Cr....%C7....v.
0290: 9B E8 54 E8 C9 F6 33 4E 8F 8C F7 C8 DF 37 20 67 ..T...3N.....7 g
02A0: 50 C6 A3 19 42 0C 00 00 C7 03 00 17 41 04 83 ED P...B.......A...
02B0: F0 6A BA DC AD 5E 46 5C F7 F6 28 AA E2 0E 97 A2 .j...^F\..(.....
02C0: CA 41 A9 51 10 E9 AA EA F4 7A 9D 62 2B B8 31 72 .A.Q.....z.b+.1r
02D0: D6 33 03 D0 96 59 23 64 38 B7 D2 0E 70 E7 3C 5C .3...Y#d8...p.<\
02E0: C1 EC A1 51 97 18 33 1F AD 42 69 9D AE B9 00 80 ...Q..3..Bi.....
02F0: 79 79 70 2C 31 D3 DC 28 D5 0C C0 37 23 E1 71 FC yyp,1..(...7#.q.
0300: A1 96 2F C8 8A 35 5E 95 EB EF 13 27 C3 52 8A A7 ../..5^....'.R..
0310: 50 70 AF EC ED E6 B9 F6 05 18 52 40 23 5D 63 CC Pp........R@#]c.
0320: E2 89 92 00 26 A5 41 7B 13 F2 D2 8C 31 3C 23 41 ....&.A.....1<#A
0330: 6F 4E 1B 8A 9A 35 0E 0B F6 AE 8D 86 4B D6 3E A2 oN...5......K.>.
0340: 79 EB 61 B6 47 B0 42 B5 6E 85 09 23 84 46 46 99 y.a.G.B.n..#.FF.
0350: 81 CD C8 23 8B 2C 26 32 1B C0 03 FC 9B 8B 14 D1 ...#.,&2........
0360: F6 E1 89 4A EA ED EF C4 6D E9 E5 86 22 E4 8E 7C ...J....m..."...
0370: 0E 00 00 00 ....
main, READ: TLSv1 Handshake, length = 884
*** ServerHello, TLSv1
RandomCookie: GMT: 1522146822 bytes = { 136, 150, 25, 219, 154, 207, 149, 227, 117, 203, 113, 111, 72, 142, 6, 128, 151, 42, 116, 174, 210, 209, 22, 132, 170, 17, 197, 169 }
Session ID: {91, 186, 30, 6, 214, 98, 152, 105, 200, 140, 30, 48, 240, 218, 182, 93, 182, 200, 110, 53, 209, 160, 208, 131, 11, 247, 251, 58, 213, 161, 101, 60}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension extended_master_secret
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[read] MD5 and SHA1 hashes: len = 85
0000: 02 00 00 51 03 01 5B BA 1E 06 88 96 19 DB 9A CF ...Q..[.........
0010: 95 E3 75 CB 71 6F 48 8E 06 80 97 2A 74 AE D2 D1 ..u.qoH....*t...
0020: 16 84 AA 11 C5 A9 20 5B BA 1E 06 D6 62 98 69 C8 ...... [....b.i.
0030: 8C 1E 30 F0 DA B6 5D B6 C8 6E 35 D1 A0 D0 83 0B ..0...]..n5.....
0040: F7 FB 3A D5 A1 65 3C C0 14 00 00 09 FF 01 00 01 ..:..e<.........
0050: 00 00 17 00 00 .....
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=LGX, OU=LGX, O=LGX, L=LGX, ST=LGX, C=LGX
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 1024 bits
modulus: 109813392808966985140540821321555924175057214027222884095960986513876498186792795206052237836949373963973650543086709232968823011726525283075591130943590026095316290548201219746527439812794723752498763782639568103955938705793191742259325257069819861478415993347120306343465466402849805688743066088416645787207
public exponent: 65537
Validity: [From: Sun Oct 07 21:27:58 CST 2018,
To: Mon Oct 07 21:27:58 CST 2019]
Issuer: CN=LGX, OU=LGX, O=LGX, L=LGX, ST=LGX, C=LGX
SerialNumber: [ 21e45f2c]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E0 A4 47 46 87 0B 8D 4F A6 B2 29 57 D7 1D 59 78 ..GF...O..)W..Yx
0010: 02 F1 D8 2B ...+
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 4D 14 33 08 83 64 F8 90 E5 27 AA CC FC 54 1C 20 M.3..d...'...T.
0010: B9 84 A6 D0 53 47 F1 98 F7 CF 20 D7 81 34 12 84 ....SG.... ..4..
0020: 2E 0F E2 A9 2D 26 21 4B E0 EA A6 F4 57 87 AB EF ....-&!K....W...
0030: CB C8 86 A1 D3 29 80 CA 49 9F EF 61 BF BB F6 62 .....)..I..a...b
0040: 0F 15 EF 5C 19 F2 D7 C7 5E DC F3 FD F6 A1 F3 30 ...\....^......0
0050: 69 DA F9 AA 4C 7C CC DE 8F B2 D6 96 43 72 BC B9 i...L.......Cr..
0060: F7 00 25 43 37 8B E0 8A A7 76 CF 9B E8 54 E8 C9 ..%C7....v...T..
0070: F6 33 4E 8F 8C F7 C8 DF 37 20 67 50 C6 A3 19 42 .3N.....7 gP...B
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=LGX, OU=LGX, O=LGX, L=LGX, ST=LGX, C=LGX
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 1024 bits
modulus: 109813392808966985140540821321555924175057214027222884095960986513876498186792795206052237836949373963973650543086709232968823011726525283075591130943590026095316290548201219746527439812794723752498763782639568103955938705793191742259325257069819861478415993347120306343465466402849805688743066088416645787207
public exponent: 65537
Validity: [From: Sun Oct 07 21:27:58 CST 2018,
To: Mon Oct 07 21:27:58 CST 2019]
Issuer: CN=LGX, OU=LGX, O=LGX, L=LGX, ST=LGX, C=LGX
SerialNumber: [ 21e45f2c]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E0 A4 47 46 87 0B 8D 4F A6 B2 29 57 D7 1D 59 78 ..GF...O..)W..Yx
0010: 02 F1 D8 2B ...+
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 4D 14 33 08 83 64 F8 90 E5 27 AA CC FC 54 1C 20 M.3..d...'...T.
0010: B9 84 A6 D0 53 47 F1 98 F7 CF 20 D7 81 34 12 84 ....SG.... ..4..
0020: 2E 0F E2 A9 2D 26 21 4B E0 EA A6 F4 57 87 AB EF ....-&!K....W...
0030: CB C8 86 A1 D3 29 80 CA 49 9F EF 61 BF BB F6 62 .....)..I..a...b
0040: 0F 15 EF 5C 19 F2 D7 C7 5E DC F3 FD F6 A1 F3 30 ...\....^......0
0050: 69 DA F9 AA 4C 7C CC DE 8F B2 D6 96 43 72 BC B9 i...L.......Cr..
0060: F7 00 25 43 37 8B E0 8A A7 76 CF 9B E8 54 E8 C9 ..%C7....v...T..
0070: F6 33 4E 8F 8C F7 C8 DF 37 20 67 50 C6 A3 19 42 .3N.....7 gP...B
]
[read] MD5 and SHA1 hashes: len = 592
0000: 0B 00 02 4C 00 02 49 00 02 46 30 82 02 42 30 82 ...L..I..F0..B0.
0010: 01 AB A0 03 02 01 02 02 04 21 E4 5F 2C 30 0D 06 .........!._,0..
0020: 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 54 31 0C .*.H........0T1.
0030: 30 0A 06 03 55 04 06 13 03 4C 47 58 31 0C 30 0A 0...U....LGX1.0.
0040: 06 03 55 04 08 13 03 4C 47 58 31 0C 30 0A 06 03 ..U....LGX1.0...
0050: 55 04 07 13 03 4C 47 58 31 0C 30 0A 06 03 55 04 U....LGX1.0...U.
0060: 0A 13 03 4C 47 58 31 0C 30 0A 06 03 55 04 0B 13 ...LGX1.0...U...
0070: 03 4C 47 58 31 0C 30 0A 06 03 55 04 03 13 03 4C .LGX1.0...U....L
0080: 47 58 30 1E 17 0D 31 38 31 30 30 37 31 33 32 37 GX0...1810071327
0090: 35 38 5A 17 0D 31 39 31 30 30 37 31 33 32 37 35 58Z..19100713275
00A0: 38 5A 30 54 31 0C 30 0A 06 03 55 04 06 13 03 4C 8Z0T1.0...U....L
00B0: 47 58 31 0C 30 0A 06 03 55 04 08 13 03 4C 47 58 GX1.0...U....LGX
00C0: 31 0C 30 0A 06 03 55 04 07 13 03 4C 47 58 31 0C 1.0...U....LGX1.
00D0: 30 0A 06 03 55 04 0A 13 03 4C 47 58 31 0C 30 0A 0...U....LGX1.0.
00E0: 06 03 55 04 0B 13 03 4C 47 58 31 0C 30 0A 06 03 ..U....LGX1.0...
00F0: 55 04 03 13 03 4C 47 58 30 81 9F 30 0D 06 09 2A U....LGX0..0...*
0100: 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 .H............0.
0110: 89 02 81 81 00 9C 61 24 6E EC D3 A1 6B 6A 12 36 ......a$n...kj.6
0120: D6 CB 03 9A 9B 6C 9F A7 C6 B8 FD 19 5D 91 F8 16 .....l......]...
0130: EB D5 06 7E A6 1E 09 DB 1F EA 95 F3 3A 73 21 DA ............:s!.
0140: A5 B6 BD 2A 46 40 20 BD 6E 55 83 42 86 F7 8E 5B ...*F@ .nU.B...[
0150: 84 C7 45 0E 02 F8 76 75 DE 41 FD 6D B6 A7 50 09 ..E...vu.A.m..P.
0160: 04 71 0D A8 AA F4 73 59 2C C0 36 5C 68 2E BA 99 .q....sY,.6\h...
0170: 43 2D DF C0 4D 70 66 EC 93 08 D7 05 0D 75 5A C3 C-..Mpf......uZ.
0180: 0D 04 CC 18 F9 5D E5 73 E4 E9 14 53 5D D5 0C 6F .....].s...S]..o
0190: 16 E4 2C AE 47 02 03 01 00 01 A3 21 30 1F 30 1D ..,.G......!0.0.
01A0: 06 03 55 1D 0E 04 16 04 14 E0 A4 47 46 87 0B 8D ..U........GF...
01B0: 4F A6 B2 29 57 D7 1D 59 78 02 F1 D8 2B 30 0D 06 O..)W..Yx...+0..
01C0: 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 81 81 00 .*.H............
01D0: 4D 14 33 08 83 64 F8 90 E5 27 AA CC FC 54 1C 20 M.3..d...'...T.
01E0: B9 84 A6 D0 53 47 F1 98 F7 CF 20 D7 81 34 12 84 ....SG.... ..4..
01F0: 2E 0F E2 A9 2D 26 21 4B E0 EA A6 F4 57 87 AB EF ....-&!K....W...
0200: CB C8 86 A1 D3 29 80 CA 49 9F EF 61 BF BB F6 62 .....)..I..a...b
0210: 0F 15 EF 5C 19 F2 D7 C7 5E DC F3 FD F6 A1 F3 30 ...\....^......0
0220: 69 DA F9 AA 4C 7C CC DE 8F B2 D6 96 43 72 BC B9 i...L.......Cr..
0230: F7 00 25 43 37 8B E0 8A A7 76 CF 9B E8 54 E8 C9 ..%C7....v...T..
0240: F6 33 4E 8F 8C F7 C8 DF 37 20 67 50 C6 A3 19 42 .3N.....7 gP...B
*** ECDH ServerKeyExchange
Server key: Sun EC public key, 256 bits
public x coord: 59673385215316818009352331687060949082651775895246442016413736342443150945208
public y coord: 22366228495042026761421384723174683132027538974986677415966731768560927747769
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
[read] MD5 and SHA1 hashes: len = 203
0000: 0C 00 00 C7 03 00 17 41 04 83 ED F0 6A BA DC AD .......A....j...
0010: 5E 46 5C F7 F6 28 AA E2 0E 97 A2 CA 41 A9 51 10 ^F\..(......A.Q.
0020: E9 AA EA F4 7A 9D 62 2B B8 31 72 D6 33 03 D0 96 ....z.b+.1r.3...
0030: 59 23 64 38 B7 D2 0E 70 E7 3C 5C C1 EC A1 51 97 Y#d8...p.<\...Q.
0040: 18 33 1F AD 42 69 9D AE B9 00 80 79 79 70 2C 31 .3..Bi.....yyp,1
0050: D3 DC 28 D5 0C C0 37 23 E1 71 FC A1 96 2F C8 8A ..(...7#.q.../..
0060: 35 5E 95 EB EF 13 27 C3 52 8A A7 50 70 AF EC ED 5^....'.R..Pp...
0070: E6 B9 F6 05 18 52 40 23 5D 63 CC E2 89 92 00 26 .....R@#]c.....&
0080: A5 41 7B 13 F2 D2 8C 31 3C 23 41 6F 4E 1B 8A 9A .A.....1<#AoN...
0090: 35 0E 0B F6 AE 8D 86 4B D6 3E A2 79 EB 61 B6 47 5......K.>.y.a.G
00A0: B0 42 B5 6E 85 09 23 84 46 46 99 81 CD C8 23 8B .B.n..#.FF....#.
00B0: 2C 26 32 1B C0 03 FC 9B 8B 14 D1 F6 E1 89 4A EA ,&2...........J.
00C0: ED EF C4 6D E9 E5 86 22 E4 8E 7C ...m..."...
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** ECDHClientKeyExchange
ECDH Public value: { 4, 35, 76, 86, 107, 199, 33, 33, 214, 183, 130, 57, 64, 134, 252, 21, 63, 200, 236, 32, 109, 23, 243, 240, 10, 61, 76, 202, 241, 148, 221, 202, 125, 230, 205, 242, 124, 82, 195, 105, 131, 22, 78, 6, 228, 114, 175, 180, 24, 189, 93, 115, 105, 58, 23, 254, 214, 154, 27, 212, 119, 62, 228, 246, 89 }
[write] MD5 and SHA1 hashes: len = 70
0000: 10 00 00 42 41 04 23 4C 56 6B C7 21 21 D6 B7 82 ...BA.#LVk.!!...
0010: 39 40 86 FC 15 3F C8 EC 20 6D 17 F3 F0 0A 3D 4C 9@...?.. m....=L
0020: CA F1 94 DD CA 7D E6 CD F2 7C 52 C3 69 83 16 4E ..........R.i..N
0030: 06 E4 72 AF B4 18 BD 5D 73 69 3A 17 FE D6 9A 1B ..r....]si:.....
0040: D4 77 3E E4 F6 59 .w>..Y
main, WRITE: TLSv1 Handshake, length = 70
[Raw write]: length = 75
0000: 16 03 01 00 46 10 00 00 42 41 04 23 4C 56 6B C7 ....F...BA.#LVk.
0010: 21 21 D6 B7 82 39 40 86 FC 15 3F C8 EC 20 6D 17 !!...9@...?.. m.
0020: F3 F0 0A 3D 4C CA F1 94 DD CA 7D E6 CD F2 7C 52 ...=L..........R
0030: C3 69 83 16 4E 06 E4 72 AF B4 18 BD 5D 73 69 3A .i..N..r....]si:
0040: 17 FE D6 9A 1B D4 77 3E E4 F6 59 ......w>..Y
SESSION KEYGEN:
PreMaster Secret:
0000: 08 C3 67 71 5C 60 68 86 44 12 4E F2 AB A1 6C 9A ..gq\`h.D.N...l.
0010: 16 19 BA A0 D6 B6 AA 87 E1 F8 01 6F 43 05 72 74 ...........oC.rt
CONNECTION KEYGEN:
Client Nonce:
0000: 5B BA 1E 06 CE DD BE D7 CB 4B 64 1D FD CC 8B C3 [........Kd.....
0010: 84 FA E7 56 E2 E1 5E 58 9A AE 25 49 94 1D 75 A5 ...V..^X..%I..u.
Server Nonce:
0000: 5B BA 1E 06 88 96 19 DB 9A CF 95 E3 75 CB 71 6F [...........u.qo
0010: 48 8E 06 80 97 2A 74 AE D2 D1 16 84 AA 11 C5 A9 H....*t.........
Master Secret:
0000: 2A E2 CE B4 07 60 8D D2 16 AF 42 3C 97 30 12 BD *....`....B<.0..
0010: 5D 04 AB 45 D4 61 F2 40 C2 ED 8F 6C 76 28 62 13 ]..E.a.@...lv(b.
0020: 14 23 D2 C3 40 37 26 AD FC 9D 6C 07 1D AE CE D5 .#..@7&...l.....
Client MAC write Secret:
0000: 63 9F 1D 65 B3 F0 E2 CD 7B B1 A5 0D A6 3D E0 B9 c..e.........=..
0010: 34 A8 67 F7 4.g.
Server MAC write Secret:
0000: 92 50 43 14 8D E1 19 13 6B 1E 74 2C 70 5C 39 41 .PC.....k.t,p\9A
0010: 07 99 B9 46 ...F
Client write key:
0000: 98 97 3F AB 26 3A 14 D8 08 FC 26 C1 7E 07 2A C7 ..?.&:....&...*.
0010: 46 CC 21 03 0B 0F 87 4D C9 27 79 19 0F C4 B8 7D F.!....M.'y.....
Server write key:
0000: 50 20 AE 79 47 E8 BE 3C 79 06 0E 19 2E 3C F3 9A P .yG..<y....<..
0010: 5F B0 33 57 2D 29 E4 70 15 7F 68 17 B8 21 18 E6 _.3W-).p..h..!..
Client write IV:
0000: FB 18 D1 8D D8 EA 8D 82 96 EB 9E 84 97 98 2D C4 ..............-.
Server write IV:
0000: 23 E6 E9 B6 DF 6C 0F 75 00 6A 01 AE 2F 8C D9 E1 #....l.u.j../...
main, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
*** Finished
verify_data: { 138, 44, 121, 7, 61, 112, 195, 10, 93, 222, 35, 164 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 8A 2C 79 07 3D 70 C3 0A 5D DE 23 A4 .....,y.=p..].#.
Padded plaintext before ENCRYPTION: len = 48
0000: 14 00 00 0C 8A 2C 79 07 3D 70 C3 0A 5D DE 23 A4 .....,y.=p..].#.
0010: C6 E4 F7 C2 32 85 2B 30 18 1A F8 4B 5E 29 22 BE ....2.+0...K^)".
0020: 5E 15 71 A1 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B ^.q.............
main, WRITE: TLSv1 Handshake, length = 48
[Raw write]: length = 53
0000: 16 03 01 00 30 91 87 EB A3 09 E8 AC 17 7A 33 A3 ....0........z3.
0010: 0B 42 22 02 92 18 D7 52 1A 49 DA 0E 3C 11 D4 EB .B"....R.I..<...
0020: 6D 19 F2 D6 01 A0 29 18 93 20 7C 3B CF A0 BC E0 m.....).. .;....
0030: A9 41 17 1B E7 .A...
[Raw read]: length = 5
0000: 14 03 01 00 01 .....
[Raw read]: length = 1
0000: 01 .
main, READ: TLSv1 Change Cipher Spec, length = 1
[Raw read]: length = 5
0000: 16 03 01 00 30 ....0
[Raw read]: length = 48
0000: 77 16 6B 89 41 7E 3F 93 DA 66 F5 DF EF 6F 90 A8 w.k.A.?..f...o..
0010: 1B 51 DD 97 AC 11 A4 66 B5 2C A3 69 A4 5A 92 3A .Q.....f.,.i.Z.:
0020: C1 52 09 3E 20 01 BB 2C 55 BE 2E 52 93 63 B6 ED .R.> ..,U..R.c..
main, READ: TLSv1 Handshake, length = 48
Padded plaintext after DECRYPTION: len = 48
0000: 14 00 00 0C C0 1E 82 40 64 A8 15 62 8D DC A0 62 .......@d..b...b
0010: 0B B4 25 EF 31 D1 F9 5C FD DE 87 E9 CE 69 BB EB ..%.1..\.....i..
0020: C0 C3 F3 BD 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B ................
*** Finished
verify_data: { 192, 30, 130, 64, 100, 168, 21, 98, 141, 220, 160, 98 }
***
%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C C0 1E 82 40 64 A8 15 62 8D DC A0 62 .......@d..b...b
Padded plaintext before ENCRYPTION: len = 176
0000: 47 45 54 20 2F 20 48 54 54 50 2F 31 2E 31 0D 0A GET / HTTP/1.1..
0010: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 User-Agent: Java
0020: 2F 31 2E 38 2E 30 5F 31 36 31 0D 0A 48 6F 73 74 /1.8.0_161..Host
0030: 3A 20 6C 6F 63 61 6C 68 6F 73 74 3A 38 34 34 33 : localhost:8443
0040: 0D 0A 41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 ..Accept: text/h
0050: 74 6D 6C 2C 20 69 6D 61 67 65 2F 67 69 66 2C 20 tml, image/gif,
0060: 69 6D 61 67 65 2F 6A 70 65 67 2C 20 2A 3B 20 71 image/jpeg, *; q
0070: 3D 2E 32 2C 20 2A 2F 2A 3B 20 71 3D 2E 32 0D 0A =.2, */*; q=.2..
0080: 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 Connection: keep
0090: 2D 61 6C 69 76 65 0D 0A 0D 0A 1F DF A2 19 1D E1 -alive..........
00A0: 23 86 92 33 C1 11 02 95 1E 95 1F 6D E4 CB 01 01 #..3.......m....
main, WRITE: TLSv1 Application Data, length = 176
[Raw write]: length = 181
0000: 17 03 01 00 B0 0D 7D 68 DD 5B 28 FE 81 9F 15 25 .......h.[(....%
0010: D5 37 68 3D E1 77 7E 87 1D 24 32 9A F6 58 D4 B4 .7h=.w...$2..X..
0020: A9 95 38 70 31 7A 49 3F 20 B8 B2 85 9E 11 C0 1F ..8p1zI? .......
0030: 96 20 A5 B0 39 80 09 AA 87 DE 35 B4 D3 98 01 6C . ..9.....5....l
0040: 39 9A 3B 14 A0 CD E7 D4 B4 AA C7 8A C6 E1 AC DA 9.;.............
0050: 92 4A 49 D4 F7 E7 B6 4F 82 1B D2 F5 D8 B8 18 D3 .JI....O........
0060: 96 A5 EA A8 1C A3 30 04 C7 A4 EE 98 0F A2 6F E8 ......0.......o.
0070: DC AF F7 E5 9A 6E 0A 8B BD E4 06 AD 65 FC 8D 2E .....n......e...
0080: F2 D3 E5 C0 3F F1 C0 83 F0 07 09 58 34 7D F9 D9 ....?......X4...
0090: E7 AB EF 2F D0 E0 86 43 A2 DF FD 0D 1F A6 39 09 .../...C......9.
00A0: BB FD 5C 5D 65 D6 25 C1 AE F8 B4 9F 5C 8D D6 EA ..\]e.%.....\...
00B0: 63 1A 40 1B B8 c.@..
[Raw read]: length = 5
0000: 17 03 01 01 40 ....@
[Raw read]: length = 320
0000: B0 AA 6A 6E F6 37 D3 C6 66 BB 17 A7 27 F3 3C 74 ..jn.7..f...'.<t
0010: 6A DF 16 C5 9E F8 34 BB B6 8E FA FE 6E 52 F4 39 j.....4.....nR.9
0020: 5B 88 5F 0A 91 76 C7 8B 62 E2 65 B7 EF 28 B6 8E [._..v..b.e..(..
0030: FC 43 83 9E C8 A5 89 31 19 E0 E8 AE C3 EA C4 D8 .C.....1........
0040: 7A 54 68 62 88 35 D5 FB 4B 85 38 03 EC A1 DC 69 zThb.5..K.8....i
0050: 88 1C F8 E6 82 AC CD A3 E6 A9 7C 45 E4 12 47 FD ...........E..G.
0060: 45 FA 66 D2 F0 D5 FE E2 7E 1C AF B4 35 C3 1C 77 E.f.........5..w
0070: C1 96 59 27 2D 98 8D AC 29 9F D4 8B 65 B3 4C 1B ..Y'-...)...e.L.
0080: 34 B0 ED E6 DC 6B 73 A7 30 1A A6 A2 65 69 12 DA 4....ks.0...ei..
0090: FE B7 68 A4 E8 13 70 5C 5D 9E 8D 01 CA 68 DD 5F ..h...p\]....h._
00A0: 57 DD 1D 46 40 9A CE B9 39 F4 EA C0 D5 B6 FC 6D W..F@...9......m
00B0: 22 04 95 F7 7A 68 FA 84 0B B8 CE F1 B5 3B 09 6F "...zh.......;.o
00C0: A8 DF 7C C7 0B A7 D7 68 17 EF F3 57 5D 01 D5 54 .......h...W]..T
00D0: D1 05 8E 69 AA 68 CB 75 9F A7 45 2E 7B 0B 9A 5A ...i.h.u..E....Z
00E0: DB 64 29 BA 4C A9 9A 75 A2 56 53 6A D6 1F 63 27 .d).L..u.VSj..c'
00F0: A6 EA 03 AD 52 87 1D F4 8A D1 79 2F F0 96 8E 8C ....R.....y/....
0100: A4 83 A1 32 77 5B A4 A0 27 28 2A BB 07 26 5C FF ...2w[..'(*..&\.
0110: 5D 34 D8 F4 62 6F 4E CE 26 A5 A2 DE F3 89 06 A3 ]4..boN.&.......
0120: 71 85 71 41 23 D3 65 B8 8A 0B 5B DC 1E 24 C4 6C q.qA#.e...[..$.l
0130: 2B B7 AC 18 91 87 62 E0 C0 A9 F5 3F 66 D5 4B E9 +.....b....?f.K.
main, READ: TLSv1 Application Data, length = 320
Padded plaintext after DECRYPTION: len = 320
0000: 48 54 54 50 2F 31 2E 31 20 32 30 30 20 0D 0A 53 HTTP/1.1 200 ..S
0010: 65 74 2D 43 6F 6F 6B 69 65 3A 20 4A 53 45 53 53 et-Cookie: JSESS
0020: 49 4F 4E 49 44 3D 35 38 35 38 35 45 35 44 44 42 IONID=58585E5DDB
0030: 32 46 41 43 39 33 44 37 30 43 30 31 32 43 34 33 2FAC93D70C012C43
0040: 35 30 39 36 36 41 3B 20 50 61 74 68 3D 2F 3B 20 50966A; Path=/;
0050: 53 65 63 75 72 65 3B 20 48 74 74 70 4F 6E 6C 79 Secure; HttpOnly
0060: 0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 ..Content-Type:
0070: 74 65 78 74 2F 68 74 6D 6C 3B 63 68 61 72 73 65 text/html;charse
0080: 74 3D 55 54 46 2D 38 0D 0A 43 6F 6E 74 65 6E 74 t=UTF-8..Content
0090: 2D 4C 65 6E 67 74 68 3A 20 39 30 0D 0A 44 61 74 -Length: 90..Dat
00A0: 65 3A 20 53 75 6E 2C 20 30 37 20 4F 63 74 20 32 e: Sun, 07 Oct 2
00B0: 30 31 38 20 31 34 3A 35 33 3A 35 38 20 47 4D 54 018 14:53:58 GMT
00C0: 0D 0A 0D 0A 0A 0A 3C 68 74 6D 6C 3E 0A 20 20 3C ......<html>. <
00D0: 68 65 61 64 3E 0A 20 20 20 20 3C 74 69 74 6C 65 head>. <title
00E0: 3E 24 54 69 74 6C 65 24 3C 2F 74 69 74 6C 65 3E >$Title$</title>
00F0: 0A 20 20 3C 2F 68 65 61 64 3E 0A 20 20 3C 62 6F . </head>. <bo
0100: 64 79 3E 0A 20 20 24 45 4E 44 24 0A 20 20 3C 2F dy>. $END$. </
0110: 62 6F 64 79 3E 0A 3C 2F 68 74 6D 6C 3E 0A BE 57 body>.</html>..W
0120: 3B 52 9A FF 6D BC FF 62 7F 2E E1 D3 09 6E 28 6E ;R..m..b.....n(n
0130: 1D 5A 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D .Z..............
服務器返回:
<html>
<head>
<title>$Title$</title>
</head>
<body>
$END$
</body>
</html>
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT: warning, description = close_notify
Padded plaintext before ENCRYPTION: len = 32
0000: 01 00 CD B8 E3 0A D9 66 F4 9C 87 B8 66 33 CD C2 .......f....f3..
0010: E3 35 56 B3 29 7E 09 09 09 09 09 09 09 09 09 09 .5V.)...........
main, WRITE: TLSv1 Alert, length = 32
[Raw write]: length = 37
0000: 15 03 01 00 20 CC D0 CF 38 5B EF CF A9 F3 BB 94 .... ...8[......
0010: 0D BA 81 EC 25 83 7A 70 83 EE C7 4E CE 46 89 6A ....%.zp...N.F.j
0020: 3E 10 46 0C FD >.F..
main, called closeSocket(true)
Process finished with exit code 0
流程概述
什麼意思?
[Raw write]和[Raw read],咱們和tomcat服務器之間創建socket鏈接以後,Raw write是咱們寫給服務器的字節內容,Raw read是服務器返回給咱們的字節內容。
https報文格式:消息類型(第1字節),版本號(第2—3字節),消息體長度(第4—5字節),消息體(消息體長度個字節)
(1)client_hello
客戶端發起請求,以明文傳輸請求信息,包含版本信息,加密套件候選列表,壓縮算法候選列表,隨機數,擴展字段等信息,相關信息以下:
- 支持的最高TSL協議版本version,從低到高依次 SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2,當前基本再也不使用低於 TLSv1 的版本;
- 客戶端支持的加密套件 cipher suites 列表, 每一個加密套件對應前面 TLS 原理中的四個功能的組合:認證算法 Au (身份驗證)、密鑰交換算法 KeyExchange(密鑰協商)、對稱加密算法 Enc (信息加密)和信息摘要 Mac(完整性校驗);
- 支持的壓縮算法 compression methods 列表,用於後續的信息壓縮傳輸;
- 隨機數 random_C,用於後續的密鑰的生成;
- 擴展字段 extensions,支持協議與算法的相關參數以及其它輔助信息等,常見的 SNI 就屬於擴展字段,後續單獨討論該字段做用。
(2).server_hello+server_certificate+sever_hello_done
- server_hello, 服務端返回協商的信息結果,包括選擇使用的協議版本 version,選擇的加密套件 cipher suite,選擇的壓縮算法 compression method、隨機數 random_S 等,其中隨機數用於後續的密鑰協商;
- server_certificates, 服務器端配置對應的證書鏈,用於身份驗證與密鑰交換;
- server_hello_done,通知客戶端 server_hello 信息發送結束;
(3).證書校驗
- [證書鏈]的可信性 trusted certificate path,方法如前文所述;
- 證書是否吊銷 revocation,有兩類方式離線 CRL 與在線 OCSP,不一樣的客戶端行爲會不一樣;
- 有效期 expiry date,證書是否在有效時間範圍;
- 域名 domain,覈查證書域名是否與當前的訪問域名匹配,匹配規則後續分析;
(4).client_key_exchange+change_cipher_spec+encrypted_handshake_message
- client_key_exchange,合法性驗證經過以後,客戶端計算產生隨機數字 Pre-master,並用證書公鑰加密,發送給服務器;
- 此時客戶端已經獲取所有的計算協商密鑰須要的信息:兩個明文隨機數 random_C 和 random_S 與本身計算產生的 Pre-master,計算獲得協商密鑰;
enc_key=Fuc(random_C, random_S, Pre-Master) - change_cipher_spec,客戶端通知服務器後續的通訊都採用協商的通訊密鑰和加密算法進行加密通訊;
- encrypted_handshake_message,結合以前全部通訊參數的 hash 值與其它相關信息生成一段數據,採用協商密鑰 session secret 與算法進行加密,而後發送給服務器用於數據與握手驗證;(finished,校驗摘要信息?)
(5).change_cipher_spec+encrypted_handshake_message
- 服務器用私鑰解密加密的 Pre-master 數據,基於以前交換的兩個明文隨機數 random_C 和 random_S,計算獲得協商密鑰:enc_key=Fuc(random_C, random_S, Pre-Master);
- 計算以前全部接收信息的 hash 值,而後解密客戶端發送的 encrypted_handshake_message,驗證數據和密鑰正確性;
- change_cipher_spec, 驗證經過以後,服務器一樣發送 change_cipher_spec 以告知客戶端後續的通訊都採用協商的密鑰與算法進行加密通訊;
- encrypted_handshake_message, 服務器也結合全部當前的通訊參數信息生成一段數據並採用協商密鑰 session secret 與算法加密併發送到客戶端;(finished,校驗摘要信息?)
(6).握手結束
客戶端計算全部接收信息的 hash 值,並採用協商密鑰解密 encrypted_handshake_message,驗證服務器發送的數據和密鑰,驗證經過則握手完成;
(7).加密通訊
開始使用協商密鑰與算法進行加密通訊。
這是以前研究的流程,也放在這裏好了。
1,瀏覽器將本身支持的一套加密規則發送給服務器端,如RSA加密算法,DES對稱加密算法,SHA1摘要算法。
2,服務器從中選出一組加密算法與HASH算法,並將證書發給瀏覽器。證書內容包括了網站地址,加密公鑰等等。在握手的整個過程當中,都用到了證書中的公鑰和瀏覽器發送給服務器的隨機密碼以及加密算法。(證書的內容解析打印出來是一長串字節,數字與字母的組合。客戶端發送過來的隨機數解析打印出來也是一長串字節,數字與字母的組合)
3,客戶端拿到證書之後。
- 驗證證書的合法性(頒發證書的機構是否合法,證書中包含的網站地址是否與正在訪問的地址一致等),若是證書受信任,則瀏覽器欄裏面會顯示一個小鎖頭,不然會給出證書不受信的提示。
- 若是證書受信任,或者是用戶接受了不受信的證書,瀏覽器會生成一串隨機數的密碼,並用證書中提供的公鑰加密。
- 使用約定好的HASH算法計算握手消息(如SHA1),並使用生成的隨機數對消息進行加密,最後將以前生成的被公鑰加密的隨機數密碼,HASH摘要值一塊兒發送給服務器。
4,服務器收到客戶端發來的數據之後。
- 使用本身的私鑰將信息解密並取出瀏覽器發送給服務器的隨機密碼,使用密碼解密瀏覽器發來的握手消息,並驗證HASH是否與瀏覽器發來的一致。
-
使用隨機密碼加密一段握手消息,發送給瀏覽器。
5,瀏覽器解密並計算握手消息的HASH,若是與服務端發來的HASH一致,此時握手過程結束,以後全部的通訊數據將由以前瀏覽器生成的隨機密碼並利用對稱加密算法進行加密。
服務端啓用
以Tomcat爲例,須要三步:建立keystore文件(保存了私鑰和公鑰);配置Tomcat SSL鏈接器;建立客戶端須要使用的電子證書。
獲去證書須要走如下幾步:
服務端人員須要使用keystore生成一個Certificate Signing Requst(csr文件)。 服務端人員把CSR文件發送給一個合法的CA機構,而後由CA機構生成一個證書。 服務端人員把證書下下來,而後部署到服務器中。 SSL基於信任鏈來驗證站點證書的合法性,因此,你還要有一個CA的根證書,這個證書也須要從CA下載。把從CA下載的根證書和你經過CSR文件獲取的證書一塊兒導入你的keystore。
客戶端訪問
客戶端往服務端發送加密數據,首先得須要得到公鑰,這個公鑰在保存在CA提供的證書中,因此客戶端首先得下載一個證書文件(通常是用戶代理自動下載)。
客戶端使用證書時,SSL會發送一個請求到證書中所指定的CA再次確認你的證書確實是從CA獲取的,而不是本身建立的。客戶端還能夠驗證服務端是否確實是本身調用的服務端。這兩步構成了Peer Authentication。
服務端任務
1,獲取客戶端發送的支持的加密算法,包括hash算法。
2,發送證書給客戶端,(就是用流寫字節)
3,獲取客戶端經過公鑰加密後的隨機數,(就是流讀字節)
4,私鑰解密公鑰加密後的隨機數,獲得解密後的隨機密碼。
5,獲取客戶端加密消息,(仍是流讀取字節)
6,用私鑰對消息解密(帶隨機數)
7,解密出來數據後,採用約定的hash算法計算其hash值。
8,獲取客戶端發送過來的hash值,比較計算出來的hash值,是否一致。以判斷信息是否完整,是否被篡改。
9,若是第一次校驗客戶端發送過來的消息和摘要一致,服務器就開始向客戶端發送消息和摘要。
10,根據指定的算法和以前客戶端發送過來的隨機密碼(已解密的),生成密鑰。
11,用生成的密鑰加密發送給客戶端的數據,發送給客戶端;用hash算法計算要發送給客戶端的數據的hash值,發送給客戶端,
客戶端任務
1,客戶端發送本身支持的hash算法
2,客戶端驗證服務器端證書是否合法
3,從證書裏面獲取公鑰
4,生成隨機密碼,公鑰加密隨機密碼,發送給服務器。
5,使用公鑰和隨機密碼加密發送到服務器的數據,發送給服務器。
5,使用hash算法計算髮送到服務器的數據的hash值,發送給服務器。
6,接收服務器的數據。
7,公鑰,隨機密碼解密數據。
8,接收服務器的摘要信息。根據約定的hash算法,計算接收的數據的hash值,對比是否一致。
證書
沒有通過認證的證書是不被瀏覽器信任的,因此當訪問的時候回提示不安全的網站,須要點擊信任以後才能繼續訪問。
而通過認證的證書會提示安全,以下
證書格式
證書格式(是一種標準):
x509 這種證書只有公鑰,不包含私鑰。
pcks#7 這種主要是用於簽名或者加密。
pcks#12 這種含有私鑰,同時也含有公鑰,可是有口令保護。
編碼方式:
.pem 後綴的證書都是base64編碼
.der 後綴的證書都是二進制格式
證書:
.csr 後綴的文件是用於向ca申請簽名的請求文件
.crt .cer 後綴的文件都是證書文件(編碼方式不必定,有多是.pem,也有多是.der)
私鑰:
.key 後綴的文件是私鑰文件
包含證書和私鑰:
.keystore .jks .truststore 後綴的文件,是java搞的,java能夠用這個格式。這個文件中包含證書和私鑰,可是獲取私鑰須要密碼才能夠,這是一個證書庫,裏面能夠保存多個證書和密鑰,經過別名能夠獲取到。
.pfx 主要用於windows平臺,瀏覽器可使用,也是包含證書和私鑰,獲取私鑰須要密碼才能夠。
JKS和PKCS12都是比較經常使用的兩種密鑰庫格式/標準。JKS文件(一般爲.jks或.keystore,擴展名無關)能夠經過Java原生工具——KeyTool生成;然後者PKCS#12文件(一般爲.p12或.pfx,意味我的信息交換文件),則是經過更爲經常使用的OpenSSL工具產生。
pfx轉keystore
keytool -importkeystore -v -srckeystore jiaohangtest.pfx -srcstoretype pkcs12 -srcstorepass 111111 -destkeystore jiaohangtest.keystore -deststoretype jks -deststorepass 111111
-importkeystore導入密鑰庫,經過格式設定,咱們能夠將PKCS#12文件轉換爲JKS格式。
-v顯示詳情
-srckeystore源密鑰庫,這裏是jiaohangtest.pfx
-srcstoretype源密鑰庫格式,這裏爲pkcs12
-srcstorepass源密鑰庫密碼,這裏爲111111
-destkeystore目標密鑰庫,這裏爲jiaohangtest.keystore
-deststoretype目標密鑰庫格式,這裏爲jks,默認值也如此
-deststorepass目標密鑰庫密碼,這裏爲111111
經過這個操做,咱們可以得到所需的密鑰庫文件zlex.keystore。
keytool -list -keystore jiaohangtest.keystore -storepass 111111 -v
-list列舉密鑰庫
-keystore密鑰庫,這裏是jiaohangtest.keystore
-storepass密鑰庫密碼,這裏是111111
-v顯示詳情
導出證書
keytool -exportcert -alias {3ff077c0-db58-4a2c-90d7-010189f6cefb} -keystore jiaohangtest.keystore -file jiaohangtest.crt -storepass 111111
-exportcert導出證書
-alias別名,這裏是 {3ff077c0-db58-4a2c-90d7-010189f6cefb}
-keystore密鑰庫,這裏是jiaohangtest.keystore
-file證書文件,這裏是jiaohangtest.crt
-storepass密鑰庫密碼,這裏是111111
讀取.pfx
package com.lgx.https;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class ReadPFX {
public static void main(String[] args) throws Exception {
String strPfx = "F:\\temp\\jiaohangtest.pfx";
String strPassword = "111111";
KeyStore ks = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream(strPfx);
char[] nPassword = null;
if ((strPassword == null) || strPassword.trim().equals("")) {
nPassword = null;
} else {
nPassword = strPassword.toCharArray();
}
ks.load(fis, nPassword);
fis.close();
System.out.println("keystore type !!!! " + ks.getType());
Enumeration enumas = ks.aliases();
String keyAlias = null;
if (enumas.hasMoreElements()) {
keyAlias = (String) enumas.nextElement();
System.out.println("alias !!!! [" + keyAlias + "]");
}
System.out.println("is key entry !!!! " + ks.isKeyEntry(keyAlias));
Certificate cert = ks.getCertificate(keyAlias);
PublicKey pubkey = cert.getPublicKey();
System.out.println("cert class !!!! " + cert.getClass().getName());
System.out.println("cert !!!! " + cert);
System.out.println("public key !!!! " + pubkey);
PrivateKey prikey = (PrivateKey) ks.getKey(keyAlias, nPassword);
System.out.println("private key !!!! " + prikey);
}
}
輸出以下
keystore type !!!! PKCS12
alias !!!! [{3ff077c0-db58-4a2c-90d7-010189f6cefb}]
is key entry !!!! true
cert class !!!! sun.security.x509.X509CertImpl
cert !!!! [
[
Version: V3
Subject: CN=051@jiaohangtest2@Z12345678901@1, OU=Organizational-1, OU=Local RA, O=CFCA RSA OCA31, C=CN
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 27219026236566349676278543447695375821537131764213764580895621448617632840463012733407589298240130544810940254833865001134586287635536508023253272393470122815872601665690698359526947386480037704033149894017185905489409977845275027358025763252225165118227829757171401188153059476140198069888463051402042743179549693774973935701815888962610002471386320725949095454554681593598103249492940889302817758252011976833716892709723630945029012490500023246857692037901903024896848360887897268368940501163760211857657590438271663560769836982531695807471679797574531184632714885375902799523799220838320847415989537425934837932621
public exponent: 65537
Validity: [From: Thu Aug 23 14:49:12 CST 2018,
To: Mon Aug 23 14:49:12 CST 2021]
Issuer: CN=CFCA ACS TEST OCA31, O=China Financial Certification Authority, C=CN
SerialNumber: [ 40039449 98]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsptest.cfca.com.cn:80/ocsp
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 9A 3D B4 AE 65 58 FB CE 5A 05 78 26 A0 6D 2B 04 .=..eX..Z.x&.m+.
0010: 86 BA C6 EC ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://210.74.42.3/OCA31/RSA/crl39.crl]
]]
[5]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
emailProtection
]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
]
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DE 86 85 A3 55 12 26 89 43 D5 14 77 A7 B9 06 8F ....U.&.C..w....
0010: EA D4 CE B9 ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 8A 51 60 08 9A 33 EB 05 1F 74 1A 72 8D 4D 66 83 .Q`..3...t.r.Mf.
0010: A4 34 97 C6 FD 2A 14 AD 86 B6 A1 B5 80 C8 16 E8 .4...*..........
0020: 3B 56 18 36 D0 26 2F C6 FE AF F2 06 34 DC AC 64 ;V.6.&/.....4..d
0030: 29 5C 75 29 4F F7 76 49 54 E3 36 31 43 58 4D 1A )\u)O.vIT.61CXM.
0040: 73 7D 6B 8E 74 C3 DC 57 AD A7 64 2E 70 D0 5C 7A s.k.t..W..d.p.\z
0050: 37 61 81 97 83 26 55 D2 40 44 75 60 D4 76 1A 18 7a...&U.@Du`.v..
0060: EA 14 DF D7 1D 98 CB 6F 08 C6 C7 3A 0E 26 F9 ED .......o...:.&..
0070: 7B 9D A1 C6 FA 90 15 8C 8F C8 06 52 F6 1A 54 F6 ...........R..T.
0080: 3C 60 BC 3A 2E DE 7E 2E A8 16 0E AD 08 66 9C FF <`.:.........f..
0090: 0F C5 F7 EF ED 4A 40 67 DC 0F 1E 01 EA 02 7B 06 .....J@g........
00A0: E8 C5 1C 15 E9 07 47 C8 DE 55 3B 17 4B 58 87 EF ......G..U;.KX..
00B0: 41 BD 70 26 F5 4E 46 4C 2C 26 CC 0D DA F5 E7 4E A.p&.NFL,&.....N
00C0: 72 85 7B 68 AA 6D FC DA B6 08 5E ED 26 8B 44 7A r..h.m....^.&.Dz
00D0: 5A BB 2F 69 7B 64 60 67 06 16 75 DB D1 0D 3D 54 Z./i.d`g..u...=T
00E0: 0E 05 82 38 CD EC 09 46 75 BD A5 4A 03 14 27 2A ...8...Fu..J..'*
00F0: D2 78 F7 DB 10 4A 0B 71 74 B7 6F 67 6C 9E 1A 5B .x...J.qt.ogl..[
]
public key !!!! Sun RSA public key, 2048 bits
modulus: 27219026236566349676278543447695375821537131764213764580895621448617632840463012733407589298240130544810940254833865001134586287635536508023253272393470122815872601665690698359526947386480037704033149894017185905489409977845275027358025763252225165118227829757171401188153059476140198069888463051402042743179549693774973935701815888962610002471386320725949095454554681593598103249492940889302817758252011976833716892709723630945029012490500023246857692037901903024896848360887897268368940501163760211857657590438271663560769836982531695807471679797574531184632714885375902799523799220838320847415989537425934837932621
public exponent: 65537
private key !!!! sun.security.rsa.RSAPrivateCrtKeyImpl@ffa5f146
加密:公鑰放在客戶端,並使用公鑰對數據進行加密,服務端拿到數據後用私鑰進行解密;
加簽:私鑰放在客戶端,並使用私鑰對數據進行加簽,服務端拿到數據後用公鑰進行驗籤。
前者徹底爲了加密;後者主要是爲了防惡意***,防止別人模擬咱們的客戶端對咱們的服務器進行***,致使服務器癱瘓。
不論是客戶端仍是服務端,都要存如下兩樣keystore。
KeyStore:保存本身的公鑰和私鑰。
Trust KeyStore:保存對方的公鑰證書。
單向認證
是客戶端信任服務端,
服務器端的KeyStore存儲本身的公鑰和私鑰,客戶端的Trust KeyStore要導入服務器端的公鑰證書。
雙向認證
是客戶端既要信任服務端並且服務端也要信任客戶端。
服務器端的KeyStore存儲本身的公鑰和私鑰,客戶端的Trust KeyStore要導入服務器端的公鑰證書。
客戶端的KeyStore存儲本身的公鑰和私鑰,服務器端的Trust KeyStore要導入客戶端的公鑰證書。
加密/解密
對稱加密算法
就是加密和解密都是用同一個祕鑰,這種方式優勢就是速度快,缺點就是在管理和分配祕鑰的時候不安全。
DES
(Data Encryption Standard):數據加密標準,速度較快,適用於加密大量數據的場合。
3DES
(Triple DES):是基於DES,對一塊數據用三個不一樣的密鑰進行三次加密,強度更高。
AES
(Advanced Encryption Standard):高級加密標準,是下一代的加密算法標準,速度快,安全級別高;
非對稱加密算法
非對稱加密有一個祕鑰對,叫作公鑰和私鑰,私鑰本身持有,公鑰能夠公開的發送給使用的人。使用公鑰進行加密的信息,只有和其配對的私鑰能夠解開。使用私鑰鑰進行加密的信息,只有和其配對的公鑰能夠解開。由於加密和解密使用的是兩個不一樣的密鑰,因此這種算法叫做非對稱加密算法。
RSA算法
由 RSA 公司發明,是一個支持變長密鑰的公共密鑰算法,須要加密的文件塊的長度也是可變的; RSA是第一個也是目前惟一一個既能用於密鑰交換又能用於數字簽名的算法。
DSA
(Digital Signature Algorithm):數字簽名算法,是一種標準的 DSS(數字簽名標準);
ECC
(Elliptic Curves Cryptography):橢圓曲線密碼編碼學。
綜合
通常都是對稱加密和非對稱加密結合使用,使用非對稱加密完成祕鑰的傳遞,而後使用對稱祕鑰進行數據加密和解密。 好比RSA非對稱加密,對加密的內容有長度限制,長度過長就不行。
加簽/驗籤
哈希算法
抗篡改能力,一般用於文件校驗,數字簽名,鑑權協議。
加密過程不須要密鑰,而且通過加密的數據沒法被解密,只有輸入相同的明文數據通過相同的消息摘要算法才能獲得相同的密文。接收者經過對收到消息的新產生的摘要與原摘要比較,就可知道消息是否被改變了。
只要輸入的消息不一樣,對其進行摘要之後產生的摘要消息也必不相同;但相同的輸入必會產生相同的輸出。並且只能進行正向的信息摘要,而沒法從摘要中恢復出任何的消息,甚至根本就找不到任何與原信息相關的信息。
MD4
(RFC 1320)是 MIT 的 Ronald L. Rivest 在 1990 年設計的,MD 是 Message Digest 的縮寫。其輸出爲 128 位。MD4 已證實不夠安全。
MD5
(RFC 1321)是 Rivest 於1991年對 MD4 的改進版本。它對輸入仍以 512 位分組,其輸出是 128 位。MD5 比 MD4 複雜,而且計算速度要慢一點,更安全一些。MD5 已被證實不具有」強抗碰撞性」。
SHA
(Secure Hash Algorithm)是一個 Hash 函數族,由 NIST(National Institute of Standards and Technology)於 1993 年發佈第一個算法。目前知名的 SHA-1 在 1995 年面世,它的輸出爲長度 160 位的 hash 值,所以抗窮舉性更好。SHA-1 設計時基於和 MD4 相同原理,而且模仿了該算法。SHA-1 已被證實不具」強抗碰撞性」。
爲了提升安全性,NIST 還設計出了 SHA-22四、SHA-25六、SHA-384,和 SHA-512 算法(統稱爲 SHA-2),跟 SHA-1 算法原理相似。SHA-3 相關算法也已被提出。
Java實現https
證書信任
Java安全套接擴展 (Java Secure Socket Extension, JSSE)是實現Internet安全通訊的一系列包的集合。它是一個SSL和TLS的純Java實現。
TrustManager接口
JSSE中,有一個信任管理器類負責決定是否信任遠端的證書;通常的,僅會有一個支持基於X.509(數字證書標準)公鑰認證的TrustManager。
-
若是系統屬性javax.net.sll.trustStore指定了TrustStore文件(客戶端的TrustStore文件中保存着被客戶端所信任的服務器的證書信息),那麼信任管理器就去jre安裝路徑下的lib/security/目錄中尋找並使用這個文件來檢查證書。
-
若是該系統屬性沒有指定TrustStore文件,它就會去jre安裝路徑下尋找默認的TrustStore文件,這個文件的相對路徑爲:lib/security/jssecacerts。
- 若是 jssecacerts不存在,可是cacerts存在(它隨J2SDK一塊兒發行,含有數量有限的可信任的基本證書),那麼這個默認的TrustStore文件就是cacerts。
直接使用類HttpsURLConnection訪問Web頁面,若是站點的安全證書不被JSSE所信任,訪問就報錯,若是站點的證書被JSEE內置信任就訪問OK。
對於不被JSSE所默認信任的,一種解決方法是把站點的證書放到證書庫文件jssecacerts中, 或者把證書存放到任一TrustStore文件中,而後設置系統屬性javax.net.sll.trustStore指向該文件。另外一種解決方法則是本身實現信任管理器類,讓它信任咱們指定的證書。
1,將證書導入到TrustStore文件中
Java提供了命令行工具keytool用於建立證書或者把證書從其它文件中導入到Java本身的TrustStore文件中。
取得源證書文件,把這個文件複製到jre安裝路徑下的lib/security/目錄中。這樣,只需在程序中設置系統屬性javax.net.sll.trustStore指向文件dest_cer_store,就能使JSSE信任該證書,從而使程序能夠訪問使用未經驗證的證書的HTTPS站點。
使用這種方法,編程很是簡單,但須要手工導出服務器的證書。當服務器證書常常變化時,就須要常常進行手工導出證書的操做。
2,X509證書信任管理器類的實現及應用
進行SSL的驗證或者過濾以後纔可以訪問。
package com.lgx.http;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
/**
在JSSE中,證書信任管理器類就是實現了接口X509TrustManager的類。
咱們能夠本身實現該接口,讓它信任咱們指定的證書。
當方法爲空是默認爲全部的連接都爲安全,也就是全部的連接都可以訪問到。
接口X509TrustManager有下述三個公有的方法須要咱們實現:
**/
public class MyX509TrustManager implements X509TrustManager {
/*
該方法檢查客戶端的證書,若不信任該證書則拋出異常。
因爲咱們不須要對客戶端進行認證,所以咱們只須要執行默認的信任管理器的這個方法。
JSSE中,默認的信任管理器類爲TrustManager。
*/
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
/*
該方法檢查服務器的證書,若不信任該證書一樣拋出異常。
經過本身實現該方法,可使之信任咱們指定的任何證書。
能夠不作任何處理,即一個空的函數體,因爲不會拋出異常,它就會信任任何證書。
*/
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
/*
返回受信任的X509證書數組。
*/
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}
}
package com.lgx.http;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
public class Https {
/*
* 處理https GET/POST請求 請求地址、請求方法、參數
*/
public static String httpsRequest(String requestUrl, String requestMethod,
String outputStr) {
StringBuffer buffer = null;
try {
// 1,建立SSLContext,並使用咱們指定的信任管理器初始化
SSLContext sslContext = SSLContext.getInstance("SSL");
TrustManager[] tm = { new MyX509TrustManager() };
sslContext.init(null, tm, new java.security.SecureRandom());
// 2,獲取SSLSocketFactory對象
SSLSocketFactory ssf = sslContext.getSocketFactory();
// 建立HttpsURLConnection對象,並設置其SSLSocketFactory對象
URL url = new URL(requestUrl);
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
//屬性設置
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setUseCaches(false);
conn.setRequestMethod(requestMethod);
// 設置當前實例使用的SSLSoctetFactory,12只和這一步有關。
conn.setSSLSocketFactory(ssf);
//鏈接
conn.connect();
// 往服務器端寫內容
if (null != outputStr) {
OutputStream os = conn.getOutputStream();
os.write(outputStr.getBytes("utf-8"));
os.close();
}
// 讀取服務器端返回的內容
InputStream is = conn.getInputStream();
InputStreamReader isr = new InputStreamReader(is, "utf-8");
BufferedReader br = new BufferedReader(isr);
buffer = new StringBuffer();
String line = null;
while ((line = br.readLine()) != null) {
buffer.append(line);
}
} catch (Exception e) {
e.printStackTrace();
}
return buffer.toString();
}
public static void main(String[] args) {
String s = httpsRequest("https://www.baidu.com/", "POST", null);
//不是https,用http,程序就會報錯。
//String s = httpsRequest("http://www.baidu.com/", "POST", null);
System.out.println(s);
}
}
KeyManager接口
決定將哪個認證證書發送給對端服務器,單向認證,就會傳一個null,
完整代碼實現
讀pfx取東西
package com.lgx.https;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
public class ReadKeystore {
public String keyStorePath = "././resource/jiaohangtest.keystore";
public String certificatePath = "././resource/jiaohangtest.crt";
public String alias = "{3ff077c0-db58-4a2c-90d7-010189f6cefb}";
public String keyStorePassword = "111111";
public String aliasPassword = "111111";
public String trustCertificatePath = "././resource/wanglian-rsa.cer";
// 得到KeyStore
public KeyStore keyStoreFromKeystore() {
FileInputStream is;
KeyStore keyStore = null;
try {
is = new FileInputStream(keyStorePath);
keyStore = KeyStore.getInstance("JKS");
keyStore.load(is, keyStorePassword.toCharArray());
is.close();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return keyStore;
}
// 取證書
public Certificate certificateFormKeystore() {
KeyStore keyStore = keyStoreFromKeystore();
Certificate certificate = null;
try {
certificate = keyStore.getCertificate(alias);
} catch (KeyStoreException e) {
e.printStackTrace();
}
return certificate;
}
// 得到私鑰
public PrivateKey privateKeyFormKeystore() {
KeyStore keyStore = keyStoreFromKeystore();
PrivateKey prikey = null;
try {
prikey = (PrivateKey) keyStore.getKey(alias, aliasPassword
.toCharArray());
} catch (Exception e) {
e.printStackTrace();
}
return prikey;
}
// 讀取公鑰
public PublicKey publicKeyFormKeystore() {
Certificate certificate = certificateFormKeystore();
PublicKey pubkey = null;
try {
pubkey = certificate.getPublicKey();
} catch (Exception e) {
e.printStackTrace();
}
return pubkey;
}
// 由證書路徑得到Certificate
public Certificate getCertificate(String certificatePath) {
CertificateFactory certificateFactory;
Certificate certificate = null;
try {
certificateFactory = CertificateFactory.getInstance("X.509");
FileInputStream in = new FileInputStream(certificatePath);
certificate = certificateFactory.generateCertificate(in);
in.close();
} catch (CertificateException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return certificate;
}
// 由證書路徑得公鑰
public PublicKey getPublicKey() {
Certificate certificate = getCertificate(certificatePath);
PublicKey pubkey = null;
try {
pubkey = certificate.getPublicKey();
} catch (Exception e) {
e.printStackTrace();
}
return pubkey;
}
}
讀keystore取東西
package com.lgx.https;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;
public class ReadPFX {
String pfxPath = "././resource/jiaohangtest.pfx";
String pfxPassword = "111111";
// 讀取KeyStore
public KeyStore keyStoreFromPFX() {
KeyStore keyStore = null;
try {
keyStore = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream(pfxPath);
char[] nPassword = null;
nPassword = pfxPassword.toCharArray();
// 加載keystore
keyStore.load(fis, nPassword);
fis.close();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return keyStore;
}
// 讀取別名
@SuppressWarnings("unchecked")
public String aliasFromPFX() {
KeyStore keyStore = keyStoreFromPFX();
Enumeration enumas;
String keyAlias = null;
try {
enumas = keyStore.aliases();
if (enumas.hasMoreElements()) {
keyAlias = (String) enumas.nextElement();
System.out.println("alias !!!! [" + keyAlias + "]");
}
System.out.println("is key entry !!!! "
+ keyStore.isKeyEntry(keyAlias));
} catch (KeyStoreException e) {
e.printStackTrace();
}
return keyAlias;
}
// 讀取證書
public Certificate certificateFromPFX() {
KeyStore keyStore = keyStoreFromPFX();
String keyAlias = aliasFromPFX();
Certificate cert = null;
try {
cert = keyStore.getCertificate(keyAlias);
System.out.println("cert class !!!! " + cert.getClass().getName());
System.out.println("cert !!!! " + cert);
} catch (KeyStoreException e) {
e.printStackTrace();
}
return cert;
}
// 讀取公鑰
public PublicKey publicKeyFromPFX() {
Certificate cert = certificateFromPFX();
PublicKey pubkey = cert.getPublicKey();
System.out.println("public key !!!! " + pubkey);
return pubkey;
}
// 讀取私鑰
public PrivateKey privateKeyFromPFX() {
KeyStore keyStore = keyStoreFromPFX();
String keyAlias = aliasFromPFX();
char[] nPassword = null;
nPassword = pfxPassword.toCharArray();
PrivateKey prikey = null;
try {
prikey = (PrivateKey) keyStore.getKey(keyAlias, nPassword);
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return prikey;
}
}
加簽,驗籤
package com.lgx.https;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
public class SignAndCheck {
// 本地簽名,本身證書的私鑰
public String SignatureData(String data) {
byte[] signByte = null;
ReadKeystore readKeystore = new ReadKeystore();
// 得到證書
X509Certificate x509Certificate = (X509Certificate) readKeystore
.certificateFormKeystore();
// 取得私鑰
PrivateKey privateKey = readKeystore.privateKeyFormKeystore();
// 構建簽名
Signature signature;
try {
signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initSign(privateKey);
signature.update(data.getBytes());
signByte = signature.sign();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
return Base64.encode(signByte);
}
// 服務器驗籤,本身證書的公鑰
public boolean CheckSignature(String data, String sign) {
boolean flag = true;
ReadKeystore readKeystore = new ReadKeystore();
// 得到證書
X509Certificate x509Certificate = (X509Certificate) readKeystore
.certificateFormKeystore();
// 得到公鑰
PublicKey publicKey = x509Certificate.getPublicKey();
// 構建簽名
Signature signature;
try {
signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initVerify(publicKey);
signature.update(data.getBytes());
flag = signature.verify(Base64.decode(sign.getBytes()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
} catch (Base64DecodingException e) {
e.printStackTrace();
}
return flag;
}
}
加密,解密
package com.lgx.https;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.Cipher;
import com.sun.org.apache.xml.internal.security.utils.Base64;
public class EncryAndDecry {
// 本地加密,服務器的公鑰
public String encryptDate(String data) throws Exception {
byte[] encryptByte = null;
ReadKeystore readKeystore = new ReadKeystore();
// 取得公鑰
PublicKey publicKey = readKeystore.publicKeyFormKeystore();
// 對數據加密
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
encryptByte = cipher.doFinal(data.getBytes());
return Base64.encode(encryptByte);
}
// 服務器解密,服務器的私鑰
public String decryptDate(String data) throws Exception {
byte[] decryptByte = null;
// 取得私鑰
ReadKeystore readKeystore = new ReadKeystore();
PrivateKey privateKey = readKeystore.privateKeyFormKeystore();
// 對數據解密
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
decryptByte = cipher.doFinal(data.getBytes());
return Base64.encode(decryptByte);
}
}
數據加密解密
package com.lgx.https;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.Cipher;
import com.sun.org.apache.xml.internal.security.utils.Base64;
public class EncryAndDecry {
// 本地加密,服務器的公鑰
public String encryptDate(String data) throws Exception {
byte[] encryptByte = null;
ReadKeystore readKeystore = new ReadKeystore();
// 取得公鑰
PublicKey publicKey = readKeystore.publicKeyFormKeystore();
// 對數據加密
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
encryptByte = cipher.doFinal(data.getBytes());
return Base64.encode(encryptByte);
}
// 服務器解密,服務器的私鑰
public String decryptDate(String data) throws Exception {
byte[] decryptByte = null;
// 取得私鑰
ReadKeystore readKeystore = new ReadKeystore();
PrivateKey privateKey = readKeystore.privateKeyFormKeystore();
// 對數據解密
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
decryptByte = cipher.doFinal(data.getBytes());
return Base64.encode(decryptByte);
}
}
校驗服務器證書
package com.lgx.https;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
public class MyX509TrustManager implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
// 默認信任全部的HTTPS站點證書
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
socket鏈接管道
package com.lgx.https;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
public class SSLUtil {
public String KEY_STORE_PASS = "111111";
private SSLContext sslContext;
public String sendPost(String url, String param) {
PrintWriter out = null;
BufferedReader in = null;
String result = "";
try {
// 鏈接
URL realUrl = new URL(url);
HttpURLConnection connection = (HttpURLConnection) realUrl
.openConnection();
// 套接socket
if (connection instanceof HttpsURLConnection) {
((HttpsURLConnection) connection).setSSLSocketFactory(getSSLContext().getSocketFactory());
}
// 設置通用的請求屬性
// 發送POST請求必須設置以下兩行
connection.setDoOutput(true);
connection.setDoInput(true);
// 設置接收數據的格式
connection.setRequestProperty("Accept", "*/*");
connection.setRequestProperty("OriI***Id", "C1030131001288");
connection.setRequestProperty("MsgTP", "uops.010.000.01");
// 設置維持長鏈接
connection.setRequestProperty("Connection", "Keep-Alive");
connection.setRequestProperty("Accept-Encoding", "gzip");
// 設置文件字符集:
connection.setRequestProperty("Charset", "UTF-8");
// 設置發送數據的格式
connection.setRequestProperty("Content-Type", "application/json");
// 設置不用緩存,注意設置請求方法爲post不能用緩存
connection.setUseCaches(false);
// 設置傳遞方式
connection.setRequestMethod("POST");
// 開始鏈接請求
connection.connect();
// 獲取URLConnection對象對應的輸出流
out = new PrintWriter(connection.getOutputStream());
// 發送請求參數
out.print(param);
// flush輸出流的緩衝
out.flush();
// 讀取URL的響應,返回的流。若是有錯誤,返回錯誤的信息
if (connection.getResponseCode() == 200) {
in = new BufferedReader(new InputStreamReader(connection
.getInputStream(), "UTF-8"));
} else {
in = new BufferedReader(new InputStreamReader(connection
.getErrorStream(), "UTF-8"));
}
// 轉字符串
String content = "";
while ((content = in.readLine()) != null) {
result += content;
}
} catch (Exception e) {
System.out.println("發送 POST 請求出現異常!" + e);
e.printStackTrace();
}
// 使用finally塊來關閉輸出流、輸入流
finally {
try {
if (out != null) {
out.close();
}
if (in != null) {
in.close();
}
} catch (IOException ex) {
ex.printStackTrace();
}
}
System.out.println(("getDataFromServer:" + result));
return result;
}
public SSLContext getSSLContext() throws Exception {
long time1 = System.currentTimeMillis();
if (sslContext == null) {
try {
// 服務器要驗證客戶端證書
KeyManagerFactory keyManagerFactory = KeyManagerFactory
.getInstance("SunX509");
ReadKeystore readKeystore = new ReadKeystore();
KeyStore keyStore = readKeystore.keyStoreFromKeystore();
keyManagerFactory.init(keyStore, KEY_STORE_PASS.toCharArray());
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
// 客戶端要驗證服務端證書
TrustManager[] trustManagers = { new MyX509TrustManager() };
// 初始化SSLContext實例
sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagers, trustManagers, new SecureRandom());
//繞過ip直連https,證書校驗
HttpsURLConnection
.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname,
SSLSession session) {
return true;
}
});
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
long time2 = System.currentTimeMillis();
System.out.println("SSLContext 初始化時間:" + (time2 - time1));
return sslContext;
}
}
測試
package com.lgx.https;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Random;
public class HttpsTest {
public static String url = "https://221.122.73.116:443/uopsSvr";
public static void main(String[] args) throws Exception {
SignAndCheck signAndCheck = new SignAndCheck();
EncryAndDecry encryAndDecry = new EncryAndDecry();
SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss");
String head = "'msgTp':'uops.010.000.01','msgSndTm':'"
+ sdf.format(new Date())
+ "','msgId':'"
+ sdf.format(new Date())
+ "00000000000000000000000000000000000000000000000001',"
+ "'i***Id':'G4000311000018','reI***Id':'C1030131001288','drctn':'02','signSN':'4000068829'";
String body = "'cntStep':'60','cntTm':'"
+ sdf.format(new Date())
+ "','tList':[{"
+ "'tType':'0201','instId':'z2004944000010','accType':'01','RPFlg':'1','tSumNo':'"
+ (new Random().nextInt(10000) + 10000)
+ "','tTime':'347.45','tTrxSR':'99.9567','tSy***':'99.8989'"
+ "},{'tType':'0202','instId':'z2004944000010','accType':'00','RPFlg':'0','tSumNo':'"
+ (new Random().nextInt(10000) + 10000)
+ "','tTime':'321.45','tTrxSR':'99.9664','tSy***':'99.2129'}]";
String data = "msgTp=uops.010.000.01&msgSndTm="
+ sdf.format(new Date())
+ "&msgId="
+ sdf.format(new Date())
+ "00000000000000000000000000000000000000000000000001"
+ "&i***Id=G4000311000018&reI***Id=C1030131001288&drctn=02&signSN=4000068829";
String encryptBody = encryAndDecry.encryptDate(body);
String signature = signAndCheck.SignatureData(data);
String param = "{'request':{'head':{" + head + "},'body':{"
+ encryptBody + "}},'signature':'" + signature + "'}";
SSLUtil sslUtil = new SSLUtil();
String result = sslUtil.sendPost(url, param);
System.out.println(result);
}
}
測試過程當中問題
通過代理服務器鏈接的https
package com.lgx.ssl;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
/*
* 通過代理服務器後,由代理服務器走HTTPS。
*/
public class ProxyHttps {
public static void main(String[] args) throws Throwable {
// HTTPS詳細過程
System.setProperty("javax.net.debug", "all");
String xmlServerURL = "https://www.baidu.com/";
URL urlXMLServer = new URL(xmlServerURL);
// 我本身的代理服務器
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("172.31.219.169", 808));
HttpURLConnection httpsURLConnection = (HttpURLConnection) urlXMLServer.openConnection(proxy);
httpsURLConnection.setRequestProperty("Content-Type", "text/xml; charset=utf-8");
httpsURLConnection.setDoInput(true);
httpsURLConnection.setDoOutput(true);
httpsURLConnection.setUseCaches(false);
httpsURLConnection.setRequestMethod("POST");
httpsURLConnection.connect();
PrintWriter out = new PrintWriter(httpsURLConnection.getOutputStream());
// 傳參數
out.print("777");
out.flush();
out.close();
BufferedReader in = new BufferedReader(new InputStreamReader(httpsURLConnection.getInputStream()));
String result = "";
String content = "";
while ((content = in.readLine()) != null) {
result += content;
}
String line;
String respXML = "";
while ((line = in.readLine()) != null) {
respXML += line;
}
in.close();
System.out.println(("getDataFromServer:" + result));
}
}
ip訪問https
因爲請求的HOST被替換成了IP,致使底層在進行證書的HOST校驗時失敗,最終請求失敗。
public static void main(String[] args) throws Exception{
SSLContext sslcontext = SSLContext.getInstance("SSL");
sslcontext.init(null, new TrustManager[]{new MyX509TrustManager()}, new java.security.SecureRandom());
URL url = new URL("https://xxxx");
HostnameVerifier ignoreHostnameVerifier = new HostnameVerifier() {
public boolean verify(String s, SSLSession sslsession) {
System.out.println("WARNING: Hostname is not matched for cert.");
return true;
}
}; HttpsURLConnection.setDefaultHostnameVerifier(ignoreHostnameVerifier);
HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext.getSocketFactory());
}
通過投產,代碼穩定運行兩年
拓展
網絡協議
相關文章
- 1. 手摸手,帶你實現代碼自動部署
- 2. 手把手教你從零認識webpack4.0
- 3. 手把手教你認識OPTIMIZER_TRACE
- 4. 手摸手帶你玩轉Xcode Extensions
- 5. 手摸手帶你肝 nodejs (二)
- 6. 手摸手,帶你vue,後臺系統
- 7. 手摸手帶你走近git
- 8. WebSocket初識並實現一個通訊
- 9. 帶你認識 zookeeper
- 10. 帶你認識ACL
- 更多相關文章...
- • 與傳輸層有關的基本知識 - TCP/IP教程
- • 現實生活中的 XML - XML 教程
- • ☆基於Java Instrument的Agent實現
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. python的安裝和Hello,World編寫
- 2. 重磅解讀:K8s Cluster Autoscaler模塊及對應華爲雲插件Deep Dive
- 3. 鴻蒙學習筆記2(永不斷更)
- 4. static關鍵字 和構造代碼塊
- 5. JVM筆記
- 6. 無法啓動 C/C++ 語言服務器。IntelliSense 功能將被禁用。錯誤: Missing binary at c:\Users\MSI-NB\.vscode\extensions\ms-vsc
- 7. 【Hive】Hive返回碼狀態含義
- 8. Java樹形結構遞歸(以時間換空間)和非遞歸(以空間換時間)
- 9. 數據預處理---缺失值
- 10. 都要2021年了,現代C++有什麼值得我們學習的?
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 手摸手,帶你實現代碼自動部署
- 2. 手把手教你從零認識webpack4.0
- 3. 手把手教你認識OPTIMIZER_TRACE
- 4. 手摸手帶你玩轉Xcode Extensions
- 5. 手摸手帶你肝 nodejs (二)
- 6. 手摸手,帶你vue,後臺系統
- 7. 手摸手帶你走近git
- 8. WebSocket初識並實現一個通訊
- 9. 帶你認識 zookeeper
- 10. 帶你認識ACL