Skip to content

M
MiYaFastCashier
Switch branch/tag
Find file
Normal viewHistoryPermalink
SSLCertificatesInit.java 6.73 KB
Newer Older
赵鹏翔's avatar
添加okhttp证书校验,上传日志时禁止写入
0e191dd7
 
赵鹏翔 committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 
package com.miya.fastcashier.net;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

public class SSLCertificatesInit {
    public static final String TLS = "TLS";
    public static final String SSL = "SSL";
    public static final String SSLV2 = "SSLv2";
    private static final String SERVER_CERTIFICATE_TYPE = "X.509";
    private static final String CLIENT_CERTIFICATE_TYPE = "BKS";
    
    /**
     * 信任所有站点
     *
     * @param socketFactory 输出参数,在外部创建1个SSLSocketFactory数组
     * @param trustManager  输出参数,在外部创建1个X509TrustManager数组
     */
    public static void init(SSLSocketFactory[] socketFactory, X509TrustManager[] trustManager) {
        try {
            SSLContext sslContext = SSLContext.getInstance(TLS);
            trustManager[0] = new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[]{};
                }
                
                public void checkClientTrusted(X509Certificate[] certs, String authType) {
                }
                
                public void checkServerTrusted(X509Certificate[] certs, String authType) {
                    
                }
            };
            sslContext.init(null, new TrustManager[]{trustManager[0]}, new SecureRandom());
            socketFactory[0] = sslContext.getSocketFactory();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
    }
    
    /**
     * 单向验证
     *
     * @param socketFactory 输出参数,在外部创建1个SSLSocketFactory数组
     * @param trustManager  输出参数,在外部创建1个X509TrustManager数组
     * @param in            服务器cer证书文件的InputStream对象
     */
    public static void init(SSLSocketFactory[] socketFactory, X509TrustManager[] trustManager, InputStream in) {
        try {
            SSLContext sslContext = SSLContext.getInstance(TLS);
            TrustManager[] tmArr = createTrustManagers(genServerKeyStore(in));
            sslContext.init(null, tmArr, new SecureRandom());
            trustManager[0] = getX509TrustManager(tmArr);
            socketFactory[0] = sslContext.getSocketFactory();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (CertificateException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        } finally {
            try {
                in.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
    
    private static TrustManager[] createTrustManagers(KeyStore ks) throws KeyStoreException, NoSuchAlgorithmException {
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ks);
        return tmf.getTrustManagers();
    }
    
    private static KeyStore genServerKeyStore(InputStream in) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        CertificateFactory cf = CertificateFactory.getInstance(SERVER_CERTIFICATE_TYPE);
        keyStore.setCertificateEntry(SERVER_CERTIFICATE_TYPE, cf.generateCertificate(in));
        return keyStore;
    }
    
    /**
     * 双向验证
     *
     * @param socketFactory 输出参数,在外部创建1个SSLSocketFactory数组
     * @param trustManager  输出参数,在外部创建1个X509TrustManager数组
     * @param serverIn      服务器cer证书文件的InputStream对象
     * @param clientIn      客户端bks证书的InputStream对象
     * @param clientPwd     客户端bks证书的密码
     */
    public static void getSocketFactory(SSLSocketFactory[] socketFactory, X509TrustManager[] trustManager, InputStream serverIn, InputStream clientIn, String clientPwd) {
        try {
            SSLContext sslContext = SSLContext.getInstance(TLS);
            TrustManager[] tmArr = createTrustManagers(genServerKeyStore(serverIn));
            sslContext.init(createKeyManagers(genClientKeyStore(clientIn, clientPwd), clientPwd), tmArr, new SecureRandom());
            trustManager[0] = getX509TrustManager(tmArr);
            socketFactory[0] = sslContext.getSocketFactory();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (CertificateException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
        } finally {
            try {
                serverIn.close();
                clientIn.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
    
    private static KeyManager[] createKeyManagers(KeyStore ks, String pwd) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(ks, pwd.toCharArray());
        return kmf.getKeyManagers();
    }
    
    private static KeyStore genClientKeyStore(InputStream in, String pwd) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore ks = KeyStore.getInstance(CLIENT_CERTIFICATE_TYPE);
        ks.load(in, pwd.toCharArray());
        return ks;
    }
    
    private static X509TrustManager getX509TrustManager(TrustManager[] tmArr) {
        for (TrustManager tm : tmArr) {
            if (tm instanceof X509TrustManager) {
                return (X509TrustManager) tm;
            }
        }
        return null;
    }
}