Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in
Toggle navigation
M
MiYaFastCashier
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
1
Merge Requests
1
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
jiangjiantao
MiYaFastCashier
Commits
d928554c
Commit
d928554c
authored
Feb 27, 2023
by
赵鹏翔
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
网络层证书处理
parent
66e22d78
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
181 additions
and
165 deletions
+181
-165
SSLCertificatesInit.java
...a/com/fastcashier/lib_common/net/SSLCertificatesInit.java
+0
-165
SSLCertificatesInit.kt
...ava/com/fastcashier/lib_common/net/SSLCertificatesInit.kt
+181
-0
No files found.
lib_common/src/main/java/com/fastcashier/lib_common/net/SSLCertificatesInit.java
deleted
100644 → 0
View file @
66e22d78
package
com
.
fastcashier
.
lib_common
.
net
;
import
java.io.IOException
;
import
java.io.InputStream
;
import
java.security.KeyManagementException
;
import
java.security.KeyStore
;
import
java.security.KeyStoreException
;
import
java.security.NoSuchAlgorithmException
;
import
java.security.SecureRandom
;
import
java.security.UnrecoverableKeyException
;
import
java.security.cert.CertificateException
;
import
java.security.cert.CertificateFactory
;
import
java.security.cert.X509Certificate
;
import
javax.net.ssl.KeyManager
;
import
javax.net.ssl.KeyManagerFactory
;
import
javax.net.ssl.SSLContext
;
import
javax.net.ssl.SSLSocketFactory
;
import
javax.net.ssl.TrustManager
;
import
javax.net.ssl.TrustManagerFactory
;
import
javax.net.ssl.X509TrustManager
;
public
class
SSLCertificatesInit
{
public
static
final
String
TLS
=
"TLS"
;
public
static
final
String
SSL
=
"SSL"
;
public
static
final
String
SSLV2
=
"SSLv2"
;
private
static
final
String
SERVER_CERTIFICATE_TYPE
=
"X.509"
;
private
static
final
String
CLIENT_CERTIFICATE_TYPE
=
"BKS"
;
/**
* 信任所有站点
*
* @param socketFactory 输出参数,在外部创建1个SSLSocketFactory数组
* @param trustManager 输出参数,在外部创建1个X509TrustManager数组
*/
public
static
void
init
(
SSLSocketFactory
[]
socketFactory
,
X509TrustManager
[]
trustManager
)
{
try
{
SSLContext
sslContext
=
SSLContext
.
getInstance
(
TLS
);
trustManager
[
0
]
=
new
X509TrustManager
()
{
public
X509Certificate
[]
getAcceptedIssuers
()
{
return
new
X509Certificate
[]{};
}
public
void
checkClientTrusted
(
X509Certificate
[]
certs
,
String
authType
)
{
}
public
void
checkServerTrusted
(
X509Certificate
[]
certs
,
String
authType
)
{
}
};
sslContext
.
init
(
null
,
new
TrustManager
[]{
trustManager
[
0
]},
new
SecureRandom
());
socketFactory
[
0
]
=
sslContext
.
getSocketFactory
();
}
catch
(
NoSuchAlgorithmException
e
)
{
e
.
printStackTrace
();
}
catch
(
KeyManagementException
e
)
{
e
.
printStackTrace
();
}
}
/**
* 单向验证
*
* @param socketFactory 输出参数,在外部创建1个SSLSocketFactory数组
* @param trustManager 输出参数,在外部创建1个X509TrustManager数组
* @param in 服务器cer证书文件的InputStream对象
*/
public
static
void
init
(
SSLSocketFactory
[]
socketFactory
,
X509TrustManager
[]
trustManager
,
InputStream
in
)
{
try
{
SSLContext
sslContext
=
SSLContext
.
getInstance
(
TLS
);
TrustManager
[]
tmArr
=
createTrustManagers
(
genServerKeyStore
(
in
));
sslContext
.
init
(
null
,
tmArr
,
new
SecureRandom
());
trustManager
[
0
]
=
getX509TrustManager
(
tmArr
);
socketFactory
[
0
]
=
sslContext
.
getSocketFactory
();
}
catch
(
NoSuchAlgorithmException
e
)
{
e
.
printStackTrace
();
}
catch
(
KeyManagementException
e
)
{
e
.
printStackTrace
();
}
catch
(
KeyStoreException
e
)
{
e
.
printStackTrace
();
}
catch
(
CertificateException
e
)
{
e
.
printStackTrace
();
}
catch
(
IOException
e
)
{
e
.
printStackTrace
();
}
finally
{
try
{
in
.
close
();
}
catch
(
IOException
e
)
{
e
.
printStackTrace
();
}
}
}
private
static
TrustManager
[]
createTrustManagers
(
KeyStore
ks
)
throws
KeyStoreException
,
NoSuchAlgorithmException
{
TrustManagerFactory
tmf
=
TrustManagerFactory
.
getInstance
(
TrustManagerFactory
.
getDefaultAlgorithm
());
tmf
.
init
(
ks
);
return
tmf
.
getTrustManagers
();
}
private
static
KeyStore
genServerKeyStore
(
InputStream
in
)
throws
KeyStoreException
,
CertificateException
,
NoSuchAlgorithmException
,
IOException
{
KeyStore
keyStore
=
KeyStore
.
getInstance
(
KeyStore
.
getDefaultType
());
keyStore
.
load
(
null
);
CertificateFactory
cf
=
CertificateFactory
.
getInstance
(
SERVER_CERTIFICATE_TYPE
);
keyStore
.
setCertificateEntry
(
SERVER_CERTIFICATE_TYPE
,
cf
.
generateCertificate
(
in
));
return
keyStore
;
}
/**
* 双向验证
*
* @param socketFactory 输出参数,在外部创建1个SSLSocketFactory数组
* @param trustManager 输出参数,在外部创建1个X509TrustManager数组
* @param serverIn 服务器cer证书文件的InputStream对象
* @param clientIn 客户端bks证书的InputStream对象
* @param clientPwd 客户端bks证书的密码
*/
public
static
void
getSocketFactory
(
SSLSocketFactory
[]
socketFactory
,
X509TrustManager
[]
trustManager
,
InputStream
serverIn
,
InputStream
clientIn
,
String
clientPwd
)
{
try
{
SSLContext
sslContext
=
SSLContext
.
getInstance
(
TLS
);
TrustManager
[]
tmArr
=
createTrustManagers
(
genServerKeyStore
(
serverIn
));
sslContext
.
init
(
createKeyManagers
(
genClientKeyStore
(
clientIn
,
clientPwd
),
clientPwd
),
tmArr
,
new
SecureRandom
());
trustManager
[
0
]
=
getX509TrustManager
(
tmArr
);
socketFactory
[
0
]
=
sslContext
.
getSocketFactory
();
}
catch
(
NoSuchAlgorithmException
e
)
{
e
.
printStackTrace
();
}
catch
(
KeyManagementException
e
)
{
e
.
printStackTrace
();
}
catch
(
KeyStoreException
e
)
{
e
.
printStackTrace
();
}
catch
(
CertificateException
e
)
{
e
.
printStackTrace
();
}
catch
(
IOException
e
)
{
e
.
printStackTrace
();
}
catch
(
UnrecoverableKeyException
e
)
{
e
.
printStackTrace
();
}
finally
{
try
{
serverIn
.
close
();
clientIn
.
close
();
}
catch
(
IOException
e
)
{
e
.
printStackTrace
();
}
}
}
private
static
KeyManager
[]
createKeyManagers
(
KeyStore
ks
,
String
pwd
)
throws
KeyStoreException
,
NoSuchAlgorithmException
,
UnrecoverableKeyException
{
KeyManagerFactory
kmf
=
KeyManagerFactory
.
getInstance
(
KeyManagerFactory
.
getDefaultAlgorithm
());
kmf
.
init
(
ks
,
pwd
.
toCharArray
());
return
kmf
.
getKeyManagers
();
}
private
static
KeyStore
genClientKeyStore
(
InputStream
in
,
String
pwd
)
throws
KeyStoreException
,
CertificateException
,
NoSuchAlgorithmException
,
IOException
{
KeyStore
ks
=
KeyStore
.
getInstance
(
CLIENT_CERTIFICATE_TYPE
);
ks
.
load
(
in
,
pwd
.
toCharArray
());
return
ks
;
}
private
static
X509TrustManager
getX509TrustManager
(
TrustManager
[]
tmArr
)
{
for
(
TrustManager
tm
:
tmArr
)
{
if
(
tm
instanceof
X509TrustManager
)
{
return
(
X509TrustManager
)
tm
;
}
}
return
null
;
}
}
lib_common/src/main/java/com/fastcashier/lib_common/net/SSLCertificatesInit.kt
0 → 100644
View file @
d928554c
package
com.fastcashier.lib_common.net
import
java.io.IOException
import
java.io.InputStream
import
java.security.*
import
java.security.cert.CertificateException
import
java.security.cert.CertificateFactory
import
java.security.cert.X509Certificate
import
javax.net.ssl.*
object
SSLCertificatesInit
{
const
val
TLS
=
"TLS"
const
val
SSL
=
"SSL"
const
val
SSLV2
=
"SSLv2"
private
const
val
SERVER_CERTIFICATE_TYPE
=
"X.509"
private
const
val
CLIENT_CERTIFICATE_TYPE
=
"BKS"
/**
* 信任所有站点
*
* @param socketFactory 输出参数,在外部创建1个SSLSocketFactory数组
* @param trustManager 输出参数,在外部创建1个X509TrustManager数组
*/
fun
init
(
socketFactory
:
Array
<
SSLSocketFactory
?
>,
trustManager
:
Array
<
X509TrustManager
?
>)
{
try
{
val
sslContext
=
SSLContext
.
getInstance
(
TLS
)
trustManager
[
0
]
=
object
:
X509TrustManager
{
override
fun
getAcceptedIssuers
():
Array
<
X509Certificate
>
{
return
arrayOf
()
}
override
fun
checkClientTrusted
(
certs
:
Array
<
X509Certificate
>,
authType
:
String
)
{}
override
fun
checkServerTrusted
(
certs
:
Array
<
X509Certificate
>,
authType
:
String
)
{}
}
sslContext
.
init
(
null
,
arrayOf
<
TrustManager
?>(
trustManager
[
0
]),
SecureRandom
())
socketFactory
[
0
]
=
sslContext
.
socketFactory
}
catch
(
e
:
NoSuchAlgorithmException
)
{
e
.
printStackTrace
()
}
catch
(
e
:
KeyManagementException
)
{
e
.
printStackTrace
()
}
}
/**
* 单向验证
*
* @param socketFactory 输出参数,在外部创建1个SSLSocketFactory数组
* @param trustManager 输出参数,在外部创建1个X509TrustManager数组
* @param in 服务器cer证书文件的InputStream对象
*/
fun
init
(
socketFactory
:
Array
<
SSLSocketFactory
?
>,
trustManager
:
Array
<
X509TrustManager
?
>,
`in`
:
InputStream
)
{
try
{
val
sslContext
=
SSLContext
.
getInstance
(
TLS
)
val
tmArr
=
createTrustManagers
(
genServerKeyStore
(
`in`
))
sslContext
.
init
(
null
,
tmArr
,
SecureRandom
())
trustManager
[
0
]
=
getX509TrustManager
(
tmArr
)
socketFactory
[
0
]
=
sslContext
.
socketFactory
}
catch
(
e
:
NoSuchAlgorithmException
)
{
e
.
printStackTrace
()
}
catch
(
e
:
KeyManagementException
)
{
e
.
printStackTrace
()
}
catch
(
e
:
KeyStoreException
)
{
e
.
printStackTrace
()
}
catch
(
e
:
CertificateException
)
{
e
.
printStackTrace
()
}
catch
(
e
:
IOException
)
{
e
.
printStackTrace
()
}
finally
{
try
{
`in`
.
close
()
}
catch
(
e
:
IOException
)
{
e
.
printStackTrace
()
}
}
}
@Throws
(
KeyStoreException
::
class
,
NoSuchAlgorithmException
::
class
)
private
fun
createTrustManagers
(
ks
:
KeyStore
):
Array
<
TrustManager
>
{
val
tmf
=
TrustManagerFactory
.
getInstance
(
TrustManagerFactory
.
getDefaultAlgorithm
())
tmf
.
init
(
ks
)
return
tmf
.
trustManagers
}
@Throws
(
KeyStoreException
::
class
,
CertificateException
::
class
,
NoSuchAlgorithmException
::
class
,
IOException
::
class
)
private
fun
genServerKeyStore
(
`in`
:
InputStream
):
KeyStore
{
val
keyStore
=
KeyStore
.
getInstance
(
KeyStore
.
getDefaultType
())
keyStore
.
load
(
null
)
val
cf
=
CertificateFactory
.
getInstance
(
SERVER_CERTIFICATE_TYPE
)
keyStore
.
setCertificateEntry
(
SERVER_CERTIFICATE_TYPE
,
cf
.
generateCertificate
(
`in`
))
return
keyStore
}
/**
* 双向验证
*
* @param socketFactory 输出参数,在外部创建1个SSLSocketFactory数组
* @param trustManager 输出参数,在外部创建1个X509TrustManager数组
* @param serverIn 服务器cer证书文件的InputStream对象
* @param clientIn 客户端bks证书的InputStream对象
* @param clientPwd 客户端bks证书的密码
*/
fun
getSocketFactory
(
socketFactory
:
Array
<
SSLSocketFactory
?
>,
trustManager
:
Array
<
X509TrustManager
?
>,
serverIn
:
InputStream
,
clientIn
:
InputStream
,
clientPwd
:
String
)
{
try
{
val
sslContext
=
SSLContext
.
getInstance
(
TLS
)
val
tmArr
=
createTrustManagers
(
genServerKeyStore
(
serverIn
))
sslContext
.
init
(
createKeyManagers
(
genClientKeyStore
(
clientIn
,
clientPwd
),
clientPwd
),
tmArr
,
SecureRandom
()
)
trustManager
[
0
]
=
getX509TrustManager
(
tmArr
)
socketFactory
[
0
]
=
sslContext
.
socketFactory
}
catch
(
e
:
NoSuchAlgorithmException
)
{
e
.
printStackTrace
()
}
catch
(
e
:
KeyManagementException
)
{
e
.
printStackTrace
()
}
catch
(
e
:
KeyStoreException
)
{
e
.
printStackTrace
()
}
catch
(
e
:
CertificateException
)
{
e
.
printStackTrace
()
}
catch
(
e
:
IOException
)
{
e
.
printStackTrace
()
}
catch
(
e
:
UnrecoverableKeyException
)
{
e
.
printStackTrace
()
}
finally
{
try
{
serverIn
.
close
()
clientIn
.
close
()
}
catch
(
e
:
IOException
)
{
e
.
printStackTrace
()
}
}
}
@Throws
(
KeyStoreException
::
class
,
NoSuchAlgorithmException
::
class
,
UnrecoverableKeyException
::
class
)
private
fun
createKeyManagers
(
ks
:
KeyStore
,
pwd
:
String
):
Array
<
KeyManager
>
{
val
kmf
=
KeyManagerFactory
.
getInstance
(
KeyManagerFactory
.
getDefaultAlgorithm
())
kmf
.
init
(
ks
,
pwd
.
toCharArray
())
return
kmf
.
keyManagers
}
@Throws
(
KeyStoreException
::
class
,
CertificateException
::
class
,
NoSuchAlgorithmException
::
class
,
IOException
::
class
)
private
fun
genClientKeyStore
(
`in`
:
InputStream
,
pwd
:
String
):
KeyStore
{
val
ks
=
KeyStore
.
getInstance
(
CLIENT_CERTIFICATE_TYPE
)
ks
.
load
(
`in`
,
pwd
.
toCharArray
())
return
ks
}
private
fun
getX509TrustManager
(
tmArr
:
Array
<
TrustManager
>):
X509TrustManager
?
{
for
(
tm
in
tmArr
)
{
if
(
tm
is
X509TrustManager
)
{
return
tm
}
}
return
null
}
}
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment