在mina中实现TSL/SSL双向认证连接(2)
上回书说到...书接上回,现在介绍第二种实现方式:Server端和Client端各自拥有自签名的私有密钥证书,并且互相交换公钥,通过对方公钥互相信认对方证书。
1.创建Server端KeyStore文件serverKeys.jks,包含一个用于服务器的证书 :
2.导出服务端公钥证书
keytool -genkey -alias bob -keysize 1024 -validity 3650 -keyalg RSA -dname "CN=Bob, OU=Developer,O=Techstar, L=Beijing, S=Beijing, C=CH" -keypass 123456 -storepass 123456 -keystore clientKeys.jks
4.导出客户端 Alice和 Bob公钥证书
protected static TrustManager[] getTrustManagers(String trustfile,String pasword) throws IOException, GeneralSecurityException {// First, get the default TrustManagerFactory.TrustManagerFactory tmFact = TrustManagerFactory.getInstance(TRUST_MANAGER_FACTORY_ALGORITHM);// Next, set up the TrustStore to use. We need to load the file into// a KeyStore instance.InputStream in = BogusSslContextFactory.class.getResourceAsStream(trustfile);KeyStore ks = KeyStore.getInstance("jks");ks.load(in, pasword.toCharArray());in.close();// Now we initialise the TrustManagerFactory with this KeyStoretmFact.init(ks);// And now get the TrustManagersTrustManager[] tms = tmFact.getTrustManagers();return tms;}
