个人中心
gpt4 book ai didi

java - keystore 和 truststore 中的 key 和证书很多时使用哪个?

转载 作者:太空宇宙 更新时间:2023-11-03 14:33:03 28 4
gpt4 key购买 nike

我的 keystore 中有两个 key :

D:\javasslstores2>keytool -list -keystore keystore.jks -storepass passwd123

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

ssl_key_2, Jun 14, 2018, PrivateKeyEntry,
Certificate fingerprint (SHA1): 36:A4:FB:E6:47:12:59:D6:C3:E1:06:21:4B:21:79:7E:33:86:48:52
ssl_key, Jun 13, 2018, PrivateKeyEntry,
Certificate fingerprint (SHA1): 03:08:2C:CA:A4:84:DD:61:20:05:F7:56:F5:44:4C:A4:35:2B:8C:6C

以及我的信任库中相应的两个证书:

D:\javasslstores2>keytool -list -keystore truststore.jks -storepass passwd123

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

ssl_key_2, Jun 14, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 36:A4:FB:E6:47:12:59:D6:C3:E1:06:21:4B:21:79:7E:33:86:48:52
ssl_key, Jun 14, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 03:08:2C:CA:A4:84:DD:61:20:05:F7:56:F5:44:4C:A4:35:2B:8C:6C

我已经编写了简单的 java ssl 客户端和服务器:

服务器

public class Server {
    static KeyStore ks;
    static KeyManagerFactory kmf;
    static TrustManagerFactory tmf;
    static SSLContext sc;
    static TrustManager[] trustManagers;

    static {
        try {
            ks = KeyStore.getInstance("JKS");
            ks.load(new FileInputStream("D:\\javasslstores\\keystore.jks"), "passwd123".toCharArray());

            kmf = KeyManagerFactory.getInstance("SunX509");
            kmf.init(ks, "passwd123".toCharArray());

            tmf = TrustManagerFactory.getInstance("SunX509"); 
            tmf.init(ks);

            sc = SSLContext.getInstance("TLS"); 
            sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 
        } catch (Exception e) {
            System.out.println(e.getMessage());
            System.out.println(e.getStackTrace());
        }
    }

    public static void main(String[] args) throws IOException {
        System.out.println("SSL Server");
        SSLServerSocketFactory ssf = sc.getServerSocketFactory(); 
        SSLServerSocket s = (SSLServerSocket) ssf.createServerSocket(8089);
        System.out.println("Listening on port 8089");
        SSLSocket socket = (SSLSocket) s.accept();


        PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
        try (BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(socket.getInputStream()))) {
            String line;
            System.out.println("Data from client:");
            while((line = bufferedReader.readLine()) != null){
                System.out.println(line);
                out.println(line);
            }
        }
        System.out.println("Closed");
    }
}

客户端

public class Client {
    static KeyStore ks;
    static KeyManagerFactory kmf;
    static TrustManagerFactory tmf;
    static SSLContext sc;
    static TrustManager[] trustManagers;

    static 
    {
        try 
        {
            ks = KeyStore.getInstance("JKS");
            ks.load(new FileInputStream("D:\\javasslstores\\keystore.jks"), "passwd123".toCharArray());

            kmf = KeyManagerFactory.getInstance("SunX509");
            kmf.init(ks, "passwd123".toCharArray());

            tmf = TrustManagerFactory.getInstance("SunX509"); 
            tmf.init(ks);

            sc = SSLContext.getInstance("TLS"); 
            sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
        } catch (Exception e) {
            System.out.println(e.getMessage());
            System.out.println(e.getStackTrace());
        }
    }

    public static void main(String[] args) throws IOException {
        SSLSocketFactory ssf = sc.getSocketFactory();
        SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", 8089);
        socket.startHandshake();

        PrintWriter out = new PrintWriter
                                (new BufferedWriter
                                (new OutputStreamWriter
                                (socket.getOutputStream())));

        System.out.println("SSL Client");

        out.println("GET / HTTP/1.0");
        out.println("From java ssl client");
        out.println("written by me");
        out.flush();

        if (out.checkError())
            System.out.println("SSLSocketClient:  java.io.PrintWriter error");

        BufferedReader in = new BufferedReader(
                                new InputStreamReader(
                                socket.getInputStream()));

        String inputLine;

        while ((inputLine = in.readLine()) != null)
            System.out.println(inputLine);

        in.close();
        out.close();
        socket.close();
    }
}

以上代码运行良好。

疑惑:

  1. 有两个 key 和证书,名称为 ssl_keyssl_key_2。他们使用哪一个?
  2. 他们如何最终使用同一对 key 和证书?

最佳答案

好问题。 SunX509 KeyManager (SunX509KeyManagerImpl) 的实现使用它找到的第一个别名,其中有一个私钥和一个 RSA 类型的 key 。您可以调试您的Server 类在main 方法上调用的SunX509KeyManagerImpl.chooseServerAlias,以验证逻辑。要更改 SunX509KeyManager 的行为,您可以编写自己的 keyManager 扩展 X509ExtendedKeyManager 并将其传递给 SSLContext.init

关于java - keystore 和 truststore 中的 key 和证书很多时使用哪个?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50858234/

28 4 0
文章推荐: C# -> 在 Win7/Vista 上更新 AppSettings.config 文件
文章推荐: python - 在 Python 中优先使用字典而不是对象
文章推荐: c# - 从 asp.net 控件中手动获取值
文章推荐: python - 隐藏 turtle 窗口?
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com