基于 MINA 的 TLS/SSL NIO Socket 实现(二)
2014-01-07 10:14
417 查看
转自:http://blog.sina.com.cn/s/blog_9f2dd2f3010165cq.html
MinaSocketApache.netSecurity
功能:1) 客户端首先必须以普通连接方式连接连接服务器
2) 服务器接收到连接后,通知客户端启用TLS/SSL方式连接
3) 双方都启用成功后,通过数据加密方式完成信息的通信
备注: TLS/SSL 实现是基于 MINA 的官方例子
地址: http://mina.apache.org/
客户端和服务器端通信内容:
客户端:HELLO
服务器:Hello SSL
客户端:Client SSL Finished
服务器:Server SSL Finished
客户端:信息安全吗?
服务器:信息安全!
客户端:lawless command(非法的命令)
服务器:No Support Command(服务器响应不支持此命令)
服务器端代码:
Java代码 收藏代码
package com.sariel.tls.server;
import java.net.InetSocketAddress;
import java.nio.charset.Charset;
import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.codec.textline.TextLineCodecFactory;
import org.apache.mina.transport.socket.SocketAcceptor;
import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
public class TempTLSServer {
private static final int PORT = 50003;
public static void main(String[] args) throws Exception {
SocketAcceptor acceptor = new NioSocketAcceptor();
acceptor.setReuseAddress(true);
DefaultIoFilterChainBuilder chain = acceptor.getFilterChain();
chain.addLast("codec", new ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("UTF-8"))));
acceptor.setHandler(new TempTLSServerHandler());
acceptor.bind(new InetSocketAddress(PORT));
System.out.println("服务器在 [" + PORT + "] 等待连接...");
}
}
Java代码 收藏代码
package com.sariel.tls.server;
import org.apache.mina.core.service.IoHandlerAdapter;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.ssl.SslFilter;
import org.apache.mina.filter.ssl.SslFilter.SslFilterMessage;
import com.sariel.tls.BogusSslContextFactory;
public class TempTLSServerHandler extends IoHandlerAdapter {
public void sessionCreated(IoSession session) throws Exception {
System.out.println("[NIO Server]>> sessionCreated");
session.setAttribute(SslFilter.USE_NOTIFICATION);
}
public void sessionOpened(IoSession session) throws Exception {
System.out.println("[NIO Server]>> sessionOpened");
}
public void sessionClosed(IoSession session) throws Exception {
System.out.println("[NIO Server]>> sessionClosed");
}
public void sessionIdle(IoSession session, IdleStatus status) throws Exception {
System.out.println("[NIO Server]>> sessionIdle");
}
public void exceptionCaught(IoSession session, Throwable cause) throws Exception {
System.out.println("[NIO Server]>> exceptionCaught :");
cause.printStackTrace();
}
public void messageReceived(IoSession session, Object message) throws Exception {
System.out.println("[NIO Server]>> messageReceived");
String msg = "";
if (message instanceof SslFilterMessage) {
msg = ((SslFilterMessage) message).toString();
} else {
msg = (String) message;
}
System.out.println("[NIO Server Received]>> : " + msg);
if ("Hello".equalsIgnoreCase(msg)) {
session.write("Hello SSL");
} else if ("Client SSL Finished".equalsIgnoreCase(msg)) {
session.getFilterChain().addFirst("SSL", new SslFilter(BogusSslContextFactory.getInstance(true)));
// ((SslFilter)session.getFilterChain().get("SSL")).startSsl(session);
session.write("Server SSL Finished");
} else if ("信息安全吗?".equals(msg)) {
session.write("信息安全!");
} else {
session.write("No Support Command");
}
}
public void messageSent(IoSession session, Object message) throws Exception {
System.out.println("[NIO Server]>> messageSent");
System.out.println("[NIO Server messageSent]>> : " + (String) message);
}
}
客户端代码:
Java代码 收藏代码
package com.sariel.tls.client;
import java.net.InetSocketAddress;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import org.apache.mina.core.future.ConnectFuture;
import org.apache.mina.core.service.IoConnector;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.codec.textline.TextLineCodecFactory;
import org.apache.mina.transport.socket.nio.NioSocketConnector;
public class TempTLSClient {
private static final int PORT = 50003;
private static final String TARGET_IP = "192.168.12.41";
public static void main(String[] args) throws GeneralSecurityException {
IoConnector connector = new NioSocketConnector();
connector.setHandler(new TempTLSClientHandler());
connector.getFilterChain().addLast("codec", new ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("UTF-8"))));
ConnectFuture future = connector.connect(new InetSocketAddress(TARGET_IP, PORT));
future.awaitUninterruptibly();
IoSession session = future.getSession();
session.write("HELLO");
session.getCloseFuture().awaitUninterruptibly();
connector.dispose();
}
}
Java代码 收藏代码
package com.sariel.tls.client;
import org.apache.mina.core.service.IoHandlerAdapter;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.ssl.SslFilter;
import com.sariel.tls.BogusSslContextFactory;
public class TempTLSClientHandler extends IoHandlerAdapter {
public void sessionCreated(IoSession session) throws Exception {
System.out.println("[NIO Client]>> sessionCreated");
}
public void sessionOpened(IoSession session) throws Exception {
System.out.println("[NIO Client]>> sessionOpened");
}
public void sessionClosed(IoSession session) throws Exception {
System.out.println("[NIO Client]>> sessionClosed");
}
public void sessionIdle(IoSession session, IdleStatus status) throws Exception {
System.out.println("[NIO Client]>> sessionIdle");
}
public void exceptionCaught(IoSession session, Throwable cause) throws Exception {
System.out.println("[NIO Client]>> exceptionCaught :");
cause.printStackTrace();
}
public void messageReceived(IoSession session, Object message) throws Exception {
System.out.println("[NIO Client]>> messageReceived");
System.out.println("[NIO Client Received]>>" + (String) message);
if ("Hello SSL".equals((String) message)) {
session.write("Client SSL Finished");
} else if ("Server SSL Finished".equals((String) message)) {
session.write("信息安全吗?");
} else if ("信息安全!".equals((String) message)) {
session.write("lawless command");
}
}
public void messageSent(IoSession session, Object message) throws Exception {
System.out.println("[NIO Client]>> messageSent");
System.out.println("[NIO Client messageSent]>> : " + (String) message);
if ("Client SSL Finished".equals((String) message)) {
SslFilter connectorTLSFilter = new SslFilter(BogusSslContextFactory.getInstance(false));
connectorTLSFilter.setUseClientMode(true);
session.getFilterChain().addFirst("SSL", connectorTLSFilter);
// ((SslFilter)session.getFilterChain().get("SSL")).startSsl(session);
}
}
}
创建 KEY 文件指令:keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg RSA -dname "CN=bogus.com, OU=XXX CA,O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore bogus.cert
(在 Java 源文件 BogusSslContextFactory.java 中也有,是官方的)
MinaSocketApache.netSecurity
功能:1) 客户端首先必须以普通连接方式连接连接服务器
2) 服务器接收到连接后,通知客户端启用TLS/SSL方式连接
3) 双方都启用成功后,通过数据加密方式完成信息的通信
备注: TLS/SSL 实现是基于 MINA 的官方例子
地址: http://mina.apache.org/
客户端和服务器端通信内容:
客户端:HELLO
服务器:Hello SSL
客户端:Client SSL Finished
服务器:Server SSL Finished
客户端:信息安全吗?
服务器:信息安全!
客户端:lawless command(非法的命令)
服务器:No Support Command(服务器响应不支持此命令)
服务器端代码:
Java代码 收藏代码
package com.sariel.tls.server;
import java.net.InetSocketAddress;
import java.nio.charset.Charset;
import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.codec.textline.TextLineCodecFactory;
import org.apache.mina.transport.socket.SocketAcceptor;
import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
public class TempTLSServer {
private static final int PORT = 50003;
public static void main(String[] args) throws Exception {
SocketAcceptor acceptor = new NioSocketAcceptor();
acceptor.setReuseAddress(true);
DefaultIoFilterChainBuilder chain = acceptor.getFilterChain();
chain.addLast("codec", new ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("UTF-8"))));
acceptor.setHandler(new TempTLSServerHandler());
acceptor.bind(new InetSocketAddress(PORT));
System.out.println("服务器在 [" + PORT + "] 等待连接...");
}
}
Java代码 收藏代码
package com.sariel.tls.server;
import org.apache.mina.core.service.IoHandlerAdapter;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.ssl.SslFilter;
import org.apache.mina.filter.ssl.SslFilter.SslFilterMessage;
import com.sariel.tls.BogusSslContextFactory;
public class TempTLSServerHandler extends IoHandlerAdapter {
public void sessionCreated(IoSession session) throws Exception {
System.out.println("[NIO Server]>> sessionCreated");
session.setAttribute(SslFilter.USE_NOTIFICATION);
}
public void sessionOpened(IoSession session) throws Exception {
System.out.println("[NIO Server]>> sessionOpened");
}
public void sessionClosed(IoSession session) throws Exception {
System.out.println("[NIO Server]>> sessionClosed");
}
public void sessionIdle(IoSession session, IdleStatus status) throws Exception {
System.out.println("[NIO Server]>> sessionIdle");
}
public void exceptionCaught(IoSession session, Throwable cause) throws Exception {
System.out.println("[NIO Server]>> exceptionCaught :");
cause.printStackTrace();
}
public void messageReceived(IoSession session, Object message) throws Exception {
System.out.println("[NIO Server]>> messageReceived");
String msg = "";
if (message instanceof SslFilterMessage) {
msg = ((SslFilterMessage) message).toString();
} else {
msg = (String) message;
}
System.out.println("[NIO Server Received]>> : " + msg);
if ("Hello".equalsIgnoreCase(msg)) {
session.write("Hello SSL");
} else if ("Client SSL Finished".equalsIgnoreCase(msg)) {
session.getFilterChain().addFirst("SSL", new SslFilter(BogusSslContextFactory.getInstance(true)));
// ((SslFilter)session.getFilterChain().get("SSL")).startSsl(session);
session.write("Server SSL Finished");
} else if ("信息安全吗?".equals(msg)) {
session.write("信息安全!");
} else {
session.write("No Support Command");
}
}
public void messageSent(IoSession session, Object message) throws Exception {
System.out.println("[NIO Server]>> messageSent");
System.out.println("[NIO Server messageSent]>> : " + (String) message);
}
}
客户端代码:
Java代码 收藏代码
package com.sariel.tls.client;
import java.net.InetSocketAddress;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import org.apache.mina.core.future.ConnectFuture;
import org.apache.mina.core.service.IoConnector;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.codec.textline.TextLineCodecFactory;
import org.apache.mina.transport.socket.nio.NioSocketConnector;
public class TempTLSClient {
private static final int PORT = 50003;
private static final String TARGET_IP = "192.168.12.41";
public static void main(String[] args) throws GeneralSecurityException {
IoConnector connector = new NioSocketConnector();
connector.setHandler(new TempTLSClientHandler());
connector.getFilterChain().addLast("codec", new ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("UTF-8"))));
ConnectFuture future = connector.connect(new InetSocketAddress(TARGET_IP, PORT));
future.awaitUninterruptibly();
IoSession session = future.getSession();
session.write("HELLO");
session.getCloseFuture().awaitUninterruptibly();
connector.dispose();
}
}
Java代码 收藏代码
package com.sariel.tls.client;
import org.apache.mina.core.service.IoHandlerAdapter;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.ssl.SslFilter;
import com.sariel.tls.BogusSslContextFactory;
public class TempTLSClientHandler extends IoHandlerAdapter {
public void sessionCreated(IoSession session) throws Exception {
System.out.println("[NIO Client]>> sessionCreated");
}
public void sessionOpened(IoSession session) throws Exception {
System.out.println("[NIO Client]>> sessionOpened");
}
public void sessionClosed(IoSession session) throws Exception {
System.out.println("[NIO Client]>> sessionClosed");
}
public void sessionIdle(IoSession session, IdleStatus status) throws Exception {
System.out.println("[NIO Client]>> sessionIdle");
}
public void exceptionCaught(IoSession session, Throwable cause) throws Exception {
System.out.println("[NIO Client]>> exceptionCaught :");
cause.printStackTrace();
}
public void messageReceived(IoSession session, Object message) throws Exception {
System.out.println("[NIO Client]>> messageReceived");
System.out.println("[NIO Client Received]>>" + (String) message);
if ("Hello SSL".equals((String) message)) {
session.write("Client SSL Finished");
} else if ("Server SSL Finished".equals((String) message)) {
session.write("信息安全吗?");
} else if ("信息安全!".equals((String) message)) {
session.write("lawless command");
}
}
public void messageSent(IoSession session, Object message) throws Exception {
System.out.println("[NIO Client]>> messageSent");
System.out.println("[NIO Client messageSent]>> : " + (String) message);
if ("Client SSL Finished".equals((String) message)) {
SslFilter connectorTLSFilter = new SslFilter(BogusSslContextFactory.getInstance(false));
connectorTLSFilter.setUseClientMode(true);
session.getFilterChain().addFirst("SSL", connectorTLSFilter);
// ((SslFilter)session.getFilterChain().get("SSL")).startSsl(session);
}
}
}
创建 KEY 文件指令:keytool -genkey -alias bogus -keysize 512 -validity 3650 -keyalg RSA -dname "CN=bogus.com, OU=XXX CA,O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE" -keypass boguspw -storepass boguspw -keystore bogus.cert
(在 Java 源文件 BogusSslContextFactory.java 中也有,是官方的)
相关文章推荐
- Java网络编程二:Java Secure(SSL/TLS) Socket实现
- mina2.0 源码分析--- 基于nio的服务端socket监听过程
- android socket基于mina框架实现和服务器长连接
- 基于boost asio实现的支持ssl的通用socket框架
- 基于boost asio实现的支持ssl的通用socket框架
- 基于boost asio实现的支持ssl的通用socket框架
- Android 基于mina 实现 Socket 长连接
- 基于Java Socket实现的SMTP邮件客户端 - 全面支持SSL, TLS
- golang简单实现一个基于TLS/SSL的 TCP服务器和客户端
- 基于Java Socket实现的SMTP邮件客户端 - 全面支持SSL, TLS
- 基于NIO实现非阻塞Socket编程
- TLS/SSL Socket 实现
- 基于ssl/tls实现vsftpd的安全通信并通过PAM实现对vsftpd的虚拟用户认证
- 基于Java Socket实现的SMTP邮件客户端 - 全面支持SSL, TLS
- 基于NIO实现非阻塞Socket编程
- java分布式开发TCP/IP NIO无阻塞 Socket((基于消息方式实现系统间的通信) )(转)
- Java SSL/TLS Socket实现
- 利用socket自己实现基于HTTP协议的Web服务器
- 基于MINA实现server端心跳检测(KeepAliveFilter)