上一篇:
下一篇:

用Spring,smppapi,apache mina, commons ssl快速实现安全的smpp smsc (六)

作者:lizongbo 发表于:14:37. 星期五, 十二月 14th, 2007
版权声明:可以任意转载,转载时请务必以超链接形式标明文章和作者信息及本版权声明。

接上一篇: http://618119.com/archives/2007/12/13/45.html

使用 commons ssl生成 SSLContext :

[code]

package com.lizongbo..;

import javax.net.ssl.SSLContext;
import java.security.GeneralSecurityException;
import java.io.IOException;
import javax.net.ssl.KeyManager;
import org.apache.commons.ssl.KeyMaterial;

public class SMPPSSLContextFactory {
private static final String PROTOCOL = "TLS";
private static final String CA_FILE = "ca.crt.properties";
private static final String CERT_FILE = "server.crt.properties";
private static final String KEY_FILE = "server.key.properties";
private static final String CILENT_FILE = "client.crt.properties";;//"client.p12.properties";
private static final String CILENT_KEY_FILE = "client.key.properties";

private static final char[] password =new char[0] ;//"lizongbo".toCharArray();

private static SSLContext serverInstance = null;

private static SSLContext clientInstance = null;

/**
* Get SSLContext singleton.
*
* @return SSLContext
* @throws java.security.GeneralSecurityException
*
*/
public static SSLContext getInstance(boolean server) throws
GeneralSecurityException, IOException {
SSLContext retInstance = null;
if (server) {
if (serverInstance == null) {
synchronized (SMPPSSLContextFactory.class) {
if (serverInstance == null) {
try {
serverInstance = createSMPPServerSSLContext();
}
catch (Exception ioe) {
throw new GeneralSecurityException(
"Can't create Server SSLContext:" + ioe);
}
}
}
}
retInstance = serverInstance;
}
else {
if (clientInstance == null) {
synchronized (SMPPSSLContextFactory.class) {
if (clientInstance == null) {
clientInstance = createSMPPClientSSLContext();
}
}
}
retInstance = clientInstance;
}
return retInstance;
}

private static SSLContext createSMPPServerSSLContext() throws
GeneralSecurityException, IOException {
// ssl.setCheckHostname(false); // default setting is "false" for SSLServer
// ssl.setCheckExpiry(true); // default setting is "true" for SSLServer
// ssl.setCheckCRL(true); // default setting is "true" for SSLServer
// ssl.useStrongCiphers();
// return ssl.getSSLContext();
SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
KeyMaterial km = new KeyMaterial(SMPPSSLContextFactory.class
.getResourceAsStream(CERT_FILE),
SMPPSSLContextFactory.class
.getResourceAsStream(KEY_FILE),
password);
sslContext.init( (KeyManager[]) km.getKeyManagers(),
SMPPTrustManagerFactory.X509_MANAGERS, null);
// System.out.println("getCipherSuites ==" +
// java.util.Arrays.toString(sslContext.getServerSessionContext().
// getSupportedSSLParameters().
// getCipherSuites()));
return sslContext;

}

private static SSLContext createSMPPClientSSLContext() throws
GeneralSecurityException, IOException {
{
SSLContext context = SSLContext.getInstance(PROTOCOL);
KeyMaterial km = new KeyMaterial(SMPPSSLContextFactory.class
.getResourceAsStream(CILENT_FILE),
SMPPSSLContextFactory.class
.getResourceAsStream(CILENT_KEY_FILE),
password);
context.init( (KeyManager[]) km.getKeyManagers(),
SMPPTrustManagerFactory.X509_MANAGERS, null);
return context;
}
}
}
[/code]

实现证书检查认证的代码:

[code]

package com.lizongbo.smpp.ssl;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509TrustManager;

public class SMPPTrustManagerFactory
extends TrustManagerFactorySpi {

static final X509TrustManager X509 = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] x509Certificates,
String s) throws CertificateException {
if (x509Certificates != null) {
for (X509Certificate elem : x509Certificates) {
elem.checkValidity();
//System.out.println("checkClientTrusted elem ==" + elem);
}
}
// System.out.println("checkClientTrusted s ==" + s);
}

public void checkServerTrusted(X509Certificate[] x509Certificates,
String s) throws CertificateException {
if (x509Certificates != null) {
for (X509Certificate elem : x509Certificates) {
// System.out.println("checkServerTrusted elem ==" + elem);
}
}
// System.out.println("checkServerTrusted s ==" + s);

}

public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
};

static final TrustManager[] X509_MANAGERS = new TrustManager[] {
X509};

public SMPPTrustManagerFactory() {
}

protected TrustManager[] engineGetTrustManagers() {
return X509_MANAGERS;
}

protected void engineInit(KeyStore keystore) throws KeyStoreException {
// noop
}

protected void engineInit(
ManagerFactoryParameters managerFactoryParameters) throws
InvalidAlgorithmParameterException {
// noop
}
}
[/code]

Tags: , , , , , , ,

标签: , , , , , , ,


分享到 Google Buzz
点此分享到QQ空间
点此分享到腾讯微博

与《用Spring,smppapi,apache mina, commons ssl快速实现安全的smpp smsc (六)》相关的搜索:

这篇文章发布于 2007年12月14日,星期五,14:37,归类于 Java, SSL。 您可以跟踪这篇文章的评论通过 RSS 2.0 feed。 您可以留下评论,或者从您的站点trackback

3 条评论 发表在“用Spring,smppapi,apache mina, commons ssl快速实现安全的smpp smsc (六)”上

  1. Binrong Liu 说道:
    2008年04月16日 15:06

    能否将《用Spring,smppapi,apache mina, commons ssl快速实现安全的smpp smsc 》整体源码发送到我的邮箱,谢谢!

    Reply

    lizongbo reply on 四月 17th, 2008:

    我的文章只是一个思路,文章里已经把相关代码贴出来了,你参考着自己实现业务逻辑即可。

  2. » 基于格式规范的文档的代码生成器–根据cmpp3.0协议规范文档生成cmppapi数据包定义的java代码。 -- lizongbo at 618119.com 说道:
    2007年12月28日 09:01

    [...] 开发步骤可参考 用Spring,smppapi,apache mina, commons ssl快速实现安全的smpp smsc序列:http://618119.com/archives/2007/12/14/46.html [...]

留下回复