lizongbo at 618119.com 工作,生活,Android,前端,Linode,Ubuntu,nginx,java,apache,tomcat,Resin,mina,Hessian,XMPP,RPC

2007年12月14日

用Spring,smppapi,apache mina, commons ssl快速实现安全的smpp smsc (六)

Filed under: Java,SSL — 标签:, , , , , , , — lizongbo @ 14:37

接上一篇: http://618119.com/archives/2007/12/13/45.html

使用 commons ssl生成 SSLContext :

[code]

package com.lizongbo..;

import javax.net.ssl.SSLContext;
import java.security.GeneralSecurityException;
import java.io.IOException;
import javax.net.ssl.KeyManager;
import org.apache.commons.ssl.KeyMaterial;

public class SMPPSSLContextFactory {
private static final String PROTOCOL = “TLS”;
private static final String CA_FILE = “ca.crt.properties”;
private static final String CERT_FILE = “server.crt.properties”;
private static final String KEY_FILE = “server.key.properties”;
private static final String CILENT_FILE = “client.crt.properties”;;//”client.p12.properties”;
private static final String CILENT_KEY_FILE = “client.key.properties”;

private static final char[] password =new char[0] ;//”lizongbo”.toCharArray();

private static SSLContext serverInstance = null;

private static SSLContext clientInstance = null;

/**
* Get SSLContext singleton.
*
* @return SSLContext
* @throws java.security.GeneralSecurityException
*
*/
public static SSLContext getInstance(boolean server) throws
GeneralSecurityException, IOException {
SSLContext retInstance = null;
if (server) {
if (serverInstance == null) {
synchronized (SMPPSSLContextFactory.class) {
if (serverInstance == null) {
try {
serverInstance = createSMPPServerSSLContext();
}
catch (Exception ioe) {
throw new GeneralSecurityException(
“Can’t create Server SSLContext:” + ioe);
}
}
}
}
retInstance = serverInstance;
}
else {
if (clientInstance == null) {
synchronized (SMPPSSLContextFactory.class) {
if (clientInstance == null) {
clientInstance = createSMPPClientSSLContext();
}
}
}
retInstance = clientInstance;
}
return retInstance;
}

private static SSLContext createSMPPServerSSLContext() throws
GeneralSecurityException, IOException {
// ssl.setCheckHostname(false); // default setting is “false” for SSLServer
// ssl.setCheckExpiry(true); // default setting is “true” for SSLServer
// ssl.setCheckCRL(true); // default setting is “true” for SSLServer
// ssl.useStrongCiphers();
// return ssl.getSSLContext();
SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
KeyMaterial km = new KeyMaterial(SMPPSSLContextFactory.class
.getResourceAsStream(CERT_FILE),
SMPPSSLContextFactory.class
.getResourceAsStream(KEY_FILE),
password);
sslContext.init( (KeyManager[]) km.getKeyManagers(),
SMPPTrustManagerFactory.X509_MANAGERS, null);
// System.out.println(“getCipherSuites ==” +
// java.util.Arrays.toString(sslContext.getServerSessionContext().
// getSupportedSSLParameters().
// getCipherSuites()));
return sslContext;

}

private static SSLContext createSMPPClientSSLContext() throws
GeneralSecurityException, IOException {
{
SSLContext context = SSLContext.getInstance(PROTOCOL);
KeyMaterial km = new KeyMaterial(SMPPSSLContextFactory.class
.getResourceAsStream(CILENT_FILE),
SMPPSSLContextFactory.class
.getResourceAsStream(CILENT_KEY_FILE),
password);
context.init( (KeyManager[]) km.getKeyManagers(),
SMPPTrustManagerFactory.X509_MANAGERS, null);
return context;
}
}
}
[/code]

实现证书检查认证的代码:

[code]

package com.lizongbo.smpp.ssl;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509TrustManager;

public class SMPPTrustManagerFactory
extends TrustManagerFactorySpi {

static final X509TrustManager X509 = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] x509Certificates,
String s) throws CertificateException {
if (x509Certificates != null) {
for (X509Certificate elem : x509Certificates) {
elem.checkValidity();
//System.out.println(“checkClientTrusted elem ==” + elem);
}
}
// System.out.println(“checkClientTrusted s ==” + s);
}

public void checkServerTrusted(X509Certificate[] x509Certificates,
String s) throws CertificateException {
if (x509Certificates != null) {
for (X509Certificate elem : x509Certificates) {
// System.out.println(“checkServerTrusted elem ==” + elem);
}
}
// System.out.println(“checkServerTrusted s ==” + s);

}

public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
};

static final TrustManager[] X509_MANAGERS = new TrustManager[] {
X509};

public SMPPTrustManagerFactory() {
}

protected TrustManager[] engineGetTrustManagers() {
return X509_MANAGERS;
}

protected void engineInit(KeyStore keystore) throws KeyStoreException {
// noop
}

protected void engineInit(
ManagerFactoryParameters managerFactoryParameters) throws
InvalidAlgorithmParameterException {
// noop
}
}
[/code]

3 Comments »

  1. […] 开发步骤可参考 用Spring,smppapi,apache mina, commons ssl快速实现安全的smpp smsc序列:http://618119.com/archives/2007/12/14/46.html […]

    Pingback by » 基于格式规范的文档的代码生成器–根据cmpp3.0协议规范文档生成cmppapi数据包定义的java代码。 -- lizongbo at 618119.com — 2007年12月28日 @ 09:01

  2. 能否将《用Spring,smppapi,apache mina, commons ssl快速实现安全的smpp smsc 》整体源码发送到我的邮箱,谢谢!

    Reply

    lizongbo reply on 四月 17th, 2008:

    我的文章只是一个思路,文章里已经把相关代码贴出来了,你参考着自己实现业务逻辑即可。

    评论 by Binrong Liu — 2008年04月16日 @ 15:06

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress