我需要在程序中进行 ssl 握手,以获取有关远程服务器的一些信息,例如公钥和密码套装。我知道一种叫做隐形握手的东西,它不会完成握手,但会像我提到的那样获得所需的信息。任何机构都可以解释如何在 Java 中做到这一点。我试图搜索但无法找到确切的具体方法。
【问题讨论】:
标签: java sockets ssl network-programming
Stelath 模式对此不确定,但我曾经做过类似下面的事情来从服务器检索证书链
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class GetCertificates {
public static void main(String[] args) throws NoSuchAlgorithmException, KeyManagementException, IOException{
String host="google.com";
int port = 443;
SSLContext ssl = SSLContext.getInstance("TLS");
ssl.init(null, new TrustManager[]{new SimpleX509TrustManager()}, null);
SSLSocketFactory factory = ssl.getSocketFactory();
SSLSocket socket = (SSLSocket) factory.createSocket(host,port);
SSLSession session = socket.getSession();
javax.security.cert.X509Certificate[] certs = session.getPeerCertificateChain();
System.out.println(certs[certs.length-1].getSubjectDN());
// you can display certificates info here and also cipher suites
session.getCipherSuite();
session.invalidate();
}
}
class SimpleX509TrustManager implements X509TrustManager {
public void checkClientTrusted(
X509Certificate[] cert, String a)
throws CertificateException {
}
public void checkServerTrusted(
X509Certificate[] cert, String a)
throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
【讨论】:
隐身?没听说过这个。
您可以将javax.net.ssl.HandShakeCompletedListener 注册到您的 ssl 客户端套接字以获取证书等,但 握手完成后
javax.net.ssl.HandShakeCompletedListener 是一个实现的接口 任何希望收到完成通知的班级 给定 SSLSocket 连接上的 SSL 协议握手。
您还可以通过SSLEngine 处理握手数据。
【讨论】: