CFCATruePass安全解决方案

MaYong«January2006»12345678910111213141516171819202122232425262728293031//(80)J2SE(5)JAVA(4)(4)(8)(0)J2ME(1)&(1)CASE(11)J2EE(29)(5)(1)(3)(3)LINUX&&UNIX(5)linuxJakartaCommonskeytool-OpenLDAPopenldap(ZT)BerkeleyDBTruePassAppletServ[JAVA]TruePassa.t.jamy2005-8-2106:20:00TruePassTruePassCFCATruePassB-S-TruePassBtoB,BtoCTruePass··--·--·--·,·TruePassFIPS()140-1·WebB-S,·,···Web,Web·,·SSL·,··ITUX.509·windows·TruePassTruePassCFCATruePass(SessionValidationModuleSVM)(Servlet)(Applet)TruePassJava(Applet)TruePassSVMServletServlet:JDBCHibernate:Struts:Lucene:J2EE:Java:JAVASSL:JAVASSL:Lucene:Lucene:VSSstrutsITCSDNSUNYESKYITJAVABlogBlog:MaYong:80:50:4:17675:200559ICP05000276Copyright©CSAI.cn2001-2006,AllRightsReserved.:77,500,080.000,5MaYong«December2005»12345678910111213141516171819202122232425262728293031//(79)(3)(0)&(1)(4)(8)CASE(11)J2SE(5)(3)J2ME(1)J2EE(29)(5)(1)JAVA(4)LINUX&&UNIX(4)JakartaCommonskeytool-OpenLDAPopenldap(ZT)BerkeleyDBTruePassAppletServSSL[J2EE]JAVASSLa.t.jamy2005-8-1807:39:00JAVASSLSSL/*********************************************************************rochocp*rochoc.net.securityp*SSLServerp*luocp*2005-6-30p*SocketjavaSSLServerSocketp************************************************************************/packagerochoc.net.security;importjava.io.FileInputStream;importjava.io.IOException;importjava.io.InputStream;importjava.io.OutputStream;importjava.net.Socket;importjava.security.KeyStore;importjava.security.SecureRandom;importjavax.net.ssl.KeyManagerFactory;importjavax.net.ssl.SSLContext;importjavax.net.ssl.SSLServerSocket;importjavax.net.ssl.TrustManagerFactory;/***SSLServerp*p*luocp*2005-6-30p*publicp*publicp**/publicclassSSLServerimplementsRunnable{/***p*p**/publicSSLServer(){init();}/***initp*Socketp*p*voidp*luoc:JAVASSL:JAVASSL:Lucene:Lucene:VSS:Lucene:Lucene:UML:[]:[]strutsCSDNSUNYESKYITJAVABlogBlog:MaYong:79:39:4:12804:200559*2005-6-30**/publicvoidinit(){Stringtype=TLS;//Stringkeyf=..\\key\\srvstore;//keyStringtrustf=..\\key\\mytrust;Stringpass=123456;//intport=2001;//try{//SSLContextctx=SSLContext.getInstance(type);KeyManagerFactorykmf=KeyManagerFactory.getInstance(SunX509);TrustManagerFactorytmf=TrustManagerFactory.getInstance(SunX509);KeyStoreks=KeyStore.getInstance(JKS);KeyStoretks=KeyStore.getInstance(JKS);//keystoreks.load(newFileInputStream(keyf),pass.toCharArray());tks.load(newFileInputStream(trustf),pass.toCharArray());kmf.init(ks,pass.toCharArray());tmf.init(tks);ctx.init(kmf.getKeyManagers(),tmf.getTrustManagers(),newSecureRandom());ss=(SSLServerSocket)ctx.getServerSocketFactory().createServerSocket(port);ss.setNeedClientAuth(true);//}catch(Exceptione){e.printStackTrace();}}/***newListenerp*p*p*voidp*luoc*2005-6-30**/privatevoidnewListener(){(newThread(this)).start();}/***runp*@seejava.lang.Runnable#run()p*p**/publicvoidrun(){Socketsocket=null;//acceptaconnectiontry{socket=ss.accept();}catch(IOExceptione){System.out.println(ClassServerdied:+e.getMessage());e.printStackTrace();return;}//createanewthreadtoacceptthenextconnectionnewListener();//processconnectiontry{OutputStreamout=socket.getOutputStream();InputStreamin=socket.getInputStream();//readdatafromclientbytebuff[]=newbyte[512];bytedata[]=newbyte[1024];System.out.println(bufflen=+buff.length);intlen=0;intstartpos=0;while((len=in.read(buff))!=-1){//if(len==1&&buff[0]==TranTool.DATA_END)//break;data=TranTool.byteDynExt(data,buff,len,startpos);System.out.println(readlen:+len+data:[+newString(buff,0,len)+]);startpos+=len;}System.out.println(recvfromclient:[);System.out.print(newString(data,0,startpos));System.out.println(]dataend.);//sendmessagetoclientout.write((startpos+datasuccessreceive.).getBytes());out.write(TranTool.DATA_END);System.out.println(successechoissend.);out.flush();}catch(IOExceptione){e.printStackTrace();return;}finally{try{socket.close();}catch(IOExceptione){}}}/**/SSLServerSocketss=null;//publicstaticvoidmain(Stringargs[]){System.out.println(initSSLServer...);SSLServersrv=newSSLServer();newThread(srv).start();System.out.println(SSLServerlistenerbegin.);}}SSL/*********************************************************************rochocp*rochoc.net.securityp*SSLClientp*luocp*2005-6-30p*p************************************************************************/packagerochoc.net.security;importjava.io.FileInputStream;importjava.io.IOException;importjava.io.InputStream;importjava.io.OutputStream;importjava.security.KeyStore;importjava.security.SecureRandom;importjavax.net.ssl.KeyManagerFactory;importjavax.net.ssl.SSLContext;importjavax.net.ssl.SSLSocket;importjavax.net.ssl.SSLSocketFactory;importjavax.net.ssl.TrustManagerFactory;/***SSLClientp*p*luocp*2005-6-30p*publicp*publicp**/publicclassSSLClient{/***p*p**/publicSSLClient(){init();}/***initp*Socketp*p*voidp*luoc*2005-6-30**/publicvoidinit(){//serversocket'sipandportStringhost=localhost;intport=2001;//keystorepathandpasswordStringkeyf=..\\key\\mystore;Stringtrustf=..\\key\\srvtrust