configuring SSLContext using existing SSL key/cert

2019-01-26 02:29发布

问题:

I am working on a java-project where I should implement the SSL-protokol on the server-side. Well, this is the first time I will use SSL in my application, so I read a lot about ssl/tls and now I want to implement something in java. I will implement this process using JSSE API:

1) client will connect to me

2) I will make authentification with my pubic key certificate. I means that I will send the client a public key and its corresponding certificate

3) the client encrypt the secret-key using my public key and RSA-algorithm and send it to me

I have already the private key and certificate saved on a keystore on my computer. So I am hesited how to access them from my java-application. I do not know, which are the steps to do to acess them, since it is the first time i am dealing with this kind of stuff

I will use an SSLEngine. So I should firstly initialize an SSLContext using this code:

// First initialize the key and trust material.
    KeyStore ksKeys = KeyStore.getInstance("JKS");
    ksKeys.load(new FileInputStream("/.../myKey"), passphrase);
    KeyStore ksTrust = KeyStore.getInstance("JKS");
    ksTrust.load(new FileInputStream("/../myCertificate"), passphrase);

    sslContext = SSLContext.getInstance("TLS");
    sslContext.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null);
    // We're ready for the engine.
    SSLEngine engine = sslContext.createSSLengine(hostname, port);

    // Use as client
    engine.setUseClientMode(true);

I am really new in the crypthography and this is the first time I programming this stuff. Any Idea?

回答1:

At the server, both the public key and its certificate go into the KeyStore, along with the original private key, all under the same alias.

If the certificate is self-signed, you'll need to export it from there into the client's truststore.

You don't need to write code for this. Just set the system properties:

javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
javax.net.ssl.trustStore

as appropriate.



回答2:

After being confused, I did a lot of research and I could find the solution. First of all, I will describe the situation then I will give the steps to solve the problem. Like I said in my Post, I had the private key (.key-file) and the certificate (.cer file) and I need to use them in my java-application (server using ssl-protocol). So the first step to do is to create a keystore named.jks-file containing the certificate/key so that I can be able to use them for your java-based-server. To do this step I used the steps described in this link http://blog.jgc.org/2011/06/importing-existing-ssl-keycertificate.html

Now, how can I use my.jks-file in the above posted code?

Well this is a piece of code how to initialize your SSLEngine:

char [] keyphrase="xxx".toCharArray();
char [] passphrase= "yyy".toCharArray();

// First initialize the key and trust material.
KeyStore ksKeys = KeyStore.getInstance("JKS");
InputStream readStream = new FileInputStream(new File("/.../file.jks"));
ks.load(readStream, passphrase );
// create an factory for key-managers
KeyManagerFactory   =KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyphrase);
SSLContext sslContext = SSLContext.getInstance("TLS");
//initialize the ssl-context
sslContext.init(kmf.getKeyManagers(),null,null);
// We're ready for the engine.
SSLEngine engine = sslContext.createSSLEngine(host, port);
// Use as client
engine.setUseClientMode(true);