帮助HTTPS客户端和服务器连接。

本文介绍了帮助HTTPS客户端和服务器连接。的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我有一个HTTPS客户端和一个用java编码的HTTPS服务器，我需要与HTTPS服务器建立SSL连接，以根据客户端应该接受连接的条件获取消息，如果证书散列是SSL握手期间服务器的证书等于我已在客户端声明的证书。 这是我的代码

I've got an HTTPS client and a HTTPS server coded in java, i need to make a SSL connection to the HTTPS server to get a message based on the condition that the client should accept the connection if the certificate hash of the server's certificate during SSL handshake equals to the one I've declared already in my client. Here is my code

package testsimulation; import java.io.InputStream; import java.InetSocketAddress; import java.Proxy; import java.URL; import java.URLConnection; import javax.ssl.*; import javax.security.auth.x500.X500Principal; import org.bouncycastle.util.encoders.Hex; public class HTTPclient extends akande { private static String urlString; public String k = a9 09 50 2d d8 2a e4 14 33 e6 f8 38 86 b0 0d 42 77 a3 2a 7b; public static void main(String[] args) throws Exception { //set necessary truststore properties - using JKS System.setProperty("javax.ssl.trustStore", "FiddlerKeystore.jks"); System.setProperty("javax.ssl.trustStorePassword", "codedfar"); // System.setProperty("java.protocol.handler.pkgs","com.sun.ssl.internal.www.protocol"); // System.setProperty("java.protocol.handler.pkgs","com.sun.ssl.internal.www.protocol"); SSLContext sslContext = createSSLContext(); // sslContext.init(null, null, null); SSLSocketFactory fact = sslContext.getSocketFactory(); // SSLSocketFactory fact = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); URL url = new URL("localhost:9990"); System.setProperty("proxySet","true"); System.setProperty("https.proxyHost", "127.0.0.1"); System.setProperty("https.proxyPort", "8888"); //-Djavax.ssl.trustStore=<path\to\fiddlerkeystore> //-Djavax.ssl.trustStorePassword= codedfar; Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8888)); HttpsURLConnection connection = (HttpsURLConnection)url.openConnection(proxy); connection.setSSLSocketFactory(fact); connection.setHostnameVerifier(new Validator()); connection.connect(); InputStream in = connection.getInputStream(); int ch=0; while((ch = in.read()) >= 0) { System.out.println((char)ch); } in.close(); // int th =1; // th.force(0); } }

我想比较从我的类中声明的另一台服务器收集的服务器证书指纹与SSL握手中获得的服务器指纹，以了解它是否是同样。

I want to compare the server's certificate thumbprint collected from another server which is declared in my class against the server's thumbprint obtained in the SSL handshake to know if it is the same.

推荐答案

我只在指定接受证书列表的情况下在客户端完成了此操作。我从来没有试过这样做什么证书哈希，我不知道java api是否允许你这样做。如果您有证书，那么您可以将它们指定为受信任证书： stackoverflow/questions/859111/how-do-i-accept-a-self-signed-certificate-with-a-java-httpsurlconnection [ ^ ]。我认为这是一个干净的解决方案。 如果你想要自定义服务器证书验证码，那么这个例子可能有所帮助： stackoverflow/questions/2642777/trusting-all-certificates-using-httpclient-over-https/6378872 [ ^ ] 重要的是在trustmanager中的 checkServerTrusted（）方法，你应该总是抛出异常，除非你的支票找到服务器可以接受。 I've done this on client side only by specifying the list of accepted certificates. I've never tried to do this what certificate hash, I don't know whether the java api allows you to do this or not. If you have the certificates then you can specify them as trusted: stackoverflow/questions/859111/how-do-i-accept-a-self-signed-certificate-with-a-java-httpsurlconnection[^]. I think this is the clean solution. If you want custom server certificate validator code then this example may help: stackoverflow/questions/2642777/trusting-all-certificates-using-httpclient-over-https/6378872[^] The important thing is the checkServerTrusted() method in the trustmanager, you should always throw an exception there except if your check find the server acceptable.

问题是我被告知要实现这个问题，我正在为我的论文实现它，我明天提交我只需要你告诉我在哪里代码适合。谢谢。 The problem is i was told to implement this problem, i'm implementing it for my thesis and i'm submitting tomorrow i just need you to tell me where the code fits in. Thanks.