手摸手带你认识https涉及的知识并实现通讯
@[toc]
看完整的代码,直接去完整代码实现,看实现完后会遇到的坑,直接去测试过程当中的问题,包括通过代理服务器访问https,经过ip访问https等。html
http访问流程
咱们开发java web项目时,打好war包放到tomcat应用服务器的webapps目录下,tomcat的访问端口是8080,启动tomcat,在浏览器的地址栏输入http://localhost:8080。就会看到以下
java
那么,看看服务器到底返回了什么内容,在web项目中,运行代码nginx
package com.lgx.http;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
public class t1 {
/*
测试http请求服务器,看服务器返回了什么东西。
*/
public static void main(String[] args) {
try {
URL url = new URL("http://localhost:8080");
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.connect();
InputStream input = connection.getInputStream();
// 默认的index.jsp页面字节数远远小于1024
byte[] bytes = new byte[1024];
int bytesLength = input.read(bytes);
System.out.println("服务器返回:\n" + new String(bytes, 0, bytesLength));
connection.disconnect();
} catch (Exception e) {
e.printStackTrace();
}
}
}
获得结果以下git
上面其实并非完整的服务器返回给浏览器的内容,被咱们输出的只是http报文体,但这并不重要!能够看出数据并未加密。web
https访问流程
更改上述代码,把URL的http改成https,会报错。须要配置一下tomcat服务器算法
配置
tomcat配置支持https访问,若是使用nginx还需配nginx。apache
建立密钥库
用Java自带的keytool生成一个秘钥库编程
keytool -genkey -alias "tomcat" -keyalg "RSA" -keysize 1024 -validity 365 -keystore "/Users/liguoxi/Public/tomcat.keystore"
秘密设置为123456
注:KeyStore通常用JDK中的keytool生成。Keytool使用RSA或DSA KeyPairGenerator生成一个秘钥对并连同新生成的证书一块儿存入KeyStore文件中。json
修改XML文件
server.xml的Https配置默认是注释掉的,干脆手动加上。windows
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/Users/liguoxi/Public/tomcat.keystore"
keystorePass="123456"/>
更改http访问代码为https访问代码,启动项目,再以Java运行下述代码。
package com.lgx.https;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import java.io.InputStream;
import java.net.URL;
public class t1 {
public static void main(String[] args) {
// 输出https握手过程
System.setProperty("javax.net.debug", "all");
// 值配置成与tomcat keyStoreFile一致,服务器发过来的证书,要存在于信任秘钥库中
System.setProperty("javax.net.ssl.trustStore", "/Users/liguoxi/Public/tomcat.keystore");
// 信任秘钥库密码
System.setProperty("javax.net.ssl.trustStorePassword", "123456");
// https协议版本
System.setProperty("https.protocols", "TLSv1");
try {
URL url = new URL("https://localhost:8443");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
// 证书里面有个扩展域,记录了服务器ip,若是与访问url里面的ip不一致不报错
//实际上是由于用keytool生成的证书,并无这个扩展域
return true;
}
});
connection.connect();
InputStream input = connection.getInputStream();
byte[] bytes = new byte[1024];
int bytesLength = input.read(bytes);
System.out.println("服务器返回:\n" + new String(bytes, 0, bytesLength));
connection.disconnect();
} catch (Exception e) {
e.printStackTrace();
}
}
}
输出一大堆
trustStore is: /Users/liguoxi/Public/tomcat.keystore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=LGX, OU=LGX, O=LGX, L=LGX, ST=LGX, C=LGX
Issuer: CN=LGX, OU=LGX, O=LGX, L=LGX, ST=LGX, C=LGX
Algorithm: RSA; Serial number: 0x21e45f2c
Valid from Sun Oct 07 21:27:58 CST 2018 until Mon Oct 07 21:27:58 CST 2019
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1522146822 bytes = { 206, 221, 190, 215, 203, 75, 100, 29, 253, 204, 139, 195, 132, 250, 231, 86, 226, 225, 94, 88, 154, 174, 37, 73, 148, 29, 117, 165 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension extended_master_secret
***
[write] MD5 and SHA1 hashes: len = 125
0000: 01 00 00 79 03 01 5B BA 1E 06 CE DD BE D7 CB 4B ...y..[........K
0010: 64 1D FD CC 8B C3 84 FA E7 56 E2 E1 5E 58 9A AE d........V..^X..
0020: 25 49 94 1D 75 A5 00 00 2C C0 0A C0 14 00 35 C0 %I..u...,.....5.
0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...
0040: 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 0D 00 ..3.2...........
0050: 16 00 13 00 FF 01 00 00 24 00 0A 00 16 00 14 00 ........$.......
0060: 17 00 18 00 19 00 09 00 0A 00 0B 00 0C 00 0D 00 ................
0070: 0E 00 16 00 0B 00 02 01 00 00 17 00 00 .............
main, WRITE: TLSv1 Handshake, length = 125
[Raw write]: length = 130
0000: 16 03 01 00 7D 01 00 00 79 03 01 5B BA 1E 06 CE ........y..[....
0010: DD BE D7 CB 4B 64 1D FD CC 8B C3 84 FA E7 56 E2 ....Kd........V.
0020: E1 5E 58 9A AE 25 49 94 1D 75 A5 00 00 2C C0 0A .^X..%I..u...,..
0030: C0 14 00 35 C0 05 C0 0F 00 39 00 38 C0 09 C0 13 ...5.....9.8....
0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A ./.....3.2......
0050: C0 03 C0 0D 00 16 00 13 00 FF 01 00 00 24 00 0A .............$..
0060: 00 16 00 14 00 17 00 18 00 19 00 09 00 0A 00 0B ................
0070: 00 0C 00 0D 00 0E 00 16 00 0B 00 02 01 00 00 17 ................
0080: 00 00 ..
[Raw read]: length = 5
0000: 16 03 01 03 74 ....t
[Raw read]: length = 884
0000: 02 00 00 51 03 01 5B BA 1E 06 88 96 19 DB 9A CF ...Q..[.........
0010: 95 E3 75 CB 71 6F 48 8E 06 80 97 2A 74 AE D2 D1 ..u.qoH....*t...
0020: 16 84 AA 11 C5 A9 20 5B BA 1E 06 D6 62 98 69 C8 ...... [....b.i.
0030: 8C 1E 30 F0 DA B6 5D B6 C8 6E 35 D1 A0 D0 83 0B ..0...]..n5.....
0040: F7 FB 3A D5 A1 65 3C C0 14 00 00 09 FF 01 00 01 ..:..e<.........
0050: 00 00 17 00 00 0B 00 02 4C 00 02 49 00 02 46 30 ........L..I..F0
0060: 82 02 42 30 82 01 AB A0 03 02 01 02 02 04 21 E4 ..B0..........!.
0070: 5F 2C 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 _,0...*.H.......
0080: 00 30 54 31 0C 30 0A 06 03 55 04 06 13 03 4C 47 .0T1.0...U....LG
0090: 58 31 0C 30 0A 06 03 55 04 08 13 03 4C 47 58 31 X1.0...U....LGX1
00A0: 0C 30 0A 06 03 55 04 07 13 03 4C 47 58 31 0C 30 .0...U....LGX1.0
00B0: 0A 06 03 55 04 0A 13 03 4C 47 58 31 0C 30 0A 06 ...U....LGX1.0..
00C0: 03 55 04 0B 13 03 4C 47 58 31 0C 30 0A 06 03 55 .U....LGX1.0...U
00D0: 04 03 13 03 4C 47 58 30 1E 17 0D 31 38 31 30 30 ....LGX0...18100
00E0: 37 31 33 32 37 35 38 5A 17 0D 31 39 31 30 30 37 7132758Z..191007
00F0: 31 33 32 37 35 38 5A 30 54 31 0C 30 0A 06 03 55 132758Z0T1.0...U
0100: 04 06 13 03 4C 47 58 31 0C 30 0A 06 03 55 04 08 ....LGX1.0...U..
0110: 13 03 4C 47 58 31 0C 30 0A 06 03 55 04 07 13 03 ..LGX1.0...U....
0120: 4C 47 58 31 0C 30 0A 06 03 55 04 0A 13 03 4C 47 LGX1.0...U....LG
0130: 58 31 0C 30 0A 06 03 55 04 0B 13 03 4C 47 58 31 X1.0...U....LGX1
0140: 0C 30 0A 06 03 55 04 03 13 03 4C 47 58 30 81 9F .0...U....LGX0..
0150: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 0...*.H.........
0160: 81 8D 00 30 81 89 02 81 81 00 9C 61 24 6E EC D3 ...0.......a$n..
0170: A1 6B 6A 12 36 D6 CB 03 9A 9B 6C 9F A7 C6 B8 FD .kj.6.....l.....
0180: 19 5D 91 F8 16 EB D5 06 7E A6 1E 09 DB 1F EA 95 .]..............
0190: F3 3A 73 21 DA A5 B6 BD 2A 46 40 20 BD 6E 55 83 .:s!....*F@ .nU.
01A0: 42 86 F7 8E 5B 84 C7 45 0E 02 F8 76 75 DE 41 FD B...[..E...vu.A.
01B0: 6D B6 A7 50 09 04 71 0D A8 AA F4 73 59 2C C0 36 m..P..q....sY,.6
01C0: 5C 68 2E BA 99 43 2D DF C0 4D 70 66 EC 93 08 D7 \h...C-..Mpf....
01D0: 05 0D 75 5A C3 0D 04 CC 18 F9 5D E5 73 E4 E9 14 ..uZ......].s...
01E0: 53 5D D5 0C 6F 16 E4 2C AE 47 02 03 01 00 01 A3 S]..o..,.G......
01F0: 21 30 1F 30 1D 06 03 55 1D 0E 04 16 04 14 E0 A4 !0.0...U........
0200: 47 46 87 0B 8D 4F A6 B2 29 57 D7 1D 59 78 02 F1 GF...O..)W..Yx..
0210: D8 2B 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 .+0...*.H.......
0220: 00 03 81 81 00 4D 14 33 08 83 64 F8 90 E5 27 AA .....M.3..d...'.
0230: CC FC 54 1C 20 B9 84 A6 D0 53 47 F1 98 F7 CF 20 ..T. ....SG....
0240: D7 81 34 12 84 2E 0F E2 A9 2D 26 21 4B E0 EA A6 ..4......-&!K...
0250: F4 57 87 AB EF CB C8 86 A1 D3 29 80 CA 49 9F EF .W........)..I..
0260: 61 BF BB F6 62 0F 15 EF 5C 19 F2 D7 C7 5E DC F3 a...b...\....^..
0270: FD F6 A1 F3 30 69 DA F9 AA 4C 7C CC DE 8F B2 D6 ....0i...L......
0280: 96 43 72 BC B9 F7 00 25 43 37 8B E0 8A A7 76 CF .Cr....%C7....v.
0290: 9B E8 54 E8 C9 F6 33 4E 8F 8C F7 C8 DF 37 20 67 ..T...3N.....7 g
02A0: 50 C6 A3 19 42 0C 00 00 C7 03 00 17 41 04 83 ED P...B.......A...
02B0: F0 6A BA DC AD 5E 46 5C F7 F6 28 AA E2 0E 97 A2 .j...^F\..(.....
02C0: CA 41 A9 51 10 E9 AA EA F4 7A 9D 62 2B B8 31 72 .A.Q.....z.b+.1r
02D0: D6 33 03 D0 96 59 23 64 38 B7 D2 0E 70 E7 3C 5C .3...Y#d8...p.<\
02E0: C1 EC A1 51 97 18 33 1F AD 42 69 9D AE B9 00 80 ...Q..3..Bi.....
02F0: 79 79 70 2C 31 D3 DC 28 D5 0C C0 37 23 E1 71 FC yyp,1..(...7#.q.
0300: A1 96 2F C8 8A 35 5E 95 EB EF 13 27 C3 52 8A A7 ../..5^....'.R..
0310: 50 70 AF EC ED E6 B9 F6 05 18 52 40 23 5D 63 CC Pp........R@#]c.
0320: E2 89 92 00 26 A5 41 7B 13 F2 D2 8C 31 3C 23 41 ....&.A.....1<#A
0330: 6F 4E 1B 8A 9A 35 0E 0B F6 AE 8D 86 4B D6 3E A2 oN...5......K.>.
0340: 79 EB 61 B6 47 B0 42 B5 6E 85 09 23 84 46 46 99 y.a.G.B.n..#.FF.
0350: 81 CD C8 23 8B 2C 26 32 1B C0 03 FC 9B 8B 14 D1 ...#.,&2........
0360: F6 E1 89 4A EA ED EF C4 6D E9 E5 86 22 E4 8E 7C ...J....m..."...
0370: 0E 00 00 00 ....
main, READ: TLSv1 Handshake, length = 884
*** ServerHello, TLSv1
RandomCookie: GMT: 1522146822 bytes = { 136, 150, 25, 219, 154, 207, 149, 227, 117, 203, 113, 111, 72, 142, 6, 128, 151, 42, 116, 174, 210, 209, 22, 132, 170, 17, 197, 169 }
Session ID: {91, 186, 30, 6, 214, 98, 152, 105, 200, 140, 30, 48, 240, 218, 182, 93, 182, 200, 110, 53, 209, 160, 208, 131, 11, 247, 251, 58, 213, 161, 101, 60}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension extended_master_secret
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[read] MD5 and SHA1 hashes: len = 85
0000: 02 00 00 51 03 01 5B BA 1E 06 88 96 19 DB 9A CF ...Q..[.........
0010: 95 E3 75 CB 71 6F 48 8E 06 80 97 2A 74 AE D2 D1 ..u.qoH....*t...
0020: 16 84 AA 11 C5 A9 20 5B BA 1E 06 D6 62 98 69 C8 ...... [....b.i.
0030: 8C 1E 30 F0 DA B6 5D B6 C8 6E 35 D1 A0 D0 83 0B ..0...]..n5.....
0040: F7 FB 3A D5 A1 65 3C C0 14 00 00 09 FF 01 00 01 ..:..e<.........
0050: 00 00 17 00 00 .....
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=LGX, OU=LGX, O=LGX, L=LGX, ST=LGX, C=LGX
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 1024 bits
modulus: 109813392808966985140540821321555924175057214027222884095960986513876498186792795206052237836949373963973650543086709232968823011726525283075591130943590026095316290548201219746527439812794723752498763782639568103955938705793191742259325257069819861478415993347120306343465466402849805688743066088416645787207
public exponent: 65537
Validity: [From: Sun Oct 07 21:27:58 CST 2018,
To: Mon Oct 07 21:27:58 CST 2019]
Issuer: CN=LGX, OU=LGX, O=LGX, L=LGX, ST=LGX, C=LGX
SerialNumber: [ 21e45f2c]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E0 A4 47 46 87 0B 8D 4F A6 B2 29 57 D7 1D 59 78 ..GF...O..)W..Yx
0010: 02 F1 D8 2B ...+
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 4D 14 33 08 83 64 F8 90 E5 27 AA CC FC 54 1C 20 M.3..d...'...T.
0010: B9 84 A6 D0 53 47 F1 98 F7 CF 20 D7 81 34 12 84 ....SG.... ..4..
0020: 2E 0F E2 A9 2D 26 21 4B E0 EA A6 F4 57 87 AB EF ....-&!K....W...
0030: CB C8 86 A1 D3 29 80 CA 49 9F EF 61 BF BB F6 62 .....)..I..a...b
0040: 0F 15 EF 5C 19 F2 D7 C7 5E DC F3 FD F6 A1 F3 30 ...\....^......0
0050: 69 DA F9 AA 4C 7C CC DE 8F B2 D6 96 43 72 BC B9 i...L.......Cr..
0060: F7 00 25 43 37 8B E0 8A A7 76 CF 9B E8 54 E8 C9 ..%C7....v...T..
0070: F6 33 4E 8F 8C F7 C8 DF 37 20 67 50 C6 A3 19 42 .3N.....7 gP...B
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=LGX, OU=LGX, O=LGX, L=LGX, ST=LGX, C=LGX
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 1024 bits
modulus: 109813392808966985140540821321555924175057214027222884095960986513876498186792795206052237836949373963973650543086709232968823011726525283075591130943590026095316290548201219746527439812794723752498763782639568103955938705793191742259325257069819861478415993347120306343465466402849805688743066088416645787207
public exponent: 65537
Validity: [From: Sun Oct 07 21:27:58 CST 2018,
To: Mon Oct 07 21:27:58 CST 2019]
Issuer: CN=LGX, OU=LGX, O=LGX, L=LGX, ST=LGX, C=LGX
SerialNumber: [ 21e45f2c]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E0 A4 47 46 87 0B 8D 4F A6 B2 29 57 D7 1D 59 78 ..GF...O..)W..Yx
0010: 02 F1 D8 2B ...+
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 4D 14 33 08 83 64 F8 90 E5 27 AA CC FC 54 1C 20 M.3..d...'...T.
0010: B9 84 A6 D0 53 47 F1 98 F7 CF 20 D7 81 34 12 84 ....SG.... ..4..
0020: 2E 0F E2 A9 2D 26 21 4B E0 EA A6 F4 57 87 AB EF ....-&!K....W...
0030: CB C8 86 A1 D3 29 80 CA 49 9F EF 61 BF BB F6 62 .....)..I..a...b
0040: 0F 15 EF 5C 19 F2 D7 C7 5E DC F3 FD F6 A1 F3 30 ...\....^......0
0050: 69 DA F9 AA 4C 7C CC DE 8F B2 D6 96 43 72 BC B9 i...L.......Cr..
0060: F7 00 25 43 37 8B E0 8A A7 76 CF 9B E8 54 E8 C9 ..%C7....v...T..
0070: F6 33 4E 8F 8C F7 C8 DF 37 20 67 50 C6 A3 19 42 .3N.....7 gP...B
]
[read] MD5 and SHA1 hashes: len = 592
0000: 0B 00 02 4C 00 02 49 00 02 46 30 82 02 42 30 82 ...L..I..F0..B0.
0010: 01 AB A0 03 02 01 02 02 04 21 E4 5F 2C 30 0D 06 .........!._,0..
0020: 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 54 31 0C .*.H........0T1.
0030: 30 0A 06 03 55 04 06 13 03 4C 47 58 31 0C 30 0A 0...U....LGX1.0.
0040: 06 03 55 04 08 13 03 4C 47 58 31 0C 30 0A 06 03 ..U....LGX1.0...
0050: 55 04 07 13 03 4C 47 58 31 0C 30 0A 06 03 55 04 U....LGX1.0...U.
0060: 0A 13 03 4C 47 58 31 0C 30 0A 06 03 55 04 0B 13 ...LGX1.0...U...
0070: 03 4C 47 58 31 0C 30 0A 06 03 55 04 03 13 03 4C .LGX1.0...U....L
0080: 47 58 30 1E 17 0D 31 38 31 30 30 37 31 33 32 37 GX0...1810071327
0090: 35 38 5A 17 0D 31 39 31 30 30 37 31 33 32 37 35 58Z..19100713275
00A0: 38 5A 30 54 31 0C 30 0A 06 03 55 04 06 13 03 4C 8Z0T1.0...U....L
00B0: 47 58 31 0C 30 0A 06 03 55 04 08 13 03 4C 47 58 GX1.0...U....LGX
00C0: 31 0C 30 0A 06 03 55 04 07 13 03 4C 47 58 31 0C 1.0...U....LGX1.
00D0: 30 0A 06 03 55 04 0A 13 03 4C 47 58 31 0C 30 0A 0...U....LGX1.0.
00E0: 06 03 55 04 0B 13 03 4C 47 58 31 0C 30 0A 06 03 ..U....LGX1.0...
00F0: 55 04 03 13 03 4C 47 58 30 81 9F 30 0D 06 09 2A U....LGX0..0...*
0100: 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 .H............0.
0110: 89 02 81 81 00 9C 61 24 6E EC D3 A1 6B 6A 12 36 ......a$n...kj.6
0120: D6 CB 03 9A 9B 6C 9F A7 C6 B8 FD 19 5D 91 F8 16 .....l......]...
0130: EB D5 06 7E A6 1E 09 DB 1F EA 95 F3 3A 73 21 DA ............:s!.
0140: A5 B6 BD 2A 46 40 20 BD 6E 55 83 42 86 F7 8E 5B ...*F@ .nU.B...[
0150: 84 C7 45 0E 02 F8 76 75 DE 41 FD 6D B6 A7 50 09 ..E...vu.A.m..P.
0160: 04 71 0D A8 AA F4 73 59 2C C0 36 5C 68 2E BA 99 .q....sY,.6\h...
0170: 43 2D DF C0 4D 70 66 EC 93 08 D7 05 0D 75 5A C3 C-..Mpf......uZ.
0180: 0D 04 CC 18 F9 5D E5 73 E4 E9 14 53 5D D5 0C 6F .....].s...S]..o
0190: 16 E4 2C AE 47 02 03 01 00 01 A3 21 30 1F 30 1D ..,.G......!0.0.
01A0: 06 03 55 1D 0E 04 16 04 14 E0 A4 47 46 87 0B 8D ..U........GF...
01B0: 4F A6 B2 29 57 D7 1D 59 78 02 F1 D8 2B 30 0D 06 O..)W..Yx...+0..
01C0: 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 81 81 00 .*.H............
01D0: 4D 14 33 08 83 64 F8 90 E5 27 AA CC FC 54 1C 20 M.3..d...'...T.
01E0: B9 84 A6 D0 53 47 F1 98 F7 CF 20 D7 81 34 12 84 ....SG.... ..4..
01F0: 2E 0F E2 A9 2D 26 21 4B E0 EA A6 F4 57 87 AB EF ....-&!K....W...
0200: CB C8 86 A1 D3 29 80 CA 49 9F EF 61 BF BB F6 62 .....)..I..a...b
0210: 0F 15 EF 5C 19 F2 D7 C7 5E DC F3 FD F6 A1 F3 30 ...\....^......0
0220: 69 DA F9 AA 4C 7C CC DE 8F B2 D6 96 43 72 BC B9 i...L.......Cr..
0230: F7 00 25 43 37 8B E0 8A A7 76 CF 9B E8 54 E8 C9 ..%C7....v...T..
0240: F6 33 4E 8F 8C F7 C8 DF 37 20 67 50 C6 A3 19 42 .3N.....7 gP...B
*** ECDH ServerKeyExchange
Server key: Sun EC public key, 256 bits
public x coord: 59673385215316818009352331687060949082651775895246442016413736342443150945208
public y coord: 22366228495042026761421384723174683132027538974986677415966731768560927747769
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
[read] MD5 and SHA1 hashes: len = 203
0000: 0C 00 00 C7 03 00 17 41 04 83 ED F0 6A BA DC AD .......A....j...
0010: 5E 46 5C F7 F6 28 AA E2 0E 97 A2 CA 41 A9 51 10 ^F\..(......A.Q.
0020: E9 AA EA F4 7A 9D 62 2B B8 31 72 D6 33 03 D0 96 ....z.b+.1r.3...
0030: 59 23 64 38 B7 D2 0E 70 E7 3C 5C C1 EC A1 51 97 Y#d8...p.<\...Q.
0040: 18 33 1F AD 42 69 9D AE B9 00 80 79 79 70 2C 31 .3..Bi.....yyp,1
0050: D3 DC 28 D5 0C C0 37 23 E1 71 FC A1 96 2F C8 8A ..(...7#.q.../..
0060: 35 5E 95 EB EF 13 27 C3 52 8A A7 50 70 AF EC ED 5^....'.R..Pp...
0070: E6 B9 F6 05 18 52 40 23 5D 63 CC E2 89 92 00 26 .....R@#]c.....&
0080: A5 41 7B 13 F2 D2 8C 31 3C 23 41 6F 4E 1B 8A 9A .A.....1<#AoN...
0090: 35 0E 0B F6 AE 8D 86 4B D6 3E A2 79 EB 61 B6 47 5......K.>.y.a.G
00A0: B0 42 B5 6E 85 09 23 84 46 46 99 81 CD C8 23 8B .B.n..#.FF....#.
00B0: 2C 26 32 1B C0 03 FC 9B 8B 14 D1 F6 E1 89 4A EA ,&2...........J.
00C0: ED EF C4 6D E9 E5 86 22 E4 8E 7C ...m..."...
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** ECDHClientKeyExchange
ECDH Public value: { 4, 35, 76, 86, 107, 199, 33, 33, 214, 183, 130, 57, 64, 134, 252, 21, 63, 200, 236, 32, 109, 23, 243, 240, 10, 61, 76, 202, 241, 148, 221, 202, 125, 230, 205, 242, 124, 82, 195, 105, 131, 22, 78, 6, 228, 114, 175, 180, 24, 189, 93, 115, 105, 58, 23, 254, 214, 154, 27, 212, 119, 62, 228, 246, 89 }
[write] MD5 and SHA1 hashes: len = 70
0000: 10 00 00 42 41 04 23 4C 56 6B C7 21 21 D6 B7 82 ...BA.#LVk.!!...
0010: 39 40 86 FC 15 3F C8 EC 20 6D 17 F3 F0 0A 3D 4C 9@...?.. m....=L
0020: CA F1 94 DD CA 7D E6 CD F2 7C 52 C3 69 83 16 4E ..........R.i..N
0030: 06 E4 72 AF B4 18 BD 5D 73 69 3A 17 FE D6 9A 1B ..r....]si:.....
0040: D4 77 3E E4 F6 59 .w>..Y
main, WRITE: TLSv1 Handshake, length = 70
[Raw write]: length = 75
0000: 16 03 01 00 46 10 00 00 42 41 04 23 4C 56 6B C7 ....F...BA.#LVk.
0010: 21 21 D6 B7 82 39 40 86 FC 15 3F C8 EC 20 6D 17 !!...9@...?.. m.
0020: F3 F0 0A 3D 4C CA F1 94 DD CA 7D E6 CD F2 7C 52 ...=L..........R
0030: C3 69 83 16 4E 06 E4 72 AF B4 18 BD 5D 73 69 3A .i..N..r....]si:
0040: 17 FE D6 9A 1B D4 77 3E E4 F6 59 ......w>..Y
SESSION KEYGEN:
PreMaster Secret:
0000: 08 C3 67 71 5C 60 68 86 44 12 4E F2 AB A1 6C 9A ..gq\`h.D.N...l.
0010: 16 19 BA A0 D6 B6 AA 87 E1 F8 01 6F 43 05 72 74 ...........oC.rt
CONNECTION KEYGEN:
Client Nonce:
0000: 5B BA 1E 06 CE DD BE D7 CB 4B 64 1D FD CC 8B C3 [........Kd.....
0010: 84 FA E7 56 E2 E1 5E 58 9A AE 25 49 94 1D 75 A5 ...V..^X..%I..u.
Server Nonce:
0000: 5B BA 1E 06 88 96 19 DB 9A CF 95 E3 75 CB 71 6F [...........u.qo
0010: 48 8E 06 80 97 2A 74 AE D2 D1 16 84 AA 11 C5 A9 H....*t.........
Master Secret:
0000: 2A E2 CE B4 07 60 8D D2 16 AF 42 3C 97 30 12 BD *....`....B<.0..
0010: 5D 04 AB 45 D4 61 F2 40 C2 ED 8F 6C 76 28 62 13 ]..E.a.@...lv(b.
0020: 14 23 D2 C3 40 37 26 AD FC 9D 6C 07 1D AE CE D5 .#..@7&...l.....
Client MAC write Secret:
0000: 63 9F 1D 65 B3 F0 E2 CD 7B B1 A5 0D A6 3D E0 B9 c..e.........=..
0010: 34 A8 67 F7 4.g.
Server MAC write Secret:
0000: 92 50 43 14 8D E1 19 13 6B 1E 74 2C 70 5C 39 41 .PC.....k.t,p\9A
0010: 07 99 B9 46 ...F
Client write key:
0000: 98 97 3F AB 26 3A 14 D8 08 FC 26 C1 7E 07 2A C7 ..?.&:....&...*.
0010: 46 CC 21 03 0B 0F 87 4D C9 27 79 19 0F C4 B8 7D F.!....M.'y.....
Server write key:
0000: 50 20 AE 79 47 E8 BE 3C 79 06 0E 19 2E 3C F3 9A P .yG..<y....<..
0010: 5F B0 33 57 2D 29 E4 70 15 7F 68 17 B8 21 18 E6 _.3W-).p..h..!..
Client write IV:
0000: FB 18 D1 8D D8 EA 8D 82 96 EB 9E 84 97 98 2D C4 ..............-.
Server write IV:
0000: 23 E6 E9 B6 DF 6C 0F 75 00 6A 01 AE 2F 8C D9 E1 #....l.u.j../...
main, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
*** Finished
verify_data: { 138, 44, 121, 7, 61, 112, 195, 10, 93, 222, 35, 164 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 8A 2C 79 07 3D 70 C3 0A 5D DE 23 A4 .....,y.=p..].#.
Padded plaintext before ENCRYPTION: len = 48
0000: 14 00 00 0C 8A 2C 79 07 3D 70 C3 0A 5D DE 23 A4 .....,y.=p..].#.
0010: C6 E4 F7 C2 32 85 2B 30 18 1A F8 4B 5E 29 22 BE ....2.+0...K^)".
0020: 5E 15 71 A1 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B ^.q.............
main, WRITE: TLSv1 Handshake, length = 48
[Raw write]: length = 53
0000: 16 03 01 00 30 91 87 EB A3 09 E8 AC 17 7A 33 A3 ....0........z3.
0010: 0B 42 22 02 92 18 D7 52 1A 49 DA 0E 3C 11 D4 EB .B"....R.I..<...
0020: 6D 19 F2 D6 01 A0 29 18 93 20 7C 3B CF A0 BC E0 m.....).. .;....
0030: A9 41 17 1B E7 .A...
[Raw read]: length = 5
0000: 14 03 01 00 01 .....
[Raw read]: length = 1
0000: 01 .
main, READ: TLSv1 Change Cipher Spec, length = 1
[Raw read]: length = 5
0000: 16 03 01 00 30 ....0
[Raw read]: length = 48
0000: 77 16 6B 89 41 7E 3F 93 DA 66 F5 DF EF 6F 90 A8 w.k.A.?..f...o..
0010: 1B 51 DD 97 AC 11 A4 66 B5 2C A3 69 A4 5A 92 3A .Q.....f.,.i.Z.:
0020: C1 52 09 3E 20 01 BB 2C 55 BE 2E 52 93 63 B6 ED .R.> ..,U..R.c..
main, READ: TLSv1 Handshake, length = 48
Padded plaintext after DECRYPTION: len = 48
0000: 14 00 00 0C C0 1E 82 40 64 A8 15 62 8D DC A0 62 .......@d..b...b
0010: 0B B4 25 EF 31 D1 F9 5C FD DE 87 E9 CE 69 BB EB ..%.1..\.....i..
0020: C0 C3 F3 BD 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B ................
*** Finished
verify_data: { 192, 30, 130, 64, 100, 168, 21, 98, 141, 220, 160, 98 }
***
%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C C0 1E 82 40 64 A8 15 62 8D DC A0 62 .......@d..b...b
Padded plaintext before ENCRYPTION: len = 176
0000: 47 45 54 20 2F 20 48 54 54 50 2F 31 2E 31 0D 0A GET / HTTP/1.1..
0010: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 User-Agent: Java
0020: 2F 31 2E 38 2E 30 5F 31 36 31 0D 0A 48 6F 73 74 /1.8.0_161..Host
0030: 3A 20 6C 6F 63 61 6C 68 6F 73 74 3A 38 34 34 33 : localhost:8443
0040: 0D 0A 41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 ..Accept: text/h
0050: 74 6D 6C 2C 20 69 6D 61 67 65 2F 67 69 66 2C 20 tml, image/gif,
0060: 69 6D 61 67 65 2F 6A 70 65 67 2C 20 2A 3B 20 71 image/jpeg, *; q
0070: 3D 2E 32 2C 20 2A 2F 2A 3B 20 71 3D 2E 32 0D 0A =.2, */*; q=.2..
0080: 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 Connection: keep
0090: 2D 61 6C 69 76 65 0D 0A 0D 0A 1F DF A2 19 1D E1 -alive..........
00A0: 23 86 92 33 C1 11 02 95 1E 95 1F 6D E4 CB 01 01 #..3.......m....
main, WRITE: TLSv1 Application Data, length = 176
[Raw write]: length = 181
0000: 17 03 01 00 B0 0D 7D 68 DD 5B 28 FE 81 9F 15 25 .......h.[(....%
0010: D5 37 68 3D E1 77 7E 87 1D 24 32 9A F6 58 D4 B4 .7h=.w...$2..X..
0020: A9 95 38 70 31 7A 49 3F 20 B8 B2 85 9E 11 C0 1F ..8p1zI? .......
0030: 96 20 A5 B0 39 80 09 AA 87 DE 35 B4 D3 98 01 6C . ..9.....5....l
0040: 39 9A 3B 14 A0 CD E7 D4 B4 AA C7 8A C6 E1 AC DA 9.;.............
0050: 92 4A 49 D4 F7 E7 B6 4F 82 1B D2 F5 D8 B8 18 D3 .JI....O........
0060: 96 A5 EA A8 1C A3 30 04 C7 A4 EE 98 0F A2 6F E8 ......0.......o.
0070: DC AF F7 E5 9A 6E 0A 8B BD E4 06 AD 65 FC 8D 2E .....n......e...
0080: F2 D3 E5 C0 3F F1 C0 83 F0 07 09 58 34 7D F9 D9 ....?......X4...
0090: E7 AB EF 2F D0 E0 86 43 A2 DF FD 0D 1F A6 39 09 .../...C......9.
00A0: BB FD 5C 5D 65 D6 25 C1 AE F8 B4 9F 5C 8D D6 EA ..\]e.%.....\...
00B0: 63 1A 40 1B B8 c.@..
[Raw read]: length = 5
0000: 17 03 01 01 40 ....@
[Raw read]: length = 320
0000: B0 AA 6A 6E F6 37 D3 C6 66 BB 17 A7 27 F3 3C 74 ..jn.7..f...'.<t
0010: 6A DF 16 C5 9E F8 34 BB B6 8E FA FE 6E 52 F4 39 j.....4.....nR.9
0020: 5B 88 5F 0A 91 76 C7 8B 62 E2 65 B7 EF 28 B6 8E [._..v..b.e..(..
0030: FC 43 83 9E C8 A5 89 31 19 E0 E8 AE C3 EA C4 D8 .C.....1........
0040: 7A 54 68 62 88 35 D5 FB 4B 85 38 03 EC A1 DC 69 zThb.5..K.8....i
0050: 88 1C F8 E6 82 AC CD A3 E6 A9 7C 45 E4 12 47 FD ...........E..G.
0060: 45 FA 66 D2 F0 D5 FE E2 7E 1C AF B4 35 C3 1C 77 E.f.........5..w
0070: C1 96 59 27 2D 98 8D AC 29 9F D4 8B 65 B3 4C 1B ..Y'-...)...e.L.
0080: 34 B0 ED E6 DC 6B 73 A7 30 1A A6 A2 65 69 12 DA 4....ks.0...ei..
0090: FE B7 68 A4 E8 13 70 5C 5D 9E 8D 01 CA 68 DD 5F ..h...p\]....h._
00A0: 57 DD 1D 46 40 9A CE B9 39 F4 EA C0 D5 B6 FC 6D W..F@...9......m
00B0: 22 04 95 F7 7A 68 FA 84 0B B8 CE F1 B5 3B 09 6F "...zh.......;.o
00C0: A8 DF 7C C7 0B A7 D7 68 17 EF F3 57 5D 01 D5 54 .......h...W]..T
00D0: D1 05 8E 69 AA 68 CB 75 9F A7 45 2E 7B 0B 9A 5A ...i.h.u..E....Z
00E0: DB 64 29 BA 4C A9 9A 75 A2 56 53 6A D6 1F 63 27 .d).L..u.VSj..c'
00F0: A6 EA 03 AD 52 87 1D F4 8A D1 79 2F F0 96 8E 8C ....R.....y/....
0100: A4 83 A1 32 77 5B A4 A0 27 28 2A BB 07 26 5C FF ...2w[..'(*..&\.
0110: 5D 34 D8 F4 62 6F 4E CE 26 A5 A2 DE F3 89 06 A3 ]4..boN.&.......
0120: 71 85 71 41 23 D3 65 B8 8A 0B 5B DC 1E 24 C4 6C q.qA#.e...[..$.l
0130: 2B B7 AC 18 91 87 62 E0 C0 A9 F5 3F 66 D5 4B E9 +.....b....?f.K.
main, READ: TLSv1 Application Data, length = 320
Padded plaintext after DECRYPTION: len = 320
0000: 48 54 54 50 2F 31 2E 31 20 32 30 30 20 0D 0A 53 HTTP/1.1 200 ..S
0010: 65 74 2D 43 6F 6F 6B 69 65 3A 20 4A 53 45 53 53 et-Cookie: JSESS
0020: 49 4F 4E 49 44 3D 35 38 35 38 35 45 35 44 44 42 IONID=58585E5DDB
0030: 32 46 41 43 39 33 44 37 30 43 30 31 32 43 34 33 2FAC93D70C012C43
0040: 35 30 39 36 36 41 3B 20 50 61 74 68 3D 2F 3B 20 50966A; Path=/;
0050: 53 65 63 75 72 65 3B 20 48 74 74 70 4F 6E 6C 79 Secure; HttpOnly
0060: 0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 ..Content-Type:
0070: 74 65 78 74 2F 68 74 6D 6C 3B 63 68 61 72 73 65 text/html;charse
0080: 74 3D 55 54 46 2D 38 0D 0A 43 6F 6E 74 65 6E 74 t=UTF-8..Content
0090: 2D 4C 65 6E 67 74 68 3A 20 39 30 0D 0A 44 61 74 -Length: 90..Dat
00A0: 65 3A 20 53 75 6E 2C 20 30 37 20 4F 63 74 20 32 e: Sun, 07 Oct 2
00B0: 30 31 38 20 31 34 3A 35 33 3A 35 38 20 47 4D 54 018 14:53:58 GMT
00C0: 0D 0A 0D 0A 0A 0A 3C 68 74 6D 6C 3E 0A 20 20 3C ......<html>. <
00D0: 68 65 61 64 3E 0A 20 20 20 20 3C 74 69 74 6C 65 head>. <title
00E0: 3E 24 54 69 74 6C 65 24 3C 2F 74 69 74 6C 65 3E >$Title$</title>
00F0: 0A 20 20 3C 2F 68 65 61 64 3E 0A 20 20 3C 62 6F . </head>. <bo
0100: 64 79 3E 0A 20 20 24 45 4E 44 24 0A 20 20 3C 2F dy>. $END$. </
0110: 62 6F 64 79 3E 0A 3C 2F 68 74 6D 6C 3E 0A BE 57 body>.</html>..W
0120: 3B 52 9A FF 6D BC FF 62 7F 2E E1 D3 09 6E 28 6E ;R..m..b.....n(n
0130: 1D 5A 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D .Z..............
服务器返回:
<html>
<head>
<title>$Title$</title>
</head>
<body>
$END$
</body>
</html>
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT: warning, description = close_notify
Padded plaintext before ENCRYPTION: len = 32
0000: 01 00 CD B8 E3 0A D9 66 F4 9C 87 B8 66 33 CD C2 .......f....f3..
0010: E3 35 56 B3 29 7E 09 09 09 09 09 09 09 09 09 09 .5V.)...........
main, WRITE: TLSv1 Alert, length = 32
[Raw write]: length = 37
0000: 15 03 01 00 20 CC D0 CF 38 5B EF CF A9 F3 BB 94 .... ...8[......
0010: 0D BA 81 EC 25 83 7A 70 83 EE C7 4E CE 46 89 6A ....%.zp...N.F.j
0020: 3E 10 46 0C FD >.F..
main, called closeSocket(true)
Process finished with exit code 0
流程概述
什么意思?
[Raw write]和[Raw read],咱们和tomcat服务器之间创建socket链接以后,Raw write是咱们写给服务器的字节内容,Raw read是服务器返回给咱们的字节内容。
https报文格式:消息类型(第1字节),版本号(第2—3字节),消息体长度(第4—5字节),消息体(消息体长度个字节)
(1)client_hello
客户端发起请求,以明文传输请求信息,包含版本信息,加密套件候选列表,压缩算法候选列表,随机数,扩展字段等信息,相关信息以下:
- 支持的最高TSL协议版本version,从低到高依次 SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2,当前基本再也不使用低于 TLSv1 的版本;
- 客户端支持的加密套件 cipher suites 列表, 每一个加密套件对应前面 TLS 原理中的四个功能的组合:认证算法 Au (身份验证)、密钥交换算法 KeyExchange(密钥协商)、对称加密算法 Enc (信息加密)和信息摘要 Mac(完整性校验);
- 支持的压缩算法 compression methods 列表,用于后续的信息压缩传输;
- 随机数 random_C,用于后续的密钥的生成;
- 扩展字段 extensions,支持协议与算法的相关参数以及其它辅助信息等,常见的 SNI 就属于扩展字段,后续单独讨论该字段做用。
(2).server_hello+server_certificate+sever_hello_done
- server_hello, 服务端返回协商的信息结果,包括选择使用的协议版本 version,选择的加密套件 cipher suite,选择的压缩算法 compression method、随机数 random_S 等,其中随机数用于后续的密钥协商;
- server_certificates, 服务器端配置对应的证书链,用于身份验证与密钥交换;
- server_hello_done,通知客户端 server_hello 信息发送结束;
(3).证书校验
- [证书链]的可信性 trusted certificate path,方法如前文所述;
- 证书是否吊销 revocation,有两类方式离线 CRL 与在线 OCSP,不一样的客户端行为会不一样;
- 有效期 expiry date,证书是否在有效时间范围;
- 域名 domain,核查证书域名是否与当前的访问域名匹配,匹配规则后续分析;
(4).client_key_exchange+change_cipher_spec+encrypted_handshake_message
- client_key_exchange,合法性验证经过以后,客户端计算产生随机数字 Pre-master,并用证书公钥加密,发送给服务器;
- 此时客户端已经获取所有的计算协商密钥须要的信息:两个明文随机数 random_C 和 random_S 与本身计算产生的 Pre-master,计算获得协商密钥;
enc_key=Fuc(random_C, random_S, Pre-Master) - change_cipher_spec,客户端通知服务器后续的通讯都采用协商的通讯密钥和加密算法进行加密通讯;
- encrypted_handshake_message,结合以前全部通讯参数的 hash 值与其它相关信息生成一段数据,采用协商密钥 session secret 与算法进行加密,而后发送给服务器用于数据与握手验证;(finished,校验摘要信息?)
(5).change_cipher_spec+encrypted_handshake_message
- 服务器用私钥解密加密的 Pre-master 数据,基于以前交换的两个明文随机数 random_C 和 random_S,计算获得协商密钥:enc_key=Fuc(random_C, random_S, Pre-Master);
- 计算以前全部接收信息的 hash 值,而后解密客户端发送的 encrypted_handshake_message,验证数据和密钥正确性;
- change_cipher_spec, 验证经过以后,服务器一样发送 change_cipher_spec 以告知客户端后续的通讯都采用协商的密钥与算法进行加密通讯;
- encrypted_handshake_message, 服务器也结合全部当前的通讯参数信息生成一段数据并采用协商密钥 session secret 与算法加密并发送到客户端;(finished,校验摘要信息?)
(6).握手结束
客户端计算全部接收信息的 hash 值,并采用协商密钥解密 encrypted_handshake_message,验证服务器发送的数据和密钥,验证经过则握手完成;
(7).加密通讯
开始使用协商密钥与算法进行加密通讯。
这是以前研究的流程,也放在这里好了。
1,浏览器将本身支持的一套加密规则发送给服务器端,如RSA加密算法,DES对称加密算法,SHA1摘要算法。
2,服务器从中选出一组加密算法与HASH算法,并将证书发给浏览器。证书内容包括了网站地址,加密公钥等等。在握手的整个过程当中,都用到了证书中的公钥和浏览器发送给服务器的随机密码以及加密算法。(证书的内容解析打印出来是一长串字节,数字与字母的组合。客户端发送过来的随机数解析打印出来也是一长串字节,数字与字母的组合)
3,客户端拿到证书之后。
- 验证证书的合法性(颁发证书的机构是否合法,证书中包含的网站地址是否与正在访问的地址一致等),若是证书受信任,则浏览器栏里面会显示一个小锁头,不然会给出证书不受信的提示。
- 若是证书受信任,或者是用户接受了不受信的证书,浏览器会生成一串随机数的密码,并用证书中提供的公钥加密。
- 使用约定好的HASH算法计算握手消息(如SHA1),并使用生成的随机数对消息进行加密,最后将以前生成的被公钥加密的随机数密码,HASH摘要值一块儿发送给服务器。
4,服务器收到客户端发来的数据之后。
- 使用本身的私钥将信息解密并取出浏览器发送给服务器的随机密码,使用密码解密浏览器发来的握手消息,并验证HASH是否与浏览器发来的一致。
-
使用随机密码加密一段握手消息,发送给浏览器。
5,浏览器解密并计算握手消息的HASH,若是与服务端发来的HASH一致,此时握手过程结束,以后全部的通讯数据将由以前浏览器生成的随机密码并利用对称加密算法进行加密。
服务端启用
以Tomcat为例,须要三步:建立keystore文件(保存了私钥和公钥);配置Tomcat SSL链接器;建立客户端须要使用的电子证书。
获去证书须要走如下几步:
服务端人员须要使用keystore生成一个Certificate Signing Requst(csr文件)。 服务端人员把CSR文件发送给一个合法的CA机构,而后由CA机构生成一个证书。 服务端人员把证书下下来,而后部署到服务器中。 SSL基于信任链来验证站点证书的合法性,因此,你还要有一个CA的根证书,这个证书也须要从CA下载。把从CA下载的根证书和你经过CSR文件获取的证书一块儿导入你的keystore。
客户端访问
客户端往服务端发送加密数据,首先得须要得到公钥,这个公钥在保存在CA提供的证书中,因此客户端首先得下载一个证书文件(通常是用户代理自动下载)。
客户端使用证书时,SSL会发送一个请求到证书中所指定的CA再次确认你的证书确实是从CA获取的,而不是本身建立的。客户端还能够验证服务端是否确实是本身调用的服务端。这两步构成了Peer Authentication。
服务端任务
1,获取客户端发送的支持的加密算法,包括hash算法。
2,发送证书给客户端,(就是用流写字节)
3,获取客户端经过公钥加密后的随机数,(就是流读字节)
4,私钥解密公钥加密后的随机数,获得解密后的随机密码。
5,获取客户端加密消息,(仍是流读取字节)
6,用私钥对消息解密(带随机数)
7,解密出来数据后,采用约定的hash算法计算其hash值。
8,获取客户端发送过来的hash值,比较计算出来的hash值,是否一致。以判断信息是否完整,是否被篡改。
9,若是第一次校验客户端发送过来的消息和摘要一致,服务器就开始向客户端发送消息和摘要。
10,根据指定的算法和以前客户端发送过来的随机密码(已解密的),生成密钥。
11,用生成的密钥加密发送给客户端的数据,发送给客户端;用hash算法计算要发送给客户端的数据的hash值,发送给客户端,
客户端任务
1,客户端发送本身支持的hash算法
2,客户端验证服务器端证书是否合法
3,从证书里面获取公钥
4,生成随机密码,公钥加密随机密码,发送给服务器。
5,使用公钥和随机密码加密发送到服务器的数据,发送给服务器。
5,使用hash算法计算发送到服务器的数据的hash值,发送给服务器。
6,接收服务器的数据。
7,公钥,随机密码解密数据。
8,接收服务器的摘要信息。根据约定的hash算法,计算接收的数据的hash值,对比是否一致。
证书
没有通过认证的证书是不被浏览器信任的,因此当访问的时候回提示不安全的网站,须要点击信任以后才能继续访问。
而通过认证的证书会提示安全,以下
证书格式
证书格式(是一种标准):
x509 这种证书只有公钥,不包含私钥。
pcks#7 这种主要是用于签名或者加密。
pcks#12 这种含有私钥,同时也含有公钥,可是有口令保护。
编码方式:
.pem 后缀的证书都是base64编码
.der 后缀的证书都是二进制格式
证书:
.csr 后缀的文件是用于向ca申请签名的请求文件
.crt .cer 后缀的文件都是证书文件(编码方式不必定,有多是.pem,也有多是.der)
私钥:
.key 后缀的文件是私钥文件
包含证书和私钥:
.keystore .jks .truststore 后缀的文件,是java搞的,java能够用这个格式。这个文件中包含证书和私钥,可是获取私钥须要密码才能够,这是一个证书库,里面能够保存多个证书和密钥,经过别名能够获取到。
.pfx 主要用于windows平台,浏览器可使用,也是包含证书和私钥,获取私钥须要密码才能够。
JKS和PKCS12都是比较经常使用的两种密钥库格式/标准。JKS文件(一般为.jks或.keystore,扩展名无关)能够经过Java原生工具——KeyTool生成;然后者PKCS#12文件(一般为.p12或.pfx,意味我的信息交换文件),则是经过更为经常使用的OpenSSL工具产生。
pfx转keystore
keytool -importkeystore -v -srckeystore jiaohangtest.pfx -srcstoretype pkcs12 -srcstorepass 111111 -destkeystore jiaohangtest.keystore -deststoretype jks -deststorepass 111111
-importkeystore导入密钥库,经过格式设定,咱们能够将PKCS#12文件转换为JKS格式。
-v显示详情
-srckeystore源密钥库,这里是jiaohangtest.pfx
-srcstoretype源密钥库格式,这里为pkcs12
-srcstorepass源密钥库密码,这里为111111
-destkeystore目标密钥库,这里为jiaohangtest.keystore
-deststoretype目标密钥库格式,这里为jks,默认值也如此
-deststorepass目标密钥库密码,这里为111111
经过这个操做,咱们可以得到所需的密钥库文件zlex.keystore。
keytool -list -keystore jiaohangtest.keystore -storepass 111111 -v
-list列举密钥库
-keystore密钥库,这里是jiaohangtest.keystore
-storepass密钥库密码,这里是111111
-v显示详情
导出证书
keytool -exportcert -alias {3ff077c0-db58-4a2c-90d7-010189f6cefb} -keystore jiaohangtest.keystore -file jiaohangtest.crt -storepass 111111
-exportcert导出证书
-alias别名,这里是 {3ff077c0-db58-4a2c-90d7-010189f6cefb}
-keystore密钥库,这里是jiaohangtest.keystore
-file证书文件,这里是jiaohangtest.crt
-storepass密钥库密码,这里是111111
读取.pfx
package com.lgx.https;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class ReadPFX {
public static void main(String[] args) throws Exception {
String strPfx = "F:\\temp\\jiaohangtest.pfx";
String strPassword = "111111";
KeyStore ks = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream(strPfx);
char[] nPassword = null;
if ((strPassword == null) || strPassword.trim().equals("")) {
nPassword = null;
} else {
nPassword = strPassword.toCharArray();
}
ks.load(fis, nPassword);
fis.close();
System.out.println("keystore type !!!! " + ks.getType());
Enumeration enumas = ks.aliases();
String keyAlias = null;
if (enumas.hasMoreElements()) {
keyAlias = (String) enumas.nextElement();
System.out.println("alias !!!! [" + keyAlias + "]");
}
System.out.println("is key entry !!!! " + ks.isKeyEntry(keyAlias));
Certificate cert = ks.getCertificate(keyAlias);
PublicKey pubkey = cert.getPublicKey();
System.out.println("cert class !!!! " + cert.getClass().getName());
System.out.println("cert !!!! " + cert);
System.out.println("public key !!!! " + pubkey);
PrivateKey prikey = (PrivateKey) ks.getKey(keyAlias, nPassword);
System.out.println("private key !!!! " + prikey);
}
}
输出以下
keystore type !!!! PKCS12
alias !!!! [{3ff077c0-db58-4a2c-90d7-010189f6cefb}]
is key entry !!!! true
cert class !!!! sun.security.x509.X509CertImpl
cert !!!! [
[
Version: V3
Subject: CN=051@jiaohangtest2@Z12345678901@1, OU=Organizational-1, OU=Local RA, O=CFCA RSA OCA31, C=CN
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 27219026236566349676278543447695375821537131764213764580895621448617632840463012733407589298240130544810940254833865001134586287635536508023253272393470122815872601665690698359526947386480037704033149894017185905489409977845275027358025763252225165118227829757171401188153059476140198069888463051402042743179549693774973935701815888962610002471386320725949095454554681593598103249492940889302817758252011976833716892709723630945029012490500023246857692037901903024896848360887897268368940501163760211857657590438271663560769836982531695807471679797574531184632714885375902799523799220838320847415989537425934837932621
public exponent: 65537
Validity: [From: Thu Aug 23 14:49:12 CST 2018,
To: Mon Aug 23 14:49:12 CST 2021]
Issuer: CN=CFCA ACS TEST OCA31, O=China Financial Certification Authority, C=CN
SerialNumber: [ 40039449 98]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsptest.cfca.com.cn:80/ocsp
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 9A 3D B4 AE 65 58 FB CE 5A 05 78 26 A0 6D 2B 04 .=..eX..Z.x&.m+.
0010: 86 BA C6 EC ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://210.74.42.3/OCA31/RSA/crl39.crl]
]]
[5]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
emailProtection
]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
]
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DE 86 85 A3 55 12 26 89 43 D5 14 77 A7 B9 06 8F ....U.&.C..w....
0010: EA D4 CE B9 ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 8A 51 60 08 9A 33 EB 05 1F 74 1A 72 8D 4D 66 83 .Q`..3...t.r.Mf.
0010: A4 34 97 C6 FD 2A 14 AD 86 B6 A1 B5 80 C8 16 E8 .4...*..........
0020: 3B 56 18 36 D0 26 2F C6 FE AF F2 06 34 DC AC 64 ;V.6.&/.....4..d
0030: 29 5C 75 29 4F F7 76 49 54 E3 36 31 43 58 4D 1A )\u)O.vIT.61CXM.
0040: 73 7D 6B 8E 74 C3 DC 57 AD A7 64 2E 70 D0 5C 7A s.k.t..W..d.p.\z
0050: 37 61 81 97 83 26 55 D2 40 44 75 60 D4 76 1A 18 7a...&U.@Du`.v..
0060: EA 14 DF D7 1D 98 CB 6F 08 C6 C7 3A 0E 26 F9 ED .......o...:.&..
0070: 7B 9D A1 C6 FA 90 15 8C 8F C8 06 52 F6 1A 54 F6 ...........R..T.
0080: 3C 60 BC 3A 2E DE 7E 2E A8 16 0E AD 08 66 9C FF <`.:.........f..
0090: 0F C5 F7 EF ED 4A 40 67 DC 0F 1E 01 EA 02 7B 06 .....J@g........
00A0: E8 C5 1C 15 E9 07 47 C8 DE 55 3B 17 4B 58 87 EF ......G..U;.KX..
00B0: 41 BD 70 26 F5 4E 46 4C 2C 26 CC 0D DA F5 E7 4E A.p&.NFL,&.....N
00C0: 72 85 7B 68 AA 6D FC DA B6 08 5E ED 26 8B 44 7A r..h.m....^.&.Dz
00D0: 5A BB 2F 69 7B 64 60 67 06 16 75 DB D1 0D 3D 54 Z./i.d`g..u...=T
00E0: 0E 05 82 38 CD EC 09 46 75 BD A5 4A 03 14 27 2A ...8...Fu..J..'*
00F0: D2 78 F7 DB 10 4A 0B 71 74 B7 6F 67 6C 9E 1A 5B .x...J.qt.ogl..[
]
public key !!!! Sun RSA public key, 2048 bits
modulus: 27219026236566349676278543447695375821537131764213764580895621448617632840463012733407589298240130544810940254833865001134586287635536508023253272393470122815872601665690698359526947386480037704033149894017185905489409977845275027358025763252225165118227829757171401188153059476140198069888463051402042743179549693774973935701815888962610002471386320725949095454554681593598103249492940889302817758252011976833716892709723630945029012490500023246857692037901903024896848360887897268368940501163760211857657590438271663560769836982531695807471679797574531184632714885375902799523799220838320847415989537425934837932621
public exponent: 65537
private key !!!! sun.security.rsa.RSAPrivateCrtKeyImpl@ffa5f146
加密:公钥放在客户端,并使用公钥对数据进行加密,服务端拿到数据后用私钥进行解密;
加签:私钥放在客户端,并使用私钥对数据进行加签,服务端拿到数据后用公钥进行验签。
前者彻底为了加密;后者主要是为了防恶意***,防止别人模拟咱们的客户端对咱们的服务器进行***,致使服务器瘫痪。
不论是客户端仍是服务端,都要存如下两样keystore。
KeyStore:保存本身的公钥和私钥。
Trust KeyStore:保存对方的公钥证书。
单向认证
是客户端信任服务端,
服务器端的KeyStore存储本身的公钥和私钥,客户端的Trust KeyStore要导入服务器端的公钥证书。
双向认证
是客户端既要信任服务端并且服务端也要信任客户端。
服务器端的KeyStore存储本身的公钥和私钥,客户端的Trust KeyStore要导入服务器端的公钥证书。
客户端的KeyStore存储本身的公钥和私钥,服务器端的Trust KeyStore要导入客户端的公钥证书。
加密/解密
对称加密算法
就是加密和解密都是用同一个秘钥,这种方式优势就是速度快,缺点就是在管理和分配秘钥的时候不安全。
DES
(Data Encryption Standard):数据加密标准,速度较快,适用于加密大量数据的场合。
3DES
(Triple DES):是基于DES,对一块数据用三个不一样的密钥进行三次加密,强度更高。
AES
(Advanced Encryption Standard):高级加密标准,是下一代的加密算法标准,速度快,安全级别高;
非对称加密算法
非对称加密有一个秘钥对,叫作公钥和私钥,私钥本身持有,公钥能够公开的发送给使用的人。使用公钥进行加密的信息,只有和其配对的私钥能够解开。使用私钥钥进行加密的信息,只有和其配对的公钥能够解开。由于加密和解密使用的是两个不一样的密钥,因此这种算法叫做非对称加密算法。
RSA算法
由 RSA 公司发明,是一个支持变长密钥的公共密钥算法,须要加密的文件块的长度也是可变的; RSA是第一个也是目前惟一一个既能用于密钥交换又能用于数字签名的算法。
DSA
(Digital Signature Algorithm):数字签名算法,是一种标准的 DSS(数字签名标准);
ECC
(Elliptic Curves Cryptography):椭圆曲线密码编码学。
综合
通常都是对称加密和非对称加密结合使用,使用非对称加密完成秘钥的传递,而后使用对称秘钥进行数据加密和解密。 好比RSA非对称加密,对加密的内容有长度限制,长度过长就不行。
加签/验签
哈希算法
抗篡改能力,一般用于文件校验,数字签名,鉴权协议。
加密过程不须要密钥,而且通过加密的数据没法被解密,只有输入相同的明文数据通过相同的消息摘要算法才能获得相同的密文。接收者经过对收到消息的新产生的摘要与原摘要比较,就可知道消息是否被改变了。
只要输入的消息不一样,对其进行摘要之后产生的摘要消息也必不相同;但相同的输入必会产生相同的输出。并且只能进行正向的信息摘要,而没法从摘要中恢复出任何的消息,甚至根本就找不到任何与原信息相关的信息。
MD4
(RFC 1320)是 MIT 的 Ronald L. Rivest 在 1990 年设计的,MD 是 Message Digest 的缩写。其输出为 128 位。MD4 已证实不够安全。
MD5
(RFC 1321)是 Rivest 于1991年对 MD4 的改进版本。它对输入仍以 512 位分组,其输出是 128 位。MD5 比 MD4 复杂,而且计算速度要慢一点,更安全一些。MD5 已被证实不具有”强抗碰撞性”。
SHA
(Secure Hash Algorithm)是一个 Hash 函数族,由 NIST(National Institute of Standards and Technology)于 1993 年发布第一个算法。目前知名的 SHA-1 在 1995 年面世,它的输出为长度 160 位的 hash 值,所以抗穷举性更好。SHA-1 设计时基于和 MD4 相同原理,而且模仿了该算法。SHA-1 已被证实不具”强抗碰撞性”。
为了提升安全性,NIST 还设计出了 SHA-22四、SHA-25六、SHA-384,和 SHA-512 算法(统称为 SHA-2),跟 SHA-1 算法原理相似。SHA-3 相关算法也已被提出。
Java实现https
证书信任
Java安全套接扩展 (Java Secure Socket Extension, JSSE)是实现Internet安全通讯的一系列包的集合。它是一个SSL和TLS的纯Java实现。
TrustManager接口
JSSE中,有一个信任管理器类负责决定是否信任远端的证书;通常的,仅会有一个支持基于X.509(数字证书标准)公钥认证的TrustManager。
-
若是系统属性javax.net.sll.trustStore指定了TrustStore文件(客户端的TrustStore文件中保存着被客户端所信任的服务器的证书信息),那么信任管理器就去jre安装路径下的lib/security/目录中寻找并使用这个文件来检查证书。
-
若是该系统属性没有指定TrustStore文件,它就会去jre安装路径下寻找默认的TrustStore文件,这个文件的相对路径为:lib/security/jssecacerts。
- 若是 jssecacerts不存在,可是cacerts存在(它随J2SDK一块儿发行,含有数量有限的可信任的基本证书),那么这个默认的TrustStore文件就是cacerts。
直接使用类HttpsURLConnection访问Web页面,若是站点的安全证书不被JSSE所信任,访问就报错,若是站点的证书被JSEE内置信任就访问OK。
对于不被JSSE所默认信任的,一种解决方法是把站点的证书放到证书库文件jssecacerts中, 或者把证书存放到任一TrustStore文件中,而后设置系统属性javax.net.sll.trustStore指向该文件。另外一种解决方法则是本身实现信任管理器类,让它信任咱们指定的证书。
1,将证书导入到TrustStore文件中
Java提供了命令行工具keytool用于建立证书或者把证书从其它文件中导入到Java本身的TrustStore文件中。
取得源证书文件,把这个文件复制到jre安装路径下的lib/security/目录中。这样,只需在程序中设置系统属性javax.net.sll.trustStore指向文件dest_cer_store,就能使JSSE信任该证书,从而使程序能够访问使用未经验证的证书的HTTPS站点。
使用这种方法,编程很是简单,但须要手工导出服务器的证书。当服务器证书常常变化时,就须要常常进行手工导出证书的操做。
2,X509证书信任管理器类的实现及应用
进行SSL的验证或者过滤以后才可以访问。
package com.lgx.http;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
/**
在JSSE中,证书信任管理器类就是实现了接口X509TrustManager的类。
咱们能够本身实现该接口,让它信任咱们指定的证书。
当方法为空是默认为全部的连接都为安全,也就是全部的连接都可以访问到。
接口X509TrustManager有下述三个公有的方法须要咱们实现:
**/
public class MyX509TrustManager implements X509TrustManager {
/*
该方法检查客户端的证书,若不信任该证书则抛出异常。
因为咱们不须要对客户端进行认证,所以咱们只须要执行默认的信任管理器的这个方法。
JSSE中,默认的信任管理器类为TrustManager。
*/
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
/*
该方法检查服务器的证书,若不信任该证书一样抛出异常。
经过本身实现该方法,可使之信任咱们指定的任何证书。
能够不作任何处理,即一个空的函数体,因为不会抛出异常,它就会信任任何证书。
*/
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
/*
返回受信任的X509证书数组。
*/
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}
}
package com.lgx.http;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
public class Https {
/*
* 处理https GET/POST请求 请求地址、请求方法、参数
*/
public static String httpsRequest(String requestUrl, String requestMethod,
String outputStr) {
StringBuffer buffer = null;
try {
// 1,建立SSLContext,并使用咱们指定的信任管理器初始化
SSLContext sslContext = SSLContext.getInstance("SSL");
TrustManager[] tm = { new MyX509TrustManager() };
sslContext.init(null, tm, new java.security.SecureRandom());
// 2,获取SSLSocketFactory对象
SSLSocketFactory ssf = sslContext.getSocketFactory();
// 建立HttpsURLConnection对象,并设置其SSLSocketFactory对象
URL url = new URL(requestUrl);
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
//属性设置
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setUseCaches(false);
conn.setRequestMethod(requestMethod);
// 设置当前实例使用的SSLSoctetFactory,12只和这一步有关。
conn.setSSLSocketFactory(ssf);
//链接
conn.connect();
// 往服务器端写内容
if (null != outputStr) {
OutputStream os = conn.getOutputStream();
os.write(outputStr.getBytes("utf-8"));
os.close();
}
// 读取服务器端返回的内容
InputStream is = conn.getInputStream();
InputStreamReader isr = new InputStreamReader(is, "utf-8");
BufferedReader br = new BufferedReader(isr);
buffer = new StringBuffer();
String line = null;
while ((line = br.readLine()) != null) {
buffer.append(line);
}
} catch (Exception e) {
e.printStackTrace();
}
return buffer.toString();
}
public static void main(String[] args) {
String s = httpsRequest("https://www.baidu.com/", "POST", null);
//不是https,用http,程序就会报错。
//String s = httpsRequest("http://www.baidu.com/", "POST", null);
System.out.println(s);
}
}
KeyManager接口
决定将哪个认证证书发送给对端服务器,单向认证,就会传一个null,
完整代码实现
读pfx取东西
package com.lgx.https;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
public class ReadKeystore {
public String keyStorePath = "././resource/jiaohangtest.keystore";
public String certificatePath = "././resource/jiaohangtest.crt";
public String alias = "{3ff077c0-db58-4a2c-90d7-010189f6cefb}";
public String keyStorePassword = "111111";
public String aliasPassword = "111111";
public String trustCertificatePath = "././resource/wanglian-rsa.cer";
// 得到KeyStore
public KeyStore keyStoreFromKeystore() {
FileInputStream is;
KeyStore keyStore = null;
try {
is = new FileInputStream(keyStorePath);
keyStore = KeyStore.getInstance("JKS");
keyStore.load(is, keyStorePassword.toCharArray());
is.close();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return keyStore;
}
// 取证书
public Certificate certificateFormKeystore() {
KeyStore keyStore = keyStoreFromKeystore();
Certificate certificate = null;
try {
certificate = keyStore.getCertificate(alias);
} catch (KeyStoreException e) {
e.printStackTrace();
}
return certificate;
}
// 得到私钥
public PrivateKey privateKeyFormKeystore() {
KeyStore keyStore = keyStoreFromKeystore();
PrivateKey prikey = null;
try {
prikey = (PrivateKey) keyStore.getKey(alias, aliasPassword
.toCharArray());
} catch (Exception e) {
e.printStackTrace();
}
return prikey;
}
// 读取公钥
public PublicKey publicKeyFormKeystore() {
Certificate certificate = certificateFormKeystore();
PublicKey pubkey = null;
try {
pubkey = certificate.getPublicKey();
} catch (Exception e) {
e.printStackTrace();
}
return pubkey;
}
// 由证书路径得到Certificate
public Certificate getCertificate(String certificatePath) {
CertificateFactory certificateFactory;
Certificate certificate = null;
try {
certificateFactory = CertificateFactory.getInstance("X.509");
FileInputStream in = new FileInputStream(certificatePath);
certificate = certificateFactory.generateCertificate(in);
in.close();
} catch (CertificateException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return certificate;
}
// 由证书路径得公钥
public PublicKey getPublicKey() {
Certificate certificate = getCertificate(certificatePath);
PublicKey pubkey = null;
try {
pubkey = certificate.getPublicKey();
} catch (Exception e) {
e.printStackTrace();
}
return pubkey;
}
}
读keystore取东西
package com.lgx.https;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;
public class ReadPFX {
String pfxPath = "././resource/jiaohangtest.pfx";
String pfxPassword = "111111";
// 读取KeyStore
public KeyStore keyStoreFromPFX() {
KeyStore keyStore = null;
try {
keyStore = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream(pfxPath);
char[] nPassword = null;
nPassword = pfxPassword.toCharArray();
// 加载keystore
keyStore.load(fis, nPassword);
fis.close();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return keyStore;
}
// 读取别名
@SuppressWarnings("unchecked")
public String aliasFromPFX() {
KeyStore keyStore = keyStoreFromPFX();
Enumeration enumas;
String keyAlias = null;
try {
enumas = keyStore.aliases();
if (enumas.hasMoreElements()) {
keyAlias = (String) enumas.nextElement();
System.out.println("alias !!!! [" + keyAlias + "]");
}
System.out.println("is key entry !!!! "
+ keyStore.isKeyEntry(keyAlias));
} catch (KeyStoreException e) {
e.printStackTrace();
}
return keyAlias;
}
// 读取证书
public Certificate certificateFromPFX() {
KeyStore keyStore = keyStoreFromPFX();
String keyAlias = aliasFromPFX();
Certificate cert = null;
try {
cert = keyStore.getCertificate(keyAlias);
System.out.println("cert class !!!! " + cert.getClass().getName());
System.out.println("cert !!!! " + cert);
} catch (KeyStoreException e) {
e.printStackTrace();
}
return cert;
}
// 读取公钥
public PublicKey publicKeyFromPFX() {
Certificate cert = certificateFromPFX();
PublicKey pubkey = cert.getPublicKey();
System.out.println("public key !!!! " + pubkey);
return pubkey;
}
// 读取私钥
public PrivateKey privateKeyFromPFX() {
KeyStore keyStore = keyStoreFromPFX();
String keyAlias = aliasFromPFX();
char[] nPassword = null;
nPassword = pfxPassword.toCharArray();
PrivateKey prikey = null;
try {
prikey = (PrivateKey) keyStore.getKey(keyAlias, nPassword);
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return prikey;
}
}
加签,验签
package com.lgx.https;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
public class SignAndCheck {
// 本地签名,本身证书的私钥
public String SignatureData(String data) {
byte[] signByte = null;
ReadKeystore readKeystore = new ReadKeystore();
// 得到证书
X509Certificate x509Certificate = (X509Certificate) readKeystore
.certificateFormKeystore();
// 取得私钥
PrivateKey privateKey = readKeystore.privateKeyFormKeystore();
// 构建签名
Signature signature;
try {
signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initSign(privateKey);
signature.update(data.getBytes());
signByte = signature.sign();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
return Base64.encode(signByte);
}
// 服务器验签,本身证书的公钥
public boolean CheckSignature(String data, String sign) {
boolean flag = true;
ReadKeystore readKeystore = new ReadKeystore();
// 得到证书
X509Certificate x509Certificate = (X509Certificate) readKeystore
.certificateFormKeystore();
// 得到公钥
PublicKey publicKey = x509Certificate.getPublicKey();
// 构建签名
Signature signature;
try {
signature = Signature.getInstance(x509Certificate.getSigAlgName());
signature.initVerify(publicKey);
signature.update(data.getBytes());
flag = signature.verify(Base64.decode(sign.getBytes()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
} catch (Base64DecodingException e) {
e.printStackTrace();
}
return flag;
}
}
加密,解密
package com.lgx.https;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.Cipher;
import com.sun.org.apache.xml.internal.security.utils.Base64;
public class EncryAndDecry {
// 本地加密,服务器的公钥
public String encryptDate(String data) throws Exception {
byte[] encryptByte = null;
ReadKeystore readKeystore = new ReadKeystore();
// 取得公钥
PublicKey publicKey = readKeystore.publicKeyFormKeystore();
// 对数据加密
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
encryptByte = cipher.doFinal(data.getBytes());
return Base64.encode(encryptByte);
}
// 服务器解密,服务器的私钥
public String decryptDate(String data) throws Exception {
byte[] decryptByte = null;
// 取得私钥
ReadKeystore readKeystore = new ReadKeystore();
PrivateKey privateKey = readKeystore.privateKeyFormKeystore();
// 对数据解密
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
decryptByte = cipher.doFinal(data.getBytes());
return Base64.encode(decryptByte);
}
}
数据加密解密
package com.lgx.https;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.Cipher;
import com.sun.org.apache.xml.internal.security.utils.Base64;
public class EncryAndDecry {
// 本地加密,服务器的公钥
public String encryptDate(String data) throws Exception {
byte[] encryptByte = null;
ReadKeystore readKeystore = new ReadKeystore();
// 取得公钥
PublicKey publicKey = readKeystore.publicKeyFormKeystore();
// 对数据加密
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
encryptByte = cipher.doFinal(data.getBytes());
return Base64.encode(encryptByte);
}
// 服务器解密,服务器的私钥
public String decryptDate(String data) throws Exception {
byte[] decryptByte = null;
// 取得私钥
ReadKeystore readKeystore = new ReadKeystore();
PrivateKey privateKey = readKeystore.privateKeyFormKeystore();
// 对数据解密
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
decryptByte = cipher.doFinal(data.getBytes());
return Base64.encode(decryptByte);
}
}
校验服务器证书
package com.lgx.https;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
public class MyX509TrustManager implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
// 默认信任全部的HTTPS站点证书
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
socket链接管道
package com.lgx.https;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
public class SSLUtil {
public String KEY_STORE_PASS = "111111";
private SSLContext sslContext;
public String sendPost(String url, String param) {
PrintWriter out = null;
BufferedReader in = null;
String result = "";
try {
// 链接
URL realUrl = new URL(url);
HttpURLConnection connection = (HttpURLConnection) realUrl
.openConnection();
// 套接socket
if (connection instanceof HttpsURLConnection) {
((HttpsURLConnection) connection).setSSLSocketFactory(getSSLContext().getSocketFactory());
}
// 设置通用的请求属性
// 发送POST请求必须设置以下两行
connection.setDoOutput(true);
connection.setDoInput(true);
// 设置接收数据的格式
connection.setRequestProperty("Accept", "*/*");
connection.setRequestProperty("OriI***Id", "C1030131001288");
connection.setRequestProperty("MsgTP", "uops.010.000.01");
// 设置维持长链接
connection.setRequestProperty("Connection", "Keep-Alive");
connection.setRequestProperty("Accept-Encoding", "gzip");
// 设置文件字符集:
connection.setRequestProperty("Charset", "UTF-8");
// 设置发送数据的格式
connection.setRequestProperty("Content-Type", "application/json");
// 设置不用缓存,注意设置请求方法为post不能用缓存
connection.setUseCaches(false);
// 设置传递方式
connection.setRequestMethod("POST");
// 开始链接请求
connection.connect();
// 获取URLConnection对象对应的输出流
out = new PrintWriter(connection.getOutputStream());
// 发送请求参数
out.print(param);
// flush输出流的缓冲
out.flush();
// 读取URL的响应,返回的流。若是有错误,返回错误的信息
if (connection.getResponseCode() == 200) {
in = new BufferedReader(new InputStreamReader(connection
.getInputStream(), "UTF-8"));
} else {
in = new BufferedReader(new InputStreamReader(connection
.getErrorStream(), "UTF-8"));
}
// 转字符串
String content = "";
while ((content = in.readLine()) != null) {
result += content;
}
} catch (Exception e) {
System.out.println("发送 POST 请求出现异常!" + e);
e.printStackTrace();
}
// 使用finally块来关闭输出流、输入流
finally {
try {
if (out != null) {
out.close();
}
if (in != null) {
in.close();
}
} catch (IOException ex) {
ex.printStackTrace();
}
}
System.out.println(("getDataFromServer:" + result));
return result;
}
public SSLContext getSSLContext() throws Exception {
long time1 = System.currentTimeMillis();
if (sslContext == null) {
try {
// 服务器要验证客户端证书
KeyManagerFactory keyManagerFactory = KeyManagerFactory
.getInstance("SunX509");
ReadKeystore readKeystore = new ReadKeystore();
KeyStore keyStore = readKeystore.keyStoreFromKeystore();
keyManagerFactory.init(keyStore, KEY_STORE_PASS.toCharArray());
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
// 客户端要验证服务端证书
TrustManager[] trustManagers = { new MyX509TrustManager() };
// 初始化SSLContext实例
sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagers, trustManagers, new SecureRandom());
//绕过ip直连https,证书校验
HttpsURLConnection
.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname,
SSLSession session) {
return true;
}
});
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
long time2 = System.currentTimeMillis();
System.out.println("SSLContext 初始化时间:" + (time2 - time1));
return sslContext;
}
}
测试
package com.lgx.https;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Random;
public class HttpsTest {
public static String url = "https://221.122.73.116:443/uopsSvr";
public static void main(String[] args) throws Exception {
SignAndCheck signAndCheck = new SignAndCheck();
EncryAndDecry encryAndDecry = new EncryAndDecry();
SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss");
String head = "'msgTp':'uops.010.000.01','msgSndTm':'"
+ sdf.format(new Date())
+ "','msgId':'"
+ sdf.format(new Date())
+ "00000000000000000000000000000000000000000000000001',"
+ "'i***Id':'G4000311000018','reI***Id':'C1030131001288','drctn':'02','signSN':'4000068829'";
String body = "'cntStep':'60','cntTm':'"
+ sdf.format(new Date())
+ "','tList':[{"
+ "'tType':'0201','instId':'z2004944000010','accType':'01','RPFlg':'1','tSumNo':'"
+ (new Random().nextInt(10000) + 10000)
+ "','tTime':'347.45','tTrxSR':'99.9567','tSy***':'99.8989'"
+ "},{'tType':'0202','instId':'z2004944000010','accType':'00','RPFlg':'0','tSumNo':'"
+ (new Random().nextInt(10000) + 10000)
+ "','tTime':'321.45','tTrxSR':'99.9664','tSy***':'99.2129'}]";
String data = "msgTp=uops.010.000.01&msgSndTm="
+ sdf.format(new Date())
+ "&msgId="
+ sdf.format(new Date())
+ "00000000000000000000000000000000000000000000000001"
+ "&i***Id=G4000311000018&reI***Id=C1030131001288&drctn=02&signSN=4000068829";
String encryptBody = encryAndDecry.encryptDate(body);
String signature = signAndCheck.SignatureData(data);
String param = "{'request':{'head':{" + head + "},'body':{"
+ encryptBody + "}},'signature':'" + signature + "'}";
SSLUtil sslUtil = new SSLUtil();
String result = sslUtil.sendPost(url, param);
System.out.println(result);
}
}
测试过程当中问题
通过代理服务器链接的https
package com.lgx.ssl;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
/*
* 通过代理服务器后,由代理服务器走HTTPS。
*/
public class ProxyHttps {
public static void main(String[] args) throws Throwable {
// HTTPS详细过程
System.setProperty("javax.net.debug", "all");
String xmlServerURL = "https://www.baidu.com/";
URL urlXMLServer = new URL(xmlServerURL);
// 我本身的代理服务器
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("172.31.219.169", 808));
HttpURLConnection httpsURLConnection = (HttpURLConnection) urlXMLServer.openConnection(proxy);
httpsURLConnection.setRequestProperty("Content-Type", "text/xml; charset=utf-8");
httpsURLConnection.setDoInput(true);
httpsURLConnection.setDoOutput(true);
httpsURLConnection.setUseCaches(false);
httpsURLConnection.setRequestMethod("POST");
httpsURLConnection.connect();
PrintWriter out = new PrintWriter(httpsURLConnection.getOutputStream());
// 传参数
out.print("777");
out.flush();
out.close();
BufferedReader in = new BufferedReader(new InputStreamReader(httpsURLConnection.getInputStream()));
String result = "";
String content = "";
while ((content = in.readLine()) != null) {
result += content;
}
String line;
String respXML = "";
while ((line = in.readLine()) != null) {
respXML += line;
}
in.close();
System.out.println(("getDataFromServer:" + result));
}
}
ip访问https
因为请求的HOST被替换成了IP,致使底层在进行证书的HOST校验时失败,最终请求失败。
public static void main(String[] args) throws Exception{
SSLContext sslcontext = SSLContext.getInstance("SSL");
sslcontext.init(null, new TrustManager[]{new MyX509TrustManager()}, new java.security.SecureRandom());
URL url = new URL("https://xxxx");
HostnameVerifier ignoreHostnameVerifier = new HostnameVerifier() {
public boolean verify(String s, SSLSession sslsession) {
System.out.println("WARNING: Hostname is not matched for cert.");
return true;
}
}; HttpsURLConnection.setDefaultHostnameVerifier(ignoreHostnameVerifier);
HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext.getSocketFactory());
}
通过投产,代码稳定运行两年
拓展
网络协议
相关文章
- 1. 手摸手,带你实现代码自动部署
- 2. 手把手教你从零认识webpack4.0
- 3. 手把手教你认识OPTIMIZER_TRACE
- 4. 手摸手带你玩转Xcode Extensions
- 5. 手摸手带你肝 nodejs (二)
- 6. 手摸手,带你vue,后台系统
- 7. 手摸手带你走近git
- 8. WebSocket初识并实现一个通讯
- 9. 带你认识 zookeeper
- 10. 带你认识ACL
- 更多相关文章...
- • 与传输层有关的基本知识 - TCP/IP教程
- • 现实生活中的 XML - XML 教程
- • ☆基于Java Instrument的Agent实现
- • Spring Cloud 微服务实战(三) - 服务注册与发现
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
相关文章
- 1. 手摸手,带你实现代码自动部署
- 2. 手把手教你从零认识webpack4.0
- 3. 手把手教你认识OPTIMIZER_TRACE
- 4. 手摸手带你玩转Xcode Extensions
- 5. 手摸手带你肝 nodejs (二)
- 6. 手摸手,带你vue,后台系统
- 7. 手摸手带你走近git
- 8. WebSocket初识并实现一个通讯
- 9. 带你认识 zookeeper
- 10. 带你认识ACL