1、下载bcprov-ext-jdk15on-150.jar
http://downloads.bouncycastle.org/java/bcprov-ext-jdk15on-150.jar
2、确认系统的keytool环境为你要操作的jre环境
3、将bcprov-ext-jdk15on-150.jar复制到%JRE_HOME%\lib\ext,与%JDK_HOME%\jre\lib\ext下
4、修改%JRE_HOME%\lib\security\java.security,与%JDK_HOME%\jre\lib\security\java.security
往最后添加,前面已经有10个了
security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider
5、cmd命令下面进行运行
keytool -genkey -alias androidbks -keypass 11111111 -keyalg RSA -keysize 1024 -validity 365 -keystore bksserver.keystore -storepass 111111 -dname "cn=runtestuser3, ou=vpn, o=run, c=CN, l=shanghai" -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider
6、在C:\Users\Administrator生成bksserver.keystore文件
7、分别生成服务器端的私钥与证书和客户端私钥的和证书,并把客户端添加向服务器端,服务器端添加向客户端信任
扫描二维码关注公众号,回复:
279786 查看本文章
C:\Users\Administrator>keytool -genkey -alias serverkey -keypass 1993821924 -key alg RSA -keysize 1024 -validity 365 -keystore kserver.keystore -storepass 199382 1924 -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider 您的名字与姓氏是什么? [Unknown]: mei 您的组织单位名称是什么? [Unknown]: ccniit 您的组织名称是什么? [Unknown]: ccniit 您所在的城市或区域名称是什么? [Unknown]: chengdu 您所在的省/市/自治区名称是什么? [Unknown]: chengdu 该单位的双字母国家/地区代码是什么? [Unknown]: cn CN=mei, OU=ccniit, O=ccniit, L=chengdu, ST=chengdu, C=cn是否正确? [否]: y C:\Users\Administrator>keytool -export -alias serverkey -keystore kserver.keysto re -file server.crt -storetype BKS -provider org.bouncycastle.jce.provider.Bounc yCastleProvider C:\Users\Administrator>keytool -import -alias serverkey -keystore tclient.keysto re -file server.crt -storetype BKS -provider org.bouncycastle.jce.provider.Bounc yCastleProvider C:\Users\Administrator>keytool -import -genkey -alias clientkey -storetype BKS - provider org.bouncycastle.jce.provider.BouncyCastleProvider C:\Users\Administrator>keytool -export -alias clientkey -keystore klient.keystor e -file client.crt -storetype BKS -provider org.bouncycastle.jce.provider.Bouncy CastleProvider C:\Users\Administrator>keytool -genkey -alias clientkey -keystore klient.keystor e -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider C:\Users\Administrator>keytool -export -alias clientkey -keystore klient.keystor e -file client.crt -storetype BKS -provider org.bouncycastle.jce.provider.Bouncy CastleProvider C:\Users\Administrator>keytool -import -alias clientkey -file client.crt -keysor e tserver.keystore -storetype BKS -provider org.bouncycastle.jce.provider.Bouncy CastleProvider C:\Users\Administrator>keytool -import -alias clientkey -file client.crt -keysto re tserver.keystore -storetype BKS -provider org.bouncycastle.jce.provider.Bounc yCastleProvider
android上读取store文件
package com.example.ssl;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyStore;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import android.os.Bundle;
import android.app.Activity;
import android.view.Menu;
public class MainActivity extends Activity {
private static final int SERVER_PORT = 50030;// 端口号
private static final String SERVER_IP = "218.206.176.146";// 连接IP
private static final String CLIENT_KET_PASSWORD = "123456";// 私钥密码
private static final String CLIENT_TRUST_PASSWORD = "123456";// 信任证书密码
private static final String CLIENT_AGREEMENT = "TLS";// 使用协议
private static final String CLIENT_KEY_MANAGER = "X509";// 密钥管理器
private static final String CLIENT_TRUST_MANAGER = "X509";//
private static final String CLIENT_KEY_KEYSTORE = "BKS";// 密库,这里用的是BouncyCastle密库
private static final String CLIENT_TRUST_KEYSTORE = "BKS";//
private static final String ENCONDING = "utf-8";// 字符集
SSLSocketFactory sf;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
try {
initKey();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Override
public boolean onCreateOptionsMenu(Menu menu) {
// Inflate the menu; this adds items to the action bar if it is present.
getMenuInflater().inflate(R.menu.main, menu);
return true;
}
// 首先初始化客户端密钥以及客户端信任密钥库信息
private void initKey() throws Exception {
// 取得SSL的SSLContext实例
SSLContext sslContext = SSLContext.getInstance(CLIENT_AGREEMENT);
// 取得KeyManagerFactory实例
KeyManagerFactory keyManager = KeyManagerFactory
.getInstance(CLIENT_KEY_MANAGER);
// 取得TrustManagerFactory的X509密钥管理器
TrustManagerFactory trustManager = TrustManagerFactory
.getInstance(CLIENT_TRUST_MANAGER);
// 取得BKS密库实例
KeyStore clientKeyStore = KeyStore.getInstance("BKS");
KeyStore trustKeyStore = KeyStore.getInstance(CLIENT_TRUST_KEYSTORE);
// 加载证书和私钥,通过读取资源文件的方式读取密钥和信任证书(kclient:密钥;t_client:信任证书)
clientKeyStore.load(getResources().openRawResource(R.raw.tclient),
CLIENT_KET_PASSWORD.toCharArray());// kclient:密钥
// t_client:信任证书
trustKeyStore.load(getResources().openRawResource(R.raw.klient),
CLIENT_TRUST_PASSWORD.toCharArray());
// 初始化密钥管理器、信任证书管理器
keyManager.init(clientKeyStore, CLIENT_KET_PASSWORD.toCharArray());
trustManager.init(trustKeyStore);
// 初始化SSLContext
sslContext.init(keyManager.getKeyManagers(),
trustManager.getTrustManagers(),
new java.security.SecureRandom());
sf = sslContext.getSocketFactory();
}
// 访问服务器,获取响应数据
private String getData(String url) throws Exception {
HttpsURLConnection conn = (HttpsURLConnection) new URL(url)
.openConnection();
conn.setSSLSocketFactory(sf);
conn.setRequestMethod("GET");
conn.setConnectTimeout(10 * 1000);
conn.setDoOutput(true);
conn.setDoInput(true);
conn.connect();
BufferedReader br = new BufferedReader(new InputStreamReader(
conn.getInputStream()));
StringBuffer sb = new StringBuffer();
String line;
while ((line = br.readLine()) != null)
sb.append(line);
return sb.toString();
}
}