Java开发工具包(JDK)对加密和安全性有很好的支持。其中一个优势就是其内置的对Socket通信的支持。因此,很容易做到在服务器和客户之间建立安全的数据流。
Java streams 是一个强大的编程工具。java.io包提供了很多标准的流类型,并能很容易的建立自己的流类型。流的一个有用的特点是和链表一样的简单处理过程。表A是一个用链表读取文本的例子:
ufferedReader br =
new BufferedReader(
new FileReader(“c:\foo.txt”));
String line = null;
while((line =
br.readLine()) != null)
{
System.out.println(line);
}
这段代码将 FileReader和 BufferedReader链接起来。我们在用客户机/服务器应用程序的时候也会用到类似的概念。
关键字
对于验证来说,关键字很重要,表B(KeyGen.java)提供了一个称为getSecretKey的标准方法。通过运行KeyGen来产生一个关键字。因为我们采用同步方法,所以客户机和服务器必须用相同的关键字。
isting B?KeyGen.java
/*
* Created by IntelliJ IDEA.
* User: jbirchfield
* Date: Mar 19, 2002
* Time: 9:33:22 AM
*/
import com.sun.crypto.provider.SunJCE;
import javax.crypto.KeyGenerator;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
public class KeyGen
{
public static final String
KEY_FILE = "secret.key";
public static final String
ALGORITHM = "DES";
public static void main(String[] args)
{
Security.addProvider(new SunJCE());
new KeyGen();
}
public KeyGen()
{
KeyGenerator kg = null;
try {
kg = KeyGenerator.
getInstance(ALGORITHM);
Key key = kg.generateKey();
writeKey(KEY_FILE, key);
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
}
}
private void writeKey(String
filename, Object o)
{
try {
FileOutputStream fos =
new FileOutputStream(filename);
ObjectOutputStream oos =
new ObjectOutputStream(fos);
oos.writeObject(o);
oos.flush();
fos.close();
}
catch (IOException e) {
e.printStackTrace();
}
}
public static Key getSecretKey()
{
Security.addProvider(new SunJCE());
FileInputStream fis = null;
try
{
fis = new FileInputStream(KEY_FILE);
}
catch (FileNotFoundException e)
{
e.printStackTrace();
}
Key key = null;
try {
ObjectInputStream ois = null;
ois = new ObjectInputStream(fis);
key = null;
key = (Key) ois.readObject();
}
catch (IOException e)
{
e.printStackTrace();
}
catch (ClassNotFoundException e)
{
e.printStackTrace();
}
System.out.println("key = " + key);
return key;
}
}
安全socket
我们从一个简单的类开始,它提供我们在普通socket对象之上的加密。表C(SecretSocket.java)包含了两段代码-Socket和Key对象。我们的构造器创建了变量并初始化了密码:
outCipher = Cipher.getInstance(algorithm);
outCipher.init(Cipher.ENCRYPT_MODE, key);
inCipher = Cipher.getInstance(algorithm);
inCipher.init(Cipher.DECRYPT_MODE, key);
isting C?SecretSocket.java
/*
* Created by IntelliJ IDEA.
* User: jbirchfield
* Date: Mar 20, 2002
* Time: 9:07:51 AM
*/
import org.bouncycastle.
jce.provider.BouncyCastleProvider;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
public class SecretSocket
{
private Key key = null;
private Cipher outCipher = null;
private Cipher inCipher = null;
private CipherInputStream cis = null;
private CipherOutputStream cos = null;
private Socket socket = null;
private String algorithm = "DES";
public SecretSocket
(Socket socket, Key key)
{
this.socket = socket;
this.key = key;
algorithm = key.getAlgorithm();
initializeCipher();
}
private void initializeCipher()
{
try
{
outCipher = Cipher.getInstance
(algorithm);
outCipher.init(Cipher.ENCRYPT_MODE, key);
inCipher = Cipher.getInstance
(algorithm);
inCipher.init(Cipher.DECRYPT_MODE, key);
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
}
catch (NoSuchPaddingException e)
{
e.printStackTrace();
}
catch (InvalidKeyException e)
{
e.printStackTrace();
}
}
public InputStream getInputStream()
throws IOException {
InputStream is =
socket.getInputStream();
cis = new CipherInputStream
(is, inCipher);
return cis;
}
public OutputStream getOutputStream()
throws IOException {
OutputStream os
= socket.getOutputStream();
cos = new CipherOutputStream
(os, outCipher);
return cos;
}
}
因为socket是双向的通信,所以我们采用两个密码。加密输出的数据并解密输入的数据。我们使用getInputStream()和getOutputStream(),这两种方法来加密合解密通用的输入和输出的经过包装的数据流。见表D。
isting D
public InputStream getInputStream()
throws IOException
{
InputStream is = socket.getInputStream();
cis = new CipherInputStream(is, inCipher);
return cis;
}
public OutputStream getOutputStream()
throws IOException {
OutputStream os = socket.getOutputStream();
cos = new CipherOutputStream(os, outCipher);
return cos;
}
在JCE的javax.crypto包中包含CipherInputStream和CipherOutputStream这两种流类型。他们接收输入输出的流对象和密码对象。
Socket 服务器
开始写我们的socket服务器类吧。表E(SecretSocketServer.java)是一个完整的列表。SecretSocketServer在一个端口打开ServerSocket,当接收到连接时,使用SocketHandler产生一个线程来操作连接。
isting E?SecretSocketServer.java
/*
* Created by IntelliJ IDEA.
* User: jbirchfield
* Date: Mar 20, 2002
* Time: 9:32:17 AM
*/
import java.net.ServerSocket;
import java.net.Socket;
import java.io.IOException;
public class SecretSocketServer
{
public static void
main(String[] args)
{
new SecretSocketServer();
}
public SecretSocketServer()
{
ServerSocket ss = null;
try {
ss = new ServerSocket(4444);
}
catch (IOException e)
{
e.printStackTrace();
}
while(true) {
try {
System.out.println
("Waiting...");
Socket s = ss.accept