java中的Https最终会产生奇怪的结果
我试图向学生说明https是如何在java中使用的。但我觉得我的榜样并不是最好的 代码在我的windows 7上运行良好:我启动服务器,转到https://localhost:8080/somefile.txt,然后我被要求信任证书,一切正常。 当我尝试http时(在接受证书之前或之后),我只会得到一个空白页,这对我来说是可以的 但当我在我的WindowsXP上尝试完全相同的东西时:同样的东西,一切都很顺利。但是(在首先接受证书之后),我还可以通过http获取所有文件!(如果我先尝试http再尝试https,然后接受证书,我将得不到任何答案。) 我尝试了无数次刷新,努力刷新,但这不应该起作用,对吗 我的代码有问题吗?我不确定我在这里是否使用了正确的方法来实现httpsjava中的Https最终会产生奇怪的结果,java,http,https,Java,Http,Https,我试图向学生说明https是如何在java中使用的。但我觉得我的榜样并不是最好的 代码在我的windows 7上运行良好:我启动服务器,转到https://localhost:8080/somefile.txt,然后我被要求信任证书,一切正常。 当我尝试http时(在接受证书之前或之后),我只会得到一个空白页,这对我来说是可以的 但当我在我的WindowsXP上尝试完全相同的东西时:同样的东西,一切都很顺利。但是(在首先接受证书之后),我还可以通过http获取所有文件!(如果我先尝试http再尝
package Security;
import java.io.*;
import java.net.*;
import java.util.*;
import java.util.concurrent.Executors;
import java.security.*;
import javax.net.ssl.*;
import com.sun.net.httpserver.*;
public class HTTPSServer
{
public static void main(String[] args) throws IOException
{
InetSocketAddress addr = new InetSocketAddress(8080);
HttpsServer server = HttpsServer.create(addr, 0);
try
{
System.out.println("\nInitializing context ...\n");
KeyStore ks = KeyStore.getInstance("JKS");
char[] password = "vwpolo".toCharArray();
ks.load(new FileInputStream("myKeys"), password);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, password);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), null, null);
// a HTTPS server must have a configurator for the SSL connections.
server.setHttpsConfigurator (new HttpsConfigurator(sslContext)
{
// override configure to change default configuration.
public void configure (HttpsParameters params)
{
try
{
// get SSL context for this configurator
SSLContext c = getSSLContext();
// get the default settings for this SSL context
SSLParameters sslparams = c.getDefaultSSLParameters();
// set parameters for the HTTPS connection.
params.setNeedClientAuth(true);
params.setSSLParameters(sslparams);
System.out.println("SSL context created ...\n");
}
catch(Exception e2)
{
System.out.println("Invalid parameter ...\n");
e2.printStackTrace();
}
}
});
}
catch(Exception e1)
{
e1.printStackTrace();
}
server.createContext("/", new MyHandler1());
server.setExecutor(Executors.newCachedThreadPool());
server.start();
System.out.println("Server is listening on port 8080 ...\n");
}
}
class MyHandler implements HttpHandler
{
public void handle(HttpExchange exchange) throws IOException
{
String requestMethod = exchange.getRequestMethod();
if (requestMethod.equalsIgnoreCase("GET"))
{
Headers responseHeaders = exchange.getResponseHeaders();
responseHeaders.set("Content-Type", "text/plain");
exchange.sendResponseHeaders(200, 0);
OutputStream responseBody = exchange.getResponseBody();
String response = "HTTP headers included in your request:\n\n";
responseBody.write(response.getBytes());
Headers requestHeaders = exchange.getRequestHeaders();
Set<String> keySet = requestHeaders.keySet();
Iterator<String> iter = keySet.iterator();
while (iter.hasNext())
{
String key = iter.next();
List values = requestHeaders.get(key);
response = key + " = " + values.toString() + "\n";
responseBody.write(response.getBytes());
System.out.print(response);
}
response = "\nHTTP request body: ";
responseBody.write(response.getBytes());
InputStream requestBody = exchange.getRequestBody();
byte[] buffer = new byte[256];
if(requestBody.read(buffer) > 0)
{
responseBody.write(buffer);
}
else
{
responseBody.write("empty.".getBytes());
}
URI requestURI = exchange.getRequestURI();
String file = requestURI.getPath().substring(1);
response = "\n\nFile requested = " + file + "\n\n";
responseBody.write(response.getBytes());
responseBody.flush();
System.out.print(response);
Scanner source = new Scanner(new File(file));
String text;
while (source.hasNext())
{
text = source.nextLine() + "\n";
responseBody.write(text.getBytes());
}
source.close();
responseBody.close();
exchange.close();
}
}
}
包安全;
导入java.io.*;
导入java.net。*;
导入java.util.*;
导入java.util.concurrent.Executors;
导入java.security.*;
导入javax.net.ssl.*;
导入com.sun.net.httpserver.*;
公共类HTTPSServer
{
公共静态void main(字符串[]args)引发IOException
{
InetSocketAddress addr=新的InetSocketAddress(8080);
HttpsServer server=HttpsServer.create(addr,0);
尝试
{
System.out.println(“\n初始化上下文…\n”);
KeyStore ks=KeyStore.getInstance(“JKS”);
char[]password=“vwpolo.toCharArray();
加载(新文件输入流(“myKeys”),密码);
KeyManagerFactory kmf=KeyManagerFactory.getInstance(“SunX509”);
kmf.init(ks,密码);
SSLContext SSLContext=SSLContext.getInstance(“TLS”);
sslContext.init(kmf.getKeyManager(),null,null);
//HTTPS服务器必须具有SSL连接的配置程序。
server.setHttpScoConfiguration(新的HttpScoConfiguration(sslContext))
{
//覆盖配置以更改默认配置。
公共无效配置(HttpsParameters参数)
{
尝试
{
//获取此配置程序的SSL上下文
SSLContext c=getSSLContext();
//获取此SSL上下文的默认设置
SSLParameters sslparams=c.getDefaultSSLParameters();
//设置HTTPS连接的参数。
参数setNeedClientAuth(true);
参数设置SLParameters(sslparams);
System.out.println(“SSL上下文已创建…\n”);
}
捕获(异常e2)
{
System.out.println(“无效参数…\n”);
e2.printStackTrace();
}
}
});
}
捕获(异常e1)
{
e1.printStackTrace();
}
createContext(“/”,新的MyHandler1());
setExecutor(Executors.newCachedThreadPool());
server.start();
System.out.println(“服务器正在侦听端口8080…\n”);
}
}
类MyHandler实现HttpHandler
{
公共无效句柄(HttpExchange)引发IOException异常
{
String requestMethod=exchange.getRequestMethod();
if(requestMethod.equalsIgnoreCase(“GET”))
{
Headers responseHeaders=exchange.getResponseHeaders();
responseHeaders.set(“内容类型”、“文本/普通”);
交换.发送响应负责人(200,0);
OutputStream responseBody=exchange.getResponseBody();
String response=“请求中包含的HTTP头:\n\n”;
write(response.getBytes());
Headers requestHeaders=exchange.getRequestHeaders();
Set keySet=requestHeaders.keySet();
迭代器iter=keySet.Iterator();
while(iter.hasNext())
{
String key=iter.next();
列表值=requestHeaders.get(键);
响应=键+“=”+值.toString()+“\n”;
write(response.getBytes());
系统输出打印(响应);
}
response=“\nHTTP请求主体:”;
write(response.getBytes());
InputStream requestBody=exchange.getRequestBody();
字节[]缓冲区=新字节[256];
if(requestBody.read(缓冲区)>0)
{
写入(缓冲区);
}
其他的
{
write(“empty.”.getBytes());
}
URI requestURI=exchange.getRequestURI();
字符串文件=requestURI.getPath().substring(1);
response=“\n\n请求的文件=“+file+”\n\n”;
write(response.getBytes());
responseBody.flush();
系统输出打印(响应);
扫描仪源=新扫描仪(新文件(文件));
字符串文本;
while(source.hasNext())
{
text=source.nextLine()+“\n”;
write(text.getBytes());
}
source.close();
responseBody.close();
exchange.close();
}
}
}
只要成功建立安全连接,我就会有一个
SSLServerSocket