SSL/TLS协议运行机制

http://blog.csdn.net/fw0124/article/details/41013333

关于SSL/TLS/JSSE的介绍：
1）SSL/TLS协议运行机制
2）图解SSL/TLS协议
3）使用wireshark观察SSL/TLS握手过程
4）SSL/TLS的Java实现--JSSE

（一）使用keytool创建密钥库

使用双向认证的SSL/TLS协议通信，客户端和服务器端都要设置用于证实自己身份的安全证书，并且还要设置信任对方的哪些安全证书。
理论上一共需要准备四个文件，两个keystore文件和两个truststore文件。
通信双方分别拥有一个keystore和一个truststore，keystore用于存放自己的密钥和公钥，truststore用于存放所有需要信任方的公钥。

首先使用JDK自带的keytool工具来生成keystore和truststore。这里使用的Java版本是1.7。
1）创建server的keystore文件，生成server的公钥/私钥密钥对。需要指定keystore的密码(storepass)和密钥对的密码(keypass)。
访问keystore需要storepass。访问密钥对需要keypass。

<span style="font-family:Verdana;">C:Program FilesJavajre7in>keytool -genkey -alias catserver -keyalg rsa -keysize 1024 -sigalg sha256withrsa -keypass catserver -keystore c:\_tmpcatserver.keystore -storepass catserverks
What is your first and last name?
[Unknown]: cat
What is the name of your organizational unit?
[Unknown]: cat
What is the name of your organization?
[Unknown]: cat
What is the name of your City or Locality?
[Unknown]: cat
What is the name of your State or Province?
[Unknown]: cat
What is the two-letter country code for this unit?
[Unknown]: ct
Is CN=cat, OU=cat, O=cat, L=cat, ST=cat, C=ct correct?
[no]: y</span>

2）创建client的keystore文件。同样需要指定keystore的密码和密钥对的密码。

<span style="font-family:Verdana;">C:Program FilesJavajre7in>keytool -genkey -alias foxclient -keyalg dsa -keysize 512 -sigalg sha1withdsa -keypass foxclient -keystore c:\_tmpfoxclient.keystore -storepass foxclientks
What is your first and last name?
[Unknown]: fox
What is the name of your organizational unit?
[Unknown]: fox
What is the name of your organization?
[Unknown]: fox
What is the name of your City or Locality?
[Unknown]: fox
What is the name of your State or Province?
[Unknown]: fox
What is the two-letter country code for this unit?
[Unknown]: fx
Is CN=fox, OU=fox, O=fox, L=fox, ST=fox, C=fx correct?
[no]: y</span>

3）从server的keystore中导出server的证书（其中包括server的公钥）。

<span style="font-family:Verdana;">C:Program FilesJavajre7in>keytool -export -alias catserver -keystore c:\_tmpcatserver.keystore -storepass catserverks -file c:\_tmpcatserver.cer
Certificate stored in file <c:\_tmpcatserver.cer>
</span>

4）从client的keystore中导出client的证书（其中包括client的公钥）。

<span style="font-family:Verdana;">C:Program FilesJavajre7in>keytool -export -alias foxclient -keystore c:\_tmpfoxclient.keystore -storepass foxclientks -file c:\_tmpfoxclient.cer
Certificate stored in file <c:\_tmpfoxclient.cer>
</span>

5）创建server的truststore文件并导入client的证书（其中包括client的公钥）。

<span style="font-family:Verdana;">C:Program FilesJavajre7in>keytool -import -alias foxclient -keystore c:\_tmpcatservertrust.keystore -storepass catservertrustks -file c:\_tmpfoxclient.cer
Owner: CN=fox, OU=fox, O=fox, L=fox, ST=fox, C=fx
Issuer: CN=fox, OU=fox, O=fox, L=fox, ST=fox, C=fx
Serial number: 6eaf996f
Valid from: Wed Nov 05 16:15:41 CST 2014 until: Tue Feb 03 16:15:41 CST 2015
Certificate fingerprints:
MD5: B5:B6:92:66:84:92:A0:C2:F5:40:39:25:F8:66:2A:17
SHA1: 07:42:A3:1A:49:7B:C9:34:4B:6B:FA:37:6C:20:98:D4:20:13:7C:91
SHA256: 37:A5:00:A3:13:00:DE:99:3B:08:47:F6:1E:8A:05:F1:4A:B2:C6:22:20:
E1:AF:0E:05:B2:CE:E0:2F:94:B6:94
Signature algorithm name: SHA1withDSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 69 3E 6A D0 B5 B1 1F BD 48 46 E1 A4 6C 1F 71 90 i>j.....HF..l.q.
0010: 29 06 3B 32 ).;2
]
]

Trust this certificate? [no]: y
Certificate was added to keystore</span>

6）创建client的truststore文件并导入server的证书（其中包括server的公钥）。

<span style="font-family:Verdana;">C:Program FilesJavajre7in>keytool -import -alias catserver -keystore c:\_tmpfoxclienttrust.keystore -storepass foxclienttrustks -file c:\_tmpcatserver.cer
Owner: CN=cat, OU=cat, O=cat, L=cat, ST=cat, C=ct
Issuer: CN=cat, OU=cat, O=cat, L=cat, ST=cat, C=ct
Serial number: 3e421457
Valid from: Wed Nov 05 16:13:52 CST 2014 until: Tue Feb 03 16:13:52 CST 2015
Certificate fingerprints:
MD5: 20:44:7C:E5:30:E6:7A:21:C2:49:64:77:E1:3A:A0:77
SHA1: 8B:02:D2:BE:98:2F:99:94:08:47:E2:96:EC:05:1B:5D:B1:8F:30:2F
SHA256: A6:66:85:F4:C2:B2:06:4E:2E:40:D8:52:84:6E:85:2B:5B:BB:C3:B0:9C:
31:92:99:F5:91:5D:83:67:C8:4D:D8
Signature algorithm name: SHA256withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F5 91 E6 14 EE EF 5F 24 4F AC 6F A6 B8 36 A6 11 ......_$O.o..6..
0010: 2B 5C DF 04 +..
]
]

Trust this certificate? [no]: y
Certificate was added to keystore</span>

keysize
如果加密算法是rsa，key size范围512->16384 bits，并且必须是64的倍数。
如果加密算法是dsa，key size范围512->1024 bits，并且必须是64的倍数。

sigalg
如果加密算法是rsa，签名算法可以是md5withrsa/sha1withrsa/sha256withrsa/sha384withrsa/sha512withrsa
如果加密算法是dsa，签名算法可以是sha1withdsa

如果熟悉Java的socket编程，就会发现使用JSSE进行SSL/TLS编程其实和它很相似。
区别在于ServerSocket对象换成了SSLServerSocket，Socket对象换成了SSLSocket对象。

（二）server端处理流程和代码

处理流程：
1）加载server的keystore文件，需要指定keystore的密码(storepass)。
KeyStore类型有如下三种： 
jceks - The proprietary keystore implementation provided by the SunJCE provider. 
jks - The proprietary keystore implementation provided by the SUN provider. 
pkcs12 - The transfer syntax for personal identity information as defined in PKCS #12.

2）加载server的truststore文件，需要指定truststore的密码(storepass)。

3) 创建KeyManagerFactory对象并用1）中加载的keystore和server密钥对的密码(keypass)来初始化。

4) 创建TrustManagerFactory对象并用2）中加载的truststore来初始化。truststore中存的是client的公钥，不需要keypass也可以访问。

5）创建SSLContext并用3）和4）中创建的KeyManagerFactory和TrustManagerFactory对象来初始化。
http://docs.Oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext
创建SSLContext是需要给出SSLContext Algorithms。上面这个链接中给出了合法的SSLContext Algorithms，有如下可用值。
SSL - Supports some version of SSL; may support other versions 
SSLv2 - Supports SSL version 2 or later; may support other versions 
SSLv3 - Supports SSL version 3; may support other versions 
TLS - Supports some version of TLS; may support other versions 
TLSv1 - Supports RFC 2246: TLS version 1.0 ; may support other versions 
TLSv1.1 - Supports RFC 4346: TLS version 1.1 ; may support other versions 
TLSv1.2 - Supports RFC 5246: TLS version 1.2 ; may support other versions 

6）创建SSLServerSocketFactory，在指定的端口上创建SSLServerSocket并设定需要客户端证书：setNeedClientAuth(true)

7）在SSLServerSocket对象上调用accept()方法等待客户端的连接。
客户端连上来之后这个函数会返回一个SSLSocket对象，在这个对象的输入输出流上进行读写。
在这个SSLSocket对象上可以添加一个HandshakeCompletedListener的监听器，SSL/TLS握手结束后这个监听器的handshakeCompleted方法就会被调用。
客户端有三种方法会触发握手：
- 显式调用startHandshake方法/calling startHandshake which explicitly begins handshakes, or
- 在socket对象上进行read或write操作/any attempt to read or write application data on this socket causes an implicit handshake, or
- 在socket对象上调用getSession方法/a call to getSession tries to set up a session if there is no currently valid session, and an implicit handshake is done.

<span style="font-family:Verdana;">package learning.net.ssl;

import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.Socket;
import java.security.KeyStore;
import java.security.cert.X509Certificate;

import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;

public class CatServer implements Runnable, HandshakeCompletedListener {

    public static final int SERVER_PORT = 11123;

    private final Socket _s;
    private String peerCerName;

    public CatServer(Socket s) {
        _s = s;
    }

    public static void main(String[] args) throws Exception {
        String serverKeyStoreFile = "c:\_tmp\catserver.keystore";
        String serverKeyStorePwd = "catserverks";
        String catServerKeyPwd = "catserver";
        String serverTrustKeyStoreFile = "c:\_tmp\catservertrust.keystore";
        String serverTrustKeyStorePwd = "catservertrustks";

        KeyStore serverKeyStore = KeyStore.getInstance("JKS");
        serverKeyStore.load(new FileInputStream(serverKeyStoreFile), serverKeyStorePwd.toCharArray());

        KeyStore serverTrustKeyStore = KeyStore.getInstance("JKS");
        serverTrustKeyStore.load(new FileInputStream(serverTrustKeyStoreFile), serverTrustKeyStorePwd.toCharArray());

        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(serverKeyStore, catServerKeyPwd.toCharArray());

        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(serverTrustKeyStore);

        SSLContext sslContext = SSLContext.getInstance("TLSv1");
        sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

        SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory();
        SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(SERVER_PORT);
        sslServerSocket.setNeedClientAuth(true);

        while (true) {
            SSLSocket s = (SSLSocket)sslServerSocket.accept();
            CatServer cs = new CatServer(s);
            s.addHandshakeCompletedListener(cs);
            new Thread(cs).start();
        }
    }

    @Override
    public void run() {
        try {
            BufferedReader reader = new BufferedReader(new InputStreamReader(_s.getInputStream()));
            PrintWriter writer = new PrintWriter(_s.getOutputStream(), true);

            writer.println("Welcome~, enter exit to leave.");
            String s;
            while ((s = reader.readLine()) != null && !s.trim().equalsIgnoreCase("exit")) {
                writer.println("Echo: " + s);
            }
            writer.println("Bye~, " + peerCerName);
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            try {
                _s.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }

    @Override
    public void handshakeCompleted(HandshakeCompletedEvent event) {
        try {
            X509Certificate cert = (X509Certificate) event.getPeerCertificates()[0];
            peerCerName = cert.getSubjectX500Principal().getName();
        } catch (SSLPeerUnverifiedException ex) {
            ex.printStackTrace();
        }
    }

}</span>

（三）client端处理流程和代码

处理流程：（1~5和server相同）
1）加载client的keystore文件。

2）加载client的truststore文件。

3) 创建KeyManagerFactory对象并初始化。

4) 创建TrustManagerFactory对象并初始化。truststore中存的是server的公钥，不需要keypass也可以访问。

5）创建SSLContext并用3）和4）中创建的KeyManagerFactory和TrustManagerFactory对象来初始化。

6）创建SSLSocketFactory，在指定的网络地址和端口上创建SSLSocket。

7）在这个SSLSocket对象的输入输出流上进行读写。

<span style="font-family:Verdana;">package learning.net.ssl;

import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.Socket;
import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

public class FoxClient {
    public static void main(String[] args) throws Exception {
        String clientKeyStoreFile = "c:\_tmp\foxclient.keystore";
        String clientKeyStorePwd = "foxclientks";
        String foxclientKeyPwd = "foxclient";
        String clientTrustKeyStoreFile = "c:\_tmp\foxclienttrust.keystore";
        String clientTrustKeyStorePwd = "foxclienttrustks";

        KeyStore clientKeyStore = KeyStore.getInstance("JKS");
        clientKeyStore.load(new FileInputStream(clientKeyStoreFile), clientKeyStorePwd.toCharArray());

        KeyStore clientTrustKeyStore = KeyStore.getInstance("JKS");
        clientTrustKeyStore.load(new FileInputStream(clientTrustKeyStoreFile), clientTrustKeyStorePwd.toCharArray());

        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(clientKeyStore, foxclientKeyPwd.toCharArray());

        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(clientTrustKeyStore);

        SSLContext sslContext = SSLContext.getInstance("TLSv1");
        sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

        SSLSocketFactory socketFactory = sslContext.getSocketFactory();
        Socket socket = socketFactory.createSocket("localhost", CatServer.SERVER_PORT);

        PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
        BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));

        send("hello", out);
        send("exit", out);
        receive(in);
        socket.close();
    }

    public static void send(String s, PrintWriter out) throws IOException {
        System.out.println("Sending: " + s);
        out.println(s);
    }

    public static void receive(BufferedReader in) throws IOException {
        String s;
        while ((s = in.readLine()) != null) {
            System.out.println("Reveived: " + s);
        }
    }
}</span>

（四）使用Openssl进行证书签名

如果需要对证书进行签名，可以使用keytool生成一个csr(certificate sign request), 然后提交到一个CA进行签名。这里使用openssl提供的CA功能。

1）[openssl]生成CA的RSA私钥。
bash-3.00$ openssl genrsa -out cakey.pem 1024

2）[openssl]使用CA.sh脚本初始化CA。脚本会要求输入刚才生成的私钥文件。
bash-3.00$ CA.sh -newca
CA certificate filename (or enter to create)
cakey.pem

3）[openssl]利用CA私钥生成自签名的CA根证书。
指定x509参数表示要生成自签名的证书。（我们知道证书里面只包含公钥，为什么从私钥可以生成证书呢？这是因为私钥里面包含RSA算法所需的参数，其实可以算出公钥，后面会详细解释）
bash-3.00$ openssl req -new -x509 -key cakey.pem -out ca.cer -config openssl.cnf
（Linux上openssl.cnf的路径/etc/pki/tls/openssl.cnf，可以拷贝一份到当前目录）

4）[keytool]生成server的keystore文件。
C:Program FilesJavajre7>keytool -genkey -alias catserver -keyalg rsa -keysize 1024 -sigalg sha256withrsa -keypass catserver -keystore c:\_tmpcatserver.keystore -storepass catserverks

5）[keytool]生成server的csr.
C:Program FilesJavajre7>keytool -certreq -alias catserver -file c:\_tmpcatserver.csr -keypass catserver -keystore c:\_tmpcatserver.keystore -storepass catserverks

6) [openssl]对server的csr进行签名得到server证书
bash-3.00$ openssl ca -in catserver.csr -out catserver.cer -cert ca.cer -keyfile cakey.pem -config openssl.cnf
（如果是因为权限问题，不能访问CA的newcerts目录，可以先进行如下操作：
bash-3.00$ mkdir newcerts 
bash-3.00$ touch index.txt 
bash-3.00$ echo 01 > serial）

7）[keytool]生成client的keystore文件。
C:Program FilesJavajre7>keytool -genkey -alias foxclient -keyalg dsa -keysize 512 -sigalg sha1withdsa -keypass foxclient -keystore c:\_tmpfoxclient.keystore -storepass foxclientks

8）[keytool]生成client的csr.
C:Program FilesJavajre7>keytool -certreq -alias foxclient -file c:\_tmpfoxclient.csr -keypass foxclient -keystore c:\_tmpfoxclient.keystore -storepass foxclientks

9) [openssl]对client的csr进行签名得到client证书
bash-3.00$ openssl ca -in foxclient.csr -out foxclient.cer -cert ca.cer -keyfile cakey.pem -config openssl.cnf

现在我们有如下文件:
catserver.keystore -- server的keystore文件
catserver.cer -- server证书文件，已经由CA签名。

foxclient.keystore -- client的keystore文件
foxclient.cer -- client证书文件，已经由CA签名。

ca.cer -- CA的证书文件。作为根证书。

接下来我们还需要
10）[keytool]导入ca.cer和catserver.cer到catserver.keystore
keytool -import -trustcacerts -alias ca -keystore c:\_tmpcatserver.keystore -storepass catserverks -file c:\_tmpca.cer
keytool -import -alias catserver -keypass catserver -keystore c:\_tmpcatserver.keystore -storepass catserverks -file c:\_tmpcatserver.cer

11）[keytool]导入ca.cer和foxclient.cer到foxclient.keystore
keytool -import -trustcacerts -alias ca -keystore c:\_tmpfoxclient.keystore -storepass foxclientks -file c:\_tmpca.cer
keytool -import -alias foxclient -keypass foxclient -keystore c:\_tmpfoxclient.keystore -storepass foxclientks -file c:\_tmpfoxclient.cer

12）[keytool]创建server的truststore文件并导入ca.cer和foxclient.cer.
keytool -import -trustcacerts -alias ca -keystore c:\_tmpcatservertrust.keystore -storepass catservertrustks -file c:\_tmpca.cer
keytool -import -alias foxclient -keystore c:\_tmpcatservertrust.keystore -storepass catservertrustks -file c:\_tmpfoxclient.cer

13）[keytool]创建client的truststore文件并导入ca.cer和catserver.cer.
keytool -import -trustcacerts -alias ca -keystore c:\_tmpfoxclienttrust.keystore -storepass foxclienttrustks -file c:\_tmpca.cer
keytool -import -alias catserver -keystore c:\_tmpfoxclienttrust.keystore -storepass foxclienttrustks -file c:\_tmpcatserver.cer

*前面提到可以从CA的私钥文件生成CA的根证书。证书里面其实包含的是公钥。
其实openssl也提供命令可以直接从私钥cakey.pem生成公钥。
openssl rsa -in cakey.pem -pubout -out caputkey.pem
为什么能够从私钥推导出公钥呢？
这需要了解RSA算法-〉http://blog.csdn.NET/fw0124/article/details/41118525
原因很简单，因为私钥中也包含了计算公钥所需的参数n和e。

*可以使用openssl来生成server的证书，步骤如下
openssl genrsa -out catserverkey.pem 1024
openssl req -new -key catserverkey.pem -out catserver.csr -config openssl.cnf
openssl ca -in catserver.csr -out catserver.cer -cert ca.cer -keyfile cakey.pem -config openssl.cnf

=====================================

如果openssl ca ...进行签名的时候碰到
The stateOrProvinceName field needed to be the same in the ...的错误，可以修改openssl.cnf文件：
[ policy_match ]
countryName             = optional
stateOrProvinceName     = optional
organizationName        = optional
organizationalUnitName  = optional

如果遇到
failed to update database
TXT_DB error number 2     的错误，
删除index.txt,并再touch下

如果keytool -import命令导入签名后的证书的时候遇到以下错误
keytool 错误: java.lang.Exception: 无法从回复中建立链
重新导入下ca.cer即可。
keytool -delete -alias ca -keystore c:\_tmpcatserver.keystore -storepass catserverks
keytool -import -trustcacerts -alias ca ...

======================================

CER文件到PEM文件的转换较简单。这两者都是X509证书，编码不同，使用openssl工具即可：

openssl x509 -inform der -in catserver.cer -out catserver.pem

 

 

（五）如何从.keystore文件中导出私钥

Keytool不支持直接从.keystore中导出私钥。但是可以把JKS文件转换成openssl支持的PKCS＃12格式的文件。

所以可以通过下面2步来从.keystore中导出私钥。

➜ ~ keytool -importkeystore -srckeystore catserver.keystore -destkeystore catserver.p12 -deststoretype PKCS12 -srcalias catserver -srcstorepass catserverks -srckeypass catserver -deststorepass catserverks -destkeypass catserver
Warning: Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified -destkeypass value.
➜  ~  openssl pkcs12 -in catserver.p12  -nodes -nocerts -out catserverkey.pem
Enter Import Password:
MAC verified OK
➜  ~

＊-nodes选项意思是No DES，即不加密导出的私钥。