51,399
社区成员
发帖
与我相关
我的任务
分享c++库实现的ssl连接转换成java的ssl,遇到的问题,急急急!!
是这样的,我对C++代码了解一些,公司想把c++的SSL实现转成JAVA实现,但是
c++实现代码,程序带了3个证书 RootCert.pem ,ClientCert.pem ,ClientPriKey.pem 连接正常
BOOL CSslClientSocket::Connect( LPCTSTR lpszHostAddress, UINT nHostPort )
{
/*
MEMORY_BASIC_INFORMATION mbi;
static int dummy;
VirtualQuery( &dummy, &mbi, sizeof(mbi) );
HINSTANCE hInstOld = AfxGetResourceHandle();
AfxSetResourceHandle(reinterpret_cast<HMODULE>(mbi.AllocationBase));
*/
/*得到公钥*/
HRSRC hRsrc=FindResource(NULL,MAKEINTRESOURCE(IDR_CLIENT_CERT),"CERT");
DWORD lenCert = SizeofResource(NULL, hRsrc);
HGLOBAL hgCert=LoadResource(NULL,hRsrc);
LPSTR lpCert=(LPSTR)LockResource(hgCert);
/*私钥*/
hRsrc=FindResource(NULL,MAKEINTRESOURCE(IDR_CLIENT_KEY),"CERT");
DWORD lenKey = SizeofResource(NULL, hRsrc);
HGLOBAL hgKey=LoadResource(NULL,hRsrc);
LPSTR lpKey=(LPSTR)LockResource(hgKey);
// AfxSetResourceHandle(hInstOld);
char szFilePath[MAX_PATH];
GetCurrentDirectory(MAX_PATH, szFilePath);
int nLen = strlen(szFilePath);
if(szFilePath[nLen-1] != '\\')
{
szFilePath[nLen] = '\\';
szFilePath[nLen+1] = 0;
}
strcat(szFilePath, "RootCert.pem");
char out[100]={0};
// return SockConnect(SSLv23_client_method(), lpCert, lenCert, lpKey,
// lenKey, "c:\\RootCert.pem", NULL, lpszHostAddress, nHostPort, out);
return SockConnect(SSLv23_client_method(), lpCert, lenCert, lpKey,
lenKey, szFilePath, NULL, lpszHostAddress, nHostPort, out);
}
BOOL CSslClientSocket::SockConnect(SSL_METHOD *meth,char *certfile,int certlen, char *keyfile,int keylen,
char * cafile, char * capath,LPCTSTR lpszHostAddress, UINT nHostPort,char * out)
{
EVP_PKEY *pkey=NULL;
X509 *x509=NULL;
CString str;
unsigned long l=1;
BIO * sbio=NULL;
struct hostent *hp;
struct sockaddr_in addr;
int sock,i=0;
// m_pList=plist;/////////////////////
OpenSSL_add_ssl_algorithms();
m_Ctx=SSL_CTX_new(meth);
if (m_Ctx == NULL)
{
strcpy(out,"Create ctx error"); //创建 CTX
return FALSE;
}
SSL_CTX_set_options(m_Ctx,SSL_OP_ALL);
pkey=LoadKey(keyfile,keylen,NULL,out);//
if (pkey == NULL)
{
sprintf(out,"unable to load CA private key\n"); //不能安装私钥
m_Ctx=NULL;
goto err;
}
if(!(SSL_CTX_use_PrivateKey(m_Ctx,pkey)))
{
strcpy(out,"adds private key to ctx error");//增加私钥到CTX
SSL_CTX_free(m_Ctx);
m_Ctx=NULL;
goto err;
}
x509=LoadCert(certfile,certlen,out);
if (x509 == NULL)
{
sprintf(out,"unable to load CA certificate\n");//不能去安装CA证书
SSL_CTX_free(m_Ctx);
m_Ctx=NULL;
goto err;
}
if(!(SSL_CTX_use_certificate(m_Ctx,x509)))
{
strcpy(out,"loads certificate into ctx error");//安装证书到CTX
SSL_CTX_free(m_Ctx);
m_Ctx=NULL;
goto err;
}
if (!SSL_CTX_check_private_key(m_Ctx))
{
strcpy(out,"Private key does not match the certificate public key");//私钥不匹配证书的公钥
SSL_CTX_free(m_Ctx);
m_Ctx=NULL;
goto err;
}
/* Load the CAs we trust*/
if(!(SSL_CTX_load_verify_locations(m_Ctx,cafile,/*capath*/NULL)))//lgl检测本地的证书
{
strcpy(out,"Couldn't read CA list"); //不能读CA列表
SSL_CTX_free(m_Ctx);
m_Ctx=NULL;
goto err;
}
SSL_CTX_set_verify_depth(m_Ctx,1);
SSL_CTX_set_client_CA_list(m_Ctx,SSL_load_client_CA_file(cafile));
m_Ssl=SSL_new(m_Ctx);
if(m_Ssl==NULL)
{
strcpy(out,"Make SSL Error");
goto err;
}
/* Load randomness */
// Rand(NULL,1,out);
/*连接服务器*/
if(!(hp=gethostbyname(lpszHostAddress)))
{
strcpy(out,"Couldn't resolve host");
return FALSE;
}
memset(&addr,0,sizeof(addr));
addr.sin_addr=*(struct in_addr*)hp->h_addr_list[0];
addr.sin_family=AF_INET;
addr.sin_port=htons(nHostPort);
sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if (sock == INVALID_SOCKET)
{
strcpy(out,"create socket error");
return FALSE;
}
i=setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
if (i < 0)
{
strcpy(out,"setsockopt error");
return FALSE;
}
if (connect(sock,(struct sockaddr *)&addr,sizeof(addr)) == -1)
{
shutdown(sock,2);
closesocket(sock);
strcpy(out,"connect error");
return FALSE;
}
/* Connect the SSL socket */
if (BIO_socket_ioctl(sock,FIONBIO,&l) < 0)
{
strcpy(out,"io set error");
shutdown(sock,2);
closesocket(sock);
SSlShouDown();
return FALSE;
}
sbio=BIO_new_socket(sock,BIO_NOCLOSE);
SSL_set_bio(m_Ssl,sbio,sbio);
SSL_set_connect_state(m_Ssl);
Attach(sock, FD_CLOSE);
return TRUE;
err:
EVP_PKEY_free(pkey);
X509_free(x509);
SSlShouDown();
return FALSE;
}
××××××××××××我的java实现(不知道哪个地方错了)××××××××××
请教高手指点,100分非常非常感谢。老总亲点我解决此问题。
c++实现代码,程序带了3个证书 RootCert.pem ,ClientCert.pem ,ClientPriKey.pem 连接正常
BOOL CSslClientSocket::Connect( LPCTSTR lpszHostAddress, UINT nHostPort )
{
/*
MEMORY_BASIC_INFORMATION mbi;
static int dummy;
VirtualQuery( &dummy, &mbi, sizeof(mbi) );
HINSTANCE hInstOld = AfxGetResourceHandle();
AfxSetResourceHandle(reinterpret_cast<HMODULE>(mbi.AllocationBase));
*/
/*得到公钥*/
HRSRC hRsrc=FindResource(NULL,MAKEINTRESOURCE(IDR_CLIENT_CERT),"CERT");
DWORD lenCert = SizeofResource(NULL, hRsrc);
HGLOBAL hgCert=LoadResource(NULL,hRsrc);
LPSTR lpCert=(LPSTR)LockResource(hgCert);
/*私钥*/
hRsrc=FindResource(NULL,MAKEINTRESOURCE(IDR_CLIENT_KEY),"CERT");
DWORD lenKey = SizeofResource(NULL, hRsrc);
HGLOBAL hgKey=LoadResource(NULL,hRsrc);
LPSTR lpKey=(LPSTR)LockResource(hgKey);
// AfxSetResourceHandle(hInstOld);
char szFilePath[MAX_PATH];
GetCurrentDirectory(MAX_PATH, szFilePath);
int nLen = strlen(szFilePath);
if(szFilePath[nLen-1] != '\\')
{
szFilePath[nLen] = '\\';
szFilePath[nLen+1] = 0;
}
strcat(szFilePath, "RootCert.pem");
char out[100]={0};
// return SockConnect(SSLv23_client_method(), lpCert, lenCert, lpKey,
// lenKey, "c:\\RootCert.pem", NULL, lpszHostAddress, nHostPort, out);
return SockConnect(SSLv23_client_method(), lpCert, lenCert, lpKey,
lenKey, szFilePath, NULL, lpszHostAddress, nHostPort, out);
}
BOOL CSslClientSocket::SockConnect(SSL_METHOD *meth,char *certfile,int certlen, char *keyfile,int keylen,
char * cafile, char * capath,LPCTSTR lpszHostAddress, UINT nHostPort,char * out)
{
EVP_PKEY *pkey=NULL;
X509 *x509=NULL;
CString str;
unsigned long l=1;
BIO * sbio=NULL;
struct hostent *hp;
struct sockaddr_in addr;
int sock,i=0;
// m_pList=plist;/////////////////////
OpenSSL_add_ssl_algorithms();
m_Ctx=SSL_CTX_new(meth);
if (m_Ctx == NULL)
{
strcpy(out,"Create ctx error"); //创建 CTX
return FALSE;
}
SSL_CTX_set_options(m_Ctx,SSL_OP_ALL);
pkey=LoadKey(keyfile,keylen,NULL,out);//
if (pkey == NULL)
{
sprintf(out,"unable to load CA private key\n"); //不能安装私钥
m_Ctx=NULL;
goto err;
}
if(!(SSL_CTX_use_PrivateKey(m_Ctx,pkey)))
{
strcpy(out,"adds private key to ctx error");//增加私钥到CTX
SSL_CTX_free(m_Ctx);
m_Ctx=NULL;
goto err;
}
x509=LoadCert(certfile,certlen,out);
if (x509 == NULL)
{
sprintf(out,"unable to load CA certificate\n");//不能去安装CA证书
SSL_CTX_free(m_Ctx);
m_Ctx=NULL;
goto err;
}
if(!(SSL_CTX_use_certificate(m_Ctx,x509)))
{
strcpy(out,"loads certificate into ctx error");//安装证书到CTX
SSL_CTX_free(m_Ctx);
m_Ctx=NULL;
goto err;
}
if (!SSL_CTX_check_private_key(m_Ctx))
{
strcpy(out,"Private key does not match the certificate public key");//私钥不匹配证书的公钥
SSL_CTX_free(m_Ctx);
m_Ctx=NULL;
goto err;
}
/* Load the CAs we trust*/
if(!(SSL_CTX_load_verify_locations(m_Ctx,cafile,/*capath*/NULL)))//lgl检测本地的证书
{
strcpy(out,"Couldn't read CA list"); //不能读CA列表
SSL_CTX_free(m_Ctx);
m_Ctx=NULL;
goto err;
}
SSL_CTX_set_verify_depth(m_Ctx,1);
SSL_CTX_set_client_CA_list(m_Ctx,SSL_load_client_CA_file(cafile));
m_Ssl=SSL_new(m_Ctx);
if(m_Ssl==NULL)
{
strcpy(out,"Make SSL Error");
goto err;
}
/* Load randomness */
// Rand(NULL,1,out);
/*连接服务器*/
if(!(hp=gethostbyname(lpszHostAddress)))
{
strcpy(out,"Couldn't resolve host");
return FALSE;
}
memset(&addr,0,sizeof(addr));
addr.sin_addr=*(struct in_addr*)hp->h_addr_list[0];
addr.sin_family=AF_INET;
addr.sin_port=htons(nHostPort);
sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if (sock == INVALID_SOCKET)
{
strcpy(out,"create socket error");
return FALSE;
}
i=setsockopt(sock,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
if (i < 0)
{
strcpy(out,"setsockopt error");
return FALSE;
}
if (connect(sock,(struct sockaddr *)&addr,sizeof(addr)) == -1)
{
shutdown(sock,2);
closesocket(sock);
strcpy(out,"connect error");
return FALSE;
}
/* Connect the SSL socket */
if (BIO_socket_ioctl(sock,FIONBIO,&l) < 0)
{
strcpy(out,"io set error");
shutdown(sock,2);
closesocket(sock);
SSlShouDown();
return FALSE;
}
sbio=BIO_new_socket(sock,BIO_NOCLOSE);
SSL_set_bio(m_Ssl,sbio,sbio);
SSL_set_connect_state(m_Ssl);
Attach(sock, FD_CLOSE);
return TRUE;
err:
EVP_PKEY_free(pkey);
X509_free(x509);
SSlShouDown();
return FALSE;
}
××××××××××××我的java实现(不知道哪个地方错了)××××××××××
请教高手指点,100分非常非常感谢。老总亲点我解决此问题。
...全文
