MCPcopy Index your code
hub / github.com/aliyun/gm-jsse

github.com/aliyun/gm-jsse @v1.3.1

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.3.1 ↗ · + Follow
448 symbols 1,297 edges 71 files 3 documented · 1% updated 2y agov1.3.1 · 2023-09-06★ 13410 open issues
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

English | 简体中文

国密 JSSE

Latest Stable Version Java CI with Maven

环境要求

  • 需要 JDK 1.7 或以上.

安装依赖

<dependency>
    <groupId>com.aliyun</groupId>
    <artifactId>gmsse</artifactId>
    <version>{{使用maven标签所显示的版本}}</version>
</dependency>

快速使用

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import java.net.URL;

import com.aliyun.gmsse.GMProvider;

public class Main {

    public static void main(String[] args) throws Exception {
        // 初始化 SSLSocketFactory
        GMProvider provider = new GMProvider();
        SSLContext sc = SSLContext.getInstance("TLS", provider);
        sc.init(null, null, null);
        SSLSocketFactory ssf = sc.getSocketFactory();

        URL serverUrl = new URL("https://xxx/");
        HttpsURLConnection conn = (HttpsURLConnection) serverUrl.openConnection();
        conn.setRequestMethod("GET");
        // 设置 SSLSocketFactory
        conn.setSSLSocketFactory(ssf);
        conn.connect();
        System.out.println("used cipher suite:");
        System.out.println(conn.getCipherSuite());
    }
}

在新的版本中,GM-JSSE 增加了对服务端证书和 CA 证书的校验,如果 CA 根证书没有导入在系统中,可能会遇到校验错误。这时,你需要通过传递信任管理器的形式来传入 CA 证书。

    BouncyCastleProvider bc = new BouncyCastleProvider();
    KeyStore ks = KeyStore.getInstance("JKS");
    CertificateFactory cf = CertificateFactory.getInstance("X.509", bc);
    FileInputStream is = new FileInputStream("/path/to/ca_cert");
    X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
    ks.load(null, null);
    ks.setCertificateEntry("gmca", cert);

    TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509", provider);
    tmf.init(ks);

    sc.init(null, tmf.getTrustManagers(), null);
    SSLSocketFactory ssf = sc.getSocketFactory();

双向认证

双向认证中,客户端需要传入双证书。


    public static X509Certificate loadCertificate(String path) throws KeyStoreException, CertificateException, FileNotFoundException {
        BouncyCastleProvider bc = new BouncyCastleProvider();
        CertificateFactory cf = CertificateFactory.getInstance("X.509", bc);
        InputStream is = Server.class.getClassLoader().getResourceAsStream(path);
        X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
        return cert;
    }

    public static PrivateKey loadPrivateKey(String path) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        InputStream is = Server.class.getClassLoader().getResourceAsStream(path);
        InputStreamReader inputStreamReader = new InputStreamReader(is);
        BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
        StringBuilder sb = new StringBuilder();
        String line = null;
            while ((line = bufferedReader.readLine()) != null){
            if (line.startsWith("-")){
                continue;
            }
            sb.append(line).append("\n");
        }
        String ecKey = sb.toString().replaceAll("\\r\\n|\\r|\\n", "");
        Base64.Decoder base64Decoder = Base64.getDecoder();
        byte[] keyByte = base64Decoder.decode(ecKey.getBytes(StandardCharsets.UTF_8));
        PKCS8EncodedKeySpec eks2 = new PKCS8EncodedKeySpec(keyByte);
        KeyFactory keyFactory = KeyFactory.getInstance("EC", new BouncyCastleProvider());
        PrivateKey privateKey = keyFactory.generatePrivate(eks2);
        return privateKey;
    }

    KeyStore ks = KeyStore.getInstance("PKCS12", new BouncyCastleProvider());
    ks.load(null, null);

    // 传入签名证书
    ks.setKeyEntry("sign", loadPrivateKey("sm2/client_sign.key"), new char[0], new X509Certificate[] {
        loadCertificate("sm2/client_sign.crt")
    });
    // 传入加密证书
    ks.setKeyEntry("enc", Server.loadPrivateKey("sm2/client_enc.key"), new char[0], new X509Certificate[] {
        oadCertificate("sm2/client_enc.crt")
    });

    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, new char[0]);

    // 传入根证书
    ks.setCertificateEntry("gmca", loadCertificate("sm2/chain-ca.crt"));

    TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509", provider);
    tmf.init(ks);

    sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
    SSLSocketFactory ssf = sc.getSocketFactory();

问题

Opening an Issue, Issues not conforming to the guidelines may be closed immediately.

发行说明

每个版本的详细更改记录在发行说明.

许可证

Apache-2.0

Copyright (c) 2009-present, Alibaba Cloud All rights reserved.

Extension points exported contracts — how you extend this code

Core symbols most depended-on inside this repo

Shape

Method 366
Class 80
Enum 1
Interface 1

Languages

Java100%

Modules by API surface

src/main/java/com/aliyun/gmsse/GMSSLSocket.java35 symbols
src/main/java/com/aliyun/gmsse/GMSSLSession.java26 symbols
src/main/java/com/aliyun/gmsse/GMSSLServerSocket.java17 symbols
src/main/java/com/aliyun/gmsse/protocol/ServerConnectionContext.java16 symbols
src/main/java/com/aliyun/gmsse/RecordStream.java16 symbols
src/main/java/com/aliyun/gmsse/GMSSLContextSpi.java16 symbols
src/main/java/com/aliyun/gmsse/protocol/ClientConnectionContext.java15 symbols
src/main/java/com/aliyun/gmsse/ProtocolVersion.java14 symbols
src/main/java/com/aliyun/gmsse/record/Alert.java12 symbols
src/main/java/com/aliyun/gmsse/CipherSuite.java12 symbols
src/test/java/com/aliyun/gmsse/GMSSLServerSocketTest.java10 symbols
src/main/java/com/aliyun/gmsse/record/Handshake.java10 symbols

For agents

$ claude mcp add gm-jsse \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page