# gm-jsse **Repository Path**: aliyun/gm-jsse ## Basic Information - **Project Name**: gm-jsse - **Description**: 开源国密通信纯 Java JSSE 实现 - **Primary Language**: Unknown - **License**: Apache-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2025-05-08 - **Last Updated**: 2025-07-18 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README [English](./README.md) | 简体中文 # 国密 JSSE

Latest Stable Version Java CI with Maven

## 环境要求 - 需要 JDK 1.7 或以上. ## 安装依赖 ```xml com.aliyun gmsse {{使用maven标签所显示的版本}} ``` ## 快速使用 ```java import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import java.net.URL; import com.aliyun.gmsse.GMProvider; public class Main { public static void main(String[] args) throws Exception { // 初始化 SSLSocketFactory GMProvider provider = new GMProvider(); SSLContext sc = SSLContext.getInstance("TLS", provider); sc.init(null, null, null); SSLSocketFactory ssf = sc.getSocketFactory(); URL serverUrl = new URL("https://xxx/"); HttpsURLConnection conn = (HttpsURLConnection) serverUrl.openConnection(); conn.setRequestMethod("GET"); // 设置 SSLSocketFactory conn.setSSLSocketFactory(ssf); conn.connect(); System.out.println("used cipher suite:"); System.out.println(conn.getCipherSuite()); } } ``` 在新的版本中,GM-JSSE 增加了对服务端证书和 CA 证书的校验,如果 CA 根证书没有导入在系统中,可能会遇到校验错误。这时,你需要通过传递信任管理器的形式来传入 CA 证书。 ```java BouncyCastleProvider bc = new BouncyCastleProvider(); KeyStore ks = KeyStore.getInstance("JKS"); CertificateFactory cf = CertificateFactory.getInstance("X.509", bc); FileInputStream is = new FileInputStream("/path/to/ca_cert"); X509Certificate cert = (X509Certificate) cf.generateCertificate(is); ks.load(null, null); ks.setCertificateEntry("gmca", cert); TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509", provider); tmf.init(ks); sc.init(null, tmf.getTrustManagers(), null); SSLSocketFactory ssf = sc.getSocketFactory(); ``` ### 双向认证 双向认证中,客户端需要传入双证书。 ```java public static X509Certificate loadCertificate(String path) throws KeyStoreException, CertificateException, FileNotFoundException { BouncyCastleProvider bc = new BouncyCastleProvider(); CertificateFactory cf = CertificateFactory.getInstance("X.509", bc); InputStream is = Server.class.getClassLoader().getResourceAsStream(path); X509Certificate cert = (X509Certificate) cf.generateCertificate(is); return cert; } public static PrivateKey loadPrivateKey(String path) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException { InputStream is = Server.class.getClassLoader().getResourceAsStream(path); InputStreamReader inputStreamReader = new InputStreamReader(is); BufferedReader bufferedReader = new BufferedReader(inputStreamReader); StringBuilder sb = new StringBuilder(); String line = null; while ((line = bufferedReader.readLine()) != null){ if (line.startsWith("-")){ continue; } sb.append(line).append("\n"); } String ecKey = sb.toString().replaceAll("\\r\\n|\\r|\\n", ""); Base64.Decoder base64Decoder = Base64.getDecoder(); byte[] keyByte = base64Decoder.decode(ecKey.getBytes(StandardCharsets.UTF_8)); PKCS8EncodedKeySpec eks2 = new PKCS8EncodedKeySpec(keyByte); KeyFactory keyFactory = KeyFactory.getInstance("EC", new BouncyCastleProvider()); PrivateKey privateKey = keyFactory.generatePrivate(eks2); return privateKey; } KeyStore ks = KeyStore.getInstance("PKCS12", new BouncyCastleProvider()); ks.load(null, null); // 传入签名证书 ks.setKeyEntry("sign", loadPrivateKey("sm2/client_sign.key"), new char[0], new X509Certificate[] { loadCertificate("sm2/client_sign.crt") }); // 传入加密证书 ks.setKeyEntry("enc", Server.loadPrivateKey("sm2/client_enc.key"), new char[0], new X509Certificate[] { oadCertificate("sm2/client_enc.crt") }); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, new char[0]); // 传入根证书 ks.setCertificateEntry("gmca", loadCertificate("sm2/chain-ca.crt")); TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509", provider); tmf.init(ks); sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); SSLSocketFactory ssf = sc.getSocketFactory(); ``` ## 问题 [Opening an Issue](https://github.com/aliyun/gm-jsse/issues/new), Issues not conforming to the guidelines may be closed immediately. ## 发行说明 每个版本的详细更改记录在[发行说明](https://github.com/aliyun/gm-jsse/releases). ## 许可证 [Apache-2.0](http://www.apache.org/licenses/LICENSE-2.0) Copyright (c) 2009-present, Alibaba Cloud All rights reserved.