Qt笔记-QSslSocket双向认证
Posted IT1995
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Qt笔记-QSslSocket双向认证相关的知识,希望对你有一定的参考价值。
生成证书逻辑是这样的:
逻辑是这样的:
如果要将其导出成client_trust.jks文件,对应的客户端命令为:
@echo on
keytool -genkeypair -keyalg RSA -dname "CN=localhost" -alias client -keystore client.jks -keypass cccccc -storepass cccccc
keytool -exportcert -file client.cer -alias client -keystore client.jks -storepass cccccc
keytool -importcert -file client.cer -alias client -keystore server_trust.jks -storepass cccccc -keypass cccccc服务端命令为:
@echo on
keytool -genkeypair -keyalg RSA -dname "CN=localhost" -alias server -keystore server.jks -keypass cccccc -storepass cccccc
keytool -exportcert -file server.cer -alias server -keystore server.jks -storepass cccccc
keytool -importcert -file server.cer -alias server -keystore client_trust.jks -storepass cccccc -keypass cccccc如果要导到client.jks及server.jks对应的命令为:
keytool -import -trustcacerts -alias client -file client.cer -keystore server.jks -storepass cccccc
keytool -import -trustcacerts -alias server -file server.cer -keystore client.jks -storepass cccccc这里windows上可以使用批处理文件。做个脚本去搞,方便快捷:
这里将两server.jks和client.jks转成p12的格式:
jks转p12
keytool -importkeystore -srckeystore client.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore p_client.p12
keytool -importkeystore -srckeystore server.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore p_server.p12程序运行截图如下:
QSsl双向认证关键代码:
服务端:
void QSSLServer::loadCertificate()
{
QFile p12File(":/res/p_server.p12");
if(!p12File.open(QIODevice::ReadOnly)){
qDebug() << "The certificate file open failed!";
exit(0);
}
bool ok = QSslCertificate::importPkcs12(&p12File, m_key, m_privateCertificate, &m_publicCertificateList, "cccccc");
if(!ok){
qDebug() << "The certificate import error!";
exit(0);
}
p12File.close();
}客户端:
void QSSLClient::loadCertificate()
{
QFile p12File(":/res/p_client.p12");
if(!p12File.open(QIODevice::ReadOnly)){
qDebug() << "The certificate file open failed!";
exit(0);
}
bool ok = QSslCertificate::importPkcs12(&p12File, m_key, m_privateCertificate, &m_publicCertificateList, "cccccc");
if(!ok){
qDebug() << "The certificate import error!";
exit(0);
}
p12File.close();
}服务端开启TCP服务代码:
QSSLServer::QSSLServer(QObject *parent) : QTcpServer(parent)
{
m_key = new QSslKey;
m_privateCertificate = new QSslCertificate;
loadCertificate();
if(!this->listen(QHostAddress::Any, 19999)){
qCritical() << "Unable to start the TCP server";
exit(0);
}
connect(this, &QSSLServer::newConnection, this, &QSSLServer::link);
qDebug() << "The SSLServer started succeefully";
qDebug() << "port: 19999";
}
客户端连接TCP代码:
void QSSLClient::connectServer()
{
m_client->connectToHostEncrypted("localhost", 19999);
if(m_client->waitForEncrypted(5000)){
qDebug() << "Authentication Suceeded";
}
else{
qDebug("Unable to connect to server");
exit(0);
}
}源码打包下载地址:
https://github.com/fengfanchen/Qt/tree/master/QSslSocket_Two_Way_Ssl
以上是关于Qt笔记-QSslSocket双向认证的主要内容,如果未能解决你的问题,请参考以下文章
Qt&Java笔记-Qt与Java进行SSL双向认证(Qt服务端,Java客户端)
Qt&Java笔记-Qt与Java进行SSL双向认证(Qt客户端,Java服务端)
Qt:QSslSocket::bytesWritten() 信号发出过于频繁