不同 Java 进程之间的 SSL 连接不会混淆,因为每个进程拥有自己的 SSL 上下文,即使在相同的机器、相同的端口和相同的命名空间下。可以使用以下代码进行验证:
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
public class SSLExample {
private static final String KEYSTORE_PASSWORD = "password";
private static final String KEYSTORE_LOCATION = "/path/to/keystore.jks";
public static void main(String[] args) throws Exception {
// Create SSL context
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(SSLExample.class.getResourceAsStream(KEYSTORE_LOCATION), KEYSTORE_PASSWORD.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore, KEYSTORE_PASSWORD.toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
SSLSocketFactory clientSocketFactory = sslContext.getSocketFactory();
// Start server in a separate process
new Thread(() -> {
try (ServerSocket serverSocket = serverSocketFactory.createServerSocket(443)) {
while (true) {
try (Socket socket = serverSocket.accept()) {
System.out.println("Received new connection from " + socket.getInetAddress().getHostName());
} catch (IOException e) {
e.printStackTrace();
}
}
} catch (IOException e) {
e.printStackTrace();
}
}).start();
// Connect to server in another process
new Thread(() -> {
try (Socket socket = clientSocketFactory.createSocket("localhost", 443)) {
System.out.println("Successfully connected to server");
} catch (IOException e) {
e.printStackTrace();
}
}).start();
// Wait for connections to be established
Thread.sleep(1000);
}
}
该代码创建了一个 SSL 连接上下文并分别在两个线程中启动了一个服务器和一个客户端。服务器监听本地的 443 端口,接收到新连接后打印信息。客户端连接到本地的 443 端口,如果连接成功,会打印信息。执行该代码后,可以看到服务器和客户端各自只接收到自己建立的 SSL 连接,证明了不同进程之间的 SSL 连接不会混淆。