|
SSL (Secure Socket Layer)
Part:
1
2
3
(Continued from previous part...)
SSL Socket Factories with SSLContext - SslContextTest.java
SSL sockets created with the default SSL socket factories will not
have any certificates associated to authenticate them.
In order to associate certificates with SSL sockets, we need to use
the SSLContext class to create SSL socket factories. Here is a
sample program, SslContextTest.java:
/**
* SslContextTest.java
* Copyright (c) 2005 by Dr. Herong Yang
*/
import java.io.*;
import java.net.*;
import java.security.*;
import javax.net.*;
import javax.net.ssl.*;
public class SslContextTest {
public static void main(String[] args) {
PrintStream out = System.out;
out.println("\nTesting socket factory with SSLContext:");
try {
// SSLContext protocols: TLS, SSL, SSLv3
SSLContext sc = SSLContext.getInstance("SSLv3");
System.out.println("\nSSLContext class: "+sc.getClass());
System.out.println(" Protocol: "+sc.getProtocol());
System.out.println(" Provider: "+sc.getProvider());
// SSLContext algorithms: SunX509
KeyManagerFactory kmf
= KeyManagerFactory.getInstance("SunX509");
System.out.println("\nKeyManagerFactory class: "
+kmf.getClass());
System.out.println(" Algorithm: "+kmf.getAlgorithm());
System.out.println(" Provider: "+kmf.getProvider());
// KeyStore types: JKS
String ksName = "herong.jks";
char ksPass[] = "HerongJKS".toCharArray();
char ctPass[] = "My1stKey".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(ksName), ksPass);
System.out.println("\nKeyStore class: "+ks.getClass());
System.out.println(" Type: "+ks.getType());
System.out.println(" Provider: "+ks.getProvider());
System.out.println(" Size: "+ks.size());
// Generating KeyManager list
kmf.init(ks,ctPass);
KeyManager[] kmList = kmf.getKeyManagers();
System.out.println("\nKeyManager class: "
+kmList[0].getClass());
System.out.println(" # of key manager: " +kmList.length);
// Generating SSLServerSocketFactory
sc.init(kmList, null, null);
SSLServerSocketFactory ssf = sc.getServerSocketFactory();
System.out.println("\nSSLServerSocketFactory class: "
+ssf.getClass());
// Genearting SSLServerSocket
SSLServerSocket ss
= (SSLServerSocket) ssf.createServerSocket();
System.out.println("\nSSLServerSocket class: "
+ss.getClass());
System.out.println(" String: "+ss.toString());
// Generating SSLSocketFactory
sc.init(kmList, null, null);
SSLSocketFactory sf = sc.getSocketFactory();
System.out.println("\nSSLSocketFactory class: "
+sf.getClass());
// Genearting SSLSocket
SSLSocket s
= (SSLSocket) sf.createSocket();
System.out.println("\nSSLSocket class: "+s.getClass());
System.out.println(" String: "+s.toString());
} catch (Exception e) {
System.err.println(e.toString());
}
}
}
Of course, to run this program, you need to have the key store file,
herong.jks, ready. It contains a self-signed pair of private and public
keys. Read my notes on "JCA - Certificates, 'keytool' and 'keystore'",
if you want to use "keytool" to create such a key store file.
If you run this program with JDK 1.5.0, you will get:
Testing socket factory with SSLContext:
SSLContext class: class javax.net.ssl.SSLContext
Protocol: SSLv3
Provider: SunJSSE version 1.5
KeyManagerFactory class: class javax.net.ssl.KeyManagerFactory
Algorithm: SunX509
Provider: SunJSSE version 1.5
KeyStore class: class java.security.KeyStore
Type: JKS
Provider: SUN version 1.5
Size: 1
KeyManager class:
class com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl
# of key manager: 1
SSLServerSocketFactory class:
class com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl
SSLServerSocket class:
class com.sun.net.ssl.internal.ssl.SSLServerSocketImpl
String: [SSL: ServerSocket[unbound]]
SSLSocketFactory class:
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
SSLSocket class: class com.sun.net.ssl.internal.ssl.SSLSocketImpl
String: 1891d8f[SSL_NULL_WITH_NULL_NULL: Socket[unconnected]]
Part:
1
2
3
| 