|
SSL - Client Authentication
Part:
1
2
3
4
5
(Continued from previous part...)
Server Program for Client Authentication - SslReverseEchoerRevised
To perform both server and client authentications, I have revised my sample program
SslReverseEchoer.java:
/**
* SslReverseEchoerRevised.java
* Copyright (c) 2005 by Dr. Herong Yang
*/
import java.io.*;
import java.net.*;
import java.security.*;
import javax.net.ssl.*;
public class SslReverseEchoerRevised {
public static void main(String[] args) {
if (args.length<3) {
System.out.println("Usage:");
System.out.println(
" java SslReverseEchoerRevised ksName ksPass ctPass");
return;
}
String ksName = args[0];
char[] ksPass = args[1].toCharArray();
char[] ctPass = args[2].toCharArray();
System.setProperty("javax.net.ssl.trustStore", args[0]);
System.setProperty("javax.net.ssl.trustStorePassword",
args[1]);
try {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(ksName), ksPass);
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, ctPass);
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(kmf.getKeyManagers(), null, null);
SSLServerSocketFactory ssf = sc.getServerSocketFactory();
SSLServerSocket s
= (SSLServerSocket) ssf.createServerSocket(8888);
s.setNeedClientAuth(true);
printServerSocketInfo(s);
SSLSocket c = (SSLSocket) s.accept();
printSocketInfo(c);
BufferedWriter w = new BufferedWriter(new OutputStreamWriter(
c.getOutputStream()));
BufferedReader r = new BufferedReader(new InputStreamReader(
c.getInputStream()));
String m = "Welcome to SSL Reverse Echo Server."+
" Please type in some words.";
w.write(m,0,m.length());
w.newLine();
w.flush();
while ((m=r.readLine())!= null) {
if (m.equals(".")) break;
char[] a = m.toCharArray();
int n = a.length;
for (int i=0; i<n/2; i++) {
char t = a[i];
a[i] = a[n-1-i];
a[n-i-1] = t;
}
w.write(a,0,n);
w.newLine();
w.flush();
}
w.close();
r.close();
c.close();
s.close();
} catch (Exception e) {
System.err.println(e.toString());
}
}
private static void printSocketInfo(SSLSocket s) {
System.out.println("Socket class: "+s.getClass());
System.out.println(" Remote address = "
+s.getInetAddress().toString());
System.out.println(" Remote port = "+s.getPort());
System.out.println(" Local socket address = "
+s.getLocalSocketAddress().toString());
System.out.println(" Local address = "
+s.getLocalAddress().toString());
System.out.println(" Local port = "+s.getLocalPort());
System.out.println(" Need client authentication = "
+s.getNeedClientAuth());
SSLSession ss = s.getSession();
try {
System.out.println("Session class: "+ss.getClass());
System.out.println(" Cipher suite = "
+ss.getCipherSuite());
System.out.println(" Protocol = "+ss.getProtocol());
System.out.println(" PeerPrincipal = "
+ss.getPeerPrincipal().getName());
System.out.println(" LocalPrincipal = "
+ss.getLocalPrincipal().getName());
} catch (Exception e) {
System.err.println(e.toString());
}
}
private static void printServerSocketInfo(SSLServerSocket s) {
System.out.println("Server socket class: "+s.getClass());
System.out.println(" Socker address = "
+s.getInetAddress().toString());
System.out.println(" Socker port = "
+s.getLocalPort());
System.out.println(" Need client authentication = "
+s.getNeedClientAuth());
System.out.println(" Want client authentication = "
+s.getWantClientAuth());
System.out.println(" Use client mode = "
+s.getUseClientMode());
}
}
The changes are minor:
- Key store file name, and passwords are moved to command line level.
- The specified key store file is used to supply trusted "public"
certificates with system properties.
- More SSL session information is printed.
(Continued on next part...)
Part:
1
2
3
4
5
| 