JDK Tutorials - Herong's Tutorial Examples - v6.32, by Herong Yang
SslContextTest.java - javax.net.ssl.SSLContext Class Test
This section provides a tutorial example on how to write a simple program to test the java.net.ssl.SSLContext class.
SSL sockets created with the default SSL socket factories will not have any certificates associated to authenticate them. In order to associate certificates with SSL sockets, we need to use the SSLContext class to create SSL socket factories. Here is a sample program, SslContextTest.java:
/* SslContextTest.java * Copyright (c) HerongYang.com. All Rights Reserved. */ import java.io.*; import java.net.*; import java.security.*; import javax.net.*; import javax.net.ssl.*; public class SslContextTest { public static void main(String[] args) { PrintStream out = System.out; out.println("\nTesting socket factory with SSLContext:"); try { // SSLContext protocols: TLS, SSL, SSLv3 SSLContext sc = SSLContext.getInstance("SSLv3"); System.out.println("\nSSLContext class: "+sc.getClass()); System.out.println(" Protocol: "+sc.getProtocol()); System.out.println(" Provider: "+sc.getProvider()); // SSLContext algorithms: SunX509 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); System.out.println("\nKeyManagerFactory class: " +kmf.getClass()); System.out.println(" Algorithm: "+kmf.getAlgorithm()); System.out.println(" Provider: "+kmf.getProvider()); // KeyStore file String ksName = "herong.jks"; char ksPass[] = "HerongJKS".toCharArray(); char ctPass[] = "My1stKey".toCharArray(); // KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(new FileInputStream(ksName), ksPass); System.out.println("\nKeyStore class: "+ks.getClass()); System.out.println(" Type: "+ks.getType()); System.out.println(" Provider: "+ks.getProvider()); System.out.println(" Size: "+ks.size()); // Generating KeyManager list kmf.init(ks,ctPass); KeyManager[] kmList = kmf.getKeyManagers(); System.out.println("\nKeyManager class: " +kmList[0].getClass()); System.out.println(" # of key manager: " +kmList.length); // Generating SSLServerSocketFactory sc.init(kmList, null, null); SSLServerSocketFactory ssf = sc.getServerSocketFactory(); System.out.println("\nSSLServerSocketFactory class: " +ssf.getClass()); // Generating SSLServerSocket SSLServerSocket ss = (SSLServerSocket) ssf.createServerSocket(); System.out.println("\nSSLServerSocket class: " +ss.getClass()); System.out.println(" String: "+ss.toString()); // Generating SSLSocketFactory sc.init(kmList, null, null); SSLSocketFactory sf = sc.getSocketFactory(); System.out.println("\nSSLSocketFactory class: " +sf.getClass()); // Generating SSLSocket SSLSocket s = (SSLSocket) sf.createSocket(); System.out.println("\nSSLSocket class: "+s.getClass()); System.out.println(" String: "+s.toString()); } catch (Exception e) { e.printStackTrace(); } } }
Note that JDK switched default keystore file type to "PKCS12" from "JKS" in JDK 9. As of JDK 12 both file types are supported. Basically, you can use KeyStore.getInstance("PKCS12") or KeyStore.getInstance("JKS") to read both keystore file types.
Of course, to run this program, you need to have the Java key store file, herong.jks, ready. It contains a self-signed pair of private and public keys. You should have herong.jks file from previous tutorials.
But if you generate a new one, you can follow this command.
herong> keytool -genkeypair -alias my_home -keystore herong.jks -storepass HerongJKS Enter keystore password: HerongJKS What is your first and last name? [Unknown]: Herong Yang What is the name of your organizational unit? [Unknown]: My Unit What is the name of your organization? [Unknown]: My Home What is the name of your City or Locality? [Unknown]: My City What is the name of your State or Province? [Unknown]: My State What is the two-letter country code for this unit? [Unknown]: US Is <CN=Herong Yang, OU=My Unit, O=My Home, L=My City, ST=My State, C=US> correct? [no]: yes Enter key password for <my_home> (RETURN if same as keystore password): My1stKey
If you run this program, you will get:
herong> java SslContextTest.java Testing socket factory with SSLContext: SSLContext class: class javax.net.ssl.SSLContext Protocol: SSLv3 Provider: SunJSSE version 10 KeyManagerFactory class: class javax.net.ssl.KeyManagerFactory Algorithm: SunX509 Provider: SunJSSE version 10 KeyStore class: class java.security.KeyStore Type: PKCS12 Provider: SUN version 10 Size: 1 KeyManager class: class sun.security.ssl.SunX509KeyManagerImpl # of key manager: 1 SSLServerSocketFactory class: class sun.security.ssl.SSLServerSocketFactoryImpl SSLServerSocket class: class sun.security.ssl.SSLServerSocketImpl String: [SSL: ServerSocket[unbound]] SSLSocketFactory class: class sun.security.ssl.SSLSocketFactoryImpl SSLSocket class: class sun.security.ssl.SSLSocketImpl String: 365185bd[SSL_NULL_WITH_NULL_NULL: Socket[unconnected]]
If I ran it on JDK 1.8, I got:
herong> \Progra~1\java\jdk1.8.0_45\bin\java SslContextTest Testing socket factory with SSLContext: SSLContext class: class javax.net.ssl.SSLContext Protocol: SSLv3 Provider: SunJSSE version 1.8 KeyManagerFactory class: class javax.net.ssl.KeyManagerFactory Algorithm: SunX509 Provider: SunJSSE version 1.8 KeyStore class: class java.security.KeyStore Type: JKS Provider: SUN version 1.8 Size: 3 KeyManager class: class sun.security.ssl.SunX509KeyManagerImpl # of key manager: 1 SSLServerSocketFactory class: class sun.security.ssl.SSLServerSocketFactoryImpl SSLServerSocket class: class sun.security.ssl.SSLServerSocketImpl String: [SSL: ServerSocket[unbound]] SSLSocketFactory class: class sun.security.ssl.SSLSocketFactoryImpl SSLSocket class: class sun.security.ssl.SSLSocketImpl String: 1ed40e0[SSL_NULL_WITH_NULL_NULL: Socket[unconnected]]
Table of Contents
Date, Time and Calendar Classes
Date and Time Object and String Conversion
Number Object and Numeric String Conversion
Locales, Localization Methods and Resource Bundles
Calling and Importing Classes Defined in Unnamed Packages
HashSet, Vector, HashMap and Collection Classes
Character Set Encoding Classes and Methods
Encoding Conversion Programs for Encoded Text Files
Datagram Network Communication
DOM (Document Object Model) - API for XML Files
DTD (Document Type Definition) - XML Validation
XSD (XML Schema Definition) - XML Validation
XSL (Extensible Stylesheet Language)
Message Digest Algorithm Implementations in JDK
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Digital Signature Algorithm and Sample Program
"keytool" Commands and "keystore" Files
KeyStore and Certificate Classes
Secret Key Generation and Management
Cipher - Encryption and Decryption
►The SSL (Secure Socket Layer) Protocol
What Is SSL (Secure Socket Layer)?
JSSE - Java Implementation of SSL and TLS
SslSocketTest.java - Default SSL Socket Factory Test
►SslContextTest.java - javax.net.ssl.SSLContext Class Test
Initializing SSLContext with PKCS12 File
SSL Socket Communication Testing Programs