I was looking for a sample program in java, using which I can test the connectivity to SSL.
Then I found http://www.herongyang.com/JDK/SSL-Socket-Server-Example-SslReverseEchoer.html
There are two programs
SslReverseEchoer.java (Running on server side)
/**
* SslReverseEchoer.java
* Copyright (c) 2005 by Dr. Herong Yang
* http://www.herongyang.com/JDK/SSL-Socket-Server-Example-SslReverseEchoer.html
*/
import java.io.*;
import java.net.*;
import java.security.*;
import javax.net.ssl.*;
public class SslReverseEchoer {
public static void main(String[] args) {
// This is the keystore generated on the server.
String ksName = "C:\\localhostCerts\\localhost.jks";
// Keystore Password
char ksPass[] = "welcome".toCharArray();
// store Password
char ctPass[] = "welcome".toCharArray();
try {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(ksName), ksPass);
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, ctPass);
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), null, null);
SSLServerSocketFactory ssf = sc.getServerSocketFactory();
// This is the port number that we'll be giving in the client program.
// Please do note it down.
SSLServerSocket s
= (SSLServerSocket) ssf.createServerSocket(8888);
printServerSocketInfo(s);
SSLSocket c = (SSLSocket) s.accept();
printSocketInfo(c);
BufferedWriter w = new BufferedWriter(new OutputStreamWriter(
c.getOutputStream()));
BufferedReader r = new BufferedReader(new InputStreamReader(
c.getInputStream()));
String m = "Welcome to SSL Reverse Echo Server."+
" Please type in some words.";
w.write(m,0,m.length());
w.newLine();
w.flush();
while ((m=r.readLine())!= null) {
if (m.equals(".")) break;
char[] a = m.toCharArray();
int n = a.length;
for (int i=0; i<n/2; i++) {
char t = a[i];
a[i] = a[n-1-i];
a[n-i-1] = t;
}
w.write(a,0,n);
w.newLine();
w.flush();
}
w.close();
r.close();
c.close();
s.close();
} catch (Exception e) {
System.err.println(e.toString());
}
}
private static void printSocketInfo(SSLSocket s) {
System.out.println("Socket class: "+s.getClass());
System.out.println(" Remote address = "
+s.getInetAddress().toString());
System.out.println(" Remote port = "+s.getPort());
System.out.println(" Local socket address = "
+s.getLocalSocketAddress().toString());
System.out.println(" Local address = "
+s.getLocalAddress().toString());
System.out.println(" Local port = "+s.getLocalPort());
System.out.println(" Need client authentication = "
+s.getNeedClientAuth());
SSLSession ss = s.getSession();
System.out.println(" Cipher suite = "+ss.getCipherSuite());
System.out.println(" Protocol = "+ss.getProtocol());
}
private static void printServerSocketInfo(SSLServerSocket s) {
System.out.println("Server socket class: "+s.getClass());
System.out.println(" Socker address = "
+s.getInetAddress().toString());
System.out.println(" Socker port = "
+s.getLocalPort());
System.out.println(" Need client authentication = "
+s.getNeedClientAuth());
System.out.println(" Want client authentication = "
+s.getWantClientAuth());
System.out.println(" Use client mode = "
+s.getUseClientMode());
}
}
Of course, to run this program, you need to have the key store file, C:\localhostCerts\localhost.jks, ready. It contains a self-signed pair of private and public keys. If you want to create certificates using keytool, you can follow first 2 steps of this
SslSocketClient.java (running on client side)
/**
* SslSocketClient.java
* Copyright (c) 2005 by Dr. Herong Yang
* Before you execute this program, you have to prepare a jks file which will be trusted
* by the client program. To make the trusted key store file you can use keytool -import command
* You can read http://www.herongyang.com/JDK/SSL-Socket-Make-Self-Signed-Certificates-Trusted.html for more information.
* This is also a good URL to study : http://docs.oracle.com/javaee/1.4/tutorial/doc/Security6.html
*/
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
public class SslSocketClient {
public static void main(String[] args) {
BufferedReader in = new BufferedReader(
new InputStreamReader(System.in));
PrintStream out = System.out;
SSLSocketFactory f =
(SSLSocketFactory) SSLSocketFactory.getDefault();
try {
// This is the port number of the server on which server is listening
SSLSocket c =
(SSLSocket) f.createSocket("localhost", 8888);
printSocketInfo(c);
c.startHandshake();
BufferedWriter w = new BufferedWriter(
new OutputStreamWriter(c.getOutputStream()));
BufferedReader r = new BufferedReader(
new InputStreamReader(c.getInputStream()));
String m = null;
while ((m=r.readLine())!= null) {
out.println(m);
m = in.readLine();
w.write(m,0,m.length());
w.newLine();
w.flush();
}
w.close();
r.close();
c.close();
} catch (IOException e) {
System.err.println(e.toString());
}
}
private static void printSocketInfo(SSLSocket s) {
System.out.println("Socket class: "+s.getClass());
System.out.println(" Remote address = "
+s.getInetAddress().toString());
System.out.println(" Remote port = "+s.getPort());
System.out.println(" Local socket address = "
+s.getLocalSocketAddress().toString());
System.out.println(" Local address = "
+s.getLocalAddress().toString());
System.out.println(" Local port = "+s.getLocalPort());
System.out.println(" Need client authentication = "
+s.getNeedClientAuth());
SSLSession ss = s.getSession();
System.out.println(" Cipher suite = "+ss.getCipherSuite());
System.out.println(" Protocol = "+ss.getProtocol());
}
}
How to test these programs
After you have created certificates on the server side, you can start the server as follows.
C:\>java SslReverseEchoer Server socket class: class com.sun.net.ssl.internal.ssl.SSLServerSocketImpl Socker address = 0.0.0.0/0.0.0.0 Socker port = 8888 Need client authentication = false Want client authentication = false Use client mode = false Socket class: class com.sun.net.ssl.internal.ssl.SSLSocketImpl Remote address = /127.0.0.1 Remote port = 53298 Local socket address = /127.0.0.1:8888 Local address = /127.0.0.1 Local port = 8888 Need client authentication = false Cipher suite = SSL_RSA_WITH_RC4_128_MD5 Protocol = TLSv1While the server program is running, go to the client machine and execute the following
C:\>java SslSocketClient Socket class: class com.sun.net.ssl.internal.ssl.SSLSocketImpl Remote address = localhost/127.0.0.1 Remote port = 8888 Local socket address = /127.0.0.1:52814 Local address = /127.0.0.1 Local port = 52814 Need client authentication = false Cipher suite = SSL_NULL_WITH_NULL_NULL Protocol = NONE javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHands hakeException: sun.security.validator.ValidatorException: PKIX path building fai led: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target // Please note that the above command will terminate the server process. You need to restart it. // In the above command, we didn't provide the certiciates, so as expected, it should not be // able to connect. // Before running the following command, you have to import the server side certificate // into cacerts.jks using the keytool -import command. C:\>java -Djavax.net.ssl.trustStore=localhostCerts\cacerts.jks SslSocketClient Socket class: class com.sun.net.ssl.internal.ssl.SSLSocketImpl Remote address = localhost/127.0.0.1 Remote port = 8888 Local socket address = /127.0.0.1:52816 Local address = /127.0.0.1 Local port = 52816 Need client authentication = false Cipher suite = SSL_RSA_WITH_RC4_128_MD5 Protocol = TLSv1 Welcome to SSL Reverse Echo Server. Please type in some words. How are you? ?uoy era woH
No comments:
Post a Comment