All the parts "seem" to be there. Sounds like you got it working.
Note if you don't set (on the server)
sslFilter.setNeedClientAuth(true);
you will not be doing client auth (i.e, mutual auth) and therefore
server does not authenticate connecting clients. In which case server
truststore does not need to include client certs. (Someone can correct
me if i'm wrong).
Also a tip in case your not aware is to set the jdk property
-Djavax.net.debug=all
This should help you verify that your ssl impl is working.
Prints out a bunch of useful info.
If your code is not private i'm sure the list would be interested in how
you progress with your use of mina. Codes always cool.
On 12/9/2010 7:20 PM, Gift Samuel wrote:
Hi Jason,
Thanks a lot for your prompt reply. With your help I had implemented the SSL
support for my sample application successfully. If you have time, Please
ensure whether my implementation of SSL is correct by verifying the
following codes, I have three classes named "SSLServer", "SSLClient" and
"SSLContextGenerator" with two handlers.
*SSLContextGenerator.java*
import java.io.File;
import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import org.apache.mina.filter.ssl.KeyStoreFactory;
import org.apache.mina.filter.ssl.SslContextFactory;
/**
* @author giftsam
*/
public class SSLContextGenerator
{
public SSLContext getSslContext()
{
SSLContext sslContext = null;
try
{
File keyStoreFile = new
File("/home/giftsam/Desktop/certificates/keystore");
File trustStoreFile = new
File("/home/giftsam/Desktop/certificates/truststore");
if (keyStoreFile.exists() && trustStoreFile.exists())
{
final KeyStoreFactory keyStoreFactory = new
KeyStoreFactory();
System.out.println("Url is: " +
keyStoreFile.getAbsolutePath());
keyStoreFactory.setDataFile(keyStoreFile);
keyStoreFactory.setPassword("password");
final KeyStoreFactory trustStoreFactory = new
KeyStoreFactory();
trustStoreFactory.setDataFile(trustStoreFile);
trustStoreFactory.setPassword("password");
final SslContextFactory sslContextFactory = new
SslContextFactory();
final KeyStore keyStore = keyStoreFactory.newInstance();
sslContextFactory.setKeyManagerFactoryKeyStore(keyStore);
final KeyStore trustStore = trustStoreFactory.newInstance();
sslContextFactory.setTrustManagerFactoryKeyStore(trustStore);
sslContextFactory.setKeyManagerFactoryKeyStorePassword("password");
sslContext = sslContextFactory.newInstance();
System.out.println("Provider: " + sslContext.getProvider());
}
else
{
System.out.println("Key store file does not exist");
}
}
catch (Exception ex)
{
ex.printStackTrace();
}
return sslContext;
}
}
*SSLServer.java*
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.service.IoAcceptor;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.codec.textline.TextLineCodecFactory;
import org.apache.mina.filter.logging.LoggingFilter;
import org.apache.mina.filter.ssl.SslFilter;
import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
/**
* @author giftsam
*/
public class SSLServer
{
private static final int PORT = 5000;
private static void addSSLSupport(DefaultIoFilterChainBuilder chain)
{
try
{
SslFilter sslFilter = new SslFilter(new
SSLContextGenerator().getSslContext());
chain.addLast("sslFilter", sslFilter);
System.out.println("SSL support is added..");
}
catch (Exception ex)
{
ex.printStackTrace();
}
}
public static void main(String[] args) throws IOException,
GeneralSecurityException
{
IoAcceptor acceptor = new NioSocketAcceptor();
DefaultIoFilterChainBuilder chain = acceptor.getFilterChain();
addSSLSupport(chain);
chain.addLast("logger", new LoggingFilter());
chain.addLast("codec", new ProtocolCodecFilter(new
TextLineCodecFactory(Charset.forName("UTF-8"))));
acceptor.setHandler(new SSLServerHandler());
acceptor.getSessionConfig().setReadBufferSize(2048);
acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE, 10);
acceptor.bind(new InetSocketAddress(PORT));
System.out.println("Server Started..");
}
}
*SSLClient.java*
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import javax.net.ssl.SSLContext;
import org.apache.mina.core.future.ConnectFuture;
import org.apache.mina.core.service.IoConnector;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.codec.textline.TextLineCodecFactory;
import org.apache.mina.filter.logging.LoggingFilter;
import org.apache.mina.filter.ssl.SslFilter;
import org.apache.mina.transport.socket.nio.NioSocketConnector;
/**
* @author giftsam
*/
public class SSLClient
{
private static final int REMORT_PORT = 5000;
public static void main(String[] args) throws IOException,
InterruptedException, GeneralSecurityException
{
IoConnector connector = new NioSocketConnector();
connector.getSessionConfig().setReadBufferSize(2048);
if (true)
{
// SSLContext sslContext =
BogusSslContextFactory.getInstance(false);
SSLContext sslContext = new
SSLContextGenerator().getSslContext();
System.out.println("sslContext.getProtocol()" +
sslContext.getProtocol());
SslFilter sslFilter = new SslFilter(sslContext);
sslFilter.setUseClientMode(true);
connector.getFilterChain().addFirst("sslFilter", sslFilter);
}
connector.getFilterChain().addLast("logger", new LoggingFilter());
connector.getFilterChain().addLast("codec", new
ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("UTF-8"))));
connector.setHandler(new SSLClientHandler("Hello Server.."));
ConnectFuture future = connector.connect(new
InetSocketAddress("172.108.0.8", REMORT_PORT));
future.awaitUninterruptibly();
if (!future.isConnected())
{
return;
}
IoSession session = future.getSession();
session.getConfig().setUseReadOperation(true);
session.getCloseFuture().awaitUninterruptibly();
System.out.println("After Writing");
connector.dispose();
}
}
Hope to hear from you soon. Once again thanks for your support.
Regards,
Gift Sam
On Thu, Dec 9, 2010 at 1:41 AM, Jason Weinstein
<jason.weinst...@oracle.com>wrote:
There are a number of ways to do it, but
you'll need something along the lines of
final SSLContext sslContext = getSslContext();
final SslFilter sslFilter = new SslFilter(sslContext);
// sslFilter.setUseClientMode(false);
sslFilter.setNeedClientAuth(getMutualAuth());
final String[] enabledProtocols = getEnabledProtocols();
if (ValidationUtil.notEmpty(enabledProtocols)) {
sslFilter.setEnabledProtocols(enabledProtocols);
}
final String[] enabledCipherSuites = getEnabledCipherSuites();
if (ValidationUtil.notEmpty(enabledCipherSuites)) {
sslFilter.setEnabledCipherSuites(enabledCipherSuites);
}
chain.addLast("sslFilter", sslFilter);
and
getSslContext() {
final URL keyStoreUrl = <url>;
final KeyStoreFactory keyStoreFactory = new KeyStoreFactory();
keyStoreFactory.setDataUrl(keyStoreUrl);
keyStoreFactory.setPassword(keyStorePassword);
final URL trustStoreUrl = <url>;
final KeyStoreFactory trustStoreFactory = new KeyStoreFactory();
trustStoreFactory.setDataUrl(trustStoreUrl);
trustStoreFactory.setPassword(trustStorePassword);
final SslContextFactory sslContextFactory = new
SslContextFactory();
final KeyStore keyStore = keyStoreFactory.newInstance();
sslContextFactory.setKeyManagerFactoryKeyStore(keyStore);
final KeyStore trustStore = trustStoreFactory.newInstance();
sslContextFactory.setTrustManagerFactoryKeyStore(trustStore);
sslContextFactory.setKeyManagerFactoryKeyStorePassword(keyManagerKeyStorePassword);
final SSLContext sslContext = sslContextFactory.newInstance();
Note you also have to set up the truststore on the client.
On 12/7/2010 10:00 PM, Gift Samuel wrote:
Hi ,
I am a new bee to Apache mina. I would like to write a client/server
program
using Apache mina with SSL. With out SSL the below code works fine,
*MinaTimeClient.java*
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.nio.charset.Charset;
import org.apache.mina.core.RuntimeIoException;
import org.apache.mina.core.future.ConnectFuture;
import org.apache.mina.core.service.IoConnector;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.codec.textline.TextLineCodecFactory;
import org.apache.mina.filter.logging.LoggingFilter;
import org.apache.mina.transport.socket.nio.NioSocketConnector;
/**
* @Since
* @author giftsam
*/
public class MinaTimeClient
{
private static final int PORT = 9123;
public static void main(String[] args) throws IOException,
InterruptedException
{
IoConnector connector = new NioSocketConnector();
connector.getSessionConfig().setReadBufferSize(2048);
connector.getFilterChain().addLast("logger", new LoggingFilter());
connector.getFilterChain().addLast("codec", new
ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("UTF-8"))));
connector.setHandler(new TimeClientHandler("Test"));
ConnectFuture future = connector.connect(new
InetSocketAddress("192.168.0.28", PORT));
future.awaitUninterruptibly();
if (!future.isConnected())
{
return;
}
IoSession session = future.getSession();
session.getConfig().setUseReadOperation(true);
session.getCloseFuture().awaitUninterruptibly();
System.out.println("After Writing");
connector.dispose();
}
}
*MinaTimeServer.java*
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.charset.Charset;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.service.IoAcceptor;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.codec.textline.TextLineCodecFactory;
import org.apache.mina.filter.logging.LoggingFilter;
import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
public class MinaTimeServer
{
private static final int PORT = 9123;
public static void main(String[] args) throws IOException
{
IoAcceptor acceptor = new NioSocketAcceptor();
acceptor.getFilterChain().addLast("logger", new LoggingFilter());
acceptor.getFilterChain().addLast("codec", new
ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("UTF-8"))));
acceptor.setHandler(new TimeServerHandler());
acceptor.getSessionConfig().setReadBufferSize(2048);
acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE, 10);
acceptor.bind(new InetSocketAddress(PORT));
}
}
The preceding codes works file without SSL, But what I have to do if I
want
made the transactions with SSL. I had investigated a lot. But I couldnt
find
the answer. Please help me.
Thanks & Regards,
Gift Sam
