Bernd Fondermann ha scritto:
> Fellow researchers,
>
> XMPP's xml streams are secured using TLS (see RFC 3920 4.3).
> The basic protocol handshake to get there is divided into three stages.
> 1. plain xml handshake ("opening stanza exchange")
> 2. TLS protocol handshake
> 3. TLS-based xml handshake (repetition of 1., but encrypted)
This is very similar to SMTP TL support (StartTLS command).
After a succesful TLS handshake SMTP require the conversation to start
from scratch with a new EHLO.
> all this must be done on the same InputStream/OutputStream pair.
> no new communication channel is opened for TLS, the plain initiating
> channel is reused and transitioned to TLS.
MINA supports this in a really easy way.
I do this:
session.setTrafficMask(TrafficMask.WRITE);
session.writeSMTPResponse(new SMTPResponse(SMTPRetCode.SERVICE_READY,
DSNStatus.getStatus(DSNStatus.SUCCESS, DSNStatus.DELIVERY_VERSION)+" Go
ahead"));
SSLFilter filter = new SSLFilter(sslContext);
session.resetState();
session.getFilterChain().addFirst("sslFilter", filter);
session.setTrafficMask(TrafficMask.ALL);
The sslContext is provided to the handler including the code above via
mina-spring integration utilities.
The SSLFilter provided by MINA automatically "convert" your current
connection to a TLS connection in a really transparent and elegant way.
> jdk has built-in support for TLS through javax.net.ssl.SSLServerSocket,
> but there is no easy way (AFAIK) to have a. AND b. where
> a. = TLS on any kind of InputStream
> b. = an existing plain InputStream to switch to TLS
>
> a. is important to me because the protocol should be able to run without
> going over sockets, for testing and abstraction purposes.
Maybe you only need javax.net.ssl.SSLEngine from java 1.5. I think it is
already transport independent as it works on simple ByteBuffers.
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
