Mark Wallsgrove wrote: > >But, that shouldn't be too hard to parse. > >How much do you have to configure with the SSL connection? I was just r>eading the example that David linked me too and it seams that it has >>~ 7 files. How have you implemented the filter Chris? > >Best Regards, >Mark Wallsgrove
The client we have setup is pretty similar to the MINA examples. It's going to have multiple files because you need to setup the various pieces the SSLFilter depends on, and then you'll have your protocol decoder and the other standard MINA things. If you take some of the server examples, add the line to setup as client mode, it is close to the same, just using the IOConnector instead of IOAcceptor. Emmanuel's example, though a server, is good: http://mina.apache.org/report/trunk/xref/org/apache/mina/example/chat/Main.html I'll paste in some code here from a project where we add support. This method is called as soon as the NioSocketConnector is created, and is passed its filter chain (getFilterChain()). This still assumes you have your ProtocolDecoder setup, and all that. This is just additional stuff to add the SSL Filter. === private static void addSSLSupport(DefaultIoFilterChainBuilder chain) throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); InputStream in = null; char[] PASSWORD = PropertyManager.get("sim.ssl.keystore_pass").toCharArray(); //if (PropertyManager.isTrue("sim.ssl.server_authentication")) { loadKeyStoreFile(in, ks, PASSWORD); } log.debug("KEYSTORE SIZE: " + ks.size()); String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); log.debug(ks.aliases().nextElement()); if (algorithm == null) { algorithm = "SunX509"; } TrustManager[] TRUST_MANAGERS = null; KeyManager[] KEY_MANAGERS = null; if (PropertyManager.isTrue("sim.ssl.server_authentication")) { TRUST_MANAGERS = initTrustManager(ks, algorithm); } else { TRUST_MANAGERS = SimTrustManagerFactory.X509_MANAGERS; } if (PropertyManager.isTrue("sim.ssl.cli_authentication")) { KEY_MANAGERS = initKeyManager(ks, PASSWORD, algorithm); } SSLContext context = SSLContext.getInstance("tls"); //Initialize SSL & add to filter chain context.init(KEY_MANAGERS, TRUST_MANAGERS, null); SslFilter sslFilter = new SslFilter(context); sslFilter.setUseClientMode(true); chain.addLast("ssl", sslFilter); log.debug("SSL ON"); } === Alternatively, as others have mentioned, since you are dealing with HTTPS for this particular part, using the Apache library for that part, and a Mina Client to handle the proprietary TCP connection might be easier and cleaner. Chris
