Hi Jason,
Thanks a lot for your prompt reply. With your help I had implemented the SSL
support for my sample application successfully. If you have time, Please
ensure whether my implementation of SSL is correct by verifying the
following codes, I have three classes named "SSLServer", "SSLClient" and
"SSLContextGenerator" with two handlers.
*SSLContextGenerator.java*
import java.io.File;
import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import org.apache.mina.filter.ssl.KeyStoreFactory;
import org.apache.mina.filter.ssl.SslContextFactory;
/**
* @author giftsam
*/
public class SSLContextGenerator
{
public SSLContext getSslContext()
{
SSLContext sslContext = null;
try
{
File keyStoreFile = new
File("/home/giftsam/Desktop/certificates/keystore");
File trustStoreFile = new
File("/home/giftsam/Desktop/certificates/truststore");
if (keyStoreFile.exists() && trustStoreFile.exists())
{
final KeyStoreFactory keyStoreFactory = new
KeyStoreFactory();
System.out.println("Url is: " +
keyStoreFile.getAbsolutePath());
keyStoreFactory.setDataFile(keyStoreFile);
keyStoreFactory.setPassword("password");
final KeyStoreFactory trustStoreFactory = new
KeyStoreFactory();
trustStoreFactory.setDataFile(trustStoreFile);
trustStoreFactory.setPassword("password");
final SslContextFactory sslContextFactory = new
SslContextFactory();
final KeyStore keyStore = keyStoreFactory.newInstance();
sslContextFactory.setKeyManagerFactoryKeyStore(keyStore);
final KeyStore trustStore = trustStoreFactory.newInstance();
sslContextFactory.setTrustManagerFactoryKeyStore(trustStore);
sslContextFactory.setKeyManagerFactoryKeyStorePassword("password");
sslContext = sslContextFactory.newInstance();
System.out.println("Provider: " + sslContext.getProvider());
}
else
{
System.out.println("Key store file does not exist");
}
}
catch (Exception ex)
{
ex.printStackTrace();
}
return sslContext;
}
}
*SSLServer.java*
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.service.IoAcceptor;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.codec.textline.TextLineCodecFactory;
import org.apache.mina.filter.logging.LoggingFilter;
import org.apache.mina.filter.ssl.SslFilter;
import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
/**
* @author giftsam
*/
public class SSLServer
{
private static final int PORT = 5000;
private static void addSSLSupport(DefaultIoFilterChainBuilder chain)
{
try
{
SslFilter sslFilter = new SslFilter(new
SSLContextGenerator().getSslContext());
chain.addLast("sslFilter", sslFilter);
System.out.println("SSL support is added..");
}
catch (Exception ex)
{
ex.printStackTrace();
}
}
public static void main(String[] args) throws IOException,
GeneralSecurityException
{
IoAcceptor acceptor = new NioSocketAcceptor();
DefaultIoFilterChainBuilder chain = acceptor.getFilterChain();
addSSLSupport(chain);
chain.addLast("logger", new LoggingFilter());
chain.addLast("codec", new ProtocolCodecFilter(new
TextLineCodecFactory(Charset.forName("UTF-8"))));
acceptor.setHandler(new SSLServerHandler());
acceptor.getSessionConfig().setReadBufferSize(2048);
acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE, 10);
acceptor.bind(new InetSocketAddress(PORT));
System.out.println("Server Started..");
}
}
*SSLClient.java*
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import javax.net.ssl.SSLContext;
import org.apache.mina.core.future.ConnectFuture;
import org.apache.mina.core.service.IoConnector;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.codec.textline.TextLineCodecFactory;
import org.apache.mina.filter.logging.LoggingFilter;
import org.apache.mina.filter.ssl.SslFilter;
import org.apache.mina.transport.socket.nio.NioSocketConnector;
/**
* @author giftsam
*/
public class SSLClient
{
private static final int REMORT_PORT = 5000;
public static void main(String[] args) throws IOException,
InterruptedException, GeneralSecurityException
{
IoConnector connector = new NioSocketConnector();
connector.getSessionConfig().setReadBufferSize(2048);
if (true)
{
// SSLContext sslContext =
BogusSslContextFactory.getInstance(false);
SSLContext sslContext = new
SSLContextGenerator().getSslContext();
System.out.println("sslContext.getProtocol()" +
sslContext.getProtocol());
SslFilter sslFilter = new SslFilter(sslContext);
sslFilter.setUseClientMode(true);
connector.getFilterChain().addFirst("sslFilter", sslFilter);
}
connector.getFilterChain().addLast("logger", new LoggingFilter());
connector.getFilterChain().addLast("codec", new
ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("UTF-8"))));
connector.setHandler(new SSLClientHandler("Hello Server.."));
ConnectFuture future = connector.connect(new
InetSocketAddress("172.108.0.8", REMORT_PORT));
future.awaitUninterruptibly();
if (!future.isConnected())
{
return;
}
IoSession session = future.getSession();
session.getConfig().setUseReadOperation(true);
session.getCloseFuture().awaitUninterruptibly();
System.out.println("After Writing");
connector.dispose();
}
}
Hope to hear from you soon. Once again thanks for your support.
Regards,
Gift Sam
On Thu, Dec 9, 2010 at 1:41 AM, Jason Weinstein
<[email protected]>wrote:
> There are a number of ways to do it, but
>
> you'll need something along the lines of
>
> final SSLContext sslContext = getSslContext();
> final SslFilter sslFilter = new SslFilter(sslContext);
> // sslFilter.setUseClientMode(false);
>
> sslFilter.setNeedClientAuth(getMutualAuth());
>
> final String[] enabledProtocols = getEnabledProtocols();
> if (ValidationUtil.notEmpty(enabledProtocols)) {
> sslFilter.setEnabledProtocols(enabledProtocols);
> }
>
> final String[] enabledCipherSuites = getEnabledCipherSuites();
> if (ValidationUtil.notEmpty(enabledCipherSuites)) {
> sslFilter.setEnabledCipherSuites(enabledCipherSuites);
> }
>
> chain.addLast("sslFilter", sslFilter);
>
> and
>
> getSslContext() {
>
> final URL keyStoreUrl = <url>;
> final KeyStoreFactory keyStoreFactory = new KeyStoreFactory();
> keyStoreFactory.setDataUrl(keyStoreUrl);
> keyStoreFactory.setPassword(keyStorePassword);
>
> final URL trustStoreUrl = <url>;
> final KeyStoreFactory trustStoreFactory = new KeyStoreFactory();
> trustStoreFactory.setDataUrl(trustStoreUrl);
> trustStoreFactory.setPassword(trustStorePassword);
>
> final SslContextFactory sslContextFactory = new
> SslContextFactory();
> final KeyStore keyStore = keyStoreFactory.newInstance();
> sslContextFactory.setKeyManagerFactoryKeyStore(keyStore);
>
> final KeyStore trustStore = trustStoreFactory.newInstance();
> sslContextFactory.setTrustManagerFactoryKeyStore(trustStore);
>
>
> sslContextFactory.setKeyManagerFactoryKeyStorePassword(keyManagerKeyStorePassword);
>
> final SSLContext sslContext = sslContextFactory.newInstance();
>
>
> Note you also have to set up the truststore on the client.
>
>
>
> On 12/7/2010 10:00 PM, Gift Samuel wrote:
>
>> Hi ,
>> I am a new bee to Apache mina. I would like to write a client/server
>> program
>> using Apache mina with SSL. With out SSL the below code works fine,
>>
>> *MinaTimeClient.java*
>>
>> import java.io.IOException;
>> import java.net.InetSocketAddress;
>> import java.net.SocketAddress;
>> import java.nio.charset.Charset;
>> import org.apache.mina.core.RuntimeIoException;
>> import org.apache.mina.core.future.ConnectFuture;
>> import org.apache.mina.core.service.IoConnector;
>> import org.apache.mina.core.session.IdleStatus;
>> import org.apache.mina.core.session.IoSession;
>> import org.apache.mina.filter.codec.ProtocolCodecFilter;
>> import org.apache.mina.filter.codec.textline.TextLineCodecFactory;
>> import org.apache.mina.filter.logging.LoggingFilter;
>> import org.apache.mina.transport.socket.nio.NioSocketConnector;
>>
>> /**
>> * @Since
>> * @author giftsam
>> */
>> public class MinaTimeClient
>> {
>> private static final int PORT = 9123;
>>
>> public static void main(String[] args) throws IOException,
>> InterruptedException
>> {
>> IoConnector connector = new NioSocketConnector();
>> connector.getSessionConfig().setReadBufferSize(2048);
>>
>> connector.getFilterChain().addLast("logger", new LoggingFilter());
>> connector.getFilterChain().addLast("codec", new
>> ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("UTF-8"))));
>>
>> connector.setHandler(new TimeClientHandler("Test"));
>> ConnectFuture future = connector.connect(new
>> InetSocketAddress("192.168.0.28", PORT));
>> future.awaitUninterruptibly();
>>
>> if (!future.isConnected())
>> {
>> return;
>> }
>> IoSession session = future.getSession();
>>
>> session.getConfig().setUseReadOperation(true);
>> session.getCloseFuture().awaitUninterruptibly();
>>
>> System.out.println("After Writing");
>> connector.dispose();
>>
>> }
>> }
>>
>> *MinaTimeServer.java*
>>
>> import java.io.IOException;
>> import java.net.InetSocketAddress;
>> import java.nio.charset.Charset;
>>
>> import org.apache.mina.core.session.IdleStatus;
>> import org.apache.mina.core.service.IoAcceptor;
>> import org.apache.mina.filter.codec.ProtocolCodecFilter;
>> import org.apache.mina.filter.codec.textline.TextLineCodecFactory;
>> import org.apache.mina.filter.logging.LoggingFilter;
>> import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
>>
>> public class MinaTimeServer
>> {
>> private static final int PORT = 9123;
>>
>> public static void main(String[] args) throws IOException
>> {
>> IoAcceptor acceptor = new NioSocketAcceptor();
>>
>> acceptor.getFilterChain().addLast("logger", new LoggingFilter());
>> acceptor.getFilterChain().addLast("codec", new
>> ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("UTF-8"))));
>>
>> acceptor.setHandler(new TimeServerHandler());
>> acceptor.getSessionConfig().setReadBufferSize(2048);
>> acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE, 10);
>> acceptor.bind(new InetSocketAddress(PORT));
>> }
>> }
>>
>> The preceding codes works file without SSL, But what I have to do if I
>> want
>> made the transactions with SSL. I had investigated a lot. But I couldnt
>> find
>> the answer. Please help me.
>>
>> Thanks & Regards,
>> Gift Sam
>>
>>
>>
>
