Hi Jason, Thank you for your guidance. Surely I will test and let you know whether the SSL impl is working properly or not. But I dont get this line of yours, "If your code is not private i'm sure the list would be interested in how you progress with your use of mina. Codes always cool."
Thanks!! On Sat, Dec 11, 2010 at 1:32 AM, Jason Weinstein <[email protected] > wrote: > > All the parts "seem" to be there. Sounds like you got it working. > > Note if you don't set (on the server) > > sslFilter.setNeedClientAuth(true); > > > you will not be doing client auth (i.e, mutual auth) and therefore server > does not authenticate connecting clients. In which case server truststore > does not need to include client certs. (Someone can correct me if i'm > wrong). > > Also a tip in case your not aware is to set the jdk property > > -Djavax.net.debug=all > > This should help you verify that your ssl impl is working. > > Prints out a bunch of useful info. > > If your code is not private i'm sure the list would be interested in how > you progress with your use of mina. Codes always cool. > > > On 12/9/2010 7:20 PM, Gift Samuel wrote: > >> Hi Jason, >> Thanks a lot for your prompt reply. With your help I had implemented the >> SSL >> support for my sample application successfully. If you have time, Please >> ensure whether my implementation of SSL is correct by verifying the >> following codes, I have three classes named "SSLServer", "SSLClient" and >> "SSLContextGenerator" with two handlers. >> >> *SSLContextGenerator.java* >> import java.io.File; >> import java.security.KeyStore; >> import javax.net.ssl.SSLContext; >> import org.apache.mina.filter.ssl.KeyStoreFactory; >> import org.apache.mina.filter.ssl.SslContextFactory; >> >> /** >> * @author giftsam >> */ >> public class SSLContextGenerator >> { >> public SSLContext getSslContext() >> { >> SSLContext sslContext = null; >> try >> { >> File keyStoreFile = new >> File("/home/giftsam/Desktop/certificates/keystore"); >> File trustStoreFile = new >> File("/home/giftsam/Desktop/certificates/truststore"); >> >> if (keyStoreFile.exists() && trustStoreFile.exists()) >> { >> final KeyStoreFactory keyStoreFactory = new >> KeyStoreFactory(); >> System.out.println("Url is: " + >> keyStoreFile.getAbsolutePath()); >> keyStoreFactory.setDataFile(keyStoreFile); >> keyStoreFactory.setPassword("password"); >> >> final KeyStoreFactory trustStoreFactory = new >> KeyStoreFactory(); >> trustStoreFactory.setDataFile(trustStoreFile); >> trustStoreFactory.setPassword("password"); >> >> final SslContextFactory sslContextFactory = new >> SslContextFactory(); >> final KeyStore keyStore = keyStoreFactory.newInstance(); >> sslContextFactory.setKeyManagerFactoryKeyStore(keyStore); >> >> final KeyStore trustStore = >> trustStoreFactory.newInstance(); >> >> sslContextFactory.setTrustManagerFactoryKeyStore(trustStore); >> >> sslContextFactory.setKeyManagerFactoryKeyStorePassword("password"); >> sslContext = sslContextFactory.newInstance(); >> System.out.println("Provider: " + >> sslContext.getProvider()); >> } >> else >> { >> System.out.println("Key store file does not exist"); >> } >> } >> catch (Exception ex) >> { >> ex.printStackTrace(); >> } >> return sslContext; >> } >> } >> >> *SSLServer.java* >> import java.io.IOException; >> import java.net.InetSocketAddress; >> import java.nio.charset.Charset; >> import java.security.GeneralSecurityException; >> import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder; >> >> import org.apache.mina.core.session.IdleStatus; >> import org.apache.mina.core.service.IoAcceptor; >> import org.apache.mina.filter.codec.ProtocolCodecFilter; >> import org.apache.mina.filter.codec.textline.TextLineCodecFactory; >> import org.apache.mina.filter.logging.LoggingFilter; >> import org.apache.mina.filter.ssl.SslFilter; >> import org.apache.mina.transport.socket.nio.NioSocketAcceptor; >> >> /** >> * @author giftsam >> */ >> public class SSLServer >> { >> private static final int PORT = 5000; >> >> private static void addSSLSupport(DefaultIoFilterChainBuilder chain) >> { >> try >> { >> SslFilter sslFilter = new SslFilter(new >> SSLContextGenerator().getSslContext()); >> chain.addLast("sslFilter", sslFilter); >> System.out.println("SSL support is added.."); >> } >> catch (Exception ex) >> { >> ex.printStackTrace(); >> } >> } >> >> public static void main(String[] args) throws IOException, >> GeneralSecurityException >> { >> IoAcceptor acceptor = new NioSocketAcceptor(); >> DefaultIoFilterChainBuilder chain = acceptor.getFilterChain(); >> >> addSSLSupport(chain); >> >> chain.addLast("logger", new LoggingFilter()); >> chain.addLast("codec", new ProtocolCodecFilter(new >> TextLineCodecFactory(Charset.forName("UTF-8")))); >> >> acceptor.setHandler(new SSLServerHandler()); >> acceptor.getSessionConfig().setReadBufferSize(2048); >> acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE, 10); >> acceptor.bind(new InetSocketAddress(PORT)); >> System.out.println("Server Started.."); >> } >> } >> >> *SSLClient.java* >> import java.io.IOException; >> import java.net.InetSocketAddress; >> import java.nio.charset.Charset; >> import java.security.GeneralSecurityException; >> import javax.net.ssl.SSLContext; >> import org.apache.mina.core.future.ConnectFuture; >> import org.apache.mina.core.service.IoConnector; >> import org.apache.mina.core.session.IoSession; >> import org.apache.mina.filter.codec.ProtocolCodecFilter; >> import org.apache.mina.filter.codec.textline.TextLineCodecFactory; >> import org.apache.mina.filter.logging.LoggingFilter; >> import org.apache.mina.filter.ssl.SslFilter; >> import org.apache.mina.transport.socket.nio.NioSocketConnector; >> >> /** >> * @author giftsam >> */ >> public class SSLClient >> { >> private static final int REMORT_PORT = 5000; >> >> public static void main(String[] args) throws IOException, >> InterruptedException, GeneralSecurityException >> { >> IoConnector connector = new NioSocketConnector(); >> connector.getSessionConfig().setReadBufferSize(2048); >> >> if (true) >> { >> // SSLContext sslContext = >> BogusSslContextFactory.getInstance(false); >> SSLContext sslContext = new >> SSLContextGenerator().getSslContext(); >> System.out.println("sslContext.getProtocol()" + >> sslContext.getProtocol()); >> SslFilter sslFilter = new SslFilter(sslContext); >> sslFilter.setUseClientMode(true); >> connector.getFilterChain().addFirst("sslFilter", sslFilter); >> } >> connector.getFilterChain().addLast("logger", new LoggingFilter()); >> connector.getFilterChain().addLast("codec", new >> ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("UTF-8")))); >> >> connector.setHandler(new SSLClientHandler("Hello Server..")); >> ConnectFuture future = connector.connect(new >> InetSocketAddress("172.108.0.8", REMORT_PORT)); >> future.awaitUninterruptibly(); >> >> if (!future.isConnected()) >> { >> return; >> } >> IoSession session = future.getSession(); >> session.getConfig().setUseReadOperation(true); >> session.getCloseFuture().awaitUninterruptibly(); >> >> System.out.println("After Writing"); >> connector.dispose(); >> >> } >> } >> >> Hope to hear from you soon. Once again thanks for your support. >> >> Regards, >> Gift Sam >> >> On Thu, Dec 9, 2010 at 1:41 AM, Jason Weinstein >> <[email protected]>wrote: >> >> >> >>> There are a number of ways to do it, but >>> >>> you'll need something along the lines of >>> >>> final SSLContext sslContext = getSslContext(); >>> final SslFilter sslFilter = new SslFilter(sslContext); >>> // sslFilter.setUseClientMode(false); >>> >>> sslFilter.setNeedClientAuth(getMutualAuth()); >>> >>> final String[] enabledProtocols = getEnabledProtocols(); >>> if (ValidationUtil.notEmpty(enabledProtocols)) { >>> sslFilter.setEnabledProtocols(enabledProtocols); >>> } >>> >>> final String[] enabledCipherSuites = getEnabledCipherSuites(); >>> if (ValidationUtil.notEmpty(enabledCipherSuites)) { >>> sslFilter.setEnabledCipherSuites(enabledCipherSuites); >>> } >>> >>> chain.addLast("sslFilter", sslFilter); >>> >>> and >>> >>> getSslContext() { >>> >>> final URL keyStoreUrl = <url>; >>> final KeyStoreFactory keyStoreFactory = new KeyStoreFactory(); >>> keyStoreFactory.setDataUrl(keyStoreUrl); >>> keyStoreFactory.setPassword(keyStorePassword); >>> >>> final URL trustStoreUrl = <url>; >>> final KeyStoreFactory trustStoreFactory = new KeyStoreFactory(); >>> trustStoreFactory.setDataUrl(trustStoreUrl); >>> trustStoreFactory.setPassword(trustStorePassword); >>> >>> final SslContextFactory sslContextFactory = new >>> SslContextFactory(); >>> final KeyStore keyStore = keyStoreFactory.newInstance(); >>> sslContextFactory.setKeyManagerFactoryKeyStore(keyStore); >>> >>> final KeyStore trustStore = trustStoreFactory.newInstance(); >>> sslContextFactory.setTrustManagerFactoryKeyStore(trustStore); >>> >>> >>> >>> sslContextFactory.setKeyManagerFactoryKeyStorePassword(keyManagerKeyStorePassword); >>> >>> final SSLContext sslContext = sslContextFactory.newInstance(); >>> >>> >>> Note you also have to set up the truststore on the client. >>> >>> >>> >>> On 12/7/2010 10:00 PM, Gift Samuel wrote: >>> >>> >>> >>>> Hi , >>>> I am a new bee to Apache mina. I would like to write a client/server >>>> program >>>> using Apache mina with SSL. With out SSL the below code works fine, >>>> >>>> *MinaTimeClient.java* >>>> >>>> import java.io.IOException; >>>> import java.net.InetSocketAddress; >>>> import java.net.SocketAddress; >>>> import java.nio.charset.Charset; >>>> import org.apache.mina.core.RuntimeIoException; >>>> import org.apache.mina.core.future.ConnectFuture; >>>> import org.apache.mina.core.service.IoConnector; >>>> import org.apache.mina.core.session.IdleStatus; >>>> import org.apache.mina.core.session.IoSession; >>>> import org.apache.mina.filter.codec.ProtocolCodecFilter; >>>> import org.apache.mina.filter.codec.textline.TextLineCodecFactory; >>>> import org.apache.mina.filter.logging.LoggingFilter; >>>> import org.apache.mina.transport.socket.nio.NioSocketConnector; >>>> >>>> /** >>>> * @Since >>>> * @author giftsam >>>> */ >>>> public class MinaTimeClient >>>> { >>>> private static final int PORT = 9123; >>>> >>>> public static void main(String[] args) throws IOException, >>>> InterruptedException >>>> { >>>> IoConnector connector = new NioSocketConnector(); >>>> connector.getSessionConfig().setReadBufferSize(2048); >>>> >>>> connector.getFilterChain().addLast("logger", new LoggingFilter()); >>>> connector.getFilterChain().addLast("codec", new >>>> ProtocolCodecFilter(new >>>> TextLineCodecFactory(Charset.forName("UTF-8")))); >>>> >>>> connector.setHandler(new TimeClientHandler("Test")); >>>> ConnectFuture future = connector.connect(new >>>> InetSocketAddress("192.168.0.28", PORT)); >>>> future.awaitUninterruptibly(); >>>> >>>> if (!future.isConnected()) >>>> { >>>> return; >>>> } >>>> IoSession session = future.getSession(); >>>> >>>> session.getConfig().setUseReadOperation(true); >>>> session.getCloseFuture().awaitUninterruptibly(); >>>> >>>> System.out.println("After Writing"); >>>> connector.dispose(); >>>> >>>> } >>>> } >>>> >>>> *MinaTimeServer.java* >>>> >>>> import java.io.IOException; >>>> import java.net.InetSocketAddress; >>>> import java.nio.charset.Charset; >>>> >>>> import org.apache.mina.core.session.IdleStatus; >>>> import org.apache.mina.core.service.IoAcceptor; >>>> import org.apache.mina.filter.codec.ProtocolCodecFilter; >>>> import org.apache.mina.filter.codec.textline.TextLineCodecFactory; >>>> import org.apache.mina.filter.logging.LoggingFilter; >>>> import org.apache.mina.transport.socket.nio.NioSocketAcceptor; >>>> >>>> public class MinaTimeServer >>>> { >>>> private static final int PORT = 9123; >>>> >>>> public static void main(String[] args) throws IOException >>>> { >>>> IoAcceptor acceptor = new NioSocketAcceptor(); >>>> >>>> acceptor.getFilterChain().addLast("logger", new LoggingFilter()); >>>> acceptor.getFilterChain().addLast("codec", new >>>> ProtocolCodecFilter(new >>>> TextLineCodecFactory(Charset.forName("UTF-8")))); >>>> >>>> acceptor.setHandler(new TimeServerHandler()); >>>> acceptor.getSessionConfig().setReadBufferSize(2048); >>>> acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE, 10); >>>> acceptor.bind(new InetSocketAddress(PORT)); >>>> } >>>> } >>>> >>>> The preceding codes works file without SSL, But what I have to do if I >>>> want >>>> made the transactions with SSL. I had investigated a lot. But I couldnt >>>> find >>>> the answer. Please help me. >>>> >>>> Thanks & Regards, >>>> Gift Sam >>>> >>>> >>>> >>>> >>>> >>> >> >> >
