Hi Jason, Now I got it, Codes can be referred in the post http://www.techbrainwave.com/?p=973 . Thank you so much for your support.
On Tue, Dec 14, 2010 at 3:28 AM, Jason Weinstein <[email protected] > wrote: > > Simply meant if you are doing something with mina and or have code snippets > which may be instructive to others, then if your code is not private, if > your code is opensource for instance, then i'm sure there are some on the > list that would be interested in hearing/seeing what you are doing with > mina, i know i would. > And by that i mean seeing your source code, whether it be pointing to it > online or attaching it to a post. > > > On 12/12/2010 5:35 AM, Gift Samuel wrote: > >> Hi Jason, >> Thank you for your guidance. Surely I will test and let you know whether >> the >> SSL impl is working properly or not. But I dont get this line of yours, >> "If your code is not private i'm sure the list would be interested in how >> you progress with your use of mina. Codes always cool." >> >> Thanks!! >> >> >> On Sat, Dec 11, 2010 at 1:32 AM, Jason Weinstein < >> [email protected] >> >> >>> wrote: >>> >>> >> >> >> >>> All the parts "seem" to be there. Sounds like you got it working. >>> >>> Note if you don't set (on the server) >>> >>> sslFilter.setNeedClientAuth(true); >>> >>> >>> you will not be doing client auth (i.e, mutual auth) and therefore server >>> does not authenticate connecting clients. In which case server truststore >>> does not need to include client certs. (Someone can correct me if i'm >>> wrong). >>> >>> Also a tip in case your not aware is to set the jdk property >>> >>> -Djavax.net.debug=all >>> >>> This should help you verify that your ssl impl is working. >>> >>> Prints out a bunch of useful info. >>> >>> If your code is not private i'm sure the list would be interested in how >>> you progress with your use of mina. Codes always cool. >>> >>> >>> On 12/9/2010 7:20 PM, Gift Samuel wrote: >>> >>> >>> >>>> Hi Jason, >>>> Thanks a lot for your prompt reply. With your help I had implemented the >>>> SSL >>>> support for my sample application successfully. If you have time, Please >>>> ensure whether my implementation of SSL is correct by verifying the >>>> following codes, I have three classes named "SSLServer", "SSLClient" and >>>> "SSLContextGenerator" with two handlers. >>>> >>>> *SSLContextGenerator.java* >>>> import java.io.File; >>>> import java.security.KeyStore; >>>> import javax.net.ssl.SSLContext; >>>> import org.apache.mina.filter.ssl.KeyStoreFactory; >>>> import org.apache.mina.filter.ssl.SslContextFactory; >>>> >>>> /** >>>> * @author giftsam >>>> */ >>>> public class SSLContextGenerator >>>> { >>>> public SSLContext getSslContext() >>>> { >>>> SSLContext sslContext = null; >>>> try >>>> { >>>> File keyStoreFile = new >>>> File("/home/giftsam/Desktop/certificates/keystore"); >>>> File trustStoreFile = new >>>> File("/home/giftsam/Desktop/certificates/truststore"); >>>> >>>> if (keyStoreFile.exists() && trustStoreFile.exists()) >>>> { >>>> final KeyStoreFactory keyStoreFactory = new >>>> KeyStoreFactory(); >>>> System.out.println("Url is: " + >>>> keyStoreFile.getAbsolutePath()); >>>> keyStoreFactory.setDataFile(keyStoreFile); >>>> keyStoreFactory.setPassword("password"); >>>> >>>> final KeyStoreFactory trustStoreFactory = new >>>> KeyStoreFactory(); >>>> trustStoreFactory.setDataFile(trustStoreFile); >>>> trustStoreFactory.setPassword("password"); >>>> >>>> final SslContextFactory sslContextFactory = new >>>> SslContextFactory(); >>>> final KeyStore keyStore = keyStoreFactory.newInstance(); >>>> sslContextFactory.setKeyManagerFactoryKeyStore(keyStore); >>>> >>>> final KeyStore trustStore = >>>> trustStoreFactory.newInstance(); >>>> >>>> sslContextFactory.setTrustManagerFactoryKeyStore(trustStore); >>>> >>>> sslContextFactory.setKeyManagerFactoryKeyStorePassword("password"); >>>> sslContext = sslContextFactory.newInstance(); >>>> System.out.println("Provider: " + >>>> sslContext.getProvider()); >>>> } >>>> else >>>> { >>>> System.out.println("Key store file does not exist"); >>>> } >>>> } >>>> catch (Exception ex) >>>> { >>>> ex.printStackTrace(); >>>> } >>>> return sslContext; >>>> } >>>> } >>>> >>>> *SSLServer.java* >>>> import java.io.IOException; >>>> import java.net.InetSocketAddress; >>>> import java.nio.charset.Charset; >>>> import java.security.GeneralSecurityException; >>>> import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder; >>>> >>>> import org.apache.mina.core.session.IdleStatus; >>>> import org.apache.mina.core.service.IoAcceptor; >>>> import org.apache.mina.filter.codec.ProtocolCodecFilter; >>>> import org.apache.mina.filter.codec.textline.TextLineCodecFactory; >>>> import org.apache.mina.filter.logging.LoggingFilter; >>>> import org.apache.mina.filter.ssl.SslFilter; >>>> import org.apache.mina.transport.socket.nio.NioSocketAcceptor; >>>> >>>> /** >>>> * @author giftsam >>>> */ >>>> public class SSLServer >>>> { >>>> private static final int PORT = 5000; >>>> >>>> private static void addSSLSupport(DefaultIoFilterChainBuilder chain) >>>> { >>>> try >>>> { >>>> SslFilter sslFilter = new SslFilter(new >>>> SSLContextGenerator().getSslContext()); >>>> chain.addLast("sslFilter", sslFilter); >>>> System.out.println("SSL support is added.."); >>>> } >>>> catch (Exception ex) >>>> { >>>> ex.printStackTrace(); >>>> } >>>> } >>>> >>>> public static void main(String[] args) throws IOException, >>>> GeneralSecurityException >>>> { >>>> IoAcceptor acceptor = new NioSocketAcceptor(); >>>> DefaultIoFilterChainBuilder chain = acceptor.getFilterChain(); >>>> >>>> addSSLSupport(chain); >>>> >>>> chain.addLast("logger", new LoggingFilter()); >>>> chain.addLast("codec", new ProtocolCodecFilter(new >>>> TextLineCodecFactory(Charset.forName("UTF-8")))); >>>> >>>> acceptor.setHandler(new SSLServerHandler()); >>>> acceptor.getSessionConfig().setReadBufferSize(2048); >>>> acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE, 10); >>>> acceptor.bind(new InetSocketAddress(PORT)); >>>> System.out.println("Server Started.."); >>>> } >>>> } >>>> >>>> *SSLClient.java* >>>> import java.io.IOException; >>>> import java.net.InetSocketAddress; >>>> import java.nio.charset.Charset; >>>> import java.security.GeneralSecurityException; >>>> import javax.net.ssl.SSLContext; >>>> import org.apache.mina.core.future.ConnectFuture; >>>> import org.apache.mina.core.service.IoConnector; >>>> import org.apache.mina.core.session.IoSession; >>>> import org.apache.mina.filter.codec.ProtocolCodecFilter; >>>> import org.apache.mina.filter.codec.textline.TextLineCodecFactory; >>>> import org.apache.mina.filter.logging.LoggingFilter; >>>> import org.apache.mina.filter.ssl.SslFilter; >>>> import org.apache.mina.transport.socket.nio.NioSocketConnector; >>>> >>>> /** >>>> * @author giftsam >>>> */ >>>> public class SSLClient >>>> { >>>> private static final int REMORT_PORT = 5000; >>>> >>>> public static void main(String[] args) throws IOException, >>>> InterruptedException, GeneralSecurityException >>>> { >>>> IoConnector connector = new NioSocketConnector(); >>>> connector.getSessionConfig().setReadBufferSize(2048); >>>> >>>> if (true) >>>> { >>>> // SSLContext sslContext = >>>> BogusSslContextFactory.getInstance(false); >>>> SSLContext sslContext = new >>>> SSLContextGenerator().getSslContext(); >>>> System.out.println("sslContext.getProtocol()" + >>>> sslContext.getProtocol()); >>>> SslFilter sslFilter = new SslFilter(sslContext); >>>> sslFilter.setUseClientMode(true); >>>> connector.getFilterChain().addFirst("sslFilter", sslFilter); >>>> } >>>> connector.getFilterChain().addLast("logger", new LoggingFilter()); >>>> connector.getFilterChain().addLast("codec", new >>>> ProtocolCodecFilter(new >>>> TextLineCodecFactory(Charset.forName("UTF-8")))); >>>> >>>> connector.setHandler(new SSLClientHandler("Hello Server..")); >>>> ConnectFuture future = connector.connect(new >>>> InetSocketAddress("172.108.0.8", REMORT_PORT)); >>>> future.awaitUninterruptibly(); >>>> >>>> if (!future.isConnected()) >>>> { >>>> return; >>>> } >>>> IoSession session = future.getSession(); >>>> session.getConfig().setUseReadOperation(true); >>>> session.getCloseFuture().awaitUninterruptibly(); >>>> >>>> System.out.println("After Writing"); >>>> connector.dispose(); >>>> >>>> } >>>> } >>>> >>>> Hope to hear from you soon. Once again thanks for your support. >>>> >>>> Regards, >>>> Gift Sam >>>> >>>> On Thu, Dec 9, 2010 at 1:41 AM, Jason Weinstein >>>> <[email protected]>wrote: >>>> >>>> >>>> >>>> >>>> >>>>> There are a number of ways to do it, but >>>>> >>>>> you'll need something along the lines of >>>>> >>>>> final SSLContext sslContext = getSslContext(); >>>>> final SslFilter sslFilter = new SslFilter(sslContext); >>>>> // sslFilter.setUseClientMode(false); >>>>> >>>>> sslFilter.setNeedClientAuth(getMutualAuth()); >>>>> >>>>> final String[] enabledProtocols = getEnabledProtocols(); >>>>> if (ValidationUtil.notEmpty(enabledProtocols)) { >>>>> sslFilter.setEnabledProtocols(enabledProtocols); >>>>> } >>>>> >>>>> final String[] enabledCipherSuites = getEnabledCipherSuites(); >>>>> if (ValidationUtil.notEmpty(enabledCipherSuites)) { >>>>> sslFilter.setEnabledCipherSuites(enabledCipherSuites); >>>>> } >>>>> >>>>> chain.addLast("sslFilter", sslFilter); >>>>> >>>>> and >>>>> >>>>> getSslContext() { >>>>> >>>>> final URL keyStoreUrl = <url>; >>>>> final KeyStoreFactory keyStoreFactory = new KeyStoreFactory(); >>>>> keyStoreFactory.setDataUrl(keyStoreUrl); >>>>> keyStoreFactory.setPassword(keyStorePassword); >>>>> >>>>> final URL trustStoreUrl = <url>; >>>>> final KeyStoreFactory trustStoreFactory = new >>>>> KeyStoreFactory(); >>>>> trustStoreFactory.setDataUrl(trustStoreUrl); >>>>> trustStoreFactory.setPassword(trustStorePassword); >>>>> >>>>> final SslContextFactory sslContextFactory = new >>>>> SslContextFactory(); >>>>> final KeyStore keyStore = keyStoreFactory.newInstance(); >>>>> sslContextFactory.setKeyManagerFactoryKeyStore(keyStore); >>>>> >>>>> final KeyStore trustStore = trustStoreFactory.newInstance(); >>>>> sslContextFactory.setTrustManagerFactoryKeyStore(trustStore); >>>>> >>>>> >>>>> >>>>> >>>>> sslContextFactory.setKeyManagerFactoryKeyStorePassword(keyManagerKeyStorePassword); >>>>> >>>>> final SSLContext sslContext = sslContextFactory.newInstance(); >>>>> >>>>> >>>>> Note you also have to set up the truststore on the client. >>>>> >>>>> >>>>> >>>>> On 12/7/2010 10:00 PM, Gift Samuel wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> Hi , >>>>>> I am a new bee to Apache mina. I would like to write a client/server >>>>>> program >>>>>> using Apache mina with SSL. With out SSL the below code works fine, >>>>>> >>>>>> *MinaTimeClient.java* >>>>>> >>>>>> import java.io.IOException; >>>>>> import java.net.InetSocketAddress; >>>>>> import java.net.SocketAddress; >>>>>> import java.nio.charset.Charset; >>>>>> import org.apache.mina.core.RuntimeIoException; >>>>>> import org.apache.mina.core.future.ConnectFuture; >>>>>> import org.apache.mina.core.service.IoConnector; >>>>>> import org.apache.mina.core.session.IdleStatus; >>>>>> import org.apache.mina.core.session.IoSession; >>>>>> import org.apache.mina.filter.codec.ProtocolCodecFilter; >>>>>> import org.apache.mina.filter.codec.textline.TextLineCodecFactory; >>>>>> import org.apache.mina.filter.logging.LoggingFilter; >>>>>> import org.apache.mina.transport.socket.nio.NioSocketConnector; >>>>>> >>>>>> /** >>>>>> * @Since >>>>>> * @author giftsam >>>>>> */ >>>>>> public class MinaTimeClient >>>>>> { >>>>>> private static final int PORT = 9123; >>>>>> >>>>>> public static void main(String[] args) throws IOException, >>>>>> InterruptedException >>>>>> { >>>>>> IoConnector connector = new NioSocketConnector(); >>>>>> connector.getSessionConfig().setReadBufferSize(2048); >>>>>> >>>>>> connector.getFilterChain().addLast("logger", new >>>>>> LoggingFilter()); >>>>>> connector.getFilterChain().addLast("codec", new >>>>>> ProtocolCodecFilter(new >>>>>> TextLineCodecFactory(Charset.forName("UTF-8")))); >>>>>> >>>>>> connector.setHandler(new TimeClientHandler("Test")); >>>>>> ConnectFuture future = connector.connect(new >>>>>> InetSocketAddress("192.168.0.28", PORT)); >>>>>> future.awaitUninterruptibly(); >>>>>> >>>>>> if (!future.isConnected()) >>>>>> { >>>>>> return; >>>>>> } >>>>>> IoSession session = future.getSession(); >>>>>> >>>>>> session.getConfig().setUseReadOperation(true); >>>>>> session.getCloseFuture().awaitUninterruptibly(); >>>>>> >>>>>> System.out.println("After Writing"); >>>>>> connector.dispose(); >>>>>> >>>>>> } >>>>>> } >>>>>> >>>>>> *MinaTimeServer.java* >>>>>> >>>>>> import java.io.IOException; >>>>>> import java.net.InetSocketAddress; >>>>>> import java.nio.charset.Charset; >>>>>> >>>>>> import org.apache.mina.core.session.IdleStatus; >>>>>> import org.apache.mina.core.service.IoAcceptor; >>>>>> import org.apache.mina.filter.codec.ProtocolCodecFilter; >>>>>> import org.apache.mina.filter.codec.textline.TextLineCodecFactory; >>>>>> import org.apache.mina.filter.logging.LoggingFilter; >>>>>> import org.apache.mina.transport.socket.nio.NioSocketAcceptor; >>>>>> >>>>>> public class MinaTimeServer >>>>>> { >>>>>> private static final int PORT = 9123; >>>>>> >>>>>> public static void main(String[] args) throws IOException >>>>>> { >>>>>> IoAcceptor acceptor = new NioSocketAcceptor(); >>>>>> >>>>>> acceptor.getFilterChain().addLast("logger", new LoggingFilter()); >>>>>> acceptor.getFilterChain().addLast("codec", new >>>>>> ProtocolCodecFilter(new >>>>>> TextLineCodecFactory(Charset.forName("UTF-8")))); >>>>>> >>>>>> acceptor.setHandler(new TimeServerHandler()); >>>>>> acceptor.getSessionConfig().setReadBufferSize(2048); >>>>>> acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE, >>>>>> 10); >>>>>> acceptor.bind(new InetSocketAddress(PORT)); >>>>>> } >>>>>> } >>>>>> >>>>>> The preceding codes works file without SSL, But what I have to do if I >>>>>> want >>>>>> made the transactions with SSL. I had investigated a lot. But I >>>>>> couldnt >>>>>> find >>>>>> the answer. Please help me. >>>>>> >>>>>> Thanks & Regards, >>>>>> Gift Sam >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> >> >
