ansaurus

Question

SSL and SocketChannel

Answer 1

+1 A:

Not sure if this is what you're looking for, but may help... To create SSL/TLS enabled server sockets, I'm currently using code like the following (keystore.jks contains a self signed private/public key pair used for securing confirmation) - clients have a similar trust store which contains the signed certificate with the public key of that pair.

A bit of googling around getting that configured should get you underway.

String keyStorePath = "keystore.jks";
String keyStorePassword = "password";

KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = new KeyStore();
keyStore.load(new FileInputStream(keyStorePath), keyStorePassword);
keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());

sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());

SSLContext sslContext = getServerSSLContext(namespace.getUuid());
SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();

// Create sockets as necessary

Martin 2009-05-18 12:39:03

Maybe it isn't clear from the question, but I've a component that does non blocking I/O, so I want a non blocking SSL socket (in Java, a non blocking socket is called "channel").With your approach, you have a blocking Socket that encrypts the data via SSL/TLS, so it's not what I'm seeking for. I use that approach in another component, where I can afford the overhead to have one thread per connection.Thanks anyway for you time!

akappa 2009-05-18 14:01:27

I've looked at doing something similar recently, and actually ended up deciding tools like http://www.jboss.org/netty and http://mina.apache.org were a much easier approach to adding SSL to NIO.There are mechanisms to use NIO via the SSL Engine you can get from the SSLContext, but looking at the sample code that's available, it's just too damned hard! [my rule of thumb is that if I need to download a ZIP of source code for a tutorial (rather than display it inline) it's time to look for alternatives...]

Martin 2009-05-19 02:05:30

Answer 2

+1 A:

Jetty has an NIO SSL implementation for their server: SslSelectorChannelConnector. You might want to peek at it for details on what its doing.

There is also an old (but decent) article from O'Reilly that explains the details about NIO + SSL along with example code.

Kevin 2009-05-18 18:23:14

Thanks for the suggestions :)I already know the O'Reilly article, but it is a bit too simplicistic. I've found a very good hint about building something similar to a SSLSocketChannel in Esmond Pitt's book "Fundamental Networking in Java", but it still is a pain in the a** get it corretly ;)

akappa 2009-05-20 09:47:37

Answer 3

+1 A:

Check out Restlet's implementation it may do what you need, and it's all about NIO.

Restlet Engine Javadoc

Specifically the HttpClientCall. SetProtocol(HTTPS) - getResponseEntityChannel returns a ReadableByteChannel (getEntityChannel returns a WriteableByteChannel)

Gandalf 2009-05-19 23:18:43

Thanks, I'll give it a look :)

akappa 2009-05-20 09:51:14

Mmh, I've searched into the sources for "SSLEngine" and I'vent found anything... maybe they don't use nonblocking I/O with SSL?

akappa 2009-05-20 10:07:06

I doubt it - the whole Restlet project is based on NIO. Sorry can't be more help, but I have to believe they have an NIO SSL solution in there somewhere.

Gandalf 2009-05-20 14:32:17

The fact is that I hardly doubt that they implemented something similar to SSLEngine on their own, so they should use SSLEngine in order to get secure connections over channels... btw, I'll give it a more closer look :P

akappa 2009-05-20 20:53:48

ansaurus

tags:

views:

answers:

SSL and SocketChannel

related questions