All geek questions in one place

Secret SSL socket connections in Java

I am working on encrypting tcp connection between server and client. In research and testing, I tend to use private key encryption. My problem is that I cannot find any tutorials on how to implement this feature. The tutorials I found revolve around one-time https requests, all I need is an SSL socket.

The code I have written so far is below. I am almost sure that it needs to be expanded, I just do not know how to do it. Any help is appreciated.

private ServerSocketFactory factory;
private SSLServerSocket serverSocket;

factory = SSLServerSocketFactory.getDefault();
serverSocket = (SSLServerSocket) factory.createServerSocket( <portNum> );

Server code for receiving client connections

SSLSocket socket = (SSLSocket) serverSocket.accept();
socket.startHandshake();

I just don't know how to actually do the handshake.

link: http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html

+4
2

SSL Java , , . , , - , SSL ; . , , " ", - .

SSL, SSL-, . " ", . , , , , , " " .

, SSL, Java SSL-. , , SSL, , TLS, SSLServerSocket SSLSocket.

, . , . :

/**
 * Returns an SSLServerSocket that uses the specified key store file 
 * with the specified password, and listens on the specified port.
 */
ServerSocket getSSLServerSocket(
    File keyStoreFile, 
    char[] keyStoreFilePassword,
    int port
) throws GeneralSecurityException, IOException {
    SSLContext sslContext 
        = SSLConnections.getSSLContext(keyStoreFile, keyStoreFilePassword);
    SSLServerSocketFactory sslServerSocketFactory 
        = sslContext.getServerSocketFactory();
    SSLServerSocket sslServerSocket
        = (SSLServerSocket) sslServerSocketFactory.createServerSocket(port);
    return sslServerSocket;
}

SSLServerSocket , ServerSocket; , . , ServerSocket, .

. cacerts JRE , , SSLContext, ServerSocketFactory.getDefault() ServerSocketFactory. / , cacerts.

:

SSLSocket getSSLSocket(
    File trustStoreFile,
    char[] trustStoreFilePassword,
    InetAddress serverAddress,
    port serverPort
) throws GeneralSecurityException, IOException {
    SSLContext sslContext 
        = SSLConnections.getSSLContext(trustStoreFile, trustStoreFilePassword);
    SSLSocket sslSocket 
        = (SSLSocket) sslContext.getSocketFactory().createSocket
            (serverAddress, serverPort);
    sslSocket.startHandshake();
    return sslSocket;
}

SSLServerSocket , SSLSocket Socket; SSLSocket , .

, cacerts JRE , SSLContext SSLSocketFactory.getDefault() sslContext.getSocketFactory(). , . , , , , , , , () SSLSocket:

    sslSocket.getSSLParameters().setEndpointIdentificationAlgorithm("HTTPS");

, , , , .

,

, , : . Java keytool, 1.7 , .

, : keytool -genkey -alias server -keyalg rsa -dname "cn=server, ou=unit, o=org, l=City, s=ST, c=US" -validity 365242 -keystore server_key_store_file -ext san=ip:192.168.1.129 -v. . , , 365242 - 1000 - , IP- 192.168.1.129. , san=dns:server.example.com san=ip:192.168.1.129. keytool man keytool.

- , , .

keytool -export -alias server -file server.cer -keystore server_key_store_file -rfc -v. server.cer, , .

, server.cer , - keytool -import -alias server -file server.cer -keystore client_trust_store_file -v. ; " ", Java keytool , . : JRE cacerts , changeit, .

, , JRE cacerts , ; . , man keytool .

, , SSL, . . , .

+11

. , : , . , , , .

+1

Source: https://habr.com/ru/post/1534084/

More articles:


All Articles