SSLByteChannelEmail :
wappsec
Java New I/O architecture doesn't provide a simple way to use SSL with Channels, and worse before 5.0 it wasn't even possible to mix SSL and NIO. Java 5 comes with a new low-level SSL api (SSLEngine) that can be use to provide SSL to any data source. Thanks to this API, I designed a small and simple class which implements ByteChannel interface and whose constructor enables you to make "a SSL upgrade" on any byte channel.
SSLByteChannel can be use as follow :
KeyStore ks = KeyStore.getInstance("JKS");
File kf = new File("keystore");
ks.load(new FileInputStream(kf), "storepassword".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "keypassword".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLEngine engine = sslContext.createSSLEngine();
engine.setUseClientMode(false);
engine.beginHandshake();
SSLByteChannel sslByteChannel = new SSLByteChannel(channel, engine);
keystore is a file you have generated using keytool. storepassword and keypassword are passwords you gave during your key initialization phasis. keytool command can be use as follow :
keytool -genkey -validity 3650
-keystore "keystore"
-storepass "storepassword"
-keypass "keypassword"
-alias "default"
-dname "CN=MyName, OU=MyOrgUnit, O=MyOrg, L=MyCity, S=MyRegion, C=MyCountry"
Hit count since 2005-08-05 :
© 2005 David Crosson. All rights reserved.