ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/sec/secjssecltex.htm

306 lines
10 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Example: JSSE client servlet</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h6><a name="secjssecltex"></a>Example: JSSE client servlet</h6>
<pre>/*
*
* This material contains programming source code for your
* consideration. These examples have not been thoroughly
* tested under all conditions. IBM, therefore, cannot
* guarantee or imply reliability, serviceability, or function
* of these program. All programs contained herein are
* provided to you &quot;AS IS&quot;. THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* ARE EXPRESSLY DISCLAIMED. IBM provides no program services for
* these programs and files.
*
*/
import java.io.*;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.Security;
import java.security.KeyStore;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSession;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.ibm.net.ssl.SSLContext;
import com.ibm.net.ssl.TrustManagerFactory;
import com.ibm.net.ssl.TrustManager;
import com.ibm.net.ssl.KeyManagerFactory;
/*
* ServerJsse and ClientJsse
*
* Sample applications to demonstrate a simple client/server interaction using JSSE.
* They communicate using all enabled cipher suites.
*
* The ServerJsse and ClientJsse use different KeyStore files called
* &quot;clientAppKeys.jks&quot; and &quot;serverAppKeys.jks&quot; protected by a password and assumed
* to be in the current working directory. In a real application, the client and
* server should also have their own KeyStore files.
*
* You can build these sample program classes by issuing the following command but
* first make sure that the ibmjsse.jar file shipped in the
* &quot;WAS_PRODUCT_ROOT/java/ext&quot; is in your CLASSPATH or extensions directory.
* This is a servlet, so you also need &quot;WAS_PRODUCT_ROOT/lib/j2ee.jar to compile.
*
* javac ServerJsse.java
* javac ClientJsse.java
*
*
* Running the client/server application requires that the Server is started first
* and then the Client application.
*
* To start the ServerJsse, run the following command:
*
* java ServerJsse
*
* The ServerJsse uses port 8050 by default. Once ServerJsse has started it waits
* for the ClientJsse connection.
*
* To start the client, issue the following command:
*
* java ClientJsse <em>hostname:port</em>
*
* where <em>hostname:port</em> is the optional host:port running SeverJsse.
* The default is localhost:8050.
*
*/
public class ClientJsse extends HttpServlet {
static int N = 50, L = 100, R = 2;
static PrintWriter out = new PrintWriter(System.out);
static SSLContext sslContext;
// Open the KeyStore to obtain the Trusted Certificates.
// KeyStore is of type &quot;JKS&quot;. Filename is &quot;clientAppKeys.jks&quot;
// and password is &quot;myKeys&quot;.
public static void initContext() {
try {
Security.addProvider(new com.ibm.jsse.JSSEProvider());
KeyStore ks = KeyStore.getInstance(&quot;JKS&quot;);
ks.load(new FileInputStream(&quot;clientAppKeys.jks&quot;), &quot;myKeys&quot;.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(&quot;IbmX509&quot;);
kmf.init(ks, &quot;myKeys&quot;.toCharArray());
TrustManager[] tm;
TrustManagerFactory tmf = TrustManagerFactory.getInstance(&quot;IbmX509&quot;);
tmf.init(ks);
tm = tmf.getTrustManagers();
sslContext = SSLContext.getInstance(&quot;SSL&quot;);
sslContext.init(kmf.getKeyManagers(), tm, null);
}
catch (Throwable t) {
out.println(&quot;Failed to read clientAppKeys.jks file.&quot;);
t.printStackTrace();
}
}
public void doGet(HttpServletRequest q, HttpServletResponse r) {
r.setContentType(&quot;text/html&quot;);
String[] args = new String[1];
args[0] = getInitParameter(&quot;hostname&quot;);
// send result to the caller
try {
out = r.getWriter();
out.println(&quot;&lt;html&gt;&quot;);
out.println(&quot;&lt;head&gt;title&gt;Client JSSE Session&lt;/title&gt;&lt;/head&gt;&quot;);
out.println(&quot;&lt;body&gt;&quot;);
out.println(&quot;&lt;h1&gt;Client JSSE Session (starting)&lt;/h1&gt;&quot;);
out.flush();
out.println(&quot;&lt;pre&gt;&quot;);
main(args);
out.println(&quot;&lt;/pre&gt;&quot;);
out.println(&quot;&lt;/body&gt;&lt;/html&gt;&quot;);
out.flush();
out.close();
}
catch (Exception e) {
out.println(&quot;Exception in ClientJsse Servlet: &quot; + e.getMessage());
e.printStackTrace();
}
}//end public void doGet(...)
/** Starts the ClientJsse application as stand alone application.
* @param args the name of the host the ClientJsse should connect to
*/
public static void main(String args[]) throws Exception {
int i, j, len, ci_nonanon;
String host = &quot;127.0.0.1&quot;;
int port = 8050;
if ((args != null) &amp;&amp; (args.length &gt; 0)) {
host = args[0];
i = host.indexOf(':');
if (i != -1) {
try {
port = Integer.parseInt(host.substring(i+1));
host = host.substring(0,i);
}
catch (Exception e) {
System.err.println(&quot;ClientJsse: wrong address format&quot;);
e.printStackTrace();
throw e;
}
}
}
if (args.length &gt; 1)
N = Integer.parseInt(args[1]);
if (args.length &gt; 2)
L = Integer.parseInt(args[2]);
byte buffer[] = new byte[L];
out.println(&quot;ClientJsse: started.&quot;);
initContext();
try {
if (sslContext == null) {
out.println (&quot;ClientJsse: SSL client context NOT created.&quot;);
return;
}
out.println(&quot;ClientJsse: SSL client context created.&quot;);
SSLSocketFactory factory = sslContext.getSocketFactory();
String[] cipher_suites =
sslContext.getSocketFactory().getSupportedCipherSuites();
out.println(&quot;ClientJsse: enabled cipher suites&quot;);
for (i=0, ci_nonanon=0; i &lt; cipher_suites.length; i++) {
if (cipher_suites[i].indexOf(&quot;_anon_&quot;) &lt; 0) {
ci_nonanon++;
}
out.println(&quot; &quot; + cipher_suites[i]);
}
out.flush();
SSLSocket ssl_sock;
OutputStream ostr;
InputStream istr;
long t;
String[] ecs = new String[1];
out.println(&quot;\n &quot;);
for (int csi = 0; csi &lt; ci_nonanon; csi++) {
// Remove anonymous cipher suites.
// TrustManager requires a personal certificate.
ecs[0] = cipher_suites[csi];
if (ecs[0].indexOf(&quot;_anon_&quot;) &gt;= 0) {
continue;
}
for (int n = 0; n &lt; R; n++) {
t = System.currentTimeMillis();
try {
ssl_sock = (SSLSocket) factory.createSocket(host, port);
ssl_sock.setEnabledCipherSuites(ecs);
ssl_sock.startHandshake();
SSLSession session = ssl_sock.getSession();
out.println(&quot; &quot;);
out.println(&quot;\nClientJsse: SSL connection established&quot;);
out.println(&quot; cipher suite: &quot; + session.getCipherSuite());
}
catch (Exception se) {
out.println(&quot; &quot;);
out.println(&quot;\nClientJsse: can't connect using: &quot; +
cipher_suites[csi] + &quot;\n&quot; + se);
break;
}
if (L &gt; 0) {
istr = ssl_sock.getInputStream();
ostr = ssl_sock.getOutputStream();
for (j=0; j &lt; N; j++) {
if ((j==N-1) &amp;&amp; (n == R-1) &amp;&amp; (csi == ci_nonanon - 1))
buffer[0] = (byte)-1;
ostr.write(buffer, 0, L);
for (len = 0;;) {
try {
if ((i = istr.read(buffer, len, L-len)) == -1) {
out.println(&quot;ClientJsse: SSL connection dropped by partner.&quot;);
istr.close();
return;
}
// out.println(&quot;ClientJsse: &quot; + i + &quot; bytes received.&quot;);
if ((len+=i) == L) break;
}
catch (InterruptedIOException e) {
// out.println(&quot;ClientJsse: timeout.\n&quot;);
}
}
}
}
out.println(&quot;Messages = &quot; + N*2 + &quot;; Time = &quot; +
(System.currentTimeMillis() - t));
ssl_sock.close();
out.println(&quot;ClientJsse: SSL connection closed.&quot;);
out.flush();
}
}
Thread.sleep(1500);
// Example using plain sockets
if (L &gt; 0) {
Socket sock = new Socket(host, port);
out.println(&quot; &quot;);
out.println(&quot;\nClientJsse: Plain Socket connection established.&quot;);
istr = sock.getInputStream();
ostr = sock.getOutputStream();
t = System.currentTimeMillis();
for (j=0; j &lt; N; j++) {
ostr.write(buffer, 0, L);
for (len = 0;;) {
if ((i = istr.read(buffer, len, L-len)) == -1) {
out.println(&quot;ClientJsse: connection dropped by partner.&quot;);
return;
}
if ((len+=i) == L) break;
}
}
out.println(&quot;Messages = &quot; + N*2 + &quot;; Time = &quot; +
(System.currentTimeMillis() - t));
sock.close();
out.println(&quot;ClientJsse: Plain Socket connection closed.&quot;);
Thread.sleep(1500);
}
}
catch (Exception e) {
out.println(e);
}
out.println(&quot; &quot;);
out.println(&quot;ClientJsse: terminated.&quot;);
out.flush();
}//end main(...)
}//end class</pre>
</body>
</html>