281 lines
9.5 KiB
HTML
281 lines
9.5 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
|
<html>
|
||
|
|
<head>
|
||
|
|
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
|
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
|
||
|
|
|
||
|
|
<title>Example: JSSE server servlet</title>
|
||
|
|
</head>
|
||
|
|
|
||
|
|
<BODY>
|
||
|
|
<!-- Java sync-link -->
|
||
|
|
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
|
||
|
|
|
||
|
|
<h6><a name="secjssesvrex"></a>Example: JSSE server servlet</h6>
|
||
|
|
|
||
|
|
<pre>/*
|
||
|
|
*
|
||
|
|
* This material contains programming source code for your
|
||
|
|
* consideration. These examples have not been thoroughly
|
||
|
|
* tested under all conditions. IBM, therefore, cannot
|
||
|
|
* guarantee or imply reliability, serviceability, or function
|
||
|
|
* of these program. All programs contained herein are
|
||
|
|
* provided to you "AS IS". THE IMPLIED WARRANTIES OF
|
||
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||
|
|
* ARE EXPRESSLY DISCLAIMED. IBM provides no program services for
|
||
|
|
* these programs and files.
|
||
|
|
*
|
||
|
|
*/
|
||
|
|
import java.io.*;
|
||
|
|
import java.net.ServerSocket;
|
||
|
|
import java.net.Socket;
|
||
|
|
import java.security.Security;
|
||
|
|
import java.security.KeyStore;
|
||
|
|
import javax.net.ssl.SSLServerSocketFactory;
|
||
|
|
import javax.net.ssl.SSLServerSocket;
|
||
|
|
import javax.net.ssl.SSLSocket;
|
||
|
|
import javax.net.ssl.SSLSession;
|
||
|
|
import javax.servlet.http.HttpServlet;
|
||
|
|
import javax.servlet.http.HttpServletRequest;
|
||
|
|
import javax.servlet.http.HttpServletResponse;
|
||
|
|
import com.ibm.net.ssl.SSLContext;
|
||
|
|
import com.ibm.net.ssl.TrustManagerFactory;
|
||
|
|
import com.ibm.net.ssl.KeyManagerFactory;
|
||
|
|
|
||
|
|
/*
|
||
|
|
* ServerJsse and ClientJsse
|
||
|
|
*
|
||
|
|
* Sample applications to demonstrate a simple client/server interaction using JSSE.
|
||
|
|
* They will communicate using all enabled cipher suites.
|
||
|
|
*
|
||
|
|
* The ServerJsse and ClientJsse use different KeyStore files called
|
||
|
|
* "clientAppKeys.jks" and "serverAppKeys.jks" protected by a password and assumed
|
||
|
|
* to be in the current directory. In a real application, the client and server
|
||
|
|
* should also have their own KeyStore files.
|
||
|
|
*
|
||
|
|
* You can build these sample program classes by issuing the following command but
|
||
|
|
* first make sure that the ibmjsse.jar file shipped in the
|
||
|
|
* "WAS_PRODUCT_ROOT/java/ext" is in your CLASSPATH or extensions directory.
|
||
|
|
* This is a servlet, so you also need "WAS_PRODUCT_ROOT/lib/j2ee.jar to compile.
|
||
|
|
*
|
||
|
|
* javac ServerJsse.java
|
||
|
|
* javac ClientJsse.java
|
||
|
|
*
|
||
|
|
*
|
||
|
|
* Running the client/server application requires that the Server is started first
|
||
|
|
* and then the Client application.
|
||
|
|
*
|
||
|
|
* To start the ServerJsse, run the following command:
|
||
|
|
*
|
||
|
|
* java ServerJsse <em>port</em>
|
||
|
|
*
|
||
|
|
* The ServerJsse uses port 8050 by default. Once ServerJsse has started it waits
|
||
|
|
* for the ClientJsse connection.
|
||
|
|
*
|
||
|
|
* To start the client, issue the following command:
|
||
|
|
*
|
||
|
|
* java ClientJsse <em>hostname:port</em>
|
||
|
|
*
|
||
|
|
* where <em>hostname:port</em> is the name of the host:port running SeverJsse.
|
||
|
|
* The default is localhost:8050.
|
||
|
|
*
|
||
|
|
*/
|
||
|
|
|
||
|
|
public class ServerJsse extends HttpServlet {
|
||
|
|
static int N = 50, L = 100, R = 2;
|
||
|
|
static PrintWriter out = new PrintWriter(System.out);
|
||
|
|
static SSLContext sslContext;
|
||
|
|
|
||
|
|
|
||
|
|
// Open up the KeyStore to obtain the Trusted Certificates.
|
||
|
|
// KeyStore is of type "JKS". Filename is "serverAppKeys.jks"
|
||
|
|
// and password is "myKeys".
|
||
|
|
private static void initContext() throws Exception {
|
||
|
|
try {
|
||
|
|
Security.addProvider(new com.ibm.jsse.JSSEProvider());
|
||
|
|
|
||
|
|
KeyStore ks = KeyStore.getInstance("JKS");
|
||
|
|
ks.load(new FileInputStream("serverAppKeys.jks"), "myKeys".toCharArray());
|
||
|
|
KeyManagerFactory kmf = KeyManagerFactory.getInstance("IbmX509");
|
||
|
|
kmf.init(ks, "myKeys".toCharArray());
|
||
|
|
TrustManagerFactory tmf = TrustManagerFactory.getInstance("IbmX509");
|
||
|
|
tmf.init(ks);
|
||
|
|
sslContext = SSLContext.getInstance("SSL");
|
||
|
|
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
|
||
|
|
}
|
||
|
|
catch (Exception e) {
|
||
|
|
out.println("Failed to read serverAppKeys.jks file.");
|
||
|
|
e.printStackTrace();
|
||
|
|
throw e;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
public void doGet(HttpServletRequest q, HttpServletResponse r) {
|
||
|
|
r.setContentType("text/html");
|
||
|
|
|
||
|
|
String[] args = new String[1];
|
||
|
|
args[0] = getInitParameter("port");
|
||
|
|
|
||
|
|
// send result to the caller
|
||
|
|
try {
|
||
|
|
out = r.getWriter();
|
||
|
|
out.println("<html>");
|
||
|
|
out.println("<head><title>Server JSSE Session</title></head>");
|
||
|
|
out.println("<body>");
|
||
|
|
out.println("<h1>Server JSSE Session (starting) </h1>");
|
||
|
|
out.flush();
|
||
|
|
out.println("<pre>");
|
||
|
|
main(args);
|
||
|
|
|
||
|
|
out.println("</pre>");
|
||
|
|
out.println("</body></html>");
|
||
|
|
out.flush();
|
||
|
|
out.close();
|
||
|
|
|
||
|
|
}
|
||
|
|
catch (Exception e) {
|
||
|
|
out.println("Exception in ServerJsse Servlet: " + e.getMessage());
|
||
|
|
e.printStackTrace();
|
||
|
|
}
|
||
|
|
}//end public void doGet(...)
|
||
|
|
|
||
|
|
|
||
|
|
/* Entry point for ServerJsse as stand alone application.
|
||
|
|
* @param args no parameters required
|
||
|
|
*/
|
||
|
|
public static void main(String args[]) throws Exception {
|
||
|
|
int i, j, len, portint;
|
||
|
|
String port = "8050";
|
||
|
|
|
||
|
|
if ((args != null) && (args.length > 0)) {
|
||
|
|
port = args[0];
|
||
|
|
}
|
||
|
|
|
||
|
|
portint = (new Integer(port)).intValue();
|
||
|
|
|
||
|
|
if (args.length > 1)
|
||
|
|
N = Integer.parseInt(args[0]);
|
||
|
|
if (args.length > 2)
|
||
|
|
L = Integer.parseInt(args[1]);
|
||
|
|
|
||
|
|
byte buffer[] = new byte[L];
|
||
|
|
|
||
|
|
out.println("SERVER: started.");
|
||
|
|
|
||
|
|
initContext();
|
||
|
|
|
||
|
|
try {
|
||
|
|
|
||
|
|
out.println("ServerJsse: SSL server context created.");
|
||
|
|
|
||
|
|
SSLServerSocketFactory factory = sslContext.getServerSocketFactory();
|
||
|
|
|
||
|
|
// Get and print the list of supported enabled cipher suites
|
||
|
|
String enabled[] = factory.getSupportedCipherSuites();
|
||
|
|
out.println("ServerJsse: enabled cipher suites");
|
||
|
|
for (i=0; i < enabled.length; i++)
|
||
|
|
out.println(enabled[i]);
|
||
|
|
out.flush();
|
||
|
|
|
||
|
|
// Create an SSL session over port 8050
|
||
|
|
SSLServerSocket ssl_server_sock =
|
||
|
|
(SSLServerSocket)factory.createServerSocket(portint);
|
||
|
|
SSLSocket ssl_sock;
|
||
|
|
InputStream istr;
|
||
|
|
OutputStream ostr;
|
||
|
|
long t;
|
||
|
|
while (buffer[0] != -1) {
|
||
|
|
for (int n=0; n<R; n++) {
|
||
|
|
try {
|
||
|
|
ssl_sock = (SSLSocket)(ssl_server_sock.accept());
|
||
|
|
ssl_sock.setEnabledCipherSuites(enabled);
|
||
|
|
|
||
|
|
ssl_sock.startHandshake();
|
||
|
|
SSLSession session = ssl_sock.getSession();
|
||
|
|
out.println(" ");
|
||
|
|
out.println("\nServerJsse: SSL connection established");
|
||
|
|
out.println(" cipher suite: " + session.getCipherSuite());
|
||
|
|
}
|
||
|
|
catch (IOException se) {
|
||
|
|
out.println("ServerJsse: client connection refused\n" + se);
|
||
|
|
break;
|
||
|
|
}
|
||
|
|
|
||
|
|
if (L > 0) {
|
||
|
|
istr = ssl_sock.getInputStream();
|
||
|
|
ostr = ssl_sock.getOutputStream();
|
||
|
|
|
||
|
|
t = System.currentTimeMillis();
|
||
|
|
for (j=0;j<N;j++) {
|
||
|
|
for (len = 0;;) {
|
||
|
|
try {
|
||
|
|
if ((i = istr.read(buffer, len, L-len)) == -1) {
|
||
|
|
out.println("ServerJsse: connection dropped by partner.");
|
||
|
|
ssl_sock.close();
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
catch (InterruptedIOException e) {
|
||
|
|
out.println("waiting");
|
||
|
|
continue;
|
||
|
|
}
|
||
|
|
if ((len+=i) == L) break;
|
||
|
|
}
|
||
|
|
ostr.write(buffer, 0, L);
|
||
|
|
}
|
||
|
|
out.println("Messages = " + N*2 + "; Time = " +
|
||
|
|
(System.currentTimeMillis() - t));
|
||
|
|
}
|
||
|
|
ssl_sock.close();
|
||
|
|
}
|
||
|
|
}
|
||
|
|
ssl_server_sock.close();
|
||
|
|
out.println("ServerJsse: SSL connection closed.");
|
||
|
|
out.flush();
|
||
|
|
Thread.sleep(1000);
|
||
|
|
|
||
|
|
// Example using plain sockets
|
||
|
|
if (L > 0) {
|
||
|
|
ServerSocket server_sock = new ServerSocket(portint);
|
||
|
|
Socket sock = server_sock.accept();
|
||
|
|
out.println(" ");
|
||
|
|
out.println("\nServerJsse: Plain Socket connection accepted.");
|
||
|
|
istr = sock.getInputStream();
|
||
|
|
ostr = sock.getOutputStream();
|
||
|
|
|
||
|
|
t = System.currentTimeMillis();
|
||
|
|
for (j=0;j<N;j++) {
|
||
|
|
for (len = 0;;) {
|
||
|
|
if ((i = istr.read(buffer, len, L-len)) == -1) {
|
||
|
|
out.println("ServerJsse: connection dropped by partner.");
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
if ((len+=i) == L) break;
|
||
|
|
}
|
||
|
|
ostr.write(buffer, 0, L);
|
||
|
|
}
|
||
|
|
out.println("Messages = " + N*2 + "; Time = " +
|
||
|
|
(System.currentTimeMillis() - t));
|
||
|
|
sock.close();
|
||
|
|
server_sock.close();
|
||
|
|
out.println("ServerJsse: Plain Socket connection closed.");
|
||
|
|
Thread.sleep(1000);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
catch (IOException e) {
|
||
|
|
e.printStackTrace();
|
||
|
|
}
|
||
|
|
catch (InterruptedException f) {
|
||
|
|
f.printStackTrace();
|
||
|
|
}
|
||
|
|
out.println(" ");
|
||
|
|
out.println("ServerJsse: terminated.");
|
||
|
|
out.flush();
|
||
|
|
|
||
|
|
}//end main(...)
|
||
|
|
|
||
|
|
}//end class</pre>
|
||
|
|
</body>
|
||
|
|
</html>
|