Example: JSSE client servlet
/*
*
* This material contains programming source code for your
* consideration. These examples have not been thoroughly
* tested under all conditions. IBM, therefore, cannot
* guarantee or imply reliability, serviceability, or function
* of these program. All programs contained herein are
* provided to you "AS IS". THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* ARE EXPRESSLY DISCLAIMED. IBM provides no program services for
* these programs and files.
*
*/
import java.io.*;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.Security;
import java.security.KeyStore;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSession;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.ibm.net.ssl.SSLContext;
import com.ibm.net.ssl.TrustManagerFactory;
import com.ibm.net.ssl.TrustManager;
import com.ibm.net.ssl.KeyManagerFactory;
/*
* ServerJsse and ClientJsse
*
* Sample applications to demonstrate a simple client/server interaction using JSSE.
* They communicate using all enabled cipher suites.
*
* The ServerJsse and ClientJsse use different KeyStore files called
* "clientAppKeys.jks" and "serverAppKeys.jks" protected by a password and assumed
* to be in the current working directory. In a real application, the client and
* server should also have their own KeyStore files.
*
* You can build these sample program classes by issuing the following command but
* first make sure that the ibmjsse.jar file shipped in the
* "WAS_PRODUCT_ROOT/java/ext" is in your CLASSPATH or extensions directory.
* This is a servlet, so you also need "WAS_PRODUCT_ROOT/lib/j2ee.jar to compile.
*
* javac ServerJsse.java
* javac ClientJsse.java
*
*
* Running the client/server application requires that the Server is started first
* and then the Client application.
*
* To start the ServerJsse, run the following command:
*
* java ServerJsse
*
* The ServerJsse uses port 8050 by default. Once ServerJsse has started it waits
* for the ClientJsse connection.
*
* To start the client, issue the following command:
*
* java ClientJsse hostname:port
*
* where hostname:port is the optional host:port running SeverJsse.
* The default is localhost:8050.
*
*/
public class ClientJsse extends HttpServlet {
static int N = 50, L = 100, R = 2;
static PrintWriter out = new PrintWriter(System.out);
static SSLContext sslContext;
// Open the KeyStore to obtain the Trusted Certificates.
// KeyStore is of type "JKS". Filename is "clientAppKeys.jks"
// and password is "myKeys".
public static void initContext() {
try {
Security.addProvider(new com.ibm.jsse.JSSEProvider());
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("clientAppKeys.jks"), "myKeys".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("IbmX509");
kmf.init(ks, "myKeys".toCharArray());
TrustManager[] tm;
TrustManagerFactory tmf = TrustManagerFactory.getInstance("IbmX509");
tmf.init(ks);
tm = tmf.getTrustManagers();
sslContext = SSLContext.getInstance("SSL");
sslContext.init(kmf.getKeyManagers(), tm, null);
}
catch (Throwable t) {
out.println("Failed to read clientAppKeys.jks file.");
t.printStackTrace();
}
}
public void doGet(HttpServletRequest q, HttpServletResponse r) {
r.setContentType("text/html");
String[] args = new String[1];
args[0] = getInitParameter("hostname");
// send result to the caller
try {
out = r.getWriter();
out.println("<html>");
out.println("<head>title>Client JSSE Session</title></head>");
out.println("<body>");
out.println("<h1>Client JSSE Session (starting)</h1>");
out.flush();
out.println("<pre>");
main(args);
out.println("</pre>");
out.println("</body></html>");
out.flush();
out.close();
}
catch (Exception e) {
out.println("Exception in ClientJsse Servlet: " + e.getMessage());
e.printStackTrace();
}
}//end public void doGet(...)
/** Starts the ClientJsse application as stand alone application.
* @param args the name of the host the ClientJsse should connect to
*/
public static void main(String args[]) throws Exception {
int i, j, len, ci_nonanon;
String host = "127.0.0.1";
int port = 8050;
if ((args != null) && (args.length > 0)) {
host = args[0];
i = host.indexOf(':');
if (i != -1) {
try {
port = Integer.parseInt(host.substring(i+1));
host = host.substring(0,i);
}
catch (Exception e) {
System.err.println("ClientJsse: wrong address format");
e.printStackTrace();
throw e;
}
}
}
if (args.length > 1)
N = Integer.parseInt(args[1]);
if (args.length > 2)
L = Integer.parseInt(args[2]);
byte buffer[] = new byte[L];
out.println("ClientJsse: started.");
initContext();
try {
if (sslContext == null) {
out.println ("ClientJsse: SSL client context NOT created.");
return;
}
out.println("ClientJsse: SSL client context created.");
SSLSocketFactory factory = sslContext.getSocketFactory();
String[] cipher_suites =
sslContext.getSocketFactory().getSupportedCipherSuites();
out.println("ClientJsse: enabled cipher suites");
for (i=0, ci_nonanon=0; i < cipher_suites.length; i++) {
if (cipher_suites[i].indexOf("_anon_") < 0) {
ci_nonanon++;
}
out.println(" " + cipher_suites[i]);
}
out.flush();
SSLSocket ssl_sock;
OutputStream ostr;
InputStream istr;
long t;
String[] ecs = new String[1];
out.println("\n ");
for (int csi = 0; csi < ci_nonanon; csi++) {
// Remove anonymous cipher suites.
// TrustManager requires a personal certificate.
ecs[0] = cipher_suites[csi];
if (ecs[0].indexOf("_anon_") >= 0) {
continue;
}
for (int n = 0; n < R; n++) {
t = System.currentTimeMillis();
try {
ssl_sock = (SSLSocket) factory.createSocket(host, port);
ssl_sock.setEnabledCipherSuites(ecs);
ssl_sock.startHandshake();
SSLSession session = ssl_sock.getSession();
out.println(" ");
out.println("\nClientJsse: SSL connection established");
out.println(" cipher suite: " + session.getCipherSuite());
}
catch (Exception se) {
out.println(" ");
out.println("\nClientJsse: can't connect using: " +
cipher_suites[csi] + "\n" + se);
break;
}
if (L > 0) {
istr = ssl_sock.getInputStream();
ostr = ssl_sock.getOutputStream();
for (j=0; j < N; j++) {
if ((j==N-1) && (n == R-1) && (csi == ci_nonanon - 1))
buffer[0] = (byte)-1;
ostr.write(buffer, 0, L);
for (len = 0;;) {
try {
if ((i = istr.read(buffer, len, L-len)) == -1) {
out.println("ClientJsse: SSL connection dropped by partner.");
istr.close();
return;
}
// out.println("ClientJsse: " + i + " bytes received.");
if ((len+=i) == L) break;
}
catch (InterruptedIOException e) {
// out.println("ClientJsse: timeout.\n");
}
}
}
}
out.println("Messages = " + N*2 + "; Time = " +
(System.currentTimeMillis() - t));
ssl_sock.close();
out.println("ClientJsse: SSL connection closed.");
out.flush();
}
}
Thread.sleep(1500);
// Example using plain sockets
if (L > 0) {
Socket sock = new Socket(host, port);
out.println(" ");
out.println("\nClientJsse: Plain Socket connection established.");
istr = sock.getInputStream();
ostr = sock.getOutputStream();
t = System.currentTimeMillis();
for (j=0; j < N; j++) {
ostr.write(buffer, 0, L);
for (len = 0;;) {
if ((i = istr.read(buffer, len, L-len)) == -1) {
out.println("ClientJsse: connection dropped by partner.");
return;
}
if ((len+=i) == L) break;
}
}
out.println("Messages = " + N*2 + "; Time = " +
(System.currentTimeMillis() - t));
sock.close();
out.println("ClientJsse: Plain Socket connection closed.");
Thread.sleep(1500);
}
}
catch (Exception e) {
out.println(e);
}
out.println(" ");
out.println("ClientJsse: terminated.");
out.flush();
}//end main(...)
}//end class