306 lines
10 KiB
HTML
306 lines
10 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
|
|
|
|
<title>Example: JSSE client servlet</title>
|
|
</head>
|
|
|
|
<BODY>
|
|
<!-- Java sync-link -->
|
|
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
|
|
|
|
<h6><a name="secjssecltex"></a>Example: JSSE client servlet</h6>
|
|
<pre>/*
|
|
*
|
|
* This material contains programming source code for your
|
|
* consideration. These examples have not been thoroughly
|
|
* tested under all conditions. IBM, therefore, cannot
|
|
* guarantee or imply reliability, serviceability, or function
|
|
* of these program. All programs contained herein are
|
|
* provided to you "AS IS". THE IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
* ARE EXPRESSLY DISCLAIMED. IBM provides no program services for
|
|
* these programs and files.
|
|
*
|
|
*/
|
|
import java.io.*;
|
|
import java.net.ServerSocket;
|
|
import java.net.Socket;
|
|
import java.security.Security;
|
|
import java.security.KeyStore;
|
|
import javax.net.ssl.SSLServerSocketFactory;
|
|
import javax.net.ssl.SSLSocketFactory;
|
|
import javax.net.ssl.SSLServerSocket;
|
|
import javax.net.ssl.SSLSocket;
|
|
import javax.net.ssl.SSLSession;
|
|
import javax.servlet.http.HttpServlet;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import javax.servlet.http.HttpServletResponse;
|
|
import com.ibm.net.ssl.SSLContext;
|
|
import com.ibm.net.ssl.TrustManagerFactory;
|
|
import com.ibm.net.ssl.TrustManager;
|
|
import com.ibm.net.ssl.KeyManagerFactory;
|
|
|
|
/*
|
|
* ServerJsse and ClientJsse
|
|
*
|
|
* Sample applications to demonstrate a simple client/server interaction using JSSE.
|
|
* They communicate using all enabled cipher suites.
|
|
*
|
|
* The ServerJsse and ClientJsse use different KeyStore files called
|
|
* "clientAppKeys.jks" and "serverAppKeys.jks" protected by a password and assumed
|
|
* to be in the current working directory. In a real application, the client and
|
|
* server should also have their own KeyStore files.
|
|
*
|
|
* You can build these sample program classes by issuing the following command but
|
|
* first make sure that the ibmjsse.jar file shipped in the
|
|
* "WAS_PRODUCT_ROOT/java/ext" is in your CLASSPATH or extensions directory.
|
|
* This is a servlet, so you also need "WAS_PRODUCT_ROOT/lib/j2ee.jar to compile.
|
|
*
|
|
* javac ServerJsse.java
|
|
* javac ClientJsse.java
|
|
*
|
|
*
|
|
* Running the client/server application requires that the Server is started first
|
|
* and then the Client application.
|
|
*
|
|
* To start the ServerJsse, run the following command:
|
|
*
|
|
* java ServerJsse
|
|
*
|
|
* The ServerJsse uses port 8050 by default. Once ServerJsse has started it waits
|
|
* for the ClientJsse connection.
|
|
*
|
|
* To start the client, issue the following command:
|
|
*
|
|
* java ClientJsse <em>hostname:port</em>
|
|
*
|
|
* where <em>hostname:port</em> is the optional host:port running SeverJsse.
|
|
* The default is localhost:8050.
|
|
*
|
|
*/
|
|
|
|
public class ClientJsse extends HttpServlet {
|
|
static int N = 50, L = 100, R = 2;
|
|
static PrintWriter out = new PrintWriter(System.out);
|
|
static SSLContext sslContext;
|
|
|
|
|
|
// Open the KeyStore to obtain the Trusted Certificates.
|
|
// KeyStore is of type "JKS". Filename is "clientAppKeys.jks"
|
|
// and password is "myKeys".
|
|
public static void initContext() {
|
|
try {
|
|
Security.addProvider(new com.ibm.jsse.JSSEProvider());
|
|
|
|
KeyStore ks = KeyStore.getInstance("JKS");
|
|
ks.load(new FileInputStream("clientAppKeys.jks"), "myKeys".toCharArray());
|
|
KeyManagerFactory kmf = KeyManagerFactory.getInstance("IbmX509");
|
|
kmf.init(ks, "myKeys".toCharArray());
|
|
|
|
TrustManager[] tm;
|
|
TrustManagerFactory tmf = TrustManagerFactory.getInstance("IbmX509");
|
|
tmf.init(ks);
|
|
tm = tmf.getTrustManagers();
|
|
|
|
sslContext = SSLContext.getInstance("SSL");
|
|
sslContext.init(kmf.getKeyManagers(), tm, null);
|
|
}
|
|
catch (Throwable t) {
|
|
out.println("Failed to read clientAppKeys.jks file.");
|
|
t.printStackTrace();
|
|
}
|
|
}
|
|
|
|
public void doGet(HttpServletRequest q, HttpServletResponse r) {
|
|
r.setContentType("text/html");
|
|
String[] args = new String[1];
|
|
args[0] = getInitParameter("hostname");
|
|
|
|
// send result to the caller
|
|
try {
|
|
out = r.getWriter();
|
|
out.println("<html>");
|
|
out.println("<head>title>Client JSSE Session</title></head>");
|
|
out.println("<body>");
|
|
out.println("<h1>Client JSSE Session (starting)</h1>");
|
|
out.flush();
|
|
out.println("<pre>");
|
|
|
|
main(args);
|
|
|
|
out.println("</pre>");
|
|
out.println("</body></html>");
|
|
out.flush();
|
|
out.close();
|
|
|
|
}
|
|
catch (Exception e) {
|
|
out.println("Exception in ClientJsse Servlet: " + e.getMessage());
|
|
e.printStackTrace();
|
|
}
|
|
}//end public void doGet(...)
|
|
|
|
|
|
|
|
/** Starts the ClientJsse application as stand alone application.
|
|
* @param args the name of the host the ClientJsse should connect to
|
|
*/
|
|
public static void main(String args[]) throws Exception {
|
|
|
|
int i, j, len, ci_nonanon;
|
|
|
|
String host = "127.0.0.1";
|
|
int port = 8050;
|
|
|
|
if ((args != null) && (args.length > 0)) {
|
|
host = args[0];
|
|
i = host.indexOf(':');
|
|
if (i != -1) {
|
|
try {
|
|
port = Integer.parseInt(host.substring(i+1));
|
|
host = host.substring(0,i);
|
|
}
|
|
catch (Exception e) {
|
|
System.err.println("ClientJsse: wrong address format");
|
|
e.printStackTrace();
|
|
throw e;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (args.length > 1)
|
|
N = Integer.parseInt(args[1]);
|
|
if (args.length > 2)
|
|
L = Integer.parseInt(args[2]);
|
|
byte buffer[] = new byte[L];
|
|
|
|
out.println("ClientJsse: started.");
|
|
|
|
initContext();
|
|
|
|
try {
|
|
if (sslContext == null) {
|
|
out.println ("ClientJsse: SSL client context NOT created.");
|
|
return;
|
|
}
|
|
|
|
out.println("ClientJsse: SSL client context created.");
|
|
SSLSocketFactory factory = sslContext.getSocketFactory();
|
|
String[] cipher_suites =
|
|
sslContext.getSocketFactory().getSupportedCipherSuites();
|
|
|
|
out.println("ClientJsse: enabled cipher suites");
|
|
for (i=0, ci_nonanon=0; i < cipher_suites.length; i++) {
|
|
if (cipher_suites[i].indexOf("_anon_") < 0) {
|
|
ci_nonanon++;
|
|
}
|
|
out.println(" " + cipher_suites[i]);
|
|
}
|
|
out.flush();
|
|
SSLSocket ssl_sock;
|
|
OutputStream ostr;
|
|
InputStream istr;
|
|
long t;
|
|
String[] ecs = new String[1];
|
|
|
|
out.println("\n ");
|
|
for (int csi = 0; csi < ci_nonanon; csi++) {
|
|
// Remove anonymous cipher suites.
|
|
// TrustManager requires a personal certificate.
|
|
ecs[0] = cipher_suites[csi];
|
|
if (ecs[0].indexOf("_anon_") >= 0) {
|
|
continue;
|
|
}
|
|
for (int n = 0; n < R; n++) {
|
|
t = System.currentTimeMillis();
|
|
try {
|
|
ssl_sock = (SSLSocket) factory.createSocket(host, port);
|
|
ssl_sock.setEnabledCipherSuites(ecs);
|
|
|
|
ssl_sock.startHandshake();
|
|
SSLSession session = ssl_sock.getSession();
|
|
out.println(" ");
|
|
out.println("\nClientJsse: SSL connection established");
|
|
out.println(" cipher suite: " + session.getCipherSuite());
|
|
}
|
|
catch (Exception se) {
|
|
out.println(" ");
|
|
out.println("\nClientJsse: can't connect using: " +
|
|
cipher_suites[csi] + "\n" + se);
|
|
break;
|
|
}
|
|
|
|
if (L > 0) {
|
|
istr = ssl_sock.getInputStream();
|
|
ostr = ssl_sock.getOutputStream();
|
|
|
|
for (j=0; j < N; j++) {
|
|
if ((j==N-1) && (n == R-1) && (csi == ci_nonanon - 1))
|
|
buffer[0] = (byte)-1;
|
|
ostr.write(buffer, 0, L);
|
|
for (len = 0;;) {
|
|
try {
|
|
if ((i = istr.read(buffer, len, L-len)) == -1) {
|
|
out.println("ClientJsse: SSL connection dropped by partner.");
|
|
istr.close();
|
|
return;
|
|
}
|
|
// out.println("ClientJsse: " + i + " bytes received.");
|
|
if ((len+=i) == L) break;
|
|
}
|
|
catch (InterruptedIOException e) {
|
|
// out.println("ClientJsse: timeout.\n");
|
|
}
|
|
}
|
|
}
|
|
}
|
|
out.println("Messages = " + N*2 + "; Time = " +
|
|
(System.currentTimeMillis() - t));
|
|
ssl_sock.close();
|
|
out.println("ClientJsse: SSL connection closed.");
|
|
out.flush();
|
|
}
|
|
}
|
|
|
|
Thread.sleep(1500);
|
|
|
|
// Example using plain sockets
|
|
if (L > 0) {
|
|
Socket sock = new Socket(host, port);
|
|
out.println(" ");
|
|
out.println("\nClientJsse: Plain Socket connection established.");
|
|
istr = sock.getInputStream();
|
|
ostr = sock.getOutputStream();
|
|
t = System.currentTimeMillis();
|
|
for (j=0; j < N; j++) {
|
|
ostr.write(buffer, 0, L);
|
|
for (len = 0;;) {
|
|
if ((i = istr.read(buffer, len, L-len)) == -1) {
|
|
out.println("ClientJsse: connection dropped by partner.");
|
|
return;
|
|
}
|
|
if ((len+=i) == L) break;
|
|
}
|
|
}
|
|
out.println("Messages = " + N*2 + "; Time = " +
|
|
(System.currentTimeMillis() - t));
|
|
sock.close();
|
|
out.println("ClientJsse: Plain Socket connection closed.");
|
|
Thread.sleep(1500);
|
|
}
|
|
}
|
|
catch (Exception e) {
|
|
out.println(e);
|
|
}
|
|
out.println(" ");
|
|
out.println("ClientJsse: terminated.");
|
|
out.flush();
|
|
}//end main(...)
|
|
}//end class</pre>
|
|
|
|
</body>
|
|
</html>
|