Statistics

Content View Hits : 31381
ServerSocket + certificates PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Gurito   

Recently I'm involved in a project in which we have the following (simplest) scenario. Two machines are using RMI in a network. We want to use RMI over SSL in order to make it secure. And we want to be able to read certificates in both sides, server and client. In both sides we want to check the contents of the certificates before actually establishing a connection.

For this purpose I wrote a very basic implementation of ServerSocket. In this class I delegate the methods to SSLServerSocket and CryptoBroker is a class which provides a Context, with which we construct an SSLServerSocket.  You should write your own methods to do this. 

  1. /**
  2.  * 
  3.  */
  4. package test.ssl;
  5.  
  6. import java.io.IOException;
  7. import java.net.InetAddress;
  8. import java.net.Socket;
  9. import java.security.cert.X509Certificate;
  10.  
  11. import javax.net.ssl.SSLPeerUnverifiedException;
  12. import javax.net.ssl.SSLServerSocket;
  13. import javax.net.ssl.SSLServerSocketFactory;
  14. import javax.net.ssl.SSLSession;
  15. import javax.net.ssl.SSLSocket;
  16.  
  17. import org.apache.log4j.Logger;
  18.  
  19. import detos.conframe.ssl.CryptoBroker;
  20.  
  21. /**
  22.  * @author gurito Our own implementation of ServerSocket The goal is to check a
  23.  *         certificate before actually establishing a connection private
  24.  *         KeyStore ks;
  25.  */
  26. public class ServerSocket extends java.net.ServerSocket {
  27.  
  28.     private static final Logger LOG = Logger.getLogger(ServerSocket.class);
  29.     private final SSLServerSocket s;
  30.     private final SSLServerSocketFactory ssf;
  31.  
  32.     /**
  33.      * @throws Exception,
  34.      *             IOException
  35.      */
  36.     public ServerSocket() throws Exception, IOException {
  37.         CryptoBroker cb = CryptoBroker.getInstance("config/cacert.pem",
  38.                 "config/server.pem");
  39.         ssf = cb.getContext().getServerSocketFactory();
  40.         s = (SSLServerSocket) ssf.createServerSocket();
  41.     }
  42.  
  43.     /**
  44.      * @param port
  45.      * @throws IOException
  46.      */
  47.     public ServerSocket(int port) throws IOException, Exception {
  48.         CryptoBroker cb = CryptoBroker.getInstance("config/cacert.pem",
  49.                 "config/server.pem");
  50.         ssf = cb.getContext().getServerSocketFactory();
  51.         s = (SSLServerSocket) ssf.createServerSocket(port);
  52.     }
  53.  
  54.     /**
  55.      * @param port
  56.      * @param backlog
  57.      * @throws IOException
  58.      */
  59.     public ServerSocket(int port, int backlog) throws IOException, Exception {
  60.         CryptoBroker cb = CryptoBroker.getInstance("config/cacert.pem",
  61.                 "config/server.pem");
  62.         ssf = cb.getContext().getServerSocketFactory();
  63.         s = (SSLServerSocket) ssf.createServerSocket(port, backlog);
  64.     }
  65.  
  66.     /**
  67.      * @param arg0
  68.      * @param arg1
  69.      * @param arg2
  70.      * @throws IOException
  71.      */
  72.     public ServerSocket(int arg0, int arg1, InetAddress arg2)
  73.             throws IOException, Exception {
  74.         CryptoBroker cb = CryptoBroker.getInstance("config/cacert.pem",
  75.                 "config/server.pem");
  76.         ssf = cb.getContext().getServerSocketFactory();
  77.         s = (SSLServerSocket) ssf.createServerSocket(arg0, arg1, arg2);
  78.     }
  79.  
  80.     /**
  81.      * accept() listens for connections and, after checking the certificate,
  82.      * establishes one.
  83.      * 
  84.      * @return SSLSocket
  85.      * @throws IOException
  86.      */
  87.     @Override
  88.     public Socket accept() throws IOException {
  89.         s.setEnableSessionCreation(true);
  90.         s.setNeedClientAuth(true);
  91.         SSLSocket zokete = (SSLSocket) s.accept();
  92.         if (zokete.isConnected()) {
  93.             LOG.info("connected");
  94.             SSLSession session = zokete.getSession();
  95.             checkCertificates(session);
  96.         }
  97.         return zokete;
  98.     }
  99.  
  100.     private boolean checkCertificates(SSLSession session) {
  101.         // TODO Do something here
  102.         if (session != null) {
  103.             LOG.info("Successfully established a session!!!");
  104.             try {
  105.                 X509Certificate[] certs = (X509Certificate[]) session
  106.                         .getPeerCertificates();
  107.                 String name = certs[0].getSubjectX500Principal().getName();
  108.                 LOG.info("Name of the cert: " + name);
  109.             } catch (SSLPeerUnverifiedException e) {
  110.                 // TODO Auto-generated catch block
  111.                 LOG.error("Caught an Exception: " + e + " --> "
  112.                         + e.getMessage());
  113.             }
  114.             return true;
  115.         }
  116.         return false;
  117.     }
  118.  
  119. }
 

Next >
Last Updated on Tuesday, 31 March 2009 15:07