SSLByteChannel

Contact

Email :
wappsec

Overview

Java New I/O architecture doesn't provide a simple way to use SSL with Channels, and worse before 5.0 it wasn't even possible to mix SSL and NIO. Java 5 comes with a new low-level SSL api (SSLEngine) that can be use to provide SSL to any data source. Thanks to this API, I designed a small and simple class which implements ByteChannel interface and whose constructor enables you to make "a SSL upgrade" on any byte channel.

SSLByteChannel can be use as follow :

KeyStore ks = KeyStore.getInstance("JKS");
File kf = new File("keystore");
ks.load(new FileInputStream(kf), "storepassword".toCharArray());

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "keypassword".toCharArray());

TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

SSLEngine engine = sslContext.createSSLEngine();
engine.setUseClientMode(false);
engine.beginHandshake();

SSLByteChannel sslByteChannel = new SSLByteChannel(channel, engine);

keystore is a file you have generated using keytool. storepassword and keypassword are passwords you gave during your key initialization phasis. keytool command can be use as follow :

keytool -genkey -validity 3650 -keystore "keystore" -storepass "storepassword" -keypass "keypassword" -alias "default" -dname "CN=MyName, OU=MyOrgUnit, O=MyOrg, L=MyCity, S=MyRegion, C=MyCountry"

News

  • 2005-08-05 : SSLByteChannel 1.0.0
    • First release

Hit count since 2005-08-05 :

About

© 2005 David Crosson. All rights reserved.