SSL and SocketChannel

S

4

13

Ideally, I only need a simple SSLSocketChannel.

I already have a component that reads and writes message over ordinary SocketChannel, but for some of these connections, I have to use SSL over the wire; the operations over these connections, however, are the same.

Does anyone knows a free SSLSocketChannel implementation (with the appropriate selector) or something similar? I've found this, but the selector doesn't accept it since its vendor isn't SUN.

I'm decoupling the reading_from/writing_to net logic from the insertion and retrieval of network data via a simple object, in order to use a SSLEngine without getting mad, but it's really tricky to implement that correctly, given the fact that I don't know the internals of SSL protocol...

Spectacular answered 15/5, 2009 at 9:34 Comment(0)

E

0

Check out Restlet's implementation it may do what you need, and it's all about NIO.

Restlet Engine Javadoc

Specifically the HttpClientCall. SetProtocol(HTTPS) - getResponseEntityChannel returns a ReadableByteChannel (getEntityChannel returns a WriteableByteChannel)

Eos answered 19/5, 2009 at 23:18 Comment(6)

Mmh, I've searched into the sources for "SSLEngine" and I'vent found anything... maybe they don't use nonblocking I/O with SSL? – Spectacular 20/5, 2009 at 10:7

I doubt it - the whole Restlet project is based on NIO. Sorry can't be more help, but I have to believe they have an NIO SSL solution in there somewhere. – Eos 20/5, 2009 at 14:32

The fact is that I hardly doubt that they implemented something similar to SSLEngine on their own, so they should use SSLEngine in order to get secure connections over channels... btw, I'll give it a more closer look :P – Spectacular 20/5, 2009 at 20:53

That link has been dead for almost four years. This one (2.2) seems to work at present: restlet.org/documentation/2.2/jee/engine/org/restlet/engine/… – Papyrus 13/2, 2013 at 3:24

Downvoted because this answer has been completely unhelpful and did not turn up any useful insight. – Papyrus 13/2, 2013 at 3:47

The link does not work and the source code (if you can find it) does not point to anything useful here. – Finzer 13/2, 2013 at 3:47

T

5

Jetty has an NIO SSL implementation for their server: SslSelectorChannelConnector. You might want to peek at it for details on what its doing.

There is also an old (but decent) article from O'Reilly that explains the details about NIO + SSL along with example code.

Tlingit answered 18/5, 2009 at 18:23 Comment(1)

Thanks for the suggestions :) I already know the O'Reilly article, but it is a bit too simplicistic. I've found a very good hint about building something similar to a SSLSocketChannel in Esmond Pitt's book "Fundamental Networking in Java", but it still is a pain in the a** get it corretly ;) – Spectacular 20/5, 2009 at 9:47

J

3

TLS Channel is a simple library that does exactly that: wrapping a SSLContext (or SSLEngine) and exposing a ByteChannel interface, doing the heavy lifting internally.

(Disclaimer: I am the library's main author).

Jorie answered 21/7, 2017 at 19:20 Comment(0)

S

0

Not sure if this is what you're looking for, but may help... To create SSL/TLS enabled server sockets, I'm currently using code like the following (keystore.jks contains a self signed private/public key pair used for securing confirmation) - clients have a similar trust store which contains the signed certificate with the public key of that pair.

A bit of googling around getting that configured should get you underway.

String keyStorePath = "keystore.jks";
String keyStorePassword = "password";

KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = new KeyStore();
keyStore.load(new FileInputStream(keyStorePath), keyStorePassword);
keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());

sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());

SSLContext sslContext = getServerSSLContext(namespace.getUuid());
SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();

// Create sockets as necessary

Shericesheridan answered 18/5, 2009 at 12:39 Comment(2)

Maybe it isn't clear from the question, but I've a component that does non blocking I/O, so I want a non blocking SSL socket (in Java, a non blocking socket is called "channel"). With your approach, you have a blocking Socket that encrypts the data via SSL/TLS, so it's not what I'm seeking for. I use that approach in another component, where I can afford the overhead to have one thread per connection. Thanks anyway for you time! – Spectacular 18/5, 2009 at 14:1

I've looked at doing something similar recently, and actually ended up deciding tools like jboss.org/netty and mina.apache.org were a much easier approach to adding SSL to NIO. There are mechanisms to use NIO via the SSL Engine you can get from the SSLContext, but looking at the sample code that's available, it's just too damned hard! [my rule of thumb is that if I need to download a ZIP of source code for a tutorial (rather than display it inline) it's time to look for alternatives...] – Shericesheridan 19/5, 2009 at 2:5

E

0