SSL-encrypted Client/Server connection in Java (0)
May 6th, 2009 by Frank Niedermann, under Java.
1. Generating a key pair (public key + private key) for the server and store those as certificate in the keystore “ServerKeystore”
keytool -genkey -keystore ServerKeystore -alias SSLCertificate -keyalg RSA -validity 360
2. Export the public key of the server and import it into the keystore “ClientKeystore”
keytool -keystore ServerKeystore -export -alias ServerKeystore -file ServerCertificate.crt keytool -keystore ClientKeystore -import -file ServerCertificate.cer
3. List the contents of the two keystores
keytool -list -keystore ServerKeystore -v keytool -list -keystore ClientKeystore -v
4. Generate the Java class for the SSLServer
import java.io.InputStream; import java.io.OutputStream; import java.io.PrintWriter; import java.util.Scanner; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLSocket; public class SSLServer implements Runnable { public static void main(String[] args) { ExecutorService executor = Executors.newSingleThreadExecutor(); executor.execute(new SSLServer()); System.out.println("Server started on port 7777"); executor.shutdown(); } @Override public void run() { try { // create a server socket and listen on it SSLServerSocket serverSocket = (SSLServerSocket) SSLServerSocketFactory .getDefault().createServerSocket(7777); SSLSocket server = (SSLSocket) serverSocket.accept(); // input and output stream InputStream in = server.getInputStream(); OutputStream out = server.getOutputStream(); // receive data from client and echo it back Scanner scanner = new Scanner(in); PrintWriter printWriter = new PrintWriter(out); String line = null; while (scanner.hasNextLine()) { line = scanner.nextLine(); System.out.println("Server received: " + line); printWriter.println(line); printWriter.flush(); } scanner.close(); server.close(); serverSocket.close(); } catch (Exception e) { System.out.println(e.getMessage()); } } }
5. Generate the Java class for the SSLClient
import java.io.BufferedReader; import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStream; import java.io.PrintWriter; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; public class SSLClient { public static void main(String[] args) { try { // create a client socket and connect to server SSLSocket client = (SSLSocket) SSLSocketFactory.getDefault() .createSocket("localhost", 7777); // output stream to server OutputStream out = client.getOutputStream(); // input stream for user input InputStream in = System.in; InputStreamReader reader = new InputStreamReader(in); BufferedReader breader = new BufferedReader(reader); // send data to server PrintWriter printWriter = new PrintWriter(out); String line = null; while ((line = breader.readLine()) != null) { printWriter.println(line); printWriter.flush(); } } catch (Exception e) { System.out.println(e.getMessage()); } } }
6. Run the SSLServer and SSLClient classes with the following JRE parameters
SSLServer: -Djavax.net.debug=all -Djavax.net.ssl.keyStore="/path/to/ServerKeystore" -Djavax.net.ssl.keyStorePassword=serverKeystorePassword
SSLClient: -Djavax.net.debug=all -Djavax.net.ssl.trustStore="/path/to/ClientKeystore" -Djavax.net.ssl.trustStorePassword=clientKeystorePassword
Using -Djavax.net.debug=all as additional JRE parameter will print some debug information.
