mina-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Wallsgrove <mark.wallsgr...@googlemail.com>
Subject Re: Creating an SSL Client
Date Tue, 06 Oct 2009 07:59:53 GMT
Sounds interesting, I shall have a look later :D

On 10/5/09, Emmanuel Lecharny <elecharny@apache.org> wrote:
> If you want to have fun (and potentially help the project !), you can
> have a look at http://mina.apache.org/asyncweb/
>
> This is a Http server based on MINA. I guess that there is a Client side
> too, but you will have to dig the code from trunk :
>
> http://svn.apache.org/viewvc/mina/asyncweb/trunk/client/
>
> Hope iyt helps !
>
> Mark Wallsgrove wrote:
>> Thanks Chris & David. You have been a great help. I might try and go
>> the Mina route first to see what the final result looks like. If it
>> gets too messy I will try out HTTP Client.
>>
>> Thanks Again,
>> Mark Wallsgrove
>>
>> 2009/10/5 Christopher Popp <christopherpopp@yahoo.com>:
>>
>>> Mark Wallsgrove wrote:
>>>
>>>> But, that shouldn't be too hard to parse.
>>>>
>>>> How much do you have to configure with the SSL connection? I was just
>>>>
>>> r>eading the example that David linked me too and it seams that it has
>>>
>>>>> ~ 7 files. How have you implemented the filter Chris?
>>>>>
>>>> Best Regards,
>>>> Mark Wallsgrove
>>>>
>>
>>
>>> The client we have setup is pretty similar to the MINA examples.  It's
>>> going to have multiple files because you need to setup the various pieces
>>> the SSLFilter depends on, and then you'll have your protocol decoder and
>>> the other standard MINA things.  If you take some of the server examples,
>>> add the line to setup as client mode, it is close to the same, just using
>>> the IOConnector instead of IOAcceptor.  Emmanuel's example, though a
>>> server, is good:
>>> http://mina.apache.org/report/trunk/xref/org/apache/mina/example/chat/Main.html
>>>
>>> I'll paste in some code here from a project where we add support.  This
>>> method is called as soon as the NioSocketConnector is created, and is
>>> passed its filter chain (getFilterChain()).  This still assumes you have
>>> your ProtocolDecoder setup, and all that.  This is just additional stuff
>>> to add the SSL Filter.
>>> ===
>>>
>>> private static void addSSLSupport(DefaultIoFilterChainBuilder chain)
>>> throws Exception
>>> {
>>> KeyStore ks = KeyStore.getInstance("JKS");
>>> InputStream in = null;
>>> char[] PASSWORD =
>>> PropertyManager.get("sim.ssl.keystore_pass").toCharArray();
>>> //if (PropertyManager.isTrue("sim.ssl.server_authentication"))
>>> {
>>> loadKeyStoreFile(in, ks, PASSWORD);
>>> }
>>> log.debug("KEYSTORE SIZE: " + ks.size());
>>> String algorithm =
>>> Security.getProperty("ssl.KeyManagerFactory.algorithm");
>>> log.debug(ks.aliases().nextElement());
>>> if (algorithm == null)
>>> {
>>> algorithm = "SunX509";
>>> }
>>> TrustManager[] TRUST_MANAGERS = null;
>>> KeyManager[] KEY_MANAGERS = null;
>>> if (PropertyManager.isTrue("sim.ssl.server_authentication"))
>>> {
>>> TRUST_MANAGERS = initTrustManager(ks, algorithm);
>>> }
>>> else
>>> {
>>> TRUST_MANAGERS = SimTrustManagerFactory.X509_MANAGERS;
>>> }
>>> if (PropertyManager.isTrue("sim.ssl.cli_authentication"))
>>> {
>>> KEY_MANAGERS = initKeyManager(ks, PASSWORD, algorithm);
>>> }
>>> SSLContext context = SSLContext.getInstance("tls");
>>> //Initialize SSL & add to filter chain
>>> context.init(KEY_MANAGERS, TRUST_MANAGERS, null);
>>> SslFilter sslFilter = new SslFilter(context);
>>> sslFilter.setUseClientMode(true);
>>> chain.addLast("ssl", sslFilter);
>>> log.debug("SSL ON");
>>> }
>>>
>>> ===
>>>
>>> Alternatively, as others have mentioned, since you are dealing with HTTPS
>>> for this particular part, using the Apache library for that part, and a
>>> Mina Client to handle the proprietary TCP connection might be easier and
>>> cleaner.
>>>
>>> Chris
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>
>
> --
> --
> cordialement, regards,
> Emmanuel L├ęcharny
> www.iktek.com
> directory.apache.org
>
>
>


-- 
Best Regards,
Mark Wallsgrove

Mime
View raw message