Professional Documents
Culture Documents
URLReaderWithOptions.java
This example is very similar to URLReader above, but
allows you to set the system properties via arguments to the
main method, rather than as -D options to the java runtime
environment.
USAGE:
java URLReaderWithOptions [-h proxyhost] [-p proxyport] \
[-k protocolhandlerpkgs] [-c ciphersarray]
proxyHost = secure proxy server hostname (https.proxyHost)
proxyPort = secure proxy server port (https.proxyPort)
protocolhandlerpkgs = a "|" separated list of protocol handlers
(java.protocol.handler.pkgs)
ciphersarray = enabled cipher suites as a comma separated list
(https.cipherSuites)
sockets
server
ClassServer.java
ClassFileServer.java
This sample demonstrates the implementation of a
mini-webserver, which can service simple HTTP or HTTPS
requests (only the GET method is supported).
By default, the server does not use SSL/TLS. However,
a command line option enables SSL/TLS.
Requests must be of the form:
GET /<filename>
USAGE:
java ClassFileServer port docroot [TLS [true]]
port = the port on which the server resides
docroot = the root of the local directory hierarchy
TLS = an optional flag which enables SSL/TLS
services
true = an optional flag which requires that clients
authenticate themselves. This option requires
that SSL/TLS support be enabled.
NOTE: If you are connecting via a web brower to a
TLS socket, specify that the https protocol be used:
e.g. https://localhost:2001/dir1/file1
Otherwise, you may see unrecognized SSL handshake errors.
client
SSLSocketClient.java
This example demonstrates how to use a SSLSocket as a client to
send a HTTP request and get a response from an HTTPS server.
By default, this example connects to www.verisign.com, but
it can easily be adapted to connect to the ClassFileServer
above. (Note: The GET request must be slightly modified.
See above for more information.)
This application assumes the client is not behind a firewall.
USAGE:
java SSLSocketClient
SSLSocketClientWithClientAuth.java
This example is similar to SSLSocketClient above, but
this shows how to set up a key manager to do client
authentication if required by server.
This application also assumes the client is not behind a
firewall.
USAGE:
java SSLSocketClientWithClientAuth host port requestedfilepath
SSLSocketClientWithTunneling.java
This example illustrates how to do proxy Tunneling to access a
secure web server from behind a firewall.
The System properties "https.proxyHost" and "https.proxyPort"
are used to make a socket connection to the proxy host, and
then the SSLSocket is layered on top of that Socket.
USAGE:
java SSLSocketClientWithTunneling
rmi
Hello.java
HelloImpl.java
RMISSLClientSocketFactory.java
RMISSLServerSocketFactory.java
HelloClient.java
This example illustrates how to use RMI over an SSL transport
layer, using the JSSE. The server will run HelloImpl, and the
client will run HelloClient.
The compilation is a little tricky, here are the necessary
steps:
% javac *.java
% rmic HelloImpl
% rmiregistry
% java \
-Djava.rmi.server.codebase="file:/current_working_dir/" \
HelloImpl (run in another window)
% java HelloClient (run in another window)
Note the final trailing slash on the "java.rmi.server.codebase"
parameter. If the codebase is not specified properly, you may
get an java.lang.ClassNotFoundException exception.
Also note that the RMI security manager may be installed,
and therefore, you will need to give it the appropriate
network privilege:
permission java.net.SocketPermission "localhost:1099", "connect";
----------------------------------------------------------------------
Troubleshooting
----------------------------------------------------------------------
One of the most common problems people have in using JSSE is when the
JSSE receives a certificate that is unknown to the mechanism that makes
trust decisions. If an unknown certificate is received, the trust
mechanism will throw an exception saying that the certificate is
untrusted. Make sure that the correct trust KeyStore is being used,
and that the JSSE is installed and configured correctly.
In the Sun Reference Implementation, the exception error returned will
be:
javax.net.ssl.SSLException: Couldn't find trusted certificate
The SSL debug mechanism can be used to investigate such trust
problems. See the implementation documentation for more information
about this subject.