vendredi 26 février 2016

Java SSL Client/Server Pair: Certificates and TrustStores

Okay, so I recently developed a simple Client/Server API, which sends packets back and forth. As of right now, the system is completely unsecured, and I want to use SSL. I know that Java has SSLSocket and SSLServerSocket, but when I query the factory to get them, the Client/Server fails. I'm reasonably certain this is because the certificate of localhost is not trusted, and I understand that I need to get an SSLContext and give it a KeyStore, but I have some questions:

  1. In java, does the SSLSockets provide everything? As in, do they handshake, as well as encrypt interaction?
  2. How do I trust a public key? Can I simply add it to a keystore, or do I need to make a certificate.
  3. How do I set what private/public key-pair the server uses?

Put simply, I want to be able to pass a Collection of public keys to the Client, and use those to verify certificates.

My code is on github, the classes that specifically deal with Sockets are the ClientThread and ListenerThread, and the class I'm using to test is here. Within the ClientThread and ListenerThread, the SSLSocket creation code is commented out. I've verified, using the test class, that they are otherwise functional; if I instead comment out the regular socket, and use SSLSockets, the test class simply ends.

Notes:

  • Please ignore the pour code style in the test class, I know it sucks, I just needed to write something quickly to test with
  • Please try to ignore the use of other parts of my API (i.e. IntRange, @EventListener, etc.), as aforementioned, I've made sure everything else works, it is only the commented out code that doesn't function
  • Please don't recommend I use some API, this project is mostly for my own learning experience

Output of the Test class is as follows:

With Regular Sockets

Server received packet: Server received packet: com.gmail.socraticphoenix.plasma.net.packet.ClientIdentity{private.uuid=d4024136-7541-4acf-8b8a-d0e9f0021a18, private.pass=pass, hashcode=189813093} Client received packet: com.gmail.socraticphoenix.plasma.math.IntRange{private.min=312, private.max=421432, hashcode=344227682}

With SSL Sockets

Thanks very much for any help!




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)