apache mina ssl配置

文章转自： Apache Mina – SSL Configuration

MINA SSL 设置：
Introduction
Quite some time back, I had wrote an article to create a simple client/server application using Apache Mina 2.0.x. In that article the transaction between the client and server is unsecured.  In order to make a secured transaction between the client and the server, SSL should be configured. In this article, Let us see how to configure Secured Socket Layer(SSL) for a sample Client/Server application using 3 easy steps,

1.Generate SSLContext
2.Server part
3.Client part
Step 1 – Generate SSLContext
SSLContext is a factory for secure socket or SSLEngine. For the sample application, A class named “SSLGenerator” is used to generate the SSLContext. To make a secured transaction, Two types of key files are needed they are “Keystore” and “Truststore” file. The Creation of these two files has been explained in the article “Step by step tutorial to create Keystore and Truststore file “. The factory classes used in the SSLContextGenerator class is,

KeyStoreFactory - This factory class is used to create and configures a new Keystore instance.

SSLContextFactory - This factory class is used to create and configures a new SSLContext.

SSLContextGenerator.java

view sourceprint?
01 package com.sample.ssl; 

02   

03 import java.io.File; 

04 import java.security.KeyStore; 

05 import javax.net.ssl.SSLContext; 

06 import org.apache.mina.filter.ssl.KeyStoreFactory; 

07 import org.apache.mina.filter.ssl.SslContextFactory; 

08   

09 /** 

10 * @author giftsam 

11 */

12 public class SSLContextGenerator 

13 { 

14 public SSLContext getSslContext() 

15 { 

16 SSLContext sslContext = null; 

17 try 

18 { 

19 File keyStoreFile = new File("/home/giftsam/Desktop/certificates/keystore"); 

20 File trustStoreFile = new File("/home/giftsam/Desktop/certificates/truststore"); 

21   

22 if (keyStoreFile.exists() && trustStoreFile.exists()) 

23 { 

24 final KeyStoreFactory keyStoreFactory = new KeyStoreFactory(); 

25 System.out.println("Url is: " + keyStoreFile.getAbsolutePath()); 

26 keyStoreFactory.setDataFile(keyStoreFile); 

27 keyStoreFactory.setPassword("techbrainwave"); 

28   

29 final KeyStoreFactory trustStoreFactory = new KeyStoreFactory(); 

30 trustStoreFactory.setDataFile(trustStoreFile); 

31 trustStoreFactory.setPassword("techbrainwave"); 

32   

33 final SslContextFactory sslContextFactory = new SslContextFactory(); 

34 final KeyStore keyStore = keyStoreFactory.newInstance(); 

35 sslContextFactory.setKeyManagerFactoryKeyStore(keyStore); 

36   

37 final KeyStore trustStore = trustStoreFactory.newInstance(); 

38 sslContextFactory.setTrustManagerFactoryKeyStore(trustStore); 

39 sslContextFactory.setKeyManagerFactoryKeyStorePassword("techbrainwave"); 

40 sslContext = sslContextFactory.newInstance(); 

41 System.out.println("SSL provider is: " + sslContext.getProvider()); 

42 } 

43 else 

44 { 

45 System.out.println("Keystore or Truststore file does not exist"); 

46 } 

47 } 

48 catch (Exception ex) 

49 { 

50 ex.printStackTrace(); 

51 } 

52 return sslContext; 

53 } 

54 }
Step 2 – Server part
For the server part two classes named “SSLServer” and “SSLServerHandler” has been used.  In the SSLServer class,  “SSLFilter” class is used to encrypt and decrypt the data exchanged in the session, Also it triggers the SSLHandshake procedure immediately(If you don’t want the handshake procedure to start immediately, please specify false as autostart parameter in the constructor).

Note: SSLFilter works only for the TCP/IP connections.

An interface named “IoAcceptor” is used to accept the incoming connections from the client and that fires the event to the handler. Two filters has been used, the first one is the “LoggingFilter” which logs all the events and requests and the second one is the “ProtocolCodecFilter” which is used to convert an incoming ByteBuffer into message POJO.

SSLServer.java

view sourceprint?01 package com.sample.ssl; 

02   

03 import java.io.IOException; 

04 import java.net.InetSocketAddress; 

05 import java.nio.charset.Charset; 

06 import java.security.GeneralSecurityException; 

07 import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder; 

08   

09 import org.apache.mina.core.session.IdleStatus; 

10 import org.apache.mina.core.service.IoAcceptor; 

11 import org.apache.mina.filter.codec.ProtocolCodecFilter; 

12 import org.apache.mina.filter.codec.textline.TextLineCodecFactory; 

13 import org.apache.mina.filter.logging.LoggingFilter; 

14 import org.apache.mina.filter.ssl.SslFilter; 

15 import org.apache.mina.transport.socket.nio.NioSocketAcceptor; 

16   

17 /** 

18 * @author giftsam 

19 */

20 public class SSLServer 

21 { 

22 private static final int PORT = 5000; 

23   

24 private static void addSSLSupport(DefaultIoFilterChainBuilder chain) 

25 { 

26 try 

27 { 

28 SslFilter sslFilter = new SslFilter(new SSLContextGenerator().getSslContext()); 

29 chain.addLast("sslFilter", sslFilter); 

30 System.out.println("SSL support is added.."); 

31 } 

32 catch (Exception ex) 

33 { 

34 ex.printStackTrace(); 

35 } 

36 } 

37   

38 public static void main(String[] args) throws IOException, GeneralSecurityException 

39 { 

40 IoAcceptor acceptor = new NioSocketAcceptor(); 

41 DefaultIoFilterChainBuilder chain = acceptor.getFilterChain(); 

42   

43 addSSLSupport(chain); 

44   

45 chain.addLast("logger", new LoggingFilter()); 

46 chain.addLast("codec", new ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("UTF-8")))); 

47   

48 acceptor.setHandler(new SSLServerHandler()); 

49 acceptor.getSessionConfig().setReadBufferSize(2048); 

50 acceptor.getSessionConfig().setIdleTime(IdleStatus.BOTH_IDLE, 10); 

51 acceptor.bind(new InetSocketAddress(PORT)); 

52 System.out.println("Server Started.."); 

53 } 

54 }
The SSLServerHandler class contains four methods. The first method “sessionOpened” is called when the session is opened and it is used to set the session idle time. The second method “receiveMessage” is used to receive the message sent by the client. The other two methods “sessionIdle” is used to close the session when it was idle for 10 secs and the fourth method “exceptionCaught” is used to close the session when an exception occured.

SSLServerHandler.java

package com.sample.ssl; 

02   

03 import org.apache.mina.core.session.IdleStatus; 

04 import org.apache.mina.core.service.IoHandlerAdapter; 

05 import org.apache.mina.core.session.IoSession; 

06 import org.slf4j.Logger; 

07 import org.slf4j.LoggerFactory; 

08   

09 /** 

10 * @author giftsam 

11 */

12 public class SSLServerHandler extends IoHandlerAdapter 

13 { 

14 private final Logger logger = (Logger) LoggerFactory.getLogger(getClass()); 

15 private int idleTimeout = 10; 

16   

17 @Override 

18 public void sessionOpened(IoSession session) 

19 { 

20 // set idle time to 10 seconds 

21 session.getConfig().setIdleTime(IdleStatus.BOTH_IDLE, idleTimeout); 

22   

23 session.setAttribute("Values: "); 

24 } 

25   

26 @Override 

27 public void messageReceived(IoSession session, Object message) 

28 { 

29 System.out.println("Message received in the server.."); 

30 System.out.println("Message is: " + message.toString()); 

31 } 

32   

33 @Override 

34 public void sessionIdle(IoSession session, IdleStatus status) 

35 { 

36 logger.info("Transaction is idle for " + idleTimeout + "secs, So disconnecting.."); 

37 // disconnect an idle client 

38 session.close(); 

39 } 

40   

41 @Override 

42 public void exceptionCaught(IoSession session, Throwable cause) 

43 { 

44 // close the connection on exceptional situation 

45 session.close(); 

46 } 

47 }
Step 3 – Client part
For the client part two classes named “SSLClient” and “SSLClientHandler” has been used. In the “MinaClient” class the SSLFilter class is used to encrypt and decrypt the data exchanged in the session and SSLFilter property  UseClientMode should be set as true and that configures the socket to use client mode in its first handshake.

“IoConnector” interface is used to communicate with the server and that fires the event to the handler. Like the server part, The same “LoggingFilter” and “ProtocolCodecFilter” has been used. An interface named “ConnectFuture” is used to windup the asynchronous connection requests.

SSLClient.java

view sourceprint?
01 package com.sample.ssl; 

02   

03 import java.io.IOException; 

04 import java.net.InetSocketAddress; 

05 import java.nio.charset.Charset; 

06 import java.security.GeneralSecurityException; 

07 import javax.net.ssl.SSLContext; 

08 import org.apache.mina.core.future.ConnectFuture; 

09 import org.apache.mina.core.service.IoConnector; 

10 import org.apache.mina.core.session.IoSession; 

11 import org.apache.mina.filter.codec.ProtocolCodecFilter; 

12 import org.apache.mina.filter.codec.textline.TextLineCodecFactory; 

13 import org.apache.mina.filter.logging.LoggingFilter; 

14 import org.apache.mina.filter.ssl.SslFilter; 

15 import org.apache.mina.transport.socket.nio.NioSocketConnector; 

16   

17 /** 

18 * @author giftsam 

19 */

20 public class SSLClient 

21 { 

22 private static final int REMORT_PORT = 5000; 

23   

24 public static void main(String[] args) throws IOException, InterruptedException, GeneralSecurityException 

25 { 

26 IoConnector connector = new NioSocketConnector(); 

27 connector.getSessionConfig().setReadBufferSize(2048); 

28   

29 SSLContext sslContext = new SSLContextGenerator().getSslContext(); 

30 System.out.println("SSLContext protocol is: " + sslContext.getProtocol()); 

31   

32 SslFilter sslFilter = new SslFilter(sslContext); 

33 sslFilter.setUseClientMode(true); 

34 connector.getFilterChain().addFirst("sslFilter", sslFilter); 

35   

36 connector.getFilterChain().addLast("logger", new LoggingFilter()); 

37 connector.getFilterChain().addLast("codec", new ProtocolCodecFilter(new TextLineCodecFactory(Charset.forName("UTF-8")))); 

38   

39 connector.setHandler(new SSLClientHandler("Hello Server..")); 

40 ConnectFuture future = connector.connect(new InetSocketAddress("172.108.0.6", REMORT_PORT)); 

41 future.awaitUninterruptibly(); 

42   

43 if (!future.isConnected()) 

44 { 

45 return; 

46 } 

47 IoSession session = future.getSession(); 

48 session.getConfig().setUseReadOperation(true); 

49 session.getCloseFuture().awaitUninterruptibly(); 

50 System.out.println("After Writing"); 

51 connector.dispose(); 

52 } 

53 }
For the handler, Like the server part the same methods “sessionOpened”, “messageReceived” and “exceptionCaught” has been used.

SSLClientHandler.java

view sourceprint?
01 package com.sample.ssl; 

02   

03 import org.apache.mina.core.service.IoHandlerAdapter; 

04 import org.apache.mina.core.session.IoSession; 

05 import org.slf4j.Logger; 

06 import org.slf4j.LoggerFactory; 

07   

08 /** 

09 * @author giftsam 

10 */

11 public class SSLClientHandler extends IoHandlerAdapter 

12 { 

13 private final Logger logger = (Logger) LoggerFactory.getLogger(getClass()); 

14 private final String values; 

15 private boolean finished; 

16   

17 public SSLClientHandler(String values) 

18 { 

19 this.values = values; 

20 } 

21   

22 public boolean isFinished() 

23 { 

24 return finished; 

25 } 

26   

27 @Override 

28 public void sessionOpened(IoSession session) 

29 { 

30 session.write(values); 

31 } 

32   

33 @Override 

34 public void messageReceived(IoSession session, Object message) 

35 { 

36 logger.info("Message received in the client.."); 

37 logger.info("Message is: " + message.toString()); 

38 } 

39   

40 @Override 

41 public void exceptionCaught(IoSession session, Throwable cause) 

42 { 

43 session.close(); 

44 } 

45 }
Now its time to test the preceding codes, First the code “SSLServer” should be executed and then execute the “SSLClient”, the outcome of the codes will looks like the below,

Output – Server

view sourceprint?
01 Url is: /home/giftsam/Desktop/certificates/keystore 

02 SSL Provider is: SunJSSE version 1.6

03 SSL support is added.. 

04 Server Started.. 

05 Dec 10, 2010 8:37:59 PM org.apache.mina.filter.logging.LoggingFilter log 

06 INFO: CREATED 

07 Dec 10, 2010 8:37:59 PM org.apache.mina.filter.logging.LoggingFilter log 

08 INFO: OPENED 

09 Dec 10, 2010 8:37:59 PM org.apache.mina.filter.logging.LoggingFilter log 

10 INFO: RECEIVED: HeapBuffer[pos=0 lim=15 cap=36: 48 65 6C 6C 6F 20 53 65 72 76 65 72 2E 2E 0A] 

11 Message received in the server.. 

12 Message is: Hello Server.. 

13 Dec 10, 2010 8:38:09 PM org.apache.mina.filter.logging.LoggingFilter log 

14 INFO: IDLE 

15 Dec 10, 2010 8:38:09 PM com.sample.ssl.SSLServerHandler sessionIdle 

16 INFO: Transaction is idle for 10secs, So disconnecting.. 

17 Dec 10, 2010 8:38:09 PM org.apache.mina.filter.logging.LoggingFilter log 

18 INFO: CLOSED
Output – client

view sourceprint?
01 Url is: /home/giftsam/Desktop/certificates/keystore 

02 SSL Provider is: SunJSSE version 1.6

03 SSLContext protocol is: TLS 

04 Dec 10, 2010 8:37:59 PM org.apache.mina.filter.logging.LoggingFilter log 

05 INFO: CREATED 

06 Dec 10, 2010 8:37:59 PM org.apache.mina.filter.logging.LoggingFilter log 

07 INFO: OPENED 

08 Dec 10, 2010 8:37:59 PM org.apache.mina.filter.logging.LoggingFilter log 

09 INFO: SENT: HeapBuffer[pos=0 lim=15 cap=16: 48 65 6C 6C 6F 20 53 65 72 76 65 72 2E 2E 0A] 

10 Dec 10, 2010 8:37:59 PM org.apache.mina.filter.logging.LoggingFilter log 

11 INFO: SENT: HeapBuffer[pos=0 lim=0 cap=0: empty]
Thats all folks. I hope this article clearly explains the steps to implement SSL for a client/server application using Apache Mina 2.0.x. If you find this article is useful for you, dont forget to leave your valuable comments. Have a joyous code day.