aspose file tools*
The moose likes Sockets and Internet Protocols and the fly likes Plain socket to SSL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "Plain socket to SSL" Watch "Plain socket to SSL" New topic
Author

Plain socket to SSL

Meet Gaurav
Ranch Hand

Joined: Oct 08, 2008
Posts: 492
I have a socket code to receive message from plain socket. But now the clientsocket have been changed to SSL and the old java program is not receiving the messages. Please assist me how to change the plain socket communication to SSL.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19719
    
  20

SSLSocket extends Socket
SSLServerSocket extends ServerSocket

I don't think you need to change anything except the initialization of the ServerSocket and Socket instances; instead of using "new Socket(...)" and "new ServerSocket(...)" you use "new SSLSocket(...)" and "new SSLServerSocket(...)". You don't even need to change the declarations.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
Meet Gaurav
Ranch Hand

Joined: Oct 08, 2008
Posts: 492
Rob,

Thanks for your response.

ServerSocketFactory ssf = ServerSocketFactory.getDefault();
this.serverSocket = ssf.createServerSocket(port, back);
this.start();


getDefault is returning ServerSocketFactory only and not SSLServerSocketFactory. Can I use like this
SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

How about creatinf server socket and starting that. Could you please assist me.

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42276
    
  64
Use SSLServerSocketFactory instead.


Ping & DNS - my free Android networking tools app
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19719
    
  20

Meet Gaurav wrote:Rob,

Thanks for your response.

ServerSocketFactory ssf = ServerSocketFactory.getDefault();
this.serverSocket = ssf.createServerSocket(port, back);
this.start();


getDefault is returning ServerSocketFactory only and not SSLServerSocketFactory. Can I use like this
SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

How about creatinf server socket and starting that. Could you please assist me.


Ah sorry, I thought you were using simple constructors.

The thing is, you shouldn't care about whether or not the server sockets are SSL server sockets except for way up in the chain. You should change as little code as possible. In your case, you only need to change one line of code:
and all other occurrences of ServerSocketFactory.getDefault()

Yes the ServerSocketFactory is in fact an SSLServerSocketFactory. The thing is, you don't need to know. You need to work with ServerSocketFactory and ServerSocket, and possibly SocketFactory and Socket. If you start using SSLServerSockets and SSLSockets because you change the factory creating method, the rest of the code shouldn't need to worry about that. That way it makes it easier to switch back to regular (server) sockets.
Meet Gaurav
Ranch Hand

Joined: Oct 08, 2008
Posts: 492
May I know the reason
Y not to use
SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

and to use

ServerSocketFactory sfactory = SSLServerSocketFactory.getDefault();



Meet Gaurav
Ranch Hand

Joined: Oct 08, 2008
Posts: 492
For SSL anything I need to change in the configuration level. I mean adding the public keystore or something else.

Because the current configuration supports plain socket only.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19719
    
  20

Meet Gaurav wrote:May I know the reason
Y not to use
SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

and to use

ServerSocketFactory sfactory = SSLServerSocketFactory.getDefault();

1) You are then modifying your code at three locations instead of one. If you need to switch back that's three locations you need to change back.

2) SSLServerSocketFactory doesn't give you any extra methods except for getDefaultCipherSuites() and getSupportedCipherSuites(). The createServerSocket methods still return ServerSocket references (although the actual objects are SSLServerSocket instances).
Meet Gaurav
Ranch Hand

Joined: Oct 08, 2008
Posts: 492
Rob,

Thanks for the reply

Please suggest me which is the best option to use.

SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

or

ServerSocketFactory sfactory = SSLServerSocketFactory.getDefault();
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19719
    
  20

Unless you need to call methods of SSLServerSocketFactory, I would use the second one. As I said before, that makes it easier to switch back to ServerSocketFactory if SSL is no longer needed. If you need to call methods of SSLServerSocketFactory or SSLServerSocket, only then would I cast.

Either case, if you create ServerSockets at multiple locations I would turn it into a utility method. For instance:
That way you only need to change that one method if you switch SSL on or off. You can even use a flag in that method and return either one:
Change that one static final boolean from true to false and you turn SSL off. Change it back to true, and SSL is turned back on. You can make your program even more configurable by making it a user setting, but let's keep it a bit simpler for now
Meet Gaurav
Ranch Hand

Joined: Oct 08, 2008
Posts: 492
Wooo Great Rob.. Now am clear.

Could you please tell me

For SSL anything I need to change in the configuration level. I mean adding the public keystore or something else.

Because the current configuration supports plain socket only.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19719
    
  20

I couldn't tell you. All I can tell you is that with my example code, you only need to add it in one place
Meet Gaurav
Ranch Hand

Joined: Oct 08, 2008
Posts: 492
Rob,

Could you please tell me why the SSLSocket is an abstract class.

Socket rSocket = new Socket(IP, Port);

equal ?

SSLSocket rSocket = (SSLSocket)new Socket(IP, Port);

Correct me if am wrong
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19719
    
  20

I didn't even know that SSLSocket was abstract.

You can't cast a regular Socket to SSLSocket, as it simply isn't an SSLSocket. I guess you'll need to use SSLSocketFactory.createSocket, passing a regular Socket. Probably something like this:
(Disclaimer: not tested)
Meet Gaurav
Ranch Hand

Joined: Oct 08, 2008
Posts: 492
// Plain socket
Socket rSocket = new Socket(IP, Port);

both are same

// SSL
SSLSocketFactory ssf = (SSLSocketFactory)SSLSocketFactory.getDefault();
Socket socket = new Socket();
socket = ssf.createSocket(socket, host, port, true);
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19719
    
  20

Are you sure they are the same? What does "System.out.println(socket.getClass())" print out?

Try the following example:
Note that on line 10 the socket already needs to be connected, otherwise an exception is thrown.
Meet Gaurav
Ranch Hand

Joined: Oct 08, 2008
Posts: 492
Rob,

Everything seems fine.. Now am getting below exception

Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:303)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
at com.test.sw.server.SrtSetServer.run(SrtSetServer.java:106)

Even after adding keystore am getting this.. Please help
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Plain socket to SSL