Plain socket to SSL

I have a socket code to receive message from plain socket. But now the clientsocket have been changed to SSL and the old java program is not receiving the messages. Please assist me how to change the plain socket communication to SSL.

SSLSocket extends Socket
SSLServerSocket extends ServerSocket

I don't think you need to change anything except the initialization of the ServerSocket and Socket instances; instead of using "new Socket(...)" and "new ServerSocket(...)" you use "new SSLSocket(...)" and "new SSLServerSocket(...)". You don't even need to change the declarations.

Rob,

Thanks for your response.

ServerSocketFactory ssf = ServerSocketFactory.getDefault();
this.serverSocket = ssf.createServerSocket(port, back);
this.start();


getDefault is returning ServerSocketFactory only and not SSLServerSocketFactory. Can I use like this
SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

How about creatinf server socket and starting that. Could you please assist me.

Use SSLServerSocketFactory instead.

Meet Gaurav wrote:Rob,

Thanks for your response.

ServerSocketFactory ssf = ServerSocketFactory.getDefault();
this.serverSocket = ssf.createServerSocket(port, back);
this.start();


getDefault is returning ServerSocketFactory only and not SSLServerSocketFactory. Can I use like this
SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

How about creatinf server socket and starting that. Could you please assist me.

Ah sorry, I thought you were using simple constructors.

The thing is, you shouldn't care about whether or not the server sockets are SSL server sockets except for way up in the chain. You should change as little code as possible. In your case, you only need to change one line of code:
//ServerSocketFactory ssf = ServerSocketFactory.getDefault(); ServerSocketFactory ssf = SSLServerSocketFactory.getDefault();and all other occurrences of ServerSocketFactory.getDefault()

Yes the ServerSocketFactory is in fact an SSLServerSocketFactory. The thing is, you don't need to know. You need to work with ServerSocketFactory and ServerSocket, and possibly SocketFactory and Socket. If you start using SSLServerSockets and SSLSockets because you change the factory creating method, the rest of the code shouldn't need to worry about that. That way it makes it easier to switch back to regular (server) sockets.

May I know the reason
Y not to use
SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

and to use

ServerSocketFactory sfactory = SSLServerSocketFactory.getDefault();

For SSL anything I need to change in the configuration level. I mean adding the public keystore or something else.

Because the current configuration supports plain socket only.

Meet Gaurav wrote:May I know the reason
Y not to use
SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

and to use

ServerSocketFactory sfactory = SSLServerSocketFactory.getDefault();

1) You are then modifying your code at three locations instead of one. If you need to switch back that's three locations you need to change back.

2) SSLServerSocketFactory doesn't give you any extra methods except for getDefaultCipherSuites() and getSupportedCipherSuites(). The createServerSocket methods still return ServerSocket references (although the actual objects are SSLServerSocket instances).

Rob,

Thanks for the reply

Please suggest me which is the best option to use.

SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

or

ServerSocketFactory sfactory = SSLServerSocketFactory.getDefault();

Unless you need to call methods of SSLServerSocketFactory, I would use the second one. As I said before, that makes it easier to switch back to ServerSocketFactory if SSL is no longer needed. If you need to call methods of SSLServerSocketFactory or SSLServerSocket, only then would I cast.

Either case, if you create ServerSockets at multiple locations I would turn it into a utility method. For instance:
private static ServerSocket createServerSocket(int port, boolean backlog) { SSLServerSocketFactory ssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); SSLServerSocket serverSocket = (SSLServerSocket)ssf.createServerSocket(port, backlog); // configure serverSocket return serverSocket; }//ServerSocketFactory ssf = ServerSocketFactory.getDefault(); //this.serverSocket = ssf.createServerSocket(port, back); this.serverSocket = createServerSocket(port, back); this.start();That way you only need to change that one method if you switch SSL on or off. You can even use a flag in that method and return either one:
private static ServerSocket createServerSocket(int port, boolean backlog) { if (!USE_SSL) // static final boolean { ServerSocketFactory ssf = ServerSocketFactory.getDefault(); return ssf.createServerSocket(port, backlog); } SSLServerSocketFactory ssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); SSLServerSocket serverSocket = (SSLServerSocket)ssf.createServerSocket(port, backlog); // configure serverSocket return serverSocket; }Change that one static final boolean from true to false and you turn SSL off. Change it back to true, and SSL is turned back on. You can make your program even more configurable by making it a user setting, but let's keep it a bit simpler for now

Wooo Great Rob.. Now am clear.

Could you please tell me

For SSL anything I need to change in the configuration level. I mean adding the public keystore or something else.

Because the current configuration supports plain socket only.

I couldn't tell you. All I can tell you is that with my example code, you only need to add it in one place

Rob,

Could you please tell me why the SSLSocket is an abstract class.

Socket rSocket = new Socket(IP, Port);

equal ?

SSLSocket rSocket = (SSLSocket)new Socket(IP, Port);

Correct me if am wrong

I didn't even know that SSLSocket was abstract.

You can't cast a regular Socket to SSLSocket, as it simply isn't an SSLSocket. I guess you'll need to use SSLSocketFactory.createSocket, passing a regular Socket. Probably something like this:
// you need a method specific to SSLSocketFactory so you'll need to cast SSLSocketFactory ssf = (SSLSocketFactory)SSLSocketFactory.getDefault(); Socket socket = new Socket(); socket = ssf.createSocket(socket, host, port, true);(Disclaimer: not tested)

// Plain socket
Socket rSocket = new Socket(IP, Port);

both are same

// SSL
SSLSocketFactory ssf = (SSLSocketFactory)SSLSocketFactory.getDefault();
Socket socket = new Socket();
socket = ssf.createSocket(socket, host, port, true);

Are you sure they are the same? What does "System.out.println(socket.getClass())" print out?

Try the following example:
import java.net.*; import javax.net.ssl.*; public class Test { public static void main(String[] args) throws Exception { SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault(); print(factory.getClass(), 0); Socket socket = new Socket("www.coderanch.com", 443); print(socket.getClass(), 0); socket = factory.createSocket(socket, "www.coderanch.com", 443, true); print(socket.getClass(), 0); socket.close(); } private static void print(Class<?> cls, int indent) { for (int i = 0; i < indent; i++) { System.out.print(" "); } System.out.println(cls.getName()); cls = cls.getSuperclass(); if (cls != null && cls != Object.class) { print(cls, indent + 1); } } }Note that on line 10 the socket already needs to be connected, otherwise an exception is thrown.

Rob,

Everything seems fine.. Now am getting below exception

Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:303)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
at com.test.sw.server.SrtSetServer.run(SrtSetServer.java:106)

Even after adding keystore am getting this.. Please help
SSLContext ctx = null; KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); char[] password = "changeit".toCharArray(); InputStream in = (new FileInputStream("C:\\Documents and Settings\\Meetgaurav\\keystore.jks")); ks.load(in, password); in.close(); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509", "SunJSSE"); kmf.init(ks, password); TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "SunJSSE"); tmf.init(ks); ctx = SSLContext.getInstance("TLS"); ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); //SSLServerSocketFactory sssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); SSLServerSocketFactory sssf = ctx.getServerSocketFactory();