You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by param singh <pa...@gmail.com> on 2007/10/31 10:27:54 UTC

SSL Support for Codec

Hi,

I am trying to implement a simple Java NIO server client socket connection
with SSL support (apparently using MINA...).
Consider me as a novice in network and SSL programming.

In short, I am trying to extend the image server to use SSL on both ends
(server and client...) and it did not work.

So I took the image server/client codec adapter example and got it working.
The example satisfies my first target since I want to be able to send
objects over the wire in some sort of protocol-documented way (reusable with
other languages). Now, I needed to add SSL support, so searched this forum,
found one post directing to Koders MinaNetworkClient.java. Which in short
involves taking the BogusSSLContextFactory, creating the bogus.cert and
making the following changes into the image example...

For ImageServer.java
ImageServerIoHandler handler = new ImageServerIoHandler();
    SocketAcceptor acceptor = new SocketAcceptor();
    acceptor.getFilterChain().addLast("protocol", new
ProtocolCodecFilter(new ImageCodecFactory(false)));
    
   // These are the lines added...
    SSLFilter sslFilter = new SSLFilter(BogusSSLContextFactory
            .getInstance(true));
    sslFilter.setUseClientMode(false);
    acceptor.getFilterChain().addLast("sslFilter", sslFilter);
    System.out.println("SSL ON");
    // Till here...

    acceptor.bind(new InetSocketAddress(PORT), handler);

For ImageClient.java
 this.host = host;
        this.port = port;
        this.imageListener = imageListener;
        connector = new SocketConnector();
        connector.getFilterChain().addLast("codec", new
ProtocolCodecFilter(new ImageCodecFactory(true)));
        
        // Lines added...
        SSLFilter sslFilter;
		try { // Instead of adding throws to constructor, to the method calling
constructor ...
			sslFilter = new SSLFilter(BogusSSLContextFactory
			        .getInstance(false));
			sslFilter.setUseClientMode(true);
	        connector.getFilterChain().addLast("sslFilter", sslFilter);
		} catch (GeneralSecurityException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}

After this I tried the above example and got an exception from the GUI. The
exception says something like cannot cast ImageRequest cannot be cast to
ByteBuffer (both belonging to org.apache.mina.*). This happens when calling
session.write(imageRequest) in the ImageClient.sendRequest method. 

Also I tried to switch the order in which client's SSLFilter was added. Then
clicking on SendRequest seems to work, but no message is received by the
server. And on quiting I get the exception ByteBuffer cannot be casted into
ImageResponse. This happens on ImageClient.messageReceived method when
object is casted to ImageResponse.

I have no idea why this is happening, or how to make SSL work with
ProtocolCodec?
-- 
View this message in context: http://www.nabble.com/SSL-Support-for-Codec-tf4723709s16868.html#a13505449
Sent from the Apache MINA Support Forum mailing list archive at Nabble.com.

Re: SSL Support for Codec

Posted by Trustin Lee <tr...@gmail.com>.

Hi Param,

On 10/31/07, param singh <pa...@gmail.com> wrote:
>
> Hi,
>
> I am trying to implement a simple Java NIO server client socket connection
> with SSL support (apparently using MINA...).
> Consider me as a novice in network and SSL programming.
>
> In short, I am trying to extend the image server to use SSL on both ends
> (server and client...) and it did not work.
>
> So I took the image server/client codec adapter example and got it working.
> The example satisfies my first target since I want to be able to send
> objects over the wire in some sort of protocol-documented way (reusable with
> other languages). Now, I needed to add SSL support, so searched this forum,
> found one post directing to Koders MinaNetworkClient.java. Which in short
> involves taking the BogusSSLContextFactory, creating the bogus.cert and
> making the following changes into the image example...
>
> For ImageServer.java
> ImageServerIoHandler handler = new ImageServerIoHandler();
>     SocketAcceptor acceptor = new SocketAcceptor();
>     acceptor.getFilterChain().addLast("protocol", new
> ProtocolCodecFilter(new ImageCodecFactory(false)));
>
>    // These are the lines added...
>     SSLFilter sslFilter = new SSLFilter(BogusSSLContextFactory
>             .getInstance(true));
>     sslFilter.setUseClientMode(false);
>     acceptor.getFilterChain().addLast("sslFilter", sslFilter);
>     System.out.println("SSL ON");
>     // Till here...
>
>     acceptor.bind(new InetSocketAddress(PORT), handler);
>
> For ImageClient.java
>  this.host = host;
>         this.port = port;
>         this.imageListener = imageListener;
>         connector = new SocketConnector();
>         connector.getFilterChain().addLast("codec", new
> ProtocolCodecFilter(new ImageCodecFactory(true)));
>
>         // Lines added...
>         SSLFilter sslFilter;
>                 try { // Instead of adding throws to constructor, to the method calling
> constructor ...
>                         sslFilter = new SSLFilter(BogusSSLContextFactory
>                                 .getInstance(false));
>                         sslFilter.setUseClientMode(true);
>                 connector.getFilterChain().addLast("sslFilter", sslFilter);
>                 } catch (GeneralSecurityException e) {
>                         // TODO Auto-generated catch block
>                         e.printStackTrace();
>                 }
>
> After this I tried the above example and got an exception from the GUI. The
> exception says something like cannot cast ImageRequest cannot be cast to
> ByteBuffer (both belonging to org.apache.mina.*). This happens when calling
> session.write(imageRequest) in the ImageClient.sendRequest method.
>
> Also I tried to switch the order in which client's SSLFilter was added. Then
> clicking on SendRequest seems to work, but no message is received by the
> server. And on quiting I get the exception ByteBuffer cannot be casted into
> ImageResponse. This happens on ImageClient.messageReceived method when
> object is casted to ImageResponse.
>
> I have no idea why this is happening, or how to make SSL work with
> ProtocolCodec?

You have to insert the SSLFilter *before* the ProtocolCodecFilter.
It's because ProtocolCodecFilter transforms incoming ByteBuffers into
Java objects.  SSLFilter, therefore, can't decrypt it.

HTH,
Trustin
-- 
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP Key ID: 0x0255ECA6