You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by Oren Kafka <or...@amdocs.com> on 2007/10/29 16:43:48 UTC
Mina working with SSL
Hi,
I’m using mina in two options:
1) Regular socket
2) SSLSocket
The regular socket works fine but I have problems with the SSL, the problems
are only with messages bigger than 1.5K !!!
Using the SSL and these messages, I get a corrupted message, I’m
transferring XML and it looks like it changes in the middle to binary mode.
(as you can see below)
<Element>
<Name>RESOURCE_TYPE</Name>
<Value1 xsi:type="xs:long"
xmlns:xs="http://www.w3.org/2001/XMLSchema">1</Value1>
<Value2 xsi:type="xs:long"
xmlns:xs="http://www.w3.org/2_ _ _ _ _ _ _ _ _ _
Do you have an idea why it could happen?
My code without SSL:
Socket socket = null;
SocketFactory socketFactory = SocketFactory.getDefault();
socket = socketFactory.createSocket("localhost",m_port);
sendMessage(socket, i_messasge);
socket.close();
My code with SSL:
SSLSocket socket = null;
SSLSocketFactory socketFactory = null;
SSLContext sslContext = createSSLContext();
socketFactory = sslContext.getSocketFactory();
socket = (SSLSocket) socketFactory.createSocket("localhost",m_port);
socket.setUseClientMode(true);
sendMessage(socket, i_messasge);
socket.close();
private SSLContext createSSLContext() throws Exception
{
String keystoreName="dipCompareSrv.ks";
InputStream is =
ClassLoader.getSystemResourceAsStream(keystoreName);
if (is == null)
{
throw new Exception("Keystore not found:" + keystoreName);
}
String keStorePwd="storepwd";
//Prepare keystore
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(is, keStorePwd.toCharArray());
//Prepare trust manager factory
TrustManagerFactory factory =
TrustManagerFactory.getInstance("SunX509");
factory.init(keyStore);
//Create SSLContext
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, factory.getTrustManagers(), null);
return sslContext;
}
Thanks in advance …
Oren.
--
View this message in context: http://www.nabble.com/Mina-working-with-SSL-tf4712545s16868.html#a13470299
Sent from the Apache MINA Support Forum mailing list archive at Nabble.com.
Re: Mina working with SSL
Posted by Oren Kafka <or...@amdocs.com>.
Hi Niklas,
Thanks for the quick response.
This is the general code:
IoServiceConfig
ioServiceConfig;
SocketSessionConfig socketSessionConfig;
DefaultIoFilterChainBuilder ioFilterChainBuilder;
//instruct byte buffer to use Java buffer mechanism
ByteBuffer.setUseDirectBuffers(false);
ByteBuffer.setAllocator(new SimpleByteBufferAllocator());
//create new socket acceptor
m_ioAcceptor = new SocketAcceptor();
ioServiceConfig = m_ioAcceptor.getDefaultConfig();
ioServiceConfig.setThreadModel(ThreadModel.MANUAL);
m_socketAcceptorConfig = new
SocketAcceptorConfig();
m_socketAcceptorConfig.setDisconnectOnUnbind(false);
// set default session properties
socketSessionConfig = m_socketAcceptorConfig.getSessionConfig();
socketSessionConfig.setReuseAddress(true);
socketSessionConfig.setSendBufferSize(serverSocketSendBufferSize);
socketSessionConfig.setReceiveBufferSize(serverSocketReceiveBufferSize);
//if required by configuration, use SSL
if (Properties.getUseSSL())
{
ioFilterChainBuilder = m_socketAcceptorConfig.getFilterChain();
addSSL(ioFilterChainBuilder);
}
This is the function that adds the SSL
protected void addSSL(DefaultIoFilterChainBuilder filterChainBuilder) throws
Exception
{
KeyStore keyStore;
SSLFilter sslFilter;
SSLContext sslContext;
InputStream is_keyStore;
KeyManagerFactory keyManagerFactory;
String keyStoreName = "keyStore.ks";
String keyStorePwd = "pwd";
String keyEntryPwd = "pwd";
char ca_keyStorePwd[] = keyStorePwd.toCharArray();
char ca_keyEntryPwd[] = keyEntryPwd.toCharArray();
is_keyStore = ClassLoader.getSystemResourceAsStream(keyStoreName);
try {
// supported SSLContext protocols: TLS, SSL, SSLv3
sslContext = SSLContext.getInstance("TLS");
//SUN provided key store format
keyStore = KeyStore.getInstance("JKS");
keyStore.load(is_keyStore, ca_keyStorePwd);
//Generating KeyManager list
keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore,ca_keyEntryPwd);
KeyManager[] kmList = keyManagerFactory.getKeyManagers();
sslContext.init(kmList, null, null);
}
catch (Throwable t)
{
}
sslFilter = new SSLFilter(sslContext);
filterChainBuilder.addLast("sslFilter",sslFilter);
}
Thanks a lot !!
Oren.
--
View this message in context: http://www.nabble.com/Mina-working-with-SSL-tf4712545s16868.html#a13483390
Sent from the Apache MINA Support Forum mailing list archive at Nabble.com.
Re: Mina working with SSL
Posted by Niklas Therning <ni...@trillian.se>.
Oren Kafka wrote:
> Hi,
> I’m using mina in two options:
> 1) Regular socket
> 2) SSLSocket
>
> The regular socket works fine but I have problems with the SSL, the problems
> are only with messages bigger than 1.5K !!!
> Using the SSL and these messages, I get a corrupted message, I’m
> transferring XML and it looks like it changes in the middle to binary mode.
> (as you can see below)
>
> <Element>
> <Name>RESOURCE_TYPE</Name>
> <Value1 xsi:type="xs:long"
> xmlns:xs="http://www.w3.org/2001/XMLSchema">1</Value1>
> <Value2 xsi:type="xs:long"
> xmlns:xs="http://www.w3.org/2_ _ _ _ _ _ _ _ _ _
>
> Do you have an idea why it could happen?
>
> <snip/>
>
> Thanks in advance …
> Oren.
>
Hi,
What does the MINA code look like? AFAICS the code in your mail doesn't
use MINA but plain sockets. Are you using a custom ProtocolDecoder?
Please post the rest of the code if possible.
--
Niklas Therning
www.spamdrain.net