Menu
▾
▴
RE: [HAPI-devel] adding Secure Sockets to HAPI
|
From: Tripp, B. <Bry...@uh...> - 2002-10-03 03:20:35
|
On second thought, maybe we could do this right now. For the secure server,
a boolean arg could be added to the constructor of
ca.uhn.hl7v2.app.HL7Service, and we could have a factory method that
provides either a normal ServerSocket or SSLServerSocket based on the value
provided. Something like this (I'm pretty much just cutting and pasting
from the DDJ article here):
protected ServerSocket createServerSocket(int port) throws Exception {
ServerSocket ss = null;
if (this.secure) {
SSLServerSocketFactory ssf = null;
// set up key manager to do server authentication
KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509"
);
KeyStore ks = KeyStore.getInstance( "JKS" );
char[] passphrase = "passphrase".toCharArray();
ks.load(new FileInputStream("testkeys"), passphrase);
kmf.init(ks, passphrase);
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509");
tmf.init( ks );
SSLContext ctx = SSLContext.getInstance( "TLS" );
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
ssf = ctx.getServerSocketFactory();
ss = ssf.createServerSocket(port);
} else {
ss = ServerSocketFactory.getDefault().createServerSocket(port);
}
return ss;
}
... then subclasses could get their ServerSockets from this method instead
of making their own. It looks like something pretty similar could be done
in ConnectionHub.
Does that make sense? Personally I am not very familiar with this stuff, so
I don't really feel comfortable implementing it. Is there anyone on the
list with SSL experience who would like to do this?
Bryan
> -----Original Message-----
> From: Tripp, Bryan [mailto:Bry...@uh...]
> Sent: October 2, 2002 5:02 PM
> To: Guevara, Alexei; hl7...@li...
> Subject: RE: [HAPI-devel] adding Secure Sockets to HAPI
>
>
> I agree, this is definitely something we should add. We'll
> have to work
> this in to the next revision of the app package. This
> package is due for
> some revision anyway, to pave the way for adding HTTP and
> SOAP support.
>
> In the mean time, it should be possible to use an SSL socket
> in HAPI by
> providing it to the constructor of
> ca.uhn.hl7v2.app.Connection, although I
> haven't tried it. ConnectionHub and HL7Service can't be used though.
>
> Bryan
>
> > -----Original Message-----
> > From: Guevara, Alexei [mailto:Ale...@uh...]
> > Sent: October 2, 2002 3:22 PM
> > To: hl7...@li...
> > Subject: RE: [HAPI-devel] adding Secure Sockets to HAPI
> >
> >
> > That sounds like a good idea, as that is one of the possible
> > approaches to
> > send HL7 feeds through the internet.
> >
> > alex6
> >
> > > -----Original Message-----
> > > From: Joe Quinn [mailto:qu...@em...]
> > > Sent: Wednesday, October 02, 2002 3:12 PM
> > > To: hl7...@li...
> > > Subject: [HAPI-devel] adding Secure Sockets to HAPI
> > >
> > > Any interest in extending the communications part of HAPI
> > to allow use of
> > > Secure Sockets as well as Sockets?
> > >
> > > There is a terrific article in Dr. Dobb's Journal from Feb
> > 2001 which
> > > describes an approach which might be used.
> > >
> > > http://www.ddj.com/documents/s=870/ddj0102a/0102a.htm
> > >
> > >
> > >
> > > Joe Quinn
> > > Data Integration Specialist
> > > The Children's Hospital of Philadelphia
> > > 34th Street & Civic Center Boulevard
> > > Philadelphia, PA 19104-4399
> > > (215) 590-1573
> > > qu...@em... www.chop.edu
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This sf.net email is sponsored by:ThinkGeek
> > > Welcome to geek heaven.
> > > http://thinkgeek.com/sf
> > > _______________________________________________
> > > Hl7api-devel mailing list
> > > Hl7...@li...
> > > https://lists.sourceforge.net/lists/listinfo/hl7api-devel
> >
> >
> > This e-mail may contain confidential and/or privileged information
> > for the sole use of the intended recipient. Any review or
> distribution
> > by anyone other than the person for whom it was originally
> intended is
> > strictly
> > prohibited. If you have received this e-mail in error, please
> > contact the
> > sender and
> > delete all copies. Opinions, conclusions or other information
> > contained in
> > this e-mail may not be that of the organization.
> >
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Hl7api-devel mailing list
> > Hl7...@li...
> > https://lists.sourceforge.net/lists/listinfo/hl7api-devel
> >
>
>
> This e-mail may contain confidential and/or privileged information
> for the sole use of the intended recipient. Any review or distribution
> by anyone other than the person for whom it was originally intended is
> strictly
> prohibited. If you have received this e-mail in error, please
> contact the
> sender and
> delete all copies. Opinions, conclusions or other information
> contained in
> this e-mail may not be that of the organization.
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Hl7api-devel mailing list
> Hl7...@li...
> https://lists.sourceforge.net/lists/listinfo/hl7api-devel
>
This e-mail may contain confidential and/or privileged information
for the sole use of the intended recipient. Any review or distribution
by anyone other than the person for whom it was originally intended is
strictly
prohibited. If you have received this e-mail in error, please contact the
sender and
delete all copies. Opinions, conclusions or other information contained in
this e-mail may not be that of the organization.
|
