Re: [Simpleweb-Support] SSL problem
Brought to you by:
niallg
Menu
▾
▴
Re: [Simpleweb-Support] SSL problem
|
From: Martin N. <mar...@gm...> - 2005-10-21 10:40:10
|
This is the code.. very ugly and uncommented and horrible, but it hides the ugliness pretty good. You need to put the files from www.stunnel.org (including the ssl dlls) in the same folder as your app. import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.io.OutputStreamWriter; import java.io.Writer; import java.net.InetAddress; import java.net.ServerSocket; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.util.HashMap; import java.util.Iterator; import javax.net.ServerSocketFactory; import javax.net.ssl.KeyManagerFactory; import sun.misc.BASE64Encoder; import sun.reflect.generics.reflectiveObjects.NotImplementedException; public class StunnelServerSocketFactory extends ServerSocketFactory impleme= nts =09=09KeystoreInfo { =09 =09 =09protected String keystore; =09protected String keystorePassword; =09private static HashMap tunnels =3D new HashMap(); =09 =09static { =09=09// Code to shut down STUNNELS when exiting by Ctrl-C or System.exit(.= ..) =09=09Runtime.getRuntime().addShutdownHook(new Thread(new Runnable() { =09=09=09public void run() { =09=09=09=09for(Iterator iter =3D tunnels.values().iterator();iter.hasNext(= );) { =09=09=09=09=09Process pr =3D (Process)iter.next(); =09=09=09=09=09pr.destroy(); =09=09=09=09} =09=09=09} =09=09})); =09=09 =09} =09 =09protected ServerSocket setup(int port, int backlog) throws IOException { =09=09Process pr =3D (Process)tunnels.get(new Integer(port)); =09=09if(pr !=3D null) { =09=09=09pr.destroy(); =09=09} =09=09 =09=09String host =3D InetAddress.getLocalHost().getCanonicalHostName(); =09=09ServerSocket ss =3D ServerSocketFactory.getDefault().createServerSocket(0,backlog,InetAddress.g= etByName("127.0.0.1")); =09=09try { =09=09=09createStunnelKeysAndConfig(keystore,keystorePassword,host,port,ss.= getLocalPort()); =09=09} catch (IOException e) { =09=09=09throw e; =09=09} catch (Exception e) { =09=09=09IOException ioe =3D new IOException(e.getMessage()); =09=09=09ioe.setStackTrace(e.getStackTrace()); =09=09=09throw ioe; =09=09} =09=09ProcessBuilder pbt =3D new ProcessBuilder("stunnel.exe"); =09=09pr =3D pbt.start(); =09=09tunnels.put(new Integer(port),pr); =09=09 =09=09return ss; =09} =09@Override =09public ServerSocket createServerSocket() throws IOException { =09=09throw new NotImplementedException(); =09} =09@Override =09public ServerSocket createServerSocket(int port, int backlog, InetAddress addr) throws IOException { =09=09throw new NotImplementedException(); =09} =09@Override =09public ServerSocket createServerSocket(int port, int backlog) throws IOException { =09=09return setup(port,backlog); =09} =09@Override =09public ServerSocket createServerSocket(int port) throws IOException { =09=09return setup(port,0); =09} =09public void setKeystoreInfo(String keystore, String keystorePassword) { =09=09this.keystore =3D keystore; =09=09this.keystorePassword =3D keystorePassword; =09} =09public StunnelServerSocketFactory() { =09=09super(); =09=09// TODO Auto-generated constructor stub =09} =09public static void createStunnelKeysAndConfig(String ksName, String ksPass, String host, int port, int localport) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException { =09=09char tksPass[] =3D ksPass.toCharArray(); =09=09char tctPass[] =3D ksPass.toCharArray(); =09=09KeyStore ks =3D KeyStore.getInstance("JKS"); =09=09ks.load(new FileInputStream(ksName), tksPass); =09=09KeyManagerFactory kmf =3D KeyManagerFactory.getInstance("SunX509"); =09=09kmf.init(ks, tctPass); =09=09 =09=09BASE64Encoder myB64 =3D new BASE64Encoder(); =09=09 =09=09File certificateFile =3D new File(ksName); =09=09ks.load(new FileInputStream(certificateFile), tksPass); =09 =09=09Certificate cert =3D ks.getCertificate(host); =09=09 =09=09PrivateKey privKey =3D (PrivateKey)ks.getKey(host,tctPass); =09=09 =09=09File fPriv =3D new File("tunpriv.pem"); =09=09File fPub =3D new File("tuncert.pem"); =09=09File fStunnel =3D new File("stunnel.conf"); =09 =09=09Writer w =3D new OutputStreamWriter(new FileOutputStream(fPriv),"asci= i"); =09=09 =09=09 =09=09String b64 =3D myB64.encode(privKey.getEncoded()); =09 =09=09w.write("-----BEGIN PRIVATE KEY-----\n"); =09=09w.write(b64); =09=09w.write("\n"); =09=09w.write("-----END PRIVATE KEY-----\n"); =09=09w.close(); =09=09 =09=09w =3D new OutputStreamWriter(new FileOutputStream(fPub),"ascii"); =09=09b64 =3D myB64.encode(cert.getEncoded()); =09=09w.write("-----BEGIN CERTIFICATE-----\n"); =09=09w.write(b64); =09=09w.write("\n"); =09=09w.write("-----END CERTIFICATE-----\n"); =09=09 =09=09w.close(); =09=09w =3D new OutputStreamWriter(new FileOutputStream(fStunnel),"ascii"); =09=09w.write("cert =3D tuncert.pem\n"); =09=09w.write("key =3D tunpriv.pem\n"); =09=09w.write("socket =3D l:TCP_NODELAY=3D1\n"); =09=09w.write("socket =3D r:TCP_NODELAY=3D1\n"); =09=09w.write("[https]\n"); =09=09w.write("accept =3D "+port+"\n"); =09=09w.write("connect =3D 127.0.0.1:"+localport+"\n"); =09=09w.write("TIMEOUTclose =3D 0\n"); =09=09w.close(); =09=09 =09} =09 } On 10/20/05, Niall Gallagher <gal...@ya...> wrote: > Hi Martin, > > I have never used stunnel, however I would like to > have a peek at what you have done. If thats ok... > > Niall > > --- Martin Norrsken <mar...@gm...> wrote: > > > I now run with stunnel www.stunnel.org, my java app > > autogenerates the > > conf-file at startup and also exports the private > > key and public cert > > from the java keystore for stunnels usage. > > > > Apart from the fact that it's now *working* it's > > also about 20 times faster!!! > > > > If anyone is interested in the strange coding I used > > to start stunnel > > with my java app, feel free to email me. > > > > /Martin > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: > > Power Architecture Resource Center: Free content, > > downloads, discussions, > > and more. > > http://solutions.newsforge.com/ibmarch.tmpl > > _______________________________________________ > > Simpleweb-Support mailing list > > Sim...@li... > > > https://lists.sourceforge.net/lists/listinfo/simpleweb-support > > > > > Niall Gallagher > > > > __________________________________ > Start your day with Yahoo! - Make it your home page! > http://www.yahoo.com/r/hs > > > ------------------------------------------------------- > This SF.Net email is sponsored by: > Power Architecture Resource Center: Free content, downloads, discussions, > and more. http://solutions.newsforge.com/ibmarch.tmpl > _______________________________________________ > Simpleweb-Support mailing list > Sim...@li... > https://lists.sourceforge.net/lists/listinfo/simpleweb-support > |
