-
-
Save albertogviana/f2c625bc8e16b534a78c48ded76d7bba to your computer and use it in GitHub Desktop.
Using Apache MINA to create SSL/TLS connection with client certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import org.apache.mina.filter.ssl.SslFilter; | |
import org.apache.mina.transport.socket.nio.NioSocketConnector; | |
public class TunnelClient{ | |
....... | |
NioSocketConnector nioConnector = new NioSocketConnector(1); | |
nioConnector.setDefaultRemoteAddress(tunnelServerAddress); | |
nioConnector.setHandler(handler); | |
SslFilter sslFilter = new SslFilter(getSSLContext()); | |
sslFilter.setUseClientMode(true); | |
... | |
nioConnector.getFilterChain().addFirst("sslFilter", sslFilter) | |
/** | |
* @return generated SSLContext or <code>null</code> if failed. | |
*/ | |
public SSLContext getSSLContext(){ | |
SSLContext sslContext; | |
try { | |
sslContext = SSLContext.getInstance("TLS"); | |
} catch (NoSuchAlgorithmException ex) { | |
LOG.error("TLS protocol is not defined in the system"); | |
return null; | |
} | |
KeyManager keyManagers[] = null; | |
try{ | |
KeyStore p12 = KeyStore.getInstance("PKCS12"); | |
ByteArrayInputStream bis = new ByteArrayInputStream(/*binary source - file or object*/); | |
//FIXME | |
p12.load(bis, null); | |
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); | |
kmf.init(p12, "".toCharArray()); | |
keyManagers = kmf.getKeyManagers(); | |
}catch(Exception e){ | |
if(LOG.isTraceEnabled()){ | |
LOG.warn("Failed to get keymanager for creating SSL connection", e); | |
}else{ | |
LOG.debug("Failed to get keymanager for creating SSL connection: {}", e.getMessage()); | |
} | |
return null; | |
} | |
try { | |
sslContext.init(keyManagers, getEmptyTrustingManager(), null); | |
return sslContext; | |
} catch (KeyManagementException e) { | |
LOG.error("Failed to initialized TLS context"); | |
LOG.debug("Reason:", e); | |
return null; | |
} | |
/** | |
* @return trustManager trusting everyone—doesn't perform any SSL-certificate checking. | |
*/ | |
public static TrustManager[] getEmptyTrustingManager() { | |
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { | |
@Override | |
public java.security.cert.X509Certificate[] getAcceptedIssuers() { | |
return null; | |
} | |
@Override | |
public void checkClientTrusted(X509Certificate[] certs, String authType) {} | |
@Override | |
public void checkServerTrusted(X509Certificate[] certs, String authType) {} | |
} }; | |
return trustAllCerts; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, you forgot () on line 44