Last active
March 6, 2019 13:51
-
-
Save denis-kalinin/6d96d0c9b6dafe8ca354d629429b621f to your computer and use it in GitHub Desktop.
Using Apache MINA to create SSL/TLS connection with client certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import org.apache.mina.filter.ssl.SslFilter; | |
import org.apache.mina.transport.socket.nio.NioSocketConnector; | |
public class TunnelClient{ | |
....... | |
NioSocketConnector nioConnector = new NioSocketConnector(1); | |
nioConnector.setDefaultRemoteAddress(tunnelServerAddress); | |
nioConnector.setHandler(handler); | |
SslFilter sslFilter = new SslFilter(getSSLContext()); | |
sslFilter.setUseClientMode(true); | |
... | |
nioConnector.getFilterChain().addFirst("sslFilter", sslFilter) | |
/** | |
* @return generated SSLContext or <code>null</code> if failed. | |
*/ | |
public SSLContext getSSLContext(){ | |
SSLContext sslContext; | |
try { | |
sslContext = SSLContext.getInstance("TLS"); | |
} catch (NoSuchAlgorithmException ex) { | |
LOG.error("TLS protocol is not defined in the system"); | |
return null; | |
} | |
KeyManager keyManagers[] = null; | |
try{ | |
KeyStore p12 = KeyStore.getInstance("PKCS12"); | |
ByteArrayInputStream bis = new ByteArrayInputStream(/*binary source - file or object*/); | |
//FIXME | |
p12.load(bis, null); | |
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); | |
kmf.init(p12, "".toCharArray()); | |
keyManagers = kmf.getKeyManagers(); | |
}catch(Exception e){ | |
if(LOG.isTraceEnabled()){ | |
LOG.warn("Failed to get keymanager for creating SSL connection", e); | |
}else{ | |
LOG.debug("Failed to get keymanager for creating SSL connection: {}", e.getMessage()); | |
} | |
return null; | |
} | |
try { | |
sslContext.init(keyManagers, getEmptyTrustingManager, null); | |
return sslContext; | |
} catch (KeyManagementException e) { | |
LOG.error("Failed to initialized TLS context"); | |
LOG.debug("Reason:", e); | |
return null; | |
} | |
/** | |
* @return trustManager trusting everyone—doesn't perform any SSL-certificate checking. | |
*/ | |
public static TrustManager[] getEmptyTrustingManager() { | |
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { | |
@Override | |
public java.security.cert.X509Certificate[] getAcceptedIssuers() { | |
return null; | |
} | |
@Override | |
public void checkClientTrusted(X509Certificate[] certs, String authType) {} | |
@Override | |
public void checkServerTrusted(X509Certificate[] certs, String authType) {} | |
} }; | |
return trustAllCerts; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment