Hello Alexey!
Thank you!
I don"t prefer to use the GrizzlyWebServer, because it would not work out
with another port I"m runnning at the same time using a custom protocol (not
HTTP based).
I"m trying to do it like I posted below, but it doesn"t connect... I don"t
know why...
I get an error: com.sun.grizzly.DefaultCallbackHandler onConnect
SEVERE: Connection refused
Do you know what is wrong?
public void setUp() {
sslConfig = new SSLConfig();
URL cacertsUrl =
getClass().getClassLoader().getResource("ssltest-cacert.jks");
if (cacertsUrl != null) {
sslConfig.setTrustStoreFile(cacertsUrl.getFile());
System.out.println("truststore file has been set");
} else {
System.out.println("Couldn't find the truststore file");
}
//he keystore will be used for encrypting/signing some thing with
your private key
URL keystoreUrl =
getClass().getClassLoader().getResource("ssltest-keystore.jks");
if (keystoreUrl != null) {
sslConfig.setKeyStoreFile(keystoreUrl.getFile());
System.out.println("keystoreUrl file has been set");
} else {
System.out.println("Couldn't find the keystore");
}
SSLConfig.DEFAULT_CONFIG = sslConfig;
final Controller controller =
createSSLController(SSLConfig.DEFAULT_CONFIG.createSSLContext());
try {
controller.start();
} catch (IOException ex) {
Logger.getLogger(SSLConnectionTest.class.getName()).log(Level.SEVERE, "the
SSL controller couldn't not been started", ex);
}
}
private Controller createSSLController(SSLContext sslContext) {
System.out.println("readfilter");
final SSLReadFilter readFilter = new SSLReadFilter();
readFilter.setSSLContext(sslContext);
final ProtocolFilter asciiCommandParser = new
AsciiCommandProtocolParserFilter();
final ProtocolFilter genericProtocolFilter = new
RequestControllerFilter();
final ProtocolFilter genericDoor = new GenericDoor();
SSLSelectorHandler selectorHandler = new SSLSelectorHandler();
selectorHandler.setPort(PORT);
final Controller controller = new Controller();
controller.setSelectorHandler(selectorHandler);
controller.setHandleReadWriteConcurrently(false);
final SSLConnectorHandler sslConnector = new SSLConnectorHandler();
try {
sslConnector.connect(new InetSocketAddress("localhost", PORT));
} catch (IOException ex) {
Logger.getLogger(SSLConnectionTest.class.getName()).log(Level.SEVERE,
"cannot connect", ex);
}
controller.setProtocolChainInstanceHandler(new
DefaultProtocolChainInstanceHandler() {
@Override
public ProtocolChain poll() {
ProtocolChain protocolChain = protocolChains.poll();
if (protocolChain == null) {
protocolChain = new DefaultProtocolChain();
System.out.println("readfilter");
protocolChain.addFilter(readFilter);
System.out.println("asciiCommandParser");
protocolChain.addFilter(parser);
protocolChain.addFilter(HttpFilter);
protocolChain.addFilter(processRequestFilter);
}
return protocolChain;
}
});
return controller;
}
Oleksiy Stashok wrote:
>
>>
>> I"d like to have HTTPS.
> You can take a look at any GrizzlyWebServer example like here [1], but
> you need to configure GrizzlyWebServer to work in secure mode.
> GrizzlyWebServer ws = new GrizzlyWebServer(8080, "/", true);
>
> and then provide SSL configuration:
>
> ws.setSSLConfig(config);
>
>
> Here is the code snippet I took from one of our unit tests, which
> configures SSLConfig:
>
> SSLConfig sslConfig = new SSLConfig();
> ClassLoader cl = getClass().getClassLoader();
> // override system properties
> URL cacertsUrl = cl.getResource("ssltest-cacerts.jks");
> String trustStoreFile = new
> File(cacertsUrl.toURI()).getAbsolutePath();
> if (cacertsUrl != null) {
> sslConfig.setTrustStoreFile(trustStoreFile);
> sslConfig.setTrustStorePass("changeit");
> }
>
> logger.log(Level.INFO, "SSL certs path: " + trustStoreFile);
>
> // override system properties
> URL keystoreUrl = cl.getResource("ssltest-keystore.jks");
> String keyStoreFile = new
> File(keystoreUrl.toURI()).getAbsolutePath();
> if (keystoreUrl != null) {
> sslConfig.setKeyStoreFile(keyStoreFile);
> sslConfig.setKeyStorePass("changeit");
> }
>
> logger.log(Level.INFO, "SSL keystore path: " + keyStoreFile);
>
> It's just to give you an idea what is SSLConfig :)
>
> Hope this will help.
>
> If you have more questions - please ask.
>
> WBR,
> Alexey.
>
>
> [1]
> http://weblogs.java.net/blog/jfarcand/archive/2008/07/extending_the_g.html
>>
>> regards,
>> alaska
>>
>>
>>
>> Oleksiy Stashok wrote:
>>>
>>> Hi Alaska,
>>>
>>>> Thank you! It is exactly what I"m looking for!
>>>>
>>>> Do you have an example how to build an SSL Layer properly?
>>> It depends what are you looking for :)
>>> Do you plan to use HTTPS or some custom protocol, built on top of
>>> ProtocolParser or something else?
>>>
>>> WBR,
>>> Alexey.
>>>
>>>>
>>>> regards,
>>>> alaska
>>>>
>>>>
>>>>
>>>> Oleksiy Stashok wrote:
>>>>>
>>>>> Hi alaska,
>>>>>
>>>>>
>>>>>> I"d like to build an SSL layer using the certificate stored
>>>>>> already
>>>>>> in the
>>>>>> browser (cert.p12).
>>>>> this is done, right?
>>>>>
>>>>>> And than I"d like to get a SubjectDN from the certificate.
>>>>>> How could I implement it?
>>>>> In the filter next to SSLReadFilter you can ask for SSLEngine:
>>>>> SSLEngine engine = ((WorkerThread)
>>>>> Thread.currentThread()).getSSLEngine();
>>>>>
>>>>> then get SSLSession:
>>>>>
>>>>> SSLSession session = engine.getSession();
>>>>>
>>>>> then from the session you can retrieve the SSL properties you may
>>>>> want.
>>>>>
>>>>> WBR,
>>>>> Alexey.
>>>>>
>>>>>>
>>>>>> Thank you very much,
>>>>>> alaska:)
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://www.nabble.com/Writting-an-Grizzly-SSL-layer-tp24828035p24828035.html
>>>>>> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>>>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/Writting-an-Grizzly-SSL-layer-tp24828035p24841162.html
>>>> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Writting-an-Grizzly-SSL-layer-tp24828035p24845417.html
>> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>
>
>
>
--
View this message in context: http://www.nabble.com/Writting-an-Grizzly-SSL-layer-tp24828035p24846159.html
Sent from the Grizzly - Users mailing list archive at Nabble.com.