I want to load KeyStore certificate from X509Certificate[] object but for now, I just load the certificate from Assets. I don't want to load the certificate from the file but from X509Certificate object. Any solutions?
GetCertificateChain:
private X509Certificate[] GetCertificateChain(string alias)
{
try
{
return KeyChain.GetCertificateChain(this, alias);
}
catch (KeyChainException e)
{
}
return null;
}
Load certificate:
Stream iss = Application.Context.Assets.Open("badssl.com-cuient.p12");
hchandler.SetClientCertificate(iss, "badssl.com".ToCharArray());
private IKeyManager[] GetKeyManagersFromClientCert(Stream pkcs12, char[] password)
{
if (pkcs12 != null)
{
KeyStore keyStore = KeyStore.GetInstance("pkcs12");
keyStore.Load(pkcs12, password);
KeyManagerFactory kmf = KeyManagerFactory.GetInstance("x509");
kmf.Init(keyStore, password);
return kmf.GetKeyManagers();
}
return null;
}
Related
I have my file, key.key which i now used OpenSSL to convert to PKCS8 format, this is the key template
-----BEGIN PRIVATE KEY-----
some letters and numbers
-----END PRIVATE KEY-----
When im trying to load it into my key store as so:
PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(privateKeyBytes));
I get the Error
com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: Error parsing private key
(im using OkHttpChannel builder and Conscrypt as a security provider).
I tried changing the key's format, which is why it is now in PKCS8 since iv'e read its the eaziest one for android java to read.
Update::
Even after loading the key and the two certificates i still get the
------------------Untrusted chain: ---------------------- error, any help ?
The code used:
private static byte[] getBytesFromInputStream(InputStream is) throws IOException {
ByteArrayOutputStream os = new ByteArrayOutputStream();
byte[] buffer = new byte[0xFFFF];
for (int len = is.read(buffer); len != -1; len = is.read(buffer)) {
os.write(buffer, 0, len);
}
return os.toByteArray();
}
// build a key store from a set of raw certificates
private static KeyStore createKeyStore(Resources resources, int certsId, boolean ca) {
KeyStore ks = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
if (ca) {
ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null);
InputStream certIS = resources.openRawResource(R.raw.ca_crt);
X509Certificate cert = (X509Certificate) cf.generateCertificate(certIS);
ks.setCertificateEntry("ca", cert);
} else {
ks = KeyStore.getInstance("AndroidKeyStore");
ks.load(null, null);
InputStream certIS = resources.openRawResource(R.raw.client_crt);
Certificate cert = cf.generateCertificate(certIS);
InputStream privateKeyIS = resources.openRawResource(R.raw.client_pkcs8);
byte[] privateKeyBytes = RNGrpcChannelBuilder.getBytesFromInputStream(privateKeyIS);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(privateKeyBytes));
Certificate[] certChain = new Certificate[1];
certChain[0] = cert;
ks.setKeyEntry("client", privateKey, null, certChain);
}
} catch (Exception e) {
throw new RuntimeException(e);
}
return ks;
}
public static ManagedChannel build(String host, int port, Resources resources,
#Nullable String serverHostOverride) {
KeyStore ca = RNGrpcChannelBuilder.createKeyStore(resources, R.array.certs, true);
KeyStore client = RNGrpcChannelBuilder.createKeyStore(resources, R.array.certs, false);
OkHttpChannelBuilder channelBuilder =
OkHttpChannelBuilder.forAddress(host, port);
if (serverHostOverride != null) {
// Force the hostname to match the cert the server uses.
channelBuilder.overrideAuthority(serverHostOverride);
}
try {
channelBuilder.negotiationType(io.grpc.okhttp.NegotiationType.TLS);
channelBuilder.useTransportSecurity();
channelBuilder.sslSocketFactory(getSslSocketFactory(ca, client));
} catch (Exception e) {
throw new RuntimeException(e);
}
return channelBuilder.build();
}
private static SSLSocketFactory getSslSocketFactory(KeyStore ca, KeyStore client)
throws Exception {
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
String password = "";
kmf.init(client, password.toCharArray());
// initialize trust manager factor from certs keystore
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ca);
// initialize SSL context from trust manager factory
SSLContext context = SSLContext.getInstance("TLS");
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
// return socket factory from the SSL context
return context.getSocketFactory();
}
I need to call soap web services from java so i'm using ".p12" file for authentication. I'm using the same file in soap ui there it is working fine but in java it is giving SSL error.. how to link p12 file for authentication using ssl from java..
public static void setUp() {
System.setProperty("javax.net.ssl.keyStore", "ex.p12");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
}
private static void initSSLFactories() {
final String KEYSTOREPATH = "ex.p12";
final char[] KEYSTOREPASS = "ff".toCharArray();
final char[] KEYPASS = "ff".toCharArray();
//ssl config
try (InputStream storeStream = FirstTest.class.getResourceAsStream(KEYSTOREPATH)) {
setSSLFactories(storeStream, "PKCS12", KEYSTOREPASS, KEYPASS);
} catch (Exception e) {
e.printStackTrace();
}
}
private static void setSSLFactories(InputStream keyStream, String keystoreType, char[] keyStorePassword, char[] keyPassword) throws Exception
{
KeyStore keyStore = KeyStore.getInstance(keystoreType);
keyStore.load(keyStream, keyStorePassword);
KeyManagerFactory keyFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, keyPassword);
KeyManager[] keyManagers = keyFactory.getKeyManagers();
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyManagers, null, null);
SSLContext.setDefault(sslContext);
}
You can create a client something like this:
public Client getClient() {
SslConfigurator sslConfig = SslConfigurator
.newInstance()
.trustStoreFile(TRUST_STORE_FILE_PATH) //The key-store file where the certificate is saved.
.trustStorePassword(TRUST_STORE_PASSWORD_PATH);//password of the key-store file.
SSLContext sslContext = sslConfig.createSSLContext();
Client client = ClientBuilder.newBuilder().sslContext(sslContext).build();
return client;
}
I've already saw this question: Need to do a GET&POST HTTPS Request using a .cer certificate
Mine is quite different:
It is possible to make an HTTPS request using Java (vanilla, or using any library), trusting a server certificate and providing a client certificate, without using a keystore but using plain certificates?
I have both certs in X.509 format, and I don't want to have every certificate in a keystore.
This is a rough example. Represents the X509KeyManager decorator.
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(null, null);
X509KeyManager manager = (X509KeyManager) kmf.getKeyManagers()[0];
KeyManager km = new X509KeyManager() {
#Override
public String[] getClientAliases(String s, Principal[] principals) {
return manager.getServerAliases(s, principals);
}
#Override
public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
return manager.chooseClientAlias(strings, principals, socket);
}
#Override
public String[] getServerAliases(String s, Principal[] principals) {
return manager.getServerAliases(s, principals);
}
#Override
public String chooseServerAlias(String s, Principal[] principals, Socket socket) {
return manager.chooseServerAlias(s, principals, socket);
}
#Override
public X509Certificate[] getCertificateChain(String s) {
// You can use `s` to select the appropriate file
try {
File file = new File("path to certificate");
try(InputStream is = new FileInputStream(file)) {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
return new X509Certificate[] {
(X509Certificate) factory.generateCertificate(is)
};
}
}
catch (CertificateException| IOException e) {
e.printStackTrace();
}
return null;
}
#Override
public PrivateKey getPrivateKey(String s) {
// You can use `s` to select the appropriate file
// load and private key from selected certificate
// this use for certificate authorisation
try {
File file = new File("private key file");
byte buffer[] = Files.readAllBytes(file.toPath());
KeySpec keySpec = new PKCS8EncodedKeySpec(buffer);
KeyFactory factory = KeyFactory.getInstance("RSA");
return factory.generatePrivate(keySpec);
}
catch (NoSuchAlgorithmException | IOException | InvalidKeySpecException e) {
e.printStackTrace();
}
return null;
}
};
TrustManager tm = new X509TrustManager() {
#Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
#Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
#Override
public X509Certificate[] getAcceptedIssuers() {
try {
File file = new File("path to certificate");
try(InputStream is = new FileInputStream(file)) {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
return new X509Certificate[] {
(X509Certificate) factory.generateCertificate(is)
};
}
}
catch (CertificateException| IOException e) {
e.printStackTrace();
}
return null;
}
};
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init((KeyStore)null); //use java system trust certificates
TrustManager managers[] = new TrustManager[tmf.getTrustManagers().length + 1];
System.arraycopy(tmf.getTrustManagers(), 0, managers, 0, tmf.getTrustManagers().length);
managers[managers.length - 1] = tm;
SSLContext context = SSLContext.getInstance("TLS");
context.init(new KeyManager[]{ km }, managers, new SecureRandom());
URL url = new URL("https://............/");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setSSLSocketFactory(connection.getSSLSocketFactory());
connection.connect();
If you really don't want to create a new keystore file, then can use KeyStore API to create in memory and load certificate directly.
InputStream is = new FileInputStream("somecert.cer");
// You could get a resource as a stream instead.
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate caCert = (X509Certificate)cf.generateCertificate(is);
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null); // You don't need the KeyStore instance to come from a file.
ks.setCertificateEntry("caCert", caCert);
tmf.init(ks);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
Alternatively, if you want to avoid modifying your default cacerts file, then you'll need to implement your own TrustManager. However a TrustManager needs a keystore to load, so you can either create a new keystore file importing just your certificate.
keytool -import -alias ca -file somecert.cer -keystore truststore.jks -storepass changeit
And use something like following snippet to load the keystore file.
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
// Using null here initialises the TMF with the default trust store.
tmf.init((KeyStore) null);
// Get hold of the default trust manager
X509TrustManager defaultTm = null;
for (TrustManager tm : tmf.getTrustManagers()) {
if (tm instanceof X509TrustManager) {
defaultTm = (X509TrustManager) tm;
break;
}
}
FileInputStream myKeys = new FileInputStream("truststore.jks");
// Do the same with your trust store this time
// Adapt how you load the keystore to your needs
KeyStore myTrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
myTrustStore.load(myKeys, "password".toCharArray());
myKeys.close();
tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(myTrustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
I'm making a custom HTTP/1.1 server implementation in Java. It's working fine in HTTP mode, but I also want to support HTTPS. I haven't generated a certificate for the server yet, but it should at least be trying to connect. I set the protocol and cipher suite to the same settings as google.com (TLS 1.2, ECDHE_RSA, AES_128_GCM), so I know Chrome supports them.
But when I try to connect to https://localhost in Chrome, it gives ERR_SSL_VERSION_OR_CIPHER_MISMATCH (localhost uses an unsupported protocol) error. On the Java side, I get "no cipher suites in common" error.
Java Code:
public class Server {
private final String dir;
private final ServerSocket server;
private final SSLServerSocket sslServer;
public static String jarDir() {
String uri = ClassLoader.getSystemClassLoader().getResource(".").getPath();
try { return new File(URLDecoder.decode(uri,"UTF-8")).getPath()+File.separator; }
catch (Exception e) { return null; }
}
private static SSLContext createSSLContext(String cert, char[] pass) throws Exception {
/*//Load KeyStore in JKS format:
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(new FileInputStream(cert), pass);
//Create key manager:
KeyManagerFactory kmFactory = KeyManagerFactory.getInstance("SunX509");
kmFactory.init(keyStore, pass); KeyManager[] km = kmFactory.getKeyManagers();
//Create trust manager:
TrustManagerFactory tmFactory = TrustManagerFactory.getInstance("SunX509");
tmFactory.init(keyStore); TrustManager[] tm = tmFactory.getTrustManagers();
//Create SSLContext with protocol:
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
ctx.init(km, tm, null); return ctx;*/
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
ctx.init(null, null, null); return ctx;
}
Server(String localPath, int port) throws Exception {
this(localPath, port, 0);
}
//Server is being initialized with:
//new Server("root", 80, 443);
Server(String localPath, int port, int httpsPort) throws Exception {
dir = localPath; File fdir = new File(jarDir(), dir);
if(!fdir.isDirectory()) throw new Exception("No such directory '"+fdir.getAbsolutePath()+"'!");
//Init Server:
server = new ServerSocket(port);
if(httpsPort > 0) {
SSLContext ctx = createSSLContext("cert.jks", "pass".toCharArray());
sslServer = (SSLServerSocket)ctx.getServerSocketFactory().createServerSocket(httpsPort);
//TLS_DH_anon_WITH_AES_128_GCM_SHA256
sslServer.setEnabledCipherSuites(new String[]{"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"});
sslServer.setEnabledProtocols(new String[]{"TLSv1.2"});
//Also does not work, same error:
//sslServer.setEnabledCipherSuites(sslServer.getSupportedCipherSuites());
//sslServer.setEnabledProtocols(sslServer.getSupportedProtocols());
} else sslServer = null;
/*new Thread(() -> { while(true) try {
new HTTPSocket(server.accept(), this);
} catch(Exception e) { Main.err("HTTP Server Error",e); }}).start();*/
if(httpsPort > 0) new Thread(() -> { while(true) try {
new HTTPSocket(sslServer.accept(), this);
} catch(Exception e) { Main.err("HTTPS Server Error",e); }}).start();
}
/* ... Other Stuff ... */
}
EDIT: I generated a certificate using keytool -genkey -keyalg RSA -alias selfsigned -keystore cert.jks -storepass password -validity 360 -keysize 2048, but now Java throws Keystore was tampered with, or password was incorrect error.
Like I said in the comments, using "password" in keyStore.load solved the issue.
private static SSLContext createSSLContext(String cert, char[] pass) throws Exception {
//Load KeyStore in JKS format:
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(new FileInputStream(cert), "password".toCharArray());
//Create key manager:
KeyManagerFactory kmFactory = KeyManagerFactory.getInstance("SunX509");
kmFactory.init(keyStore, pass); KeyManager[] km = kmFactory.getKeyManagers();
//Create trust manager:
TrustManagerFactory tmFactory = TrustManagerFactory.getInstance("SunX509");
tmFactory.init(keyStore); TrustManager[] tm = tmFactory.getTrustManagers();
//Create SSLContext with protocol:
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
ctx.init(km, tm, null); return ctx;
}
I'm writing a Client Server application with RMI and I want to secure the traffic between Client and Server. I want to use the SslRMIClientSocketFactory and SslRMIServerSocketFactory for this.
I've created a keypair for the Client and for the Server (client.private and server.private) and also a certificate for the Client and for the Server (client.public and server.public).
I think I'm correctly adding the keypair to the keystore and the certificate to the truststore. I only use the custom Socket Factory's when exporting my objects, not when I'm creating the RMI Registry. Here's my code:
Server:
public class Server implements ServerProtocol {
public Server() {
super();
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.public");
String passphrase = //
clientKeyStore.load(client, passphrase.toCharArray());
client.close();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.private");
String password = //
serverKeyStore.load(server, password.toCharArray());
server.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(clientKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(serverKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(null, null, true);
LocateRegistry.createRegistry(2020).rebind("server", this);
UnicastRemoteObject.exportObject(this, 2020, csf, ssf);
}
public void sayHello() {
System.out.println("Hello");
}
}
Client:
public class Client implements ClientProtocol {
public Client() {
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.public");
String passphrase = //
serverKeyStore.load(server, passphrase.toCharArray());
server.close();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.private");
String password = //
clientKeyStore.load(client, password.toCharArray());
client.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(serverKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(clientKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(null, null, true);
Registry reg = LocateRegistry.getRegistry("localhost", 2020);
serverStub = (ServerService) reg.lookup("server");
stub = (ClientService) UnicastRemoteObject.exportObject(this, 2020, csf, ssf);
serverStub.sayHello();
}
}
When I run this, I get the following error message:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.DataOutputStream.flush(DataOutputStream.java:106)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:211)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:110)
at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:178)
at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:132)
at com.sun.proxy.$Proxy0.sayHello(Unknown Source)
at project.Client.<init>(Client.java:100)
at project.Client.main(Client.java:785)
I used the following commands to create the keys, export and import them:
keytool -genkey -alias clientprivate -keystore client.private -storetype JKS -keyalg rsa -storepass * -keypass * -validity 360
keytool -genkey -alias serverprivate -keystore server.private -storetype JKS -keyalg rsa -storepass * -keypass * -validity 360
keytool -export -alias clientprivate -keystore client.private -file temp.key -storepass *
keytool -import -noprompt -alias clientpublic -keystore client.public -file temp.key -storepass *
keytool -export -alias serverprivate -keystore server.private -file temp.key -storepass *
keytool -import -noprompt -alias serverpublic -keystore server.public -file temp.key -storepass *
Do I need to configure something else to make this work? Something in Eclipse?
You're creating the Registry with SSL socket factories but you're not supplying a socket factory to getRegistry().
I was able to solve this by avoiding the build-in Java classes SslRMIClientSocketFactory and SslRMIServerSocketFactory and creating my own classes which implement the RMIClientSocketFactory and RMIServerSocketFactory interfaces.
RMIClientSocketFactory
public class MyClientSocketFactory implements RMIClientSocketFactory, Serializable {
public MyClientSocketFactory() {}
public Socket createSocket(String host, int port) {
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.public");
String passphrase = //
serverKeyStore.load(server, passphrase.toCharArray());
server.close();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.private");
String password = //
clientKeyStore.load(client, password.toCharArray());
client.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(serverKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(clientKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SSLSocketFactory sf = SSLC.getSocketFactory();
SSLSocket socket = (SSLSocket) sf.createSocket(host, port);
return socket;
}
public int hashCode() {
return getClass().hashCode();
}
public boolean equals(Object obj) {
if (obj == this) {
return true;
} else if (obj == null || getClass() != obj.getClass()) {
return false;
}
return true;
}
}
RMIServerSocketFactory
public class MyServerSocketFactory implements RMIClientSocketFactory, Serializable {
public MyServerSocketFactory() {}
public Socket createSocket(String host, int port) {
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.public");
String passphrase = //
clientKeyStore.load(client, passphrase.toCharArray());
client.close();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.private");
String password = //
serverKeyStore.load(server, password.toCharArray());
server.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(serverKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(clientKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SSLServerSocketFactory sf = SSLC.getServerSocketFactory();
SSLServerSocket socket = (SSLServerSocket) sf.createServerSocket(host, port);
return socket;
}
public int hashCode() {
return getClass().hashCode();
}
public boolean equals(Object obj) {
if (obj == this) {
return true;
} else if (obj == null || getClass() != obj.getClass()) {
return false;
}
return true;
}
}