This library provides an API for creating basic SSL/TLS connections with standard Java Secure Socket Extension, JSSE. The Library is implemented in Kotlin and is also supposed to be used with Java in feature versions. The Kotlin API is implemented with a "type-safe builder" approach, which is quite popular in the Groovy community.
Disclaimer: The current Version is not optimized for Java yet
If you also find it hard to use the complex JSSE structure to create your SSL sockets, which also generates lots of boilerplate when used directly, this tool is what you’ve been looking for.
The library provides means for creating SSLSocketFactories
that can be used for most use cases where TLS/SSL connections are required. It’s also supposed to provide usage examples and even sample implementations like SSL enabled servers, Apache Http Clients, etc. you can use directly in your application.
In the following you can see some basic examples of using the Kotlin DSL for setting up ssl-(server)-socket-factories.
val fac = createSocketFactory {
keyManager {
open("certsandstores/clientkeystore") withPass "123456" ofType "jks"
}
trustManager {
open("certsandstores/myTruststore") withPass "123456" ofType "jks"
}
sockets {
cipherSuites = listOf("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA")
timeout = 10_000
}
}
val socket = fac.createSocket("192.168.3.10", 443)
TLS/SSL are cryptographic protocols used to encrypt computer network communication.
a) Server is authenticated by the client only
b) Client is authenticated by server additionally to a) (Mutual Authentication)
Contains private key(s) and certificate(s) used by TLS/SSL servers/clients to authenticate themselves to the other party.
Contains certificates of trusted servers/clients or trusted CAs, no key(s) contained.
See this tutorial for more details: https://docs.oracle.com/cd/E19509-01/820-3503/6nf1il6er/
-
Create PrivateKey: keytool -keystore clientkeystore -genkey -alias client Create Certificate signing request: keytool -keystore clientkeystore -certreq -alias client -keyalg rsa -file client.csr
-
Sign the CSR: openssl x509 -req -CA ca-certificate.pem.txt -CAkey ca-key.pem.txt -in client.csr -out client.cer -days 365 -CAcreateserial
-
keytool -import -keystore clientkeystore -file ca-certificate.pem.txt
-
keytool –import –keystore clientkeystore –file client.cer –alias client -alias theCARoot