Sponsored Links
Java Tip 111: Implement HTTPS tunneling with JSSE
Create your own HTTPS tunneling socket for your Java Secure Socket Extension application
- Feedback
- Discuss
Page 2 of 4
54 SSLSocketFactory factory =
55 (SSLSocketFactory)SSLSocketFactory.getDefault();
56
57 /*
58 * Set up a socket to do tunneling through the proxy.
59 * Start it off as a regular socket, then layer SSL
60 * over the top of it.
61 */
62 tunnelHost = System.getProperty("https.proxyHost");
63 tunnelPort = Integer.getInteger("https.proxyPort").intValue();
64
65 Socket tunnel = new Socket(tunnelHost, tunnelPort);
66 doTunnelHandshake(tunnel, host, port);
67
68 /*
69 * Ok, let's overlay the tunnel socket with SSL.
70 */
71 SSLSocket socket =
72 (SSLSocket)factory.createSocket(tunnel, host, port, true);
73
74 /*
75 * register a callback for handshaking completion event
76 */
77 socket.addHandshakeCompletedListener(
78 new HandshakeCompletedListener() {
79 public void handshakeCompleted(
80 HandshakeCompletedEvent event) {
81 System.out.println("Handshake finished!");
82 System.out.println(
83 "\t CipherSuite:" + event.getCipherSuite());
84 System.out.println(
85 "\t SessionId " + event.getSession());
86 System.out.println(
87 "\t PeerHost " + event.getSession().getPeerHost());
88 }
89 }
90 );
The code had called the SSLSocketFactory's getDefault() method earlier to get an instance of the SSLSocketFactory (line 54, repeated above). Next, it passes the tunneling socket that was created in the previous step to the createSocket() method of the SSLSocketFactory. The createSocket() method returns an SSLSocket that is connected to the destination host and port via the proxy tunnel. You can optionally add a HandshakeCompletedListener to the socket if you wish to be informed when the SSL handshaking is completed.
The SSLSocket created is basically ready for use to transfer secure contents. The startHandshake() method is called to start the SSL handshaking (line 98). After which, you can issue the http "GET" command to retrieve the secure pages (line 105):
91
92 /*
93 * send http request
94 *
95 * See SSLSocketClient.java for more information about why
96 * there is a forced handshake here when using PrintWriters.
97 */
98 socket.startHandshake();
99
100 PrintWriter out = new PrintWriter(
101 new BufferedWriter(
102 new OutputStreamWriter(
103 socket.getOutputStream())));
104
105 out.println("GET http://www.verisign.com/index.html HTTP/1.0");
106 out.println();
107 out.flush();
However, issuing http commands to the tunneling SSL socket to access Webpages is not ideal because it would mean having to rewrite the whole http protocol handler from scratch. Instead, you should use the HTTPS URL APIs that the JSSE already includes for that purpose. To do this, you have to pass the tunneling SSL socket to the HTTPS URL stream handler.
Pass SSL socket to HTTPS URL stream handler
The JSSE library has an HttpsURLConnection class that is in the com.sun.net.ssl package, which extends the java.net.URLConnection class. An HttpsURLConnection object is returned by the URL object's openConnection() method when "HTTPS" is specified as the protocol. The HttpsURLConnection class has a method, setSSLSocketFactory(), that lets you set an SSLSocketFactory of your choice. To pass the tunneling SSL socket to the HTTPS URL stream handler, you would set the setSSLSocketFactory() method's parameter with a socket factory that returns the tunneling SSL socket that you created previously.
- Feedback
Resources
- You can download this tip's source code from
http://www.javaworld.com/javatips/javatip111/Tip111code.zip - You can download and learn more about the JSSE package at Sun's Website
http://java.sun.com/products/jsse/ - Read "Build Secure Network Applications with SSL and the JSSE API," Todd Sundsted (JavaWorld, May 11, 2001)
http://www.javaworld.com/javaworld/jw-05-2001/jw-0511-howto.html - View all previous Java Tips and submit your own
http://www.javaworld.com/javatips/jw-javatips.index.html - For more Intro Level articles, visit JavaWorld's Topical Index
http://www.javaworld.com/javaworld/topicalindex/jw-ti-introlevel.html - For more Java Security articles, visit JavaWorld's Topical Index
http://www.javaworld.com/javaworld/topicalindex/jw-ti-security.html - Learn Java from the ground up in JavaWorld's Java 101 column
http://www.javaworld.com/javaworld/topicalindex/jw-ti-java101.html - Java experts answer your toughest Java questions in JavaWorld's Java Q&A column
http://www.javaworld.com/javaworld/javaqa/javaqa-index.html - Sign up for the JavaWorld This Week free weekly email newsletter to keep up with what's new at JavaWorld, look for it under the IS/IT Management Series
http://reg.itworld.com/cgi-bin/subcontent12.cgi
About Us | Advertise | Contact Us | Terms of Service/Privacy
Copyright, 2006-2008 Network World, Inc. All rights reserved.
Great article, really help-fulBy Anonymous on October 12, 2009, 11:52 pmone whole day i was searching internet for a way dowloading resource via HTTS using proxy and thanks very much and my search ends here. Really great article and...
Reply | Read entire comment
greetingsBy Anonymous on February 27, 2009, 12:35 amI thank you for giving me such a valuable information about http tunneling. This info would be very helpful for me in my college mini project. Keep continuing your...
Reply | Read entire comment
View all comments