Sponsored Links
Java Tip 111: Implement HTTPS tunneling with JSSE
Create your own HTTPS tunneling socket for your Java Secure Socket Extension application
- Feedback
- Discuss
Page 3 of 4
To do this, you would wrap the code discussed previously in an SSLTunnelSocketFactory class that extends from the SSLSocketFactory class. The SSLSocketFactory is an abstract class. To extend it, you must implement the createSocket() method to return the tunneling SSL socket that you created earlier:
12 public SSLTunnelSocketFactory(String proxyhost, String proxyport){
13 tunnelHost = proxyhost;
14 tunnelPort = Integer.parseInt(proxyport);
15 dfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
16 }
.
.
.
44 public Socket createSocket(Socket s, String host, int port,
45 boolean autoClose)
46 throws IOException,UnknownHostException
47 {
48
49 Socket tunnel = new Socket(tunnelHost,tunnelPort);
50
51 doTunnelHandshake(tunnel,host,port);
52
53 SSLSocket result = (SSLSocket)dfactory.createSocket(
54 tunnel,host,port,autoClose);
55
56 result.addHandshakeCompletedListener(
57 new HandshakeCompletedListener() {
58 public void handshakeCompleted(HandshakeCompletedEvent event) {
59 System.out.println("Handshake finished!");
60 System.out.println(
61 "\t CipherSuite:" + event.getCipherSuite());
62 System.out.println(
63 "\t SessionId " + event.getSession());
64 System.out.println(
65 "\t PeerHost " + event.getSession().getPeerHost());
66 }
67 }
68 );
69
70 result.startHandshake();
71
72 return result;
73 }
Notice that the SSLTunnelSocketFactory contains a default SSLSocketFactory object. The default SSLSocketFactory object can be instantiated from a call to the static method getDefault() (line 15). You need this SSLSocketFactory object to overlay the tunnel socket with the SSL socket, as discussed earlier. You also call the default object's getDefaultCipherSuites() and getSupportedCipherSuites() methods when implementing the corresponding abstract methods of the SSLSocketFactory super class. For implementation details, please refer to the complete source code for the SSLTunnelSocketFactory in Resources.
Tunnel through the proxy via URLConnection
To tunnel through the proxy via URLConnection in your JSSE application, after you call the openConnection() method, check if the returned object is that of the HttpsURLConnection. If so, you instantiate your SSLTunnelSocketFactory object and set it in the setSSLSocketFactory() method (lines 22 through 25):
10 public class URLTunnelReader {
11 private final static String proxyHost = "proxy.sg.ibm.com";
12 private final static String proxyPort = "80";
13
14 public static void main(String[] args) throws Exception {
15 System.setProperty("java.protocol.handler.pkgs",
16 "com.sun.net.ssl.internal.www.protocol");
17 //System.setProperty("https.proxyHost",proxyHost);
18 //System.setProperty("https.proxyPort",proxyPort);
19
20 URL verisign = new URL("https://www.verisign.com");
21 URLConnection urlc = verisign.openConnection(); //from secure site
22 if(urlc instanceof com.sun.net.ssl.HttpsURLConnection){
23 ((com.sun.net.ssl.HttpsURLConnection)urlc).setSSLSocketFactory
24 (new SSLTunnelSocketFactory(proxyHost,proxyPort));
25 }
26
27 BufferedReader in = new BufferedReader(
28 new InputStreamReader(
29 urlc.getInputStream()));
30
31 String inputLine;
32
33 while ((inputLine = in.readLine()) != null)
34 System.out.println(inputLine);
35
36 in.close();
37 }
38 }
You can then access the HTTPS URLs using the APIs provided by the URLConnection class. You don't need to worry about the format of the http GET and POST commands, which you would if you used the SSL Socket APIs.
- Feedback
Resources
- You can download this tip's source code from
http://www.javaworld.com/javatips/javatip111/Tip111code.zip - You can download and learn more about the JSSE package at Sun's Website
http://java.sun.com/products/jsse/ - Read "Build Secure Network Applications with SSL and the JSSE API," Todd Sundsted (JavaWorld, May 11, 2001)
http://www.javaworld.com/javaworld/jw-05-2001/jw-0511-howto.html - View all previous Java Tips and submit your own
http://www.javaworld.com/javatips/jw-javatips.index.html - For more Intro Level articles, visit JavaWorld's Topical Index
http://www.javaworld.com/javaworld/topicalindex/jw-ti-introlevel.html - For more Java Security articles, visit JavaWorld's Topical Index
http://www.javaworld.com/javaworld/topicalindex/jw-ti-security.html - Learn Java from the ground up in JavaWorld's Java 101 column
http://www.javaworld.com/javaworld/topicalindex/jw-ti-java101.html - Java experts answer your toughest Java questions in JavaWorld's Java Q&A column
http://www.javaworld.com/javaworld/javaqa/javaqa-index.html - Sign up for the JavaWorld This Week free weekly email newsletter to keep up with what's new at JavaWorld, look for it under the IS/IT Management Series
http://reg.itworld.com/cgi-bin/subcontent12.cgi
About Us | Advertise | Contact Us | Terms of Service/Privacy
Copyright, 2006-2008 Network World, Inc. All rights reserved.
Great article, really help-fulBy Anonymous on October 12, 2009, 11:52 pmone whole day i was searching internet for a way dowloading resource via HTTS using proxy and thanks very much and my search ends here. Really great article and...
Reply | Read entire comment
greetingsBy Anonymous on February 27, 2009, 12:35 amI thank you for giving me such a valuable information about http tunneling. This info would be very helpful for me in my college mini project. Keep continuing your...
Reply | Read entire comment
View all comments