Featured White Papers

• Measuring Risk to Improve Java Software Quality
• Do You Really Get Classloaders?
• Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
• Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
• Coding with JRebel, Java Forever Changed
• 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data

Sponsored Links

• Graph databases are 1000x faster than relational.

  Learn More!

• Career opportunities at Harman- Careers That'll Rock Your Socks Off.

  Learn More!

• Developer-friendly Java PDF libraries by Qoppa Software

  Live Demos

• Stop blaming your app! Diagnose Java performance issues.

  Free tool >

• UrbanCode: Go From Continuous Integration to
  Continuous Delivery

  Learn More!

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

Build secure network applications with SSL and the JSSE API

Get started with SSL and JSSE using these two simple apps

By Todd Sundsted, JavaWorld.com, 05/11/01

This month, I will explore SSL as implemented by the JSSE (Java Secure Socket Extension), and show you how to build secure network applications in Java using SSL and JSSE.

Let's begin with a simple demonstration. JSSE provides an SSL toolkit for Java applications. In addition to the necessary classes and interfaces, JSSE provides a handy command-line debugging switch that you can use to watch the SSL protocol in action. In addition to providing useful information for debugging a recalcitrant application, playing with the toolkit is a great way to get your feet wet with SSL and JSSE.

To run the demonstration, you must first compile the following class:

  public
  class Test
  {
    public
    static
    void
    main(String [] arstring)
    {
      try
      {
        new java.net.URL("https://" + arstring[0] + "/").getContent();
      }
      catch (Exception exception)
      {
        exception.printStackTrace();
      }
    }
  }

Next, you need to turn on SSL debugging and run the above application. The application connects to the secure Website that you specify on the command line using the SSL protocol via HTTPS. The first option loads the HTTPS protocol handler. The second option, the debug option, causes the program to print out its behavior. Here's the command (replace <host> with the name of a secure Web server):

  java -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -Djavax.net.debug=ssl Test <host>

You need to install JSSE; refer to Resources if you're unsure how.

Now let's get down to business and talk about SSL and JSSE.

A brief look at SSL

The code in the introduction demonstrates the easiest way to add SSL to your applications -- via the java.net.URL class. This approach is useful, but is not flexible enough to let you create a secure application that uses generic sockets.

Before I show you how to add that flexibility, let's take a quick look at SSL's features.

As its name suggests, SSL aims to provide applications with a secure socketlike toolkit. Ideally, it should be easy to convert an application that uses regular sockets into an application that uses SSL.

SSL addresses three important security issues:

1. It provides authentication, which helps ensure the legitimacy of the entities involved in a dialog.
2. It provides privacy. SSL helps warrant that a third party cannot decipher the dialog between two entities.
3. It maintains integrity. The use of a MAC (message authentication code), which is similar to a checksum, helps guarantee that a dialog between two entities is not modified by a third party.

SSL relies heavily on both public-key and secret-key cryptography. It uses secret-key cryptography to bulk-encrypt the data exchanged between two applications. SSL provides the ideal solution because secret-key algorithms are both secure and fast. Public-key cryptography, which is slower than secret-key cryptography, is a better choice for authentication and key exchange.