Novell is now a part of Micro Focus

Converting a Sockets-Based Server Application to Use SSL

Articles and Tips: tip

Kevin Burnett
Senior Research Engineer
Novell AppNotes
kburnett@novell.com

01 Feb 2003


The following shows how to convert a sockets-based server and client application to a set that uses SSL. An application that is written to use plain Java sockets can be converted to use SSL sockets with only minimal change to the socket creation code. This is possible since the Java sockets APIs have been designed to encapsulate all the functionality needed to send data from a server to a client via sockets.

Replacing regular sockets APIs with SSL sockets APIs is all that is needed to take advantage of SSL encryption technology. Typical server socket creation code looks like this:

ServerSocket   listen_socket;
listen_socket = new ServerSocket(port);

This code would translate to the following code in order to use the default Novell SSL provider (certificate) for the secure socket:

ServerSocket   listen_socket;
listen_socket =  SecureServerSocketFactory.getDefault().createServerSocket(port);

Additionally, you will need to add an import the references the class path in the Novell SSL provider. The typical server socket creation code import statement looks like this:

import java.net.*;

The import file required to use the Novell SSL provider looks like this:

import com.novell.service.security.net.*;

For more about the Java sockets programming, see the Java SDK documentation at http://java.sun.com. For more about programming to the Java SSL NDK, see http://developer.novell.com\ndk\jssl.htm.

Programming the SSL Server Code

The objectives of this part are to look at some sample Java server code, identify the socket creation and manipulation APIs and replace those APIs with appropriate SSL APIs in order to make the Java Server SSL compatible.

Since a prerequisite for this tip is an understanding of the Java programming language and familiarity with Java sockets programming, a detailed explanation of Java sockets programming will not be given. Additional information about Java sockets programming, including the APIs, can be found at Sun's Web site http://java.sun.com.

Perform the following to convert the SSL server application from using regular Java socket APIs to use SSL APIs:

  1. Open the server application, server.java, using Notepad on your Windows NT workstation, or your favorite ASCII compatible editor. Server.java is located in the SSL_Course\SSL_Server\ subdirectory:

  2. Locate the line of code used to create the new socket. This socket creation code will have the form of:

    ServerSocket servSock = new
                    ServerSocket(port)
  3. Note the location of the code. The Java SSL NDK documentation will be needed for this step. The documentation needs to be unpacked before it can be used. See "Unpacking the Java SSL NDK Documentation" to learn how to unpack the documentation.

  4. Navigate to the C:\Novell\Java\Ssl\jdk_1.1\JDK_1.1_Version\doc directory.

  5. Double-click on the index.html file to bring up the Novell Java Class Libraries for Secure Socket Layer (SSL) documentation.

  6. Click on View the API documentation . This will bring up the SSL API documentation.

  7. Review the SecureServerSocketFactory section of the API documentation, paying particular attention to the SecureServerSocketFactory getDefault() method and SecureServerSocketFactory createServerSocket() method.

  8. Comment-out the Java socket creation code. Add new code to create an SSL socket using the Novell (default) SSL provider (key-pair). If you need help, see "Solution--Server SSL Application" for the solution.

  9. At the very beginning of Server.java, locate the Imports section. Add an import with the class path.

    import com.novell.service.security.net.*;
  10. Review the SecureServerSocketFactory section of the API documentation, paying particular attention to Import information. For the solution, see "Solution --Server SSL Application".

  11. With these two changes made, the server SSL application is ready to be compiled and tested.

Converting a Sockets-Based Client to an SSL-Based Client

An application that is written to plain Java sockets can be converted to use SSL sockets with only a minimal change to the socket creation code. This is feasible since the Java sockets APIs have been designed to encapsulate all the functionality needed to send data from a client to a server via sockets.

Replacing regular sockets APIs with SSL sockets APIs is all that is needed to take advantage of SSL encryption technology. Typical client socket creation code looks like this:

Socket   socket;
socket = new Socket(serverIPAddress, port);

This code would translate to the following code in order to use the default Novell SSL provider (key-pair) for the secure socket:

Socket socket;
socket = SecureSocketFactory.getDefault().createSocket(serverIPAddress, port);

Additionally, you will need to add an import that references the class path in the Novell SSL provider. The typical client socket creation code import statement looks like this:

import java.net.*;

The import file required to use the Novell SSL provider looks like this:

import com.novell.service.security.net.*;

For more details about the Java sockets programming, see the Java SDK documentation. For more details about programming to the Java SSL NDK, see http://www.developer.novell.com/ndk/jssl.htm.

Programming the SSL Client Code

The objectives of this module are to look at some sample Java client code, identify the socket creation and manipulation APIs, and replace those APIs with appropriate SSL APIs to make the Java client SSL compatible.

Since a prerequisite for this tip is an understanding of the Java programming language and familiarity with Java sockets programming, a detailed explanation of Java sockets programming will not be given. Additional information about Java sockets programming, including the APIs can be found at Sun's Web site at http://java.sun.com.

Perform the following to convert the SSL client application from using regular Java socket APIs to use SSL APIs:

  1. Open the client application, client.java, using Notepad on your Windows NT workstation, or your favorite ASCII compatible editor. Client.java is in the SSL_Client subdirectory:

    SSL_Course\SSL_Client\Client.java
  2. Locate the line of code used to create the new socket. This socket creation code will have the form of.

    Socket = new Socket(host, port)
  3. Note the location of the code. The Java SSL NDK documentation will be needed for this step. The documentation needs to be unpacked before it can be used. If the documentation has not yet been unpacked, see "Unpacking the Java SSL NDK Documentation" to learn how to unpack the documentation.

  4. Navigate to the c:\Novell\Java\Ssl\jdk1.1\JDK_1.1_Version\doc directory.

  5. Double-click on the index.html file to bring up the Novell Java Class Libraries for Secure Socket Layer (SSL) documentation.

  6. Click on View the API documentation. This will bring up the SSL API documentation.

  7. Review the SecureSocketFactory section of the API documentation, paying particular attention to the SecureSocketFactory getDefault() method and SecureSocketFactory createSocket() method. Additionally, if needed, review "Converting a Sockets-based Client to an SSL-based Client."

  8. Comment-out the Java socket creation code. Add new code to create an SSL socket using the Novell (default) SSL provider (key-pair). If you need help, see "Solution--Client SSL Application."

  9. At the very beginning of Client.java, locate the Imports section. Add the Novell SSL API header to the beginning of this section. Review the SecureSocketFactory section of the API documentation, paying particular attention to Import information. For the solution, see "Solution--Client SSL Application".

  10. With these two changes made, the Client SSL application is ready to be compiled and tested.

    Note: The following is taken from the DeveloperNet University course, SSL Security Course. This course details how to utilize SSL to secure your Web applications. To see the whole course, check out http://developer.novell.com/education/tutorials/ssl/index.htm

* Originally published in Novell AppNotes


Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.

© Micro Focus