Server


1   /*
2    * Copyright (C) The MX4J Contributors.
3    * All rights reserved.
4    *
5    * This software is distributed under the terms of the MX4J License version 1.0.
6    * See the terms of the MX4J License in the documentation provided with this software.
7    */
8   
9   package mx4j.examples.remote.rmi.ssl;
10  
11  import java.io.IOException  ;
12  import java.io.InputStream  ;
13  import java.security.KeyStore  ;
14  import java.util.HashMap  ;
15  import java.util.Map  ;
16  import javax.management.MBeanServer  ;
17  import javax.management.MBeanServerFactory  ;
18  import javax.management.ObjectName  ;
19  import javax.management.remote.JMXConnectorServer  ;
20  import javax.management.remote.JMXConnectorServerFactory  ;
21  import javax.management.remote.JMXServiceURL  ;
22  import javax.management.remote.rmi.RMIConnectorServer  ;
23  import javax.net.ssl.KeyManagerFactory;
24  import javax.net.ssl.SSLContext;
25  
26  import mx4j.tools.remote.rmi.SSLRMIClientSocketFactory;
27  import mx4j.tools.remote.rmi.SSLRMIServerSocketFactory;
28  
29  /**
30   * This example shows how to setup a JSR 160 RMIConnectorServer over SSL. <br />
31   * An RMI server that has been setup to use SSL uses a private key to encrypt the
32   * communication with the client. The client must know the server's public key in order
33   * to be able to decrypt the communication; public keys are stored in X509 certificates.
34   * This X509 certificate is generated by the server and should be made available to
35   * clients (for example by distributing it). <br />
36   * The private and public key are normally stored in a server-side key store that can
37   * be created by using the JDK's keytool utility; here is a sample command that can
38   * be invoked to generate a keystore:
39   * <pre>
40   * keytool -genkey -v -keystore key.store -storepass storepwd -dname "CN=Anonymous Geek, OU=MX4J Development Team, O=The MX4J Project, L=New York City, S=NY, C=US"
41   * </pre>
42   * It creates a 'key.store' file that must be present in the classpath when running this example. <br />
43   * The next step is to export the X509 certificate for the clients, with the following command:
44   * <pre>
45   * keytool -export -v -storepass storepwd -keystore key.store -file myserver.cer
46   * </pre>
47   * It is also possible to generate a trust store containing the X509 certificate that
48   * can be used directly by the client with the following command:
49   * <pre>
50   * keytool -export -v -storepass storepwd -keystore key.store | keytool -import -v -storepass storepwd -keystore trust.store -noprompt
51   * </pre>
52   * Once you have exported the X509 certificate, follow the instructions on how to setup
53   * the client {@link Client here}.
54   *
55   * @version $Revision: 1.4 $
56   */
57  public class Server
58  {
59     public static void main(String  [] args) throws Exception  
60     {
61        MBeanServer   server = MBeanServerFactory.createMBeanServer();
62  
63        // Register and start the rmiregistry MBean
64        ObjectName   namingName = ObjectName.getInstance("naming:type=rmiregistry");
65        server.createMBean("mx4j.tools.naming.NamingService", namingName, null);
66        server.invoke(namingName, "start", null, null);
67        int namingPort = ((Integer  )server.getAttribute(namingName, "Port")).intValue();
68  
69        String   jndiPath = "/ssljmxconnector";
70        JMXServiceURL   url = new JMXServiceURL  ("service:jmx:rmi://localhost/jndi/rmi://localhost:" + namingPort + jndiPath);
71  
72        // Create the rmi socket factories for SSL
73        Map   environment = new HashMap  ();
74        SSLContext context = createSSLContext();
75        environment.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, new SSLRMIClientSocketFactory());
76        environment.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, new SSLRMIServerSocketFactory(context));
77  
78        // Create and start the RMIConnectorServer
79        JMXConnectorServer   connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(url, environment, null);
80        ObjectName   connectorServerName = ObjectName.getInstance("connectors:protocol=" + url.getProtocol());
81        server.registerMBean(connectorServer, connectorServerName);
82        connectorServer.start();
83  
84        System.out.println("Server up and running");
85     }
86  
87     /**
88      * Creates and returns an SSLContext by reading information from a keystore. <br>
89      * Change the hardcoded options to match your configuration and your environment.
90      */
91     private static SSLContext createSSLContext() throws Exception  
92     {
93        String   keystoreName = "key.store";
94        String   keystorePassword = "storepwd";
95  
96        KeyStore   keystore = KeyStore.getInstance("JKS");
97        InputStream   keystoreStream = Server.class.getClassLoader().getResourceAsStream(keystoreName);
98        // Must check for nullity, otherwise a new empty keystore is created by KeyStore.load
99        if (keystoreStream == null) throw new IOException  ("Cannot find KeyStore " + keystoreName + " in classpath");
100       keystore.load(keystoreStream, keystorePassword.toCharArray());
101 
102       KeyManagerFactory keyFactory = KeyManagerFactory.getInstance("SunX509");
103       keyFactory.init(keystore, keystorePassword.toCharArray());
104 
105       SSLContext context = SSLContext.getInstance("TLS");
106       context.init(keyFactory.getKeyManagers(), null, null);
107 
108       return context;
109    }
110 }
111
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags