Showing posts with label SSL. Show all posts
Showing posts with label SSL. Show all posts

Monday, 11 September 2017

Which SSL/TLS versions are supported by different versions of OpenSSL ?


Openssl 1.0.0h and lower versions supports SSLv2, SSLv3 and TLSv1.0.
From Openssl 1.0.1 and higher versions support for TLSv1.1 and TLSv1.2 is added.
Posted by at No comments:
Labels:

Thursday, 28 April 2016

What are different types of keys in SSL ?


1. PRIVATE KEY
  • contains the identity information of the server, along with a key value
  • must be safe and password protected, as it is used in handshaking. 


2. PUBLIC KEY (Public certificates)
  • tightly associated to the private key
  • created from the private key using CSR (Certificate Signing Request)
    • After creating a private key, you create a CSR, which is sent to your Certificate Authority (CA)
    • The CA returns a signed certificate, which has information about the server identity and about CA.


3. ROOT CERTIFICATES
  • CA Certificate which is simply a Self-signed Certificate
  • represents an entity which issues certificate (Certificate Authority or CA)

Posted by at No comments:
Labels: ,

How to configure to use SSL certificate through Apache Axis ?


Axis Configuration for SSL

Set a Socket Secure Factory, at application startup

  AxisProperties.setProperty(
       "axis.socketSecureFactory",
       "com.genius.utils.CustomSSFactory");


Create Socket Secure Factory class

1. Import following APIs :
import java.security.KeyStore;
import java.security.cert.X509Certificate;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

import org.apache.axis.components.net.JSSESocketFactory;
import org.apache.axis.components.net.SecureSocketFactory;


2.   Create class by extending JSSESocketFactory and implementing SecureSocketFactory
public class CustomSSLFactory extends JSSESocketFactory
        implements SecureSocketFactory

3.  Override a parameterized constructor, to set attributes :
public CustomSSLFactory(Hashtable attributes) {
        super(attributes);
}

4.  Override method initFactory to set sslFactory :
protected void initFactory() throws IOException {
        try {
               SSLContext context = getContext();
               sslFactory = context.getSocketFactory();
        } catch (Exception e) {
               e.printStackTrace();
        }
}
  

5.  Override method getContext to return the SSL context :
protected SSLContext getContext() throws Exception {
   . . . . .
}
              
 

Details of getContext method

Use 2 constants for keystore location and password :
private static String MY_KEYSTORE_PASSWORD = "passwd";
private static String RESOURCE_PATH_TO_KEYSTORE = "/usr/bin/certificate.P12";


Check if password is in correct format :
char[] keystorepass = MY_KEYSTORE_PASSWORD.toCharArray();

if (StringUtils.isBlank(new String(keystorepass))) {
    throw new Exception("Could not read password for configured keystore!");
}


Load the keystore :
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(new FileInputStream(new File(RESOURCE_PATH_TO_KEYSTORE)),
                     MY_KEYSTORE_PASSWORD.toCharArray());


Check intialization of key manager factory :
KeyStore keyStore = ks;
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
                    KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, keystorepass);


Check initialization of Trust manager factory :
TrustManagerFactory tmf =  TrustManagerFactory.getInstance(
                             TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);


Initialize the X509 Trust manager :
X509TrustManager tm = new X509TrustManager() {
  public X509Certificate[] getAcceptedIssuers() {
               return null;
  }

  public void checkClientTrusted(X509Certificate[] certs, String authType) {
  }

  public void checkServerTrusted(X509Certificate[] certs, String authType) {
  }
};


Initialize Key Manager Factory and Key managers
KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
                               KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keyStore, keystorepass != null ? keystorepass : null);
KeyManager[] keymanagers = kmfactory.getKeyManagers();



Initialize SSL context with Key managers and Trust managers (X509)
sslContext.init(keymanagers, new TrustManager[]{tm}, null);


Return the SSL context

return sslContext;

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)