|
| 1 | +import org.java_websocket.WebSocketImpl; |
| 2 | +import org.java_websocket.server.CustomSSLWebSocketServerFactory; |
| 3 | + |
| 4 | +import javax.net.ssl.KeyManagerFactory; |
| 5 | +import javax.net.ssl.SSLContext; |
| 6 | +import javax.net.ssl.SSLEngine; |
| 7 | +import javax.net.ssl.TrustManagerFactory; |
| 8 | +import java.io.File; |
| 9 | +import java.io.FileInputStream; |
| 10 | +import java.security.KeyStore; |
| 11 | +import java.util.ArrayList; |
| 12 | +import java.util.Arrays; |
| 13 | +import java.util.List; |
| 14 | + |
| 15 | +/** |
| 16 | + * Example for using the CustomSSLWebSocketServerFactory to allow just specific cipher suites |
| 17 | + */ |
| 18 | +public class SSLServerCustomWebsocketFactoryExample { |
| 19 | + |
| 20 | + /* |
| 21 | + * Keystore with certificate created like so (in JKS format): |
| 22 | + * |
| 23 | + *keytool -genkey -validity 3650 -keystore "keystore.jks" -storepass "storepassword" -keypass "keypassword" -alias "default" -dname "CN=127.0.0.1, OU=MyOrgUnit, O=MyOrg, L=MyCity, S=MyRegion, C=MyCountry" |
| 24 | + */ |
| 25 | + public static void main(String[] args) throws Exception { |
| 26 | + WebSocketImpl.DEBUG = true; |
| 27 | + |
| 28 | + ChatServer chatserver = new ChatServer(8887); // Firefox does allow multible ssl connection only via port 443 //tested on FF16 |
| 29 | + |
| 30 | + // load up the key store |
| 31 | + String STORETYPE = "JKS"; |
| 32 | + String KEYSTORE = "keystore.jks"; |
| 33 | + String STOREPASSWORD = "storepassword"; |
| 34 | + String KEYPASSWORD = "keypassword"; |
| 35 | + |
| 36 | + KeyStore ks = KeyStore.getInstance(STORETYPE); |
| 37 | + File kf = new File(KEYSTORE); |
| 38 | + ks.load(new FileInputStream(kf), STOREPASSWORD.toCharArray()); |
| 39 | + |
| 40 | + KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); |
| 41 | + kmf.init(ks, KEYPASSWORD.toCharArray()); |
| 42 | + TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); |
| 43 | + tmf.init(ks); |
| 44 | + |
| 45 | + SSLContext sslContext = SSLContext.getInstance("TLS"); |
| 46 | + sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
| 47 | + |
| 48 | + //Lets remove some ciphers and protocols |
| 49 | + SSLEngine engine = sslContext.createSSLEngine(); |
| 50 | + List<String> ciphers = new ArrayList<String>( Arrays.asList(engine.getEnabledCipherSuites())); |
| 51 | + ciphers.remove("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); |
| 52 | + List<String> protocols = new ArrayList<String>( Arrays.asList(engine.getEnabledProtocols())); |
| 53 | + protocols.remove("SSLv3"); |
| 54 | + CustomSSLWebSocketServerFactory factory = new CustomSSLWebSocketServerFactory(sslContext, protocols.toArray(new String[]{}), ciphers.toArray(new String[]{})); |
| 55 | + |
| 56 | + // Different example just using specific ciphers and protocols |
| 57 | + /* |
| 58 | + String[] enabledProtocols = {"TLSv1.2"}; |
| 59 | + String[] enabledCipherSuites = {"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"}; |
| 60 | + CustomSSLWebSocketServerFactory factory = new CustomSSLWebSocketServerFactory(sslContext, enabledProtocols,enabledCipherSuites); |
| 61 | + */ |
| 62 | + chatserver.setWebSocketFactory(factory); |
| 63 | + |
| 64 | + chatserver.start(); |
| 65 | + |
| 66 | + } |
| 67 | +} |
0 commit comments