Welcome!

Java IoT Authors: Pat Romanski, Elizabeth White, Liz McMillan, Yeshim Deniz, Mehdi Daoudi

Related Topics: Java IoT

Java IoT: Article

Understanding JSSE

Message exchange between a Java client and server communicating over SSL

Programming Details

After the server certificate is imported into the keystore and is accessible by the client, the client is ready to communicate with the server. The complete client code can be found in Listing 1.

The following section will explain the significance of the different programming steps and what really happens under the layers.

Initiating the SSL connection is fairly straightforward and quite similar to conventional socket programming. In fact, there are only two APIs (line number 13 and 14 in the code listing) that are different in a SSL communication from a plain socket connection. So the remaining section will walk you through the sequence of activities involved while invoking these two APIs.

SSLFactory Implementation

The first step in socket programming is obtaining a reference to the SocketConnectionFactory as indicated below. (The text in green is what a developer writes and the text in blue represents the debug output obtained by running the client.)

SocketFactory sf = (SocketFactory)SocketFactory.getDefault();

This command returns a copy of the environment's default socket factory. All subsequent objects, such as Socket, are derived from the socket factory.

In a similar manner, the first programming step in initiating a secured socket connection is obtaining a reference to SSLSocketFactory.


SSLSocketFactory sslSF = (SSLSocketFactory)SSLSocketFactory.getDefault();

This returns the default SSL implementation, i.e., policies for different kinds of socket, and any customizations on how they are configured.

Let's walk through the debug output from running the client program:


java -Djavax.net.debug=ssl -Djavax.net.ssl.KeyStore=secureKeyStore
-Djavax.net.ssl.trusStore=secureKeyStore SecureSocketClient

It's important to note that all the steps explained below are transparent to the developer and don't require any additional programming effort. The following is the sequence of processes performed when the client programs creates an SSLSocketFactory.

When initializing the SSLDefaultSocketFactory, the underlying implementation provides the following services. The debug output is in italics.

The SSL implementation identifies the keystore location as specified by the system java property -Djavax.net.ssl.keystore when the client is invoked. The type of keystore. If no value was specified, then the default KeyType is "jks" is assumed.


keyStore is : D \\secureKeystore
keyStore type is : jks
init keystore

Similarly, the location and the type of trustStore (-Djavax.net.ssl.trustStore) are associated with the SSLContext.


trustStore is: D:\\Securekeystore
trustStore type is : jks
init truststore

Identify the KeyManager and TrustManagers. A TrustManager is used to authenticate the remote identity of a secure socket peer. A keyManager is used to authenticate a local socket peer to a remote secure socket peer. A default SSLContext is initialized with a KeyManger and TrustManager:

init keymanager of type SunX509 reads all the available certificates from the trust and loads it into memory.


adding as trusted cert: [
[
Version: V3
Subject: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown,
ST=MyState, C=US Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

SSL requires a cryptographically secure pseudo-random number generator (PRNG). With a pseudo-random number generator, given a short random input (the key), one can generate an output string as long one needs and is impossible to distinguish from a truly random string. In Java the SecureRandom class provides this capability. During this step, the SSL implementation instantiates a SecureRandom class is and seeds for it for use later.

Socket Creation Implementation

So far we have only discussed the steps involved on the client side before the socket connection to the server is initiated. The next step in client-to-server communication is to create the socket connection as indicated below:

SSLSocket sslSock = (SSLSocket) sslSocketFactory.createSocket(host,port);

After a successful invocation of the above call, the mutual handshake between the client and the server is considered complete. Both the client and the server are then ready to exchange the data over a secure channel.

The following section explains the sequence of message exchanges during the mutual SSL handshake. Again, it's important to remember that these message exchanges remain transparent to the developer.

Hello Messages

The Client and the Server Hello requests constitute hello messages.

Client Hello
The client sends the following client "hello" message to the server as indicated by the following debug output:


[java] *** ClientHello, TLSv1.

The purpose of the "Hello" message is to establish enhancement capabilities between the client and the server. In other words its purpose is to agree on algorithms, exchange random values, and check for session resumption, if there's already an established session.

More Stories By Sudhir Upadhyay

Sudhir Upadhyay is currently with Architecture and Shared services at JP Morgan Chase where he is an application architect. Prior to joining JPMorgan, he was a principal consultant with BEA Professional Services where he helped customers design and implement enterprise J2EE solutions. He is a BEA Certified WebLogic Developer and a Sun Certified Java Developer.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...