Databases
StackOverflow2013
Postsdbo
POConceptual overview of server-side SSL in Java
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POConceptual overview of server-side SSL in Java
    primarykey
    data
    text
    <p>My task is to secure a (previously HTTP) web service with HTTPS. From a now departed coworker I have inherited code that inserts an <code>SSLEngine</code> object between the TCP and HTTP layers in our existing server. As far as I know this code works correctly. I get the <code>SSLEngine</code> from <code>SSLContext.createSSLEngine()</code>, but how to produce an appropriate <code>SSLContext</code> confuses me.</p> <p><code>SSLEngine</code> itself has a beautiful conceptual introduction in its javadoc, but unfortunately is the part that I <em>don't</em> need to interface to myself. On the other hand <a href="http://docs.oracle.com/javase/1.5.0/docs/api/javax/net/ssl/SSLContext.html#init%28javax.net.ssl.KeyManager[],%20javax.net.ssl.TrustManager[],%20java.security.SecureRandom%29" rel="noreferrer">SSLContext.init()</a> is very sparsely documented and just say that I must pass "the sources of authentication keys" and "the sources of peer authentication trust decisions", and I have no idea what that is. The documentation for the types of these parameters (which would ordinarily my next try for understanding it) are generic to the point of not saying anything, and the class documentation for <code>SSLContext</code> is also uselessly brief.</p> <p>I am provided with a bunch of ascii-armored <code>.crt</code>, <code>.pem</code>, and <code>.key</code> files that together enable Apache to serve HTTPS at the domain the Java server is eventually going to handle directly. I suppose I need to load them into either the <code>SSLContext</code> or the <code>SSLEngine</code> somehow, but am not sure whether <code>SSLContext.init()</code> is even the right place to to that (though there doesn't seem to be many other places it could be).</p> <blockquote> <p>Which documentation should I <em>start</em> by reading to get a working understanding of how to do this?</p> </blockquote> <p>My Google attempts produce lots of semi-undocumented example code of unknown quality and security, as well as some advanced walk-throughs such as "how to write your own key provider", but no overall conceptual introduction to the <em>most basic</em> use of the JRE classes.</p> <p>Especially since this is security related, I have no use for copy-paste example code that I'll just whack on aimlessly until it seems to do more-or-less what I want. I need a high-level conceptual understanding of how the various pieces are actually supposed to fit together.</p> <p><em>(Bonus points if the documentation is detailed enough to let me figure out how to do SSL client authorization in practice too -- but that is not immediately urgent).</em></p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. USHenning Makholm
    plurals
    1. PL
      singulars
      1. LTLinked
    2. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POConceptual overview of server-side SSL in Java
      1. USLucas Arrefelt
      1. VTFavorite
    2. VO
      singulars
      1. POConceptual overview of server-side SSL in Java
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POConceptual overview of server-side SSL in Java
      1. This table or related slice is empty.
      1. VTUpMod
    1. COThe SSLContext documentation indicates that all of the specified parameters to init() can be null. Have you tried just passing it nulls and seeing how it behaves?
      singulars
      1. POConceptual overview of server-side SSL in Java
      1. USWug
    2. COIs your web service a JEE war?
      singulars
      1. POConceptual overview of server-side SSL in Java
      1. USartbristol
    3. COOk one thing by one. SSLContext is a wrapper of a SSLContextSPI, e.g. it contains common methods, to use the Service Provider. A KeyManager gives the context it's own private keys. A TrustManager provides the Context with Public Keys it can Trust (e.g. you can use it to do client authentication)
      singulars
      1. POConceptual overview of server-side SSL in Java
      1. USJohn Smith
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload