SslContextTest.java - javax.net.ssl.SSLContext Class Test

This section provides a tutorial example on how to write a simple program to test the java.net.ssl.SSLContext class.

SSL sockets created with the default SSL socket factories will not have any certificates associated to authenticate them. In order to associate certificates with SSL sockets, we need to use the SSLContext class to create SSL socket factories. Here is a sample program, SslContextTest.java:

/* SslContextTest.java
 * Copyright (c) HerongYang.com. All Rights Reserved.
 */
import java.io.*;
import java.net.*;
import java.security.*;
import javax.net.*;
import javax.net.ssl.*;
public class SslContextTest {
   public static void main(String[] args) {
      PrintStream out = System.out;
      out.println("\nTesting socket factory with SSLContext:");
      try {
         // SSLContext protocols: TLS, SSL, SSLv3
         SSLContext sc = SSLContext.getInstance("SSLv3");
         System.out.println("\nSSLContext class: "+sc.getClass());
         System.out.println("   Protocol: "+sc.getProtocol());
         System.out.println("   Provider: "+sc.getProvider());

         // SSLContext algorithms: SunX509
         KeyManagerFactory kmf
            = KeyManagerFactory.getInstance("SunX509");
         System.out.println("\nKeyManagerFactory class: "
            +kmf.getClass());
         System.out.println("   Algorithm: "+kmf.getAlgorithm());
         System.out.println("   Provider: "+kmf.getProvider());

         // KeyStore file
         String ksName = "herong.jks";
         char ksPass[] = "HerongJKS".toCharArray();
         char ctPass[] = "My1stKey".toCharArray();
         // KeyStore ks = KeyStore.getInstance("JKS");
         KeyStore ks = KeyStore.getInstance("PKCS12");
         ks.load(new FileInputStream(ksName), ksPass);
         System.out.println("\nKeyStore class: "+ks.getClass());
         System.out.println("   Type: "+ks.getType());
         System.out.println("   Provider: "+ks.getProvider());
         System.out.println("   Size: "+ks.size());

         // Generating KeyManager list
         kmf.init(ks,ctPass);
         KeyManager[] kmList = kmf.getKeyManagers();
         System.out.println("\nKeyManager class: "
            +kmList[0].getClass());
         System.out.println("   # of key manager: " +kmList.length);

         // Generating SSLServerSocketFactory
         sc.init(kmList, null, null);
         SSLServerSocketFactory ssf = sc.getServerSocketFactory();
         System.out.println("\nSSLServerSocketFactory class: "
            +ssf.getClass());

         // Generating SSLServerSocket
         SSLServerSocket ss
            = (SSLServerSocket) ssf.createServerSocket();
         System.out.println("\nSSLServerSocket class: "
            +ss.getClass());
         System.out.println("   String: "+ss.toString());

         // Generating SSLSocketFactory
         sc.init(kmList, null, null);
         SSLSocketFactory sf = sc.getSocketFactory();
         System.out.println("\nSSLSocketFactory class: "
            +sf.getClass());

         // Generating SSLSocket
         SSLSocket s
            = (SSLSocket) sf.createSocket();
         System.out.println("\nSSLSocket class: "+s.getClass());
         System.out.println("   String: "+s.toString());
      } catch (Exception e) {
         e.printStackTrace();
      }
   }
}

Note that JDK switched default keystore file type to "PKCS12" from "JKS" in JDK 9. As of JDK 12 both file types are supported. Basically, you can use KeyStore.getInstance("PKCS12") or KeyStore.getInstance("JKS") to read both keystore file types.

Of course, to run this program, you need to have the Java key store file, herong.jks, ready. It contains a self-signed pair of private and public keys. You should have herong.jks file from previous tutorials.

But if you generate a new one, you can follow this command.

herong> keytool -genkeypair -alias my_home
   -keystore herong.jks -storepass HerongJKS

Enter keystore password:  HerongJKS
What is your first and last name?
  [Unknown]:  Herong Yang
What is the name of your organizational unit?
  [Unknown]:  My Unit
What is the name of your organization?
  [Unknown]:  My Home
What is the name of your City or Locality?
  [Unknown]:  My City
What is the name of your State or Province?
  [Unknown]:  My State
What is the two-letter country code for this unit?
  [Unknown]:  US
Is <CN=Herong Yang, OU=My Unit, O=My Home, L=My City, ST=My State,
   C=US> correct?
  [no]:  yes
Enter key password for <my_home>
        (RETURN if same as keystore password):  My1stKey

If you run this program, you will get:

herong> java SslContextTest.java

Testing socket factory with SSLContext:

SSLContext class: class javax.net.ssl.SSLContext
   Protocol: SSLv3
   Provider: SunJSSE version 10

KeyManagerFactory class: class javax.net.ssl.KeyManagerFactory
   Algorithm: SunX509
   Provider: SunJSSE version 10

KeyStore class: class java.security.KeyStore
   Type: PKCS12
   Provider: SUN version 10
   Size: 1

KeyManager class: class sun.security.ssl.SunX509KeyManagerImpl
   # of key manager: 1

SSLServerSocketFactory class: class
   sun.security.ssl.SSLServerSocketFactoryImpl

SSLServerSocket class: class sun.security.ssl.SSLServerSocketImpl
   String: [SSL: ServerSocket[unbound]]

SSLSocketFactory class: class sun.security.ssl.SSLSocketFactoryImpl

SSLSocket class: class sun.security.ssl.SSLSocketImpl
   String: 365185bd[SSL_NULL_WITH_NULL_NULL: Socket[unconnected]]

If I ran it on JDK 1.8, I got:

herong> \Progra~1\java\jdk1.8.0_45\bin\java SslContextTest

Testing socket factory with SSLContext:

SSLContext class: class javax.net.ssl.SSLContext
   Protocol: SSLv3
   Provider: SunJSSE version 1.8

KeyManagerFactory class: class javax.net.ssl.KeyManagerFactory
   Algorithm: SunX509
   Provider: SunJSSE version 1.8

KeyStore class: class java.security.KeyStore
   Type: JKS
   Provider: SUN version 1.8
   Size: 3

KeyManager class: class sun.security.ssl.SunX509KeyManagerImpl
   # of key manager: 1

SSLServerSocketFactory class: class
   sun.security.ssl.SSLServerSocketFactoryImpl

SSLServerSocket class: class sun.security.ssl.SSLServerSocketImpl
   String: [SSL: ServerSocket[unbound]]

SSLSocketFactory class: class sun.security.ssl.SSLSocketFactoryImpl

SSLSocket class: class sun.security.ssl.SSLSocketImpl
   String: 1ed40e0[SSL_NULL_WITH_NULL_NULL: Socket[unconnected]]

Table of Contents

 About This JDK Tutorial Book

 JDK (Java Development Kit)

 Java Date-Time API

 Date, Time and Calendar Classes

 Date and Time Object and String Conversion

 Number Object and Numeric String Conversion

 Locales, Localization Methods and Resource Bundles

 Calling and Importing Classes Defined in Unnamed Packages

 HashSet, Vector, HashMap and Collection Classes

 Character Set Encoding Classes and Methods

 Character Set Encoding Maps

 Encoding Conversion Programs for Encoded Text Files

 Java Logging

 Socket Network Communication

 Datagram Network Communication

 DOM (Document Object Model) - API for XML Files

 SAX (Simple API for XML)

 DTD (Document Type Definition) - XML Validation

 XSD (XML Schema Definition) - XML Validation

 XSL (Extensible Stylesheet Language)

 Message Digest Algorithm Implementations in JDK

 Private key and Public Key Pair Generation

 PKCS#8/X.509 Private/Public Encoding Standards

 Digital Signature Algorithm and Sample Program

 "keytool" Commands and "keystore" Files

 KeyStore and Certificate Classes

 Secret Key Generation and Management

 Cipher - Encryption and Decryption

The SSL (Secure Socket Layer) Protocol

 What Is SSL (Secure Socket Layer)?

 SSL Specification Overview

 JSSE - Java Implementation of SSL and TLS

 SslSocketTest.java - Default SSL Socket Factory Test

SslContextTest.java - javax.net.ssl.SSLContext Class Test

 Initializing SSLContext with PKCS12 File

 SSL Socket Communication Testing Programs

 SSL Client Authentication

 HTTPS (Hypertext Transfer Protocol Secure)

 Outdated Tutorials

 References

 Full Version in PDF/EPUB