Monday, January 08, 2007

Java SSL question

Ref: JAVA + SSL Tutorial
Subject: the usage of the EchoClient makes the trustStorePassword visible to all users of it.

One workaround could be to use JAAS (Java Authentication and Authorization Service) and manage it smartly by getting the OS user (user.name property) and handling the rest. But this is complex and is adding more dependency to the solution.

Another workaround could be to have a helper class like the one below

class EncryptedDataHandler
{
public static void encPswd()
{
Object encPswd = System.getProperty("com.anthos.security.trustStorePassword");
if(encPswd != null)
{
//get a better encryption logic than this!!
StringBuffer sb = new StringBuffer(encPswd.toString());
String pswd = sb.reverse().toString();
System.getProperty("javax.net.ssl.trustStorePassword", pswd);
}
}
}

and use it in EchoClient as below

public class EchoClient {
public
static
void
main(String[] arstring) {
try {
EncryptedDataHandler.encPswd();
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("localhost", 9999);

InputStream inputstream = System.in;
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);

OutputStream outputstream = sslsocket.getOutputStream();
OutputStreamWriter outputstreamwriter = new OutputStreamWriter(outputstream);
BufferedWriter bufferedwriter = new BufferedWriter(outputstreamwriter);

String string = null;
while ((string = bufferedreader.readLine()) != null) {
bufferedwriter.write(string + '\n');
bufferedwriter.flush();
}
} catch (Exception exception) {
exception.printStackTrace();
}
}
}

Now the command line for the EchoClient will be

java -Djavax.net.ssl.trustStore=.keystore -Dcom.anthos.security.trustStorePassword=erotsyek. EchoClient

Note the encryption used in this demo is possibly the stupid-most but I guess it conveys the idea.

No comments:

I am well fed with these !!