Discussions
Categories
- 385.5K All Categories
- 5.1K Data
- 2.5K Big Data Appliance
- 2.5K Data Science
- 453.4K Databases
- 223.2K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 47 Multilingual Engine
- 606 MySQL Community Space
- 486 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3.2K ORDS, SODA & JSON in the Database
- 585 SQLcl
- 4K SQL Developer Data Modeler
- 188K SQL & PL/SQL
- 21.5K SQL Developer
- 46 Data Integration
- 46 GoldenGate
- 298.4K Development
- 4 Application Development
- 20 Developer Projects
- 166 Programming Languages
- 295K Development Tools
- 150 DevOps
- 3.1K QA/Testing
- 646.7K Java
- 37 Java Learning Subscription
- 37.1K Database Connectivity
- 201 Java Community Process
- 108 Java 25
- 22.2K Java APIs
- 138.3K Java Development Tools
- 165.4K Java EE (Java Enterprise Edition)
- 22 Java Essentials
- 176 Java 8 Questions
- 86K Java Programming
- 82 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 208 Java User Groups
- 25 JavaScript - Nashorn
- Programs
- 667 LiveLabs
- 41 Workshops
- 10.3K Software
- 6.7K Berkeley DB Family
- 3.6K JHeadstart
- 6K Other Languages
- 2.3K Chinese
- 207 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 474 Portuguese
SSL security libraries in Java ME 8
Hello All,
I'm working on a SSL secured connection with Certificates and Keys. Is Java ME 8 supports libraries such as SSLSocketFactory, TrustManagerFactory and BouncyCastels libraries ?
Any reference to sample code is great help.
Thanks,
Ashok
Answers
-
Hello Ashok,
Java ME uses Generic Connection Framework API for all kind of secure connections: SSL/HTTPS/DTLS
You can use SecureConnection API for client secure socket connection TLSv1, TLSv1.1 and TLSv1.2: https://docs.oracle.com/javame/8.0/api/gcf/api/javax/microedition/io/SecureConnection.html
SecureServerConnection API should be used for server TLS connection: https://docs.oracle.com/javame/8.0/api/gcf/api/javax/microedition/io/SecureServerConnection.html
SecureDatagramConnection API is used for DTLS client connection: https://docs.oracle.com/javame/8.0/api/gcf/api/javax/microedition/io/SecureDatagramConnection.html
API contains simple example of the client connection.
Also, you can use ConnectionOptions to specify parameters of secure connections: server or client certificate in use, minimum protocol, cipher suites
Secure connection API uses certificates installed on the device. Please use mekeytool.exe to list/add/remove certificates with/without private key on the device: https://docs.oracle.com/javame/8.1/sdk-dev-guide/security.htm#BGBFFHJG
Also, there is an application level API to manage certificates: Oracle Java ME Embedded (see KeyStore API)
Regards
Alexey
-
@Alexey Bakhtin Thanks for the information.
I'm working on a Mqtt Paho client connecting to the broker using SSL.
String serverUrl = "ssl://myMosquittoServer.com:8883";
MqttClient client = new MqttClient(serverUrl, "consumerId" , null);
client.setCallback(new MyCallback());
MqttConnectOptions options = new MqttConnectOptions();
options.setConnectionTimeout(60);
options.setKeepAliveInterval(60);
options.setSocketFactory(SslUtil.getSocketFactory("caFilePath", "clientCrtFilePath", "clientKeyFilePath", "password"));
client.connect(options);
client.subscribe("topic", 0);
here is the source file SslUtil.java file https://gist.githubusercontent.com/sharonbn/4104301/raw/e16931e34fe937c59fc3209cc7305f565beabce3/SslUtil.java, there we need SSLSocketFactory, TrustManagerFactory and BouncyCastels.
Is there any other way to solve this problem if above is not supported by Java ME.
Thanks,
Ashok
-
Hello Ashok,
In JavaME 8 you need the following:
1) Import Mqtt server and client certificates into device. You can do from SDK cmdline or from application:
1.a) Use SDK to import certificates :
- connect device to SDK
- import CA:
- from PEM file format: <SDK>/bin/mekeytool.exe -import -keystore <CA keystore file>
- from JKS file format: <SDK>/bin/mekeytool.exe -import -keystore <CA keystore file> -alias <CA alias> -storepass <keystore password>
- import client certificate with private key:
- from PEM file format: <SDK>/bin/mekeytool.exe -import -keystore < ClientCRT keystore file> -keypass <password>
- from JKS file format: <SDK>/bin/mekeytool.exe -import -keystore <ClientCRT keystore file> -alias <ClientCRT alias> -storepass <keystore password> -keypass <ClientCrt key password>
1.b) import certificates from MIDlet
KeyStore ks = KeyStore.getInstance(KeyStore.STORAGE.CLIENT);
KeyStoreEntry ca = new KeyStoreEntry(ca_data, null); //ca_data - byte array containing PEM encoded CA certificate
KeyStoreEntry clientCrt = new KeyStoreEntry(client_crt_data, password); ////client_crt_data - byte array containing PEM encoded client certificate with encoded private key or PKCS#12 encodded certificate
ks.addEntry(ca);
ks.addEntry(clientCrt);
2) Establish connection to Mqtt server with client Authentication
String clientCrtSubjectDN = "....";
String MqttServerURL = "ssl://....";
//Client certificate should be indicated via ConnectionOption
//Server certificate will be verified during handshake on the base of CA certificates imported on the device (CA certificate is imported in 1)
SecureConnection sc = Connector.open(MqttServerURL, new ConnectionOption("Certificate",clientCrtSubjectDN));
sc.setSocketOption(SocketConnection.KEEP_ALIVE, <value>);
sc.setSocketOption(SocketConnection.TIMEOUT, <value>);
InputStream is = sc.openInputStream();
OutputStream os = sc.openOutputStream();
........
os.write(......);
.........
is.read(.......);
.......
is.close();
os.close();
sc.close();
Regards
Alexey