This site is currently read-only as we are migrating to Oracle Forums for an improved community experience. You will not be able to initiate activity until January 31st, when you will be able to use this site as normal.

    Forum Stats

  • 3,890,577 Users
  • 2,269,776 Discussions
  • 7,916,824 Comments

Discussions

SSL security libraries in Java ME 8

Ashok449
Ashok449 Member Posts: 21
edited Dec 30, 2015 4:20AM in Java ME Embedded

Hello All,

I'm working on a SSL secured connection with Certificates and Keys. Is Java ME 8 supports libraries such as SSLSocketFactory, TrustManagerFactory and BouncyCastels libraries ?

Any reference to sample code is great help.


Thanks,

Ashok

nel23FX

Answers

  • Alexey Bakhtin-Oracle
    Alexey Bakhtin-Oracle Member Posts: 10
    edited Dec 29, 2015 11:29AM

    Hello Ashok,

    Java ME uses Generic Connection Framework API for all kind of secure connections: SSL/HTTPS/DTLS

    You can use SecureConnection API for client secure socket connection TLSv1, TLSv1.1 and TLSv1.2: https://docs.oracle.com/javame/8.0/api/gcf/api/javax/microedition/io/SecureConnection.html

    SecureServerConnection API should be used for server TLS connection: https://docs.oracle.com/javame/8.0/api/gcf/api/javax/microedition/io/SecureServerConnection.html

    SecureDatagramConnection API is used for DTLS client connection: https://docs.oracle.com/javame/8.0/api/gcf/api/javax/microedition/io/SecureDatagramConnection.html

    API contains simple example of the client connection.

    Also, you can use ConnectionOptions to specify parameters of secure connections: server or client certificate in use, minimum protocol, cipher suites

    Secure connection API uses certificates installed on the device. Please use mekeytool.exe to list/add/remove certificates with/without private key on the device: https://docs.oracle.com/javame/8.1/sdk-dev-guide/security.htm#BGBFFHJG

    Also, there is an application level API to manage certificates: Oracle Java ME Embedded (see KeyStore API)

    Regards

    Alexey

  • Ashok449
    Ashok449 Member Posts: 21
    edited Dec 30, 2015 12:01AM

    @Alexey Bakhtin Thanks for the information.

    I'm working on a Mqtt Paho client connecting to the broker using SSL.

    String serverUrl = "ssl://myMosquittoServer.com:8883";

      MqttClient client = new MqttClient(serverUrl, "consumerId" , null);

      client.setCallback(new MyCallback());

      MqttConnectOptions options = new MqttConnectOptions();

      options.setConnectionTimeout(60);

      options.setKeepAliveInterval(60);

      options.setSocketFactory(SslUtil.getSocketFactory("caFilePath", "clientCrtFilePath", "clientKeyFilePath", "password"));

      client.connect(options);

      client.subscribe("topic", 0);

    here is the source file SslUtil.java file  https://gist.githubusercontent.com/sharonbn/4104301/raw/e16931e34fe937c59fc3209cc7305f565beabce3/SslUtil.java, there we need SSLSocketFactory, TrustManagerFactory and BouncyCastels.

    Is there any other way to solve this problem if above is not supported by Java ME.

    Thanks,

    Ashok

  • Alexey Bakhtin-Oracle
    Alexey Bakhtin-Oracle Member Posts: 10
    edited Dec 30, 2015 4:20AM

    Hello Ashok,

    In JavaME 8 you need the following:

    1) Import Mqtt server and client certificates into device. You can do from SDK cmdline or from application:

    1.a) Use SDK to import certificates :

    - connect device to SDK

    - import CA:

          - from PEM file format: <SDK>/bin/mekeytool.exe -import -keystore <CA keystore file>

          - from JKS file format: <SDK>/bin/mekeytool.exe -import -keystore <CA keystore file> -alias <CA alias> -storepass <keystore password>

    - import client certificate with private key:

          - from PEM file format: <SDK>/bin/mekeytool.exe -import -keystore < ClientCRT keystore file> -keypass <password>

          - from JKS file format: <SDK>/bin/mekeytool.exe -import -keystore <ClientCRT keystore file> -alias <ClientCRT alias> -storepass <keystore password> -keypass <ClientCrt key password>

    1.b) import certificates from MIDlet

    KeyStore ks = KeyStore.getInstance(KeyStore.STORAGE.CLIENT);

    KeyStoreEntry ca = new KeyStoreEntry(ca_data, null); //ca_data - byte array containing PEM encoded CA certificate

    KeyStoreEntry clientCrt = new KeyStoreEntry(client_crt_data, password); ////client_crt_data - byte array containing PEM encoded client certificate with encoded private key or PKCS#12 encodded certificate

    ks.addEntry(ca);

    ks.addEntry(clientCrt);


    2) Establish connection to Mqtt server with client Authentication

    String clientCrtSubjectDN = "....";

    String MqttServerURL = "ssl://....";

    //Client certificate should be indicated via ConnectionOption

    //Server certificate will be verified during handshake on the base of CA certificates imported on the device (CA certificate is imported in 1)  

    SecureConnection sc = Connector.open(MqttServerURL, new ConnectionOption("Certificate",clientCrtSubjectDN));

    sc.setSocketOption(SocketConnection.KEEP_ALIVE, <value>);

    sc.setSocketOption(SocketConnection.TIMEOUT, <value>);

    InputStream is = sc.openInputStream();

    OutputStream os = sc.openOutputStream();

    ........

      os.write(......);

    .........

      is.read(.......);

    .......

      is.close();

      os.close();

      sc.close();

    Regards

    Alexey

    nel23FX
This discussion has been closed.