13 Replies Latest reply on Feb 2, 2009 4:47 PM by 843851

    Security comunication on MHP


      I am new in ITV software development and I would to discuss about Data Securitty in ITV applications.
      First questions:

      What is the easiest way to do a secur communication between an Xltet and a a sever?
      Does MHP supports ssl or https?


        • 1. Re: Security comunication on MHP
          Hi There,

          The general purpose security, for example for the return channel, is provided by the Transport Layer Security protocol (TLS). At a minimum it will provide RSA, SHA-1, and DES.

          I have seen the package - org.dvb.net.ssl - in the MHP but I have not used it so can't give much information here. But this package enables applications to provide keys and certificates for SSL/TLS connections.

          MHP and OCAP/tru2way supports HTTP. But your applicaion needs permissions to use any of the transport communication APIs.

          • 2. Re: Security comunication on MHP
            Thanks for answer,

            Do you know if there is any way to use https?
            • 3. Re: Security comunication on MHP
              Unfortunately I do not know (or have not researched) https so far.
              Where as I have some knowledge on http (with out s - security) using java.net.URL and java.net.HttpURLConnection, etc.,

              Thank you.
              • 4. Re: Security comunication on MHP
                If you want to use secure http connection in Java environment,
                you can refer and try JSSE (Java Secure Socket Extension).

                I once have tried the reference implementation from Sun, and it worked but was little bit disappointing in performance.
                However it was a few years ago when I used it. I hope there is much improvement in RI, and even there are
                lot of commercial solutions for JSSE.
                • 5. Re: Security comunication on MHP
                  I think you can use javax.net to create SSLSocketFactory. Maybe I'm wrong but that little piece of javax.net is implemented. I can't tell you for sure, I upgraded some apis from my STB, so maybe is not in yours. But, please, give it a try and tell us (or me ;) ) if you can or you get some classnotfound exception.
                  • 6. Re: Security comunication on MHP
                    I am trzing to use the JSSE. My STB doesent have the the full implementation of the JSSE, mainly the classes concerning about Hhttps connection like the HttpsUrlConnection. So, i am trying to import the jsse implementation to my project. But the problem is that in the lower layers of the https implementations there are some classes that exists in my STB and in the jsse. So when this classes are called, it always instanciates the classses in the STB, aand it doesnt work, cause a exception saying "Export restriction: SunJSSE only" is trown.

                    Are there any way to set the JVM to search first the classes in my project?
                    • 7. Re: Security comunication on MHP
                      I am not sure if this helps you. But FYI, what I did when I used Sun's reference implementation...

                      Register the JSSE provider (com.sun.net.ssl.internal.ssl.Provider)
                      -> Modify $JAVA_HOME/jre/lib/security/java.security so it contains something like:
                      • 8. Re: Security comunication on MHP
                        I have setted it doing this:

                        System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
                        java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

                        Its still giving the exeption:

                        java.lang.RuntimeException: Export restriction: SunJSSE only
                        • 9. Re: Security comunication on MHP
                          Any STB will work with JSSE, all of them are based on Java PersonalProfile (or CDC/CDLC) so forgot about using JSSE in the STB.

                          Just give a try to the javax.net.sslsocketfactory, in a standar STB it doesn't throw any ClassNotFound exception, it may work. I've tested it on an ADB STB and it creates correctly the object.

                          Edited by: Zuarko on Jan 29, 2009 1:48 PM
                          • 10. Re: Security comunication on MHP
                            Sorry Zuarto, but I didn got the point. You say that "Any STB will work with JSSE" but "so forgot about using JSSE in the STB"?
                            If JSSE work, I should use JSSE.
                            • 11. Re: Security comunication on MHP
                              Sorry, English is not my native language, so I fail sometimes ;)

                              The thing is "Any STB will not work with JSSE", as I said, they work with other profiles, not with JSSE, so JSSE doesn't work, you shouldn't use JSSE ;)


                              (I apologize, I should re-read my posts...)
                              • 12. Re: Security comunication on MHP
                                I could make it work. There is just one problem in the class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl, becouse it throws an exception due the lines below:
                                Class localClass = SSLSocketFactoryImpl.c = class$("com.sun.net.ssl.internal.ssl.SSLSocketImpl");
                                    if (paramSSLSocket.getClass() != localClass)
                                    throw new RuntimeException("Export restriction: SunJSSE only");
                                It happens because in the STB there is also a class SSLSocketImpl, but not with the same package. So the class instanciated is always the class in the STB.
                                • 13. Re: Security comunication on MHP
                                  You should stick to the given STB virtual machine instead of trying to move it to a greater implementation. You can finally make non-compatible and non-standard applications (Maybe they don't work on other STBs) Maybe it's a virtual machine limitation to its own implementation (I really don't know)

                                  What's the size of the final application? Have you tried the own STB classes?

                                  Anyway, re-reading one of your first posts in this thread you say that your STB doesn't have a full JSSE implementation. STBs don't implement JSSE, they work with a reduced version that is not JSSE, you STB should be well implemented with the STBs own implementation.