I am a total SSL newbie. I have to connect to a 3rd party app via a SSL/TCP connection (not https). They vendor provided example code that works under C#. I need to emulate the same connection method, but in Java. The C# code looks something like this:
client = new TcpClient(hostName, int.Parse(clientPort));
sslStream = new SslStream(client.GetStream(), ...);
So, I am provided with only three input parameters - host name, port, and a "server name". It appears that the .net runtime function, AuthenticateAsClient, lets you authenticate the connection with just the service name (not sure if that is the correct designation). There is no certificate of any kind on the client machine that is connection to the SSL server. Although I have found many SSL/Java examples on the web, I don't know what the construct/function calls would be in a Java environment to emulate the behavior of this AuthenticateAsClient function. Any help ig greately appreciated.
OK, I looked at the tutorials, and am still missing some key bit of knowledge. Here is my example code:
SSLSocketFactory sslsocketfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket)sslsocketfactory.createSocket("usatl-w-100624", 11000);
InputStream inputstream = System.in;
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader in = new BufferedReader(inputstreamreader);
OutputStream outputstream = sslsocket.getOutputStream();
OutputStreamWriter ow = new OutputStreamWriter(outputstream);
On the call to startHandshake(), I get this error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Of couse, this is expected, as I do not have a certificate in the java keystore. If I look at the JSSE examples, here: http://docs.oracle.com/javase/1.4.2/docs/guide/security/jsse/samples/index.html
The SSLSocketClientWithClientAuth.java example looked relevant. However, it also is requesting a file path. My C# example does not access any file on the client. So, how do you do the equivalent in Java?
Of couse, this is expected, as I do not have a certificate in the java keystore.
No. That message means that your truststore doesn't trust the server's certificate.
They are using a self-signed certificate. They need to export it to you and you need to import it into your truststore.
You don't need to call startHandshake(), it is automatic on the first I/O.