public static void mainString[] args throws Exception { ServerSocketFactory ssf = SSLServerSocketFactory.getDefault ; ServerSocket ss = ssf.createServerSocket9096; while true { new SSLSimpleServerss.accept.start ; } } private Socket sock; public SSLSimpleServerSocket s { sock = s; } public void run { try { BufferedReader br = new BufferedReader new InputStreamReader sock.getInputStream ; PrintWriter pw = new PrintWritersock.getOutputStream ; String data = br.readLine ; pw.printlnWhat is she?; pw.close ; sock.close ; } catch IOException ioe { Client disconnected; exit this thread } } } Other than the new way in which weve constructed the server socket, this is standard Java socket code: each connection is handled in a separate thread. The server expects to read one line of data and write a one−line reply. Note that we used the SSLServerSocketFactory class to provide the default factory; if we wanted to run this code with plain sockets, wed change the first line of the main method to use the ServerSocketFactory class instead. The socket returned from the SSLServerSocketFactory will be an instance of the SSLServerSocket class javax.net.ssl.SSLServerSocket , which extends the ServerSocket class. Some additional limited operations can be performed on the SSL server socket, but you generally treat it as you would any other server socket. To run this example, use the keystore we created earlier and run this command: piccolo java −Djavax.net.ssl.keyStore=HOME.keystore \ −Djavax.net.ssl.keyStorePassword= \ javasec.samples.ch14.SSLSimpleServer This server will run indefinitely, sending out a line of text to each client that connects to it. Although it is not a real HTTPS server, you can connect to it from most browsers using the URL https:localhost:9096 though the browser will tell you it doesnt recognize the certificate. You can also test it with the sample SSL clients we develop throughout the rest of this chapter.

14.2.2 SSL Sockets

SSL client sockets are obtained from the SSLSocketFactory class javax.net.ssl.SSLSocketFactory , which extends the SocketFactory class javax.net.SocketFactory . The SSLSocketFactory class overrides the getDefault method to provide a factory that produces SSL sockets: public static SocketFactory getDefault Obtain the default SSL socket factory for this implementation. That factory can be used to obtain SSL sockets. The default implementation is defined in the JREHOMElibsecurityjava.security file by the property ssl.SocketFactory.provider . If this is not set by default, it is not, a hardwired, internal implementation is used. Like its server analogue, the ssl.SocketFactory.provider property is ignored in the exportable version of JSSE. The default socket factory will handle both SSL 3.0 and TLS 1.0 protocols. Heres how we can write a simple client: package javasec.samples.ch14; import java.io.; import java.net.; import javax.net.; import javax.net.ssl.; public class SSLSimpleClient { public static void mainString[] args throws Exception { SocketFactory sf = SSLSocketFactory.getDefault ; Socket s = sf.createSocketargs[0], Integer.parseIntargs[1]; BufferedReader br = new BufferedReader new InputStreamReader s.getInputStream ; PrintWriter pw = new PrintWriters.getOutputStream ; System.out.printlnWho is Sylvia?; pw.printlnWho is Sylvia?; pw.flush ; System.out.printlnbr.readLine ; s.close ; } } Note again that we used the SSLSocketFactory class to obtain the socket factory; to use this client to connect to a non−SSL server, wed change the first line of the main method to use the SocketFactory class instead. The socket returned from the SSL socket factory will be an instance of the SSLSocket class javax.net.ssl.SSLSocket , which extends the Socket class. For the most part you can treat it like any other socket, but we will look at some advanced ways of handling the SSL socket a little later. To run this program, we must supply the host and port that we want to contact. More importantly, the server will present its certificate to us, and we must have the root certificate of the servers CA in our truststore.