Contains examples for ITISSL usage.

Package Specification

The examples section shows how to create and communicate with SSL sockets from the de.tu_darmstadt.sp package. The test certificate files are needed, so these examples work only in the ITISSL distribution tree. The commandline test programs use the sfindcerts utility (also provided with ITISSL) to set up the environment variables CA_FILE, CERT_FILE, and KEY_FILE.

SSL Socket communication example

sslclient is a commandline program which creates a client ssl socket and sends a message
using this socket. The connection information is displayed. The source code (SSLClient.java) is a good start to find out how to set up the environment for the iti.ssl usage.

sslserver is the counterpart of sslclient. It takes only one commandline argument and creates a server socket which accepts one connection. The connection information is displayed. Take a look at the source code (SSLServer.java) to find out how to work with SSLeayServerSockets.

To run the socket communication example, type the following commands:
A WINDOW
$ echo "..we're in <package_root>"
$ ITISSL_USER_DIR=certs/server bin/sslserver 4567

OTHER WINDOW
$ echo "..we're <package_root>"
$ ITISSL_USER_DIR=certs/client bin/sslclient myhost 4567 "Hello"

Alternatives to run a test program (here -- sslclient):

    CA_FILE=certs/client/ca.pem CERT_FILE=certs/client/cert.pem \
    KEY_FILE=certs/client/key.pem  sslclient <host> <port> <message>
    

or

    sslclient -Diti.ssl.ca_file=certs/client/ca.pem \
    -Diti.ssl.cert_file=certs/client/cert.pem \
    -Diti.ssl.key_file=certs/client/key.pem \
     bin/sslclient  <host> <port> <message>
    

RMI with SSL communication example


The RMI communication example is similar to the socket one. A RMIServer.java interface provides the interface for a very primitive service which receives and displays a message. The RMISeverImpl class implements the service (see RMISeverImpl.java). Its main method corresponds to the rmiserver program, which can be started on the commandline like this:

rmiserver server-name

For every remote call, the connection information (including identity of the clients) is displayed.

The rmiclient is the caller. It is implemented in the RMIClient.java program, and accepts two arguments (server-name and message). Its syntax is:

rmiclient server-name message

Like the server, it displays connection information (including the server's identity). Thus, the RMI test example will look like this:

FIRST WINDOW
$ echo "..we're in <package_root>"
$ echo "start the normal naming service"
$ CLASSPATH=classes rmiregistry &
$ echo "start the secure registry"
$ ITISSL_USER_DIR=certs/registry bin/srmiregistry

SECCOND WINDOW
$ echo "..we're in <package_root>"
$ echo "start the server"
$ ITISSL_USER_DIR=certs/client bin/rmiserver testserv

THIRD WINDOW

$ echo "..we're in <package_root> .."
$ echo "send a message to testserv"
$ ITISSL_USER_DIR=certs/client bin/rmiclient testserv "Hello"

Alternatives to run a test program (here -- rmiclient):

    CA_FILE=certs/client/ca.pem CERT_FILE=certs/client/cert.pem \
    KEY_FILE=certs/client/key.pem  rmiclient <servername>  <message>
    

or

    rmiclient -Diti.ssl.ca_file=certs/client/ca.pem \
    -Diti.ssl.cert_file=certs/client/cert.pem \
    -Diti.ssl.key_file=certs/client/key.pem \
     bin/rmiclient  <server-name>  <message>
    

ITISSL extensions

The de.tu_darmstadt.sp package is a very good example of how to extend the functionality of the ITISSL classes:

Related Documentation

For package documentation, refer to: Related man pages:

Note: The sfindcerts man page is important to understand the use of the ITISSL_USER_DIR environment variable and how the test programs work. The test programs use the sfindcerts utility to find the locations of their certificates.



Copyright (C) 1999 Andrei Popovici

Verbatim copying and distribution of this documentation is permitted in any medium, provided this notice is preserved.