P E N C I L
Login
Java SSL
  1. Concepts
    1. KeyStore : chua nhieu key. 
      There is password for key store and password for each key
    2. Keytool: is the tool to manage certificate
  2. Key tool
    1. List: keytool -keystore $JAVA_HOME/jre/lib/security/cacerts -list 
  3. keytool -genkey -keyalg RSA -alias selfsigned -keystore testkey.jks -storepass password -validity 360 -keysize 2048 -ext san=ip:10.0.0.1
    1. -genkey = -genkeypair: generate key pair
    2. -keyalg RSA: if we don't have it there is no cipher suite exception
    3. Keystore: container of all keys.
  4. SSLContext
    http://www.herongyang.com/JDK/HTTPS-Server-Test-Program-HttpsHello.html
    1. Init:
      SSLContext
      sslContext = SSLContext.getInstance("TLS");
      KeyStore ks = KeyStore.getInstance("JKS");
       FileInputStream fis = new FileInputStream("testkey.jks");
       ks.load(fis, password);
      KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
       kmf.init(ks, password);
      TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
       tmf.init(ks); // setup the HTTPS context and parameters
      sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
    2. Create socket:
      SSLServerSocketFactory ssf = sslContext.getServerSocketFactory();
      SSLServerSocket s = (SSLServerSocket) ssf.createServerSocket(8888);
      SSLSocket
      c = (SSLSocket) s.accept();
    3. HttpsUrlConnection:
      HttpsURLConnection.setDefaultSSLSocketFactory()
    4. Generate key store:
      openssl s_client -showcerts -connect myserver:port
      Copy 
      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE----
      To .cer 
      keytool -import -alias mavensrv -file nexus.cer -keystore nexus.jks