Introduction
In my last tip, I introduce how to create a simple HTTP server and it is available here. The simple server is flexible enough to incorporate into your own projects.
This tip will expand the idea and create a simple HTTPS server.
Background
HTTPS (Secure Hypertext Transfer Protocol) is a secured protocol and generally used to ensure safe communication over the Internet. HTTPS uses digital certificate including a pair of private key and public key to verify the sender and receiver. The sender encrypts the information with public key and sends the data, then the receiver gets the information through decrypting the data with private key and vice versa.
Using the Code
Since Java 1.6, there's a built-in HTTP/HTTPS server included with the J2EE SDK. The library can be downloaded here.
Steps
- Prepare certificate
- Load certificate
- Start server
- Test
1. Prepare Certificate
In Java, we can use keytool (installed with JDK) to generate certificate. keytool is a Java digital certificate management tool. Basically, keytool stores two pieces of information: the private key and certificate into a single keystore file. keytool can be used to generate a local Server Certificate - the certificate is valid but it is not identified CA (Certificate Authority) because it is only self-signed. There are more details regarding how to use this tool to create certificate here.
For example:
Open command line (Terminal), enter:
keytool -genkey -alias alias -keypass mypassword -keystore mykey.keystore -storepass mypassword
-genkey: required parameter-alias: specify an alias name-keypass: specify the password of private key-keystore: specify the key file name-storepass: specify the password of key
Follow the steps to enter some certification information as below, enter “y” at the end.
A file mykey.keystore will be created in the current folder. It is the certificate.
Actually, in real project, we apply certificate from CA issuer. Here is a list.
2. Load Certificate
Now, we can do programming to load the certificate:
String keystoreFilename = getPath() + "mycert.keystore";
char[] storepass = "mypassword".toCharArray();
char[] keypass = "mypassword".toCharArray();
String alias = "alias";
FileInputStream fIn = new FileInputStream(keystoreFilename);
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(fIn, storepass);
Certificate cert = keystore.getCertificate(alias);
System.out.println(cert);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, keypass);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(keystore);
3. Start Server
We need to create a HttpsServer object and initialize it with https context binding to the certificate:
server = HttpsServer.create(new InetSocketAddress(port), 0);
SSLContext sslContext = SSLContext.getInstance(protocol);
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
server.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
public void configure(HttpsParameters params) {
try {
SSLContext c = SSLContext.getDefault();
SSLEngine engine = c.createSSLEngine();
params.setNeedClientAuth(false);
params.setCipherSuites(engine.getEnabledCipherSuites());
params.setProtocols(engine.getEnabledProtocols());
SSLParameters defaultSSLParameters = c.getDefaultSSLParameters();
params.setSSLParameters(defaultSSLParameters);
} catch (Exception ex) {
ex.printStackTrace();
System.out.println("Failed to create HTTPS server");
}
}
});
4. Test
Open a browser (e.g. Internet Explorer), enter https://localhost:9000/ and click navigate, you will get an alert as follows:
Due to the reason that we manually created a self-signed certificate and not issued from CA, it is not recognized by browser. Therefore, we got a security alert. Click continue and we will see the server status.
You can test other request handlers, e.g. echoHeader, echoGet, echoPost (see the last article for handler details).
Test echoHeader handler:
Test echoGet handler:
History
- 24th October, 2015: First version
