Is it possible to use java ServerSocket to accept HTTPs requests

Question

I have the following code, works fine for sending HTTP requests but how do I convert it so that it support HTTPs requests?

    public test() throws Exception {
        ServerSocket ss = new ServerSocket(32567);

        Socket client = null;
        while ((client = ss.accept()) != null) {                
           System.out.println("-- Sending --");
           BufferedWriter out = new BufferedWriter(new OutputStreamWriter(client.getOutputStream()));
           String s = "<?xml version=\"1.0\" ?><root><message>test</message><status>OK</status></root>";
           String output = "HTTP/1.1 200 OK\nContent-Type: text/xml; charset=UTF-8\nCache-Control: no-cache\nConnection: closed\nAccess-Control-Allow-Origin: *\n\n" + s;
           System.out.println("--- RESPONSE ---\n" +  output);
           out.write(output);
           out.flush();
           out.close();
           in.close();
           client.close();
        }
    }

Answer 1

I used this code and works well

  HttpsURLConnection.setDefaultHostnameVerifier(
        new HostnameVerifier() {
           public boolean verify(String hostname, SSLSession sslSession) {
              return true;
           }
        }
  );

  TrustManager[] trustAllCerts = new TrustManager[] {
        new X509TrustManager() {
           public X509Certificate[] getAcceptedIssuers() {
              return new X509Certificate[0];
           }

           public void checkClientTrusted(X509Certificate[] certs, String authType) {}

           public void checkServerTrusted(X509Certificate[] certs, String authType) {}
        }
  };


  SSLContext sc = SSLContext.getInstance("SSL");
  sc.init(null, trustAllCerts, new java.security.SecureRandom());
  HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
      char[] keyPassword =  "MY_PASSWORD".toCharArray();
      KeyStore keystore = KeyStore.getInstance("PKCS12");;
      keystore.load(this.getClass().getClassLoader().getResourceAsStream("MY_CERT.p12"), keyPassword);

      KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
      keyManagerFactory.init(keystore, keyPassword);      
      KeyManager keyManagers[] = keyManagerFactory.getKeyManagers();

      Enumeration aliases = keystore.aliases();
      String keyAlias = "";
      while (aliases.hasMoreElements()) {
          keyAlias = (String) aliases.nextElement();
          System.out.println("KEY FOUND: " + keyAlias);
      }

      SSLContext sc = SSLContext.getInstance("TLS"); 
      sc.init(keyManagers, null, null);

      SSLServerSocketFactory sslContextFactory = (SSLServerSocketFactory) sc.getServerSocketFactory();
      SSLServerSocket ssl = (SSLServerSocket) sslContextFactory.createServerSocket(32567);     
      ssl.setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"});
      ssl.setEnabledCipherSuites(sslContextFactory.getSupportedCipherSuites());

And the cert is stored in the jar files. The above reads the cert from the jar file instead of passing in from command line -Djavax.net.ssl.keyStore=MY_CERT.p12 -Djavax.net.ssl.keyStorePassword=MY_PASSWORD

Generate your cert by

openssl req -new -newkey rsa:4096 -nodes -out MY_CERT.csr
openssl rsa -in privkey.pem -out MY_CERT.key -passin pass:MY_PASSWORD
openssl x509 -in MY_CERT.csr -out MY_CERT.crt -req -signkey MY_CERT.key -days 3650
openssl pkcs12 -export -inkey MY_CERT.key -in MY_CERT.crt -name localhost -out MY_CERT.p12 -passout pass:MY_PASSWORD -caname root 

It is the MY_CERT.p12 only that is need in the jar files (in the root directory of the jar file)

Answer 2

You use javax.net.ssl.SSLServerSocket, but be warned that there is nothing simple about an HTTP server. You need a good knowledge of RFC 2616 and successors.

You also need to know that the line terminator in HTTP is \r\n, not \n.