[Info-vax] Device locked by non existing process.

Arne Vajhøj arne at vajhoej.dk
Sat May 12 20:02:13 EDT 2018 

On 5/6/2018 9:18 PM, Arne Vajhøj wrote:
> On 5/4/2018 12:06 PM, Stephen Hoffman wrote:
>>                                              TLS and DTLS above that 
>> gets gnarly, in terms of the complexity of the APIs and the sorts of 
>> examples available, and given the problematic implementation of TLS 
>> and certificates on OpenVMS.
> 
> [speaking only about TLS as I have never looked into DTLS]
> 
> I think it somewhat depends on the language.
> 
> Java is relative OK as javax.net.ssl.SSLSocket extends
> java.net.Socket, so you can just give whatever code that
> expects a Socket a SslSocket and it will work.
> 
> And if a good DI framework is used then setting it all up
> becomes configuration not code.

And to elaborate a bit.

If you have code like:

public void doSomething(Socket s) {
     ...
}
...
Socket s = new Socket("somehost", 12345);
doSomething(s);

then switching to SSL is just:

public void doSomething(Socket s) {
     ...
}
...
SSLContext sslctx = SSLContext.getInstance("TLSv12");
sslctx.init(null, new X509TrustManager[] { someTrustManager }, null);
SSLSocket s = (SSLSocket) 
sslctx.getSocketFactory().createSocket("somehost", 12345);
s.setEnabledProtocols(new String[] { "TLSv12" });
doSomething(s);

no changes in the doSomething code.

And when changing the code then the smarter version is:

public void doSomething(Socket s) {
     ...
}
...
ApplicationContext ctx = new FileSystemXmlApplicationContext("testdi.xml");
Socket s = (Socket)ctx.getBean("mysocket");
doSomething(s);

and then use testdi.xml to define whether to use plain
or SSL sockets.

<?xml version = "1.0" encoding = "UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.
xsd">
     <bean id="mysocket" class="dk.vajhoej.di.PlainSocketFactoryBean">
         <property name="host" value="somehost"/>
         <property name="port" value="12345"/>
     </bean>
</beans>

vs:

<?xml version = "1.0" encoding = "UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.
xsd">
     <bean id="mysocket" class="dk.vajhoej.di.SslSocketFactoryBean">
         <property name="host" value="somehost"/>
         <property name="port" value="12345"/>
         <property name="protocol" value="TLSv1.2"/>
         <property name="trustManager" ref="TrustAll"/>
     </bean>
     <bean id="TrustAll" class="dk.vajhoej.di.TrustAllTrustManager"/>
</beans>

And there is not much magic in the dk.vajhoej.di classes - they
are total trivial - see fragments below.

Arne

public class PlainSocketFactoryBean implements FactoryBean<Socket> {
	private String host;
	private int port;
	public String getHost() {
		return host;
	}
	public void setHost(String host) {
		this.host = host;
	}
	public int getPort() {
		return port;
	}
	public void setPort(int port) {
		this.port = port;
	}
	@Override
	public Socket getObject() throws Exception {
		return new Socket(host, port);
	}
	@Override
	public Class<?> getObjectType() {
		return Socket.class;
	}
	@Override
	public boolean isSingleton() {
		return false;
	}
}

public class SslSocketFactoryBean implements FactoryBean<Socket> {
	private String host;
	private int port;
	private String protocol;
	private X509TrustManager trustManager;
	public String getHost() {
		return host;
	}
	public void setHost(String host) {
		this.host = host;
	}
	public int getPort() {
		return port;
	}
	public void setPort(int port) {
		this.port = port;
	}
	public String getProtocol() {
		return protocol;
	}
	public void setProtocol(String protocol) {
		this.protocol = protocol;
	}
	public X509TrustManager getTrustManager() {
		return trustManager;
	}
	public void setTrustManager(X509TrustManager trustManager) {
		this.trustManager = trustManager;
	}
	@Override
	public Socket getObject() throws Exception {
		SSLContext sslctx = SSLContext.getInstance(protocol);
		sslctx.init(null, new X509TrustManager[] { trustManager }, null);
		SSLSocket s = (SSLSocket) sslctx.getSocketFactory().createSocket(host, 
port);
		s.setEnabledProtocols(new String[] { protocol });
		return s;
	}
	@Override
	public Class<?> getObjectType() {
		return Socket.class;
	}
	@Override
	public boolean isSingleton() {
		return false;
	}
}

public class TrustAllTrustManager implements X509TrustManager
{
     public void checkClientTrusted(X509Certificate[] chain, String 
authType) {
     }
     public void checkServerTrusted(X509Certificate[] chain, String 
authType) {
     }
     public X509Certificate[] getAcceptedIssuers() {
         return new X509Certificate[0];
     }
}

More information about the Info-vax mailing list