Create a Simple Web Server in Java (2) - HTTPS Server

• Download source - 40.3 KB

Introduction

In my last tip, I introduce how to create a simple HTTP server and it is available here. The simple server is flexible enough to incorporate into your own projects.

This tip will expand the idea and create a simple HTTPS server.

Background

HTTPS (Secure Hypertext Transfer Protocol) is a secured protocol and generally used to ensure safe communication over the Internet. HTTPS uses digital certificate including a pair of private key and public key to verify the sender and receiver. The sender encrypts the information with public key and sends the data, then the receiver gets the information through decrypting the data with private key and vice versa.

Using the Code

Since Java 1.6, there's a built-in HTTP/HTTPS server included with the J2EE SDK. The library can be downloaded here.

Steps

• Prepare certificate
• Load certificate
• Start server
• Test

1. Prepare Certificate

In Java, we can use keytool (installed with JDK) to generate certificate. keytool is a Java digital certificate management tool. Basically, keytool stores two pieces of information: the private key and certificate into a single keystore file. keytool can be used to generate a local Server Certificate - the certificate is valid but it is not identified CA (Certificate Authority) because it is only self-signed. There are more details regarding how to use this tool to create certificate here.

For example:

Open command line (Terminal), enter:

keytool -genkey -alias alias -keypass mypassword -keystore mykey.keystore -storepass mypassword

• -genkey: required parameter
• -alias: specify an alias name
• -keypass: specify the password of private key
• -keystore: specify the key file name
• -storepass: specify the password of key

Follow the steps to enter some certification information as below, enter “y” at the end.

A file mykey.keystore will be created in the current folder. It is the certificate.

Actually, in real project, we apply certificate from CA issuer. Here is a list.

2. Load Certificate

Now, we can do programming to load the certificate:

// load certificate
String keystoreFilename = getPath() + "mycert.keystore";
char[] storepass = "mypassword".toCharArray();
char[] keypass = "mypassword".toCharArray();
String alias = "alias";
FileInputStream fIn = new FileInputStream(keystoreFilename);
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(fIn, storepass);
// display certificate
Certificate cert = keystore.getCertificate(alias);
System.out.println(cert);
// setup the key manager factory
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, keypass);
// setup the trust manager factory
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(keystore);

3. Start Server

We need to create a HttpsServer object and initialize it with https context binding to the certificate:

// create https server
server = HttpsServer.create(new InetSocketAddress(port), 0);
// create ssl context
SSLContext sslContext = SSLContext.getInstance(protocol);
// setup the HTTPS context and parameters
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
server.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
         public void configure(HttpsParameters params) {
                 try {
                          // initialise the SSL context
                          SSLContext c = SSLContext.getDefault();
                          SSLEngine engine = c.createSSLEngine();
                          params.setNeedClientAuth(false);
                          params.setCipherSuites(engine.getEnabledCipherSuites());
                          params.setProtocols(engine.getEnabledProtocols());
                          // get the default parameters
                          SSLParameters defaultSSLParameters = c.getDefaultSSLParameters();
                          params.setSSLParameters(defaultSSLParameters);
                 } catch (Exception ex) {
                          ex.printStackTrace();
                          System.out.println("Failed to create HTTPS server");
                 }
         }
});

4. Test

Open a browser (e.g. Internet Explorer), enter https://localhost:9000/ and click navigate, you will get an alert as follows:

Due to the reason that we manually created a self-signed certificate and not issued from CA, it is not recognized by browser. Therefore, we got a security alert. Click continue and we will see the server status.

You can test other request handlers, e.g. echoHeader, echoGet, echoPost (see the last article for handler details).

Test echoHeader handler:

Test echoGet handler:

History

• 24^th October, 2015: First version