Java Reference
In-Depth Information
A MyHandshakeListener object is registered to receive notification of
when the handshake completes.
■■
The client specifically starts a handshake with the server, which is suc-
cessful because the listener is notified. The listener displays the cipher
suite that was used to establish this secure connection.
■■
Communicating over a Secure Socket
The JSSE is used to establish a secure socket connection between two comput-
ers, as demonstrated by the SSLServerDemo and SSLClientDemo programs
discussed in this chapter. After you have made a secure connection, communi-
cation can occur similar to that with nonsecure sockets. (A nonsecure socket is
one created with the java.net.SocketServer and java.net.Socket classes.)
For example, suppose that you need an application to process credit card
orders from customers. You want a secure connection so that the data passed
between computers cannot be intercepted by malicious applications. I want to
show you a simple but useful example of how this can be accomplished by
tying together secure sockets and serialization (as discussed in Chapter 16,
“Input and Output”).
Suppose that the order is represented by a serializable class named Cus-
tomerOrder that contains fields for a customer's name, credit card number, and
amount of order. (See the Web site for a listing of the CustomerOrder class.)
The following code from the OrderHandler class (available on the Web site)
runs in a thread that waits for a secure client to connect, reads in a single Cus-
tomerOrder object, processes the order, and then closes the socket connection
and waits for a new order to be sent:
System.out.println(“Waiting for order...”);
SSLSocket socket =
(SSLSocket) serverSocket.accept();
socket.startHandshake();
ObjectInputStream in = new ObjectInputStream(socket.getInputStream());
CustomerOrder order = (CustomerOrder) in.readObject();
System.out.println(“** Processing order **”);
System.out.println(“Amount: “ + order.amountOfOrder);
System.out.println(“Card info: “ +
order.creditCardNumber + “ “ +
order.expMonth + “/” + order.expYear);
socket.close();
