I'm currently investigating for a client a solution where he wants to send and receive files using sftp in Domino.
I have looked on the net for API's covering this and found one recommended more than others; JSch.
One reason for choosing this API is for its use by others including Eclipse.
What I'd like to know is:
if there're any obsticales using this Library? If so, can you recommend any other?
are there any other caveats using sftp in Domino Java?
does Domino JVM support JavaTM Cryptography Extension (JCE)?
can we use Dominos self-signed certificates here, with Dominos CA?
/Mike
1) Sending. This should work, but you will probably have to deal with the JVM's Security Manager ("/jvm/lib/security/java.policy") of Domino to get a socket, ...
2) Receiving: You probably don't want to implement a SSH server inside domino. It's much easier and more secure to use the SSH server of the host and periodicaly scoop up the inbound files via an Agent.
Dominos Self Signed SSL certificates have nothing to do with SSH as implemented by JSch.
3) The Domino JVm will probably support theJavaTM Cryptography Extension (JCE). Watch out for the supported JRE versions of Domino.
4) Generally: Are you sure, you want to implement it that way? Probably way easier are either WebServices or a REST-API, both via SSL/TLS and optionally facilitating client certificates.
Related
I have an GUI which is designed in JAVA and act as an client, and can communicate remotely to an server which is written in C/C++. Communication between them is made through Sockets. However the messages sent are not encrypted and is vulnerable to man-in-the-middle attacks. I was wondering what the best solution will be to protect the communication and wanted to implement SSL. Is it possible to do so, and if yes, what toolkit I should look into.
Java contains an SSL implementation called JSSE. See the Javadoc for the javax.net.ssl package. There is also a tutorial, and several examples are provided with the JDK.
You might not even need to modify the server at all. You could just stick stunnel in front of it.
A warning: With TLS/SSL you face a whole bunch of additional error conditions that you might need report or log, especially concerning certificates (wrong, expired, unable to verify due to networking / DNS issues)
I have a system protected by SSL - and clients use a smartcard for accessing their certificate. I use java's pkcs11.
I have posted this question here (even with bounty):
pkcs11 sso (using prior windows login with smartcard)
The same smartcard is used for windows login - and I would like to save the client the touble of re-logging using the smartcard (PIN).
Many links I have read about this issue led me to the world of SSO: NTLM, Kerberose etc.
I feel SSO is a bit an overspec for what I wanted to acheive - And also by the looks of it - At least kerberose requires me to create a KDC server and other new components that will elongate my development time.
So - some introductory questions about SSO I couldn't find an answer to:
Will it actully solve the problem I presented? (The smartcards contain "classic" certificates signed by CA).
I would like a minimal solution (in terms of components) - which is the best implemnation for this? NTLM, Kerberose? I will probably have to use a jna wrapper like WAFFLE, right? By the way, I will use WINDOWS as OS.
Thank you for your help.
The only way is to set up a Windows Active Directory (a KDC impl) to use the full power of SSO with Kerberos. There is no other option. Don't use NTLM, it has a lot of drawbacks. Waffle has its drawbacks. Due its different nature, it does not integrate into JGSS and makes it unusable comprehensively in Java.
If you want to avoid licensing fees for Windows server, you may try Samba 4 which is an OSS alternative to the AD.
I am doing this for years in a corporate environment from Windows client to a Unix-based server.
I have a requirement to use client/server architecture and with Open SSL authentication.
Here, how server to know the connect client using their OPen SSL certificate?
Anyone knows the link, sample then please reply me.We have to develop it in Java.
OpenSSL is not Java, so your solution cannot be both - but I think I know what is intended.
Normally OpenSSL is used as part of Apache http as part of mod_ssl. This in turn uses a "connector" to send the requests to an application server, e.g. Apache Tomcat. You can configure this connector to also send the SSL certificates to tomcat if that is required, but normally the authentication/verification is handled within the deamon.
All this is pretty easy to Google, although you should factor in some time to fully understand the connectors. You've the keywords, now use them :)
As a requirement in a customer project is to support FTP over SSH I'm currently looking for 2 things:
1. A SecureFTP-Server for testing purpose
2. A Java library which supports FTP over SSH.
When searching for a solution the main problem is that ALL implementations are also transfering the files encrypted (and therefore implementing SSH FTP) - this is NOT what I'm looking for. As described here (http://de.wikipedia.org/wiki/Secure_File_Transfer_Protocol - german only) only the authentication and file listing should be encrypted - the file transfer itself is not encrypted.
Please don't try to convince me to use SSH FTP (or other secure protocolls like FTPS) - I need to use the more insecure version as the customer uses it...
EDIT: FTP over SSH exactly describs what I'm searching for.
If FTP over SSH is what you're after, one of the projects mentioned at the Wikipedia page on FTP over SSH is FONC, which is both a client and a server, written in Java, and licensed under GPLv2.
This looks like what you're looking for, check if the license is applicable to your project.
I have to work on an old 1.3 JVM and I'm asked to create a secure connection to another server. Unfortunately the HttpsURLConnection only appears sinc JVM 1.4.
Is there another way to create a secure connection? Is there a library that I could you to add this fonctionnality?
You need to install the Java Secure Socket Extension (JSSE), which used to be required because Sun wouldn't ship it with the JDK because of comedy export restrictions. I had a look on Sun's web site, but the JDK 1.3 instructions are preving elusive. Bear in mind that JDK 1.3 is now end-of-lifed by Sun, so they may not have any information any more.
http://hc.apache.org/httpclient-3.x/sslguide.html
Check out the BouncyCastle implementation. It works all the way down to Java 1.1 and J2ME.
If JSSE doesn't work out for you (from #skaffman's answer, it may be hard to find documentation), you may want to look into some sort of a proxy. You could set up a daemon running on the same local machine (or trusted network), which then forwards the requests over HTTPS to the final end point. You could write this proxy server using a more modern JVM. Your legacy system would then point to the proxy rather than the real service.
Of course, if, by chance, you also have control over the final end point, you could perhaps just put both servers on a VPN.
You might be able to use JSSE.
skaffman links to the SSL guide for jakarta commons HttpClient. HttpClient is a good library for dealing with http.