B4J Tutorial [Server] SSL Connections

Status
Not open for further replies.
Starting from B4J v2.00 the server can listen to two ports, the standard insecure port (http) and a secure port (https).

The default port for http is 80 and for https is 443. These ports are used when the url doesn't explicitly specify a port number.

It is recommended to go over the Wikipedia article to learn more about HTTPS: http://en.wikipedia.org/wiki/HTTP_Secure

SSL connections require some configuration. First you need a keystore file that stores the public and private keys. You can either purchase a key from a certificate authority or create one yourself. In the later case the browser will show a warning as the certificate cannot be verified.

These instructions explain how to create a key: http://www.eclipse.org/jetty/docume...rating-key-pairs-and-certificates-JDK-keytool

The server configuration is done with SslConfiguration object. This code should be called before the server is stared.
B4X:
Private Sub ConfigureSSL (SslPort As Int)
   'example of SSL connector configuration
   Dim ssl As SslConfiguration
   ssl.Initialize
   ssl.SetKeyStorePath(File.DirApp, "test2.keystore") 'path to keystore file
   ssl.KeyStorePassword = "123456"
   ssl.KeyManagerPassword = "654321"
   srvr.SetSslConfiguration(ssl, SslPort)
   'add filter to redirect all traffic from http to https (optional)
   srvr.AddFilter("/*", "HttpsFilter", False)
End Sub
We need to create a SslConfiguration object and set the path and passwords of the keystore file.
Then we call Server.SetSslConfiguration with the configuration object and the https port we want to listen to.


We can use a Filter class to redirect all http traffic to https:
B4X:
'Return True to allow the request to proceed.
Public Sub Filter(req As ServletRequest, resp As ServletResponse) As Boolean
   If req.Secure Then
     Return True
   Else
     resp.SendRedirect(req.FullRequestURI.Replace("http:", "https:") _
       .Replace(Main.srvr.Port, Main.srvr.SslPort))
     Return False
   End If
End Sub
This code checks whether the request is a secure request. If not it redirects the request to the https port and sets the scheme to https.

Note that trying to connect with http to the https port or with https to the http port will result with an error.

Filters do not apply to web sockets. You can use WebSocket.Secure to make sure that a secure connection has been made (this will be the case if the current request is a https request, unless someone has tampered the JavaScript code).
 
Last edited:

Bladimir Carrillo

Member
Licensed User
Longtime User
Hi all,

My app was running ok, but I have updated the keystore.jks by renew certificate date expiration and I have an error. I can access ok when by http, but not by https.

url: pichincha.sismac.net/sts

Note. After error, I have tested with old keystore.jks file, by the error persists.

Thank you in advance for any help to solve it.

Error:
ndRun(ExecuteProduceConsume.java:213)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(Exec
uteProduceConsume.java:147)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPoo
l.java:654)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool
.java:572)
at java.lang.Thread.run(Unknown Source)
2017-01-30 13:02:40.286:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-35:
java.lang.NoSuchMethodError: sun.security.ssl.SupportedEllipticCurvesExtension.c
urveIds()[I
at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandsh
aker.java:1470)
at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.
java:1272)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.
java:1076)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:7
42)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.jav
a:225)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConn
ection.java:613)
at org.eclipse.jetty.server.NegotiatingServerConnection.fill(Negotiating
ServerConnection.java:153)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(Negot
iatingServerConnection.java:98)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abstra
ctConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:
192)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abstra
ctConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoin
t.java:75)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceA
ndRun(ExecuteProduceConsume.java:213)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(Exec
uteProduceConsume.java:147)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPoo
l.java:654)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool
.java:572)
at java.lang.Thread.run(Unknown Source)
2017-01-30 13:02:59.268:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-33: Unexpected
thread death: org.eclipse.jetty.util.thread.QueuedThreadPool$3@595550f0 in qtp1
681595665{STARTED,8<=17<=200,i=1,q=0}
2017-01-30 13:02:59.237:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-40: Unexpected
thread death: org.eclipse.jetty.util.thread.QueuedThreadPool$3@595550f0 in qtp1
681595665{STARTED,8<=17<=200,i=1,q=0}
2017-01-30 13:02:59.205:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-39: Unexpected
thread death: org.eclipse.jetty.util.thread.QueuedThreadPool$3@595550f0 in qtp1
681595665{STARTED,8<=17<=200,i=1,q=0}
2017-01-30 13:02:59.190:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-37: Unexpected
thread death: org.eclipse.jetty.util.thread.QueuedThreadPool$3@595550f0 in qtp1
681595665{STARTED,8<=17<=200,i=1,q=0}
2017-01-30 13:02:59.159:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-38: Unexpected
thread death: org.eclipse.jetty.util.thread.QueuedThreadPool$3@595550f0 in qtp1
681595665{STARTED,8<=17<=200,i=1,q=0}
2017-01-30 13:02:59.284:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-35: Unexpected
thread death: org.eclipse.jetty.util.thread.QueuedThreadPool$3@595550f0 in qtp1
681595665{STARTED,8<=17<=200,i=1,q=0}
2017-01-30 13:03:12.082:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-42:
java.lang.NoSuchMethodError: sun.security.ssl.SupportedEllipticCurvesExtension.c
urveIds()[I
at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandsh
aker.java:1470)
at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.
java:1272)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.
java:1076)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:7
42)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.jav
a:225)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConn
ection.java:613)
at org.eclipse.jetty.server.NegotiatingServerConnection.fill(Negotiating
ServerConnection.java:153)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(Negot
iatingServerConnection.java:98)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abstra
ctConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:
192)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abstra
ctConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoin
t.java:75)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceA
ndRun(ExecuteProduceConsume.java:213)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(Exec
uteProduceConsume.java:147)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPoo
l.java:654)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool
.java:572)
at java.lang.Thread.run(Unknown Source)
2017-01-30 13:03:12.114:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-42: Unexpected
thread death: org.eclipse.jetty.util.thread.QueuedThreadPool$3@595550f0 in qtp1
681595665{STARTED,8<=17<=200,i=6,q=0}
2017-01-30 13:03:12.114:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-45:
java.lang.NoSuchMethodError: sun.security.ssl.SupportedEllipticCurvesExtension.c
urveIds()[I
at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandsh
aker.java:1470)
at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.
java:1272)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.
java:1076)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:7
42)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.jav
a:225)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConn
ection.java:613)
at org.eclipse.jetty.server.NegotiatingServerConnection.fill(Negotiating
ServerConnection.java:153)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(Negot
iatingServerConnection.java:98)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abstra
ctConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:
192)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abstra
ctConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoin
t.java:75)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceA
ndRun(ExecuteProduceConsume.java:213)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(Exec
uteProduceConsume.java:147)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPoo
l.java:654)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool
.java:572)
at java.lang.Thread.run(Unknown Source)
2017-01-30 13:03:12.145:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-45: Unexpected
thread death: org.eclipse.jetty.util.thread.QueuedThreadPool$3@595550f0 in qtp1
681595665{STARTED,8<=17<=200,i=6,q=0}
2017-01-30 13:03:12.254:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-47:
java.lang.NoSuchMethodError: sun.security.ssl.SupportedEllipticCurvesExtension.c
urveIds()[I
at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandsh
aker.java:1470)
at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.
java:1272)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.
java:1076)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:7
42)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.jav
a:225)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConn
ection.java:613)
at org.eclipse.jetty.server.NegotiatingServerConnection.fill(Negotiating
ServerConnection.java:153)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(Negot
iatingServerConnection.java:98)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abstra
ctConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:
192)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abstra
ctConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoin
t.java:75)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceA
ndRun(ExecuteProduceConsume.java:213)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(Exec
uteProduceConsume.java:147)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPoo
l.java:654)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool
.java:572)
at java.lang.Thread.run(Unknown Source)
2017-01-30 13:03:12.286:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-47: Unexpected
thread death: org.eclipse.jetty.util.thread.QueuedThreadPool$3@595550f0 in qtp1
681595665{STARTED,8<=17<=200,i=6,q=0}
2017-01-30 13:03:12.348:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-49:
java.lang.NoSuchMethodError: sun.security.ssl.SupportedEllipticCurvesExtension.c
urveIds()[I
at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandsh
aker.java:1470)
at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.
java:1272)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.
java:1076)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:7
42)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.jav
a:225)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConn
ection.java:613)
at org.eclipse.jetty.server.NegotiatingServerConnection.fill(Negotiating
ServerConnection.java:153)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(Negot
iatingServerConnection.java:98)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abstra
ctConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:
192)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abstra
ctConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoin
t.java:75)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceA
ndRun(ExecuteProduceConsume.java:213)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(Exec
uteProduceConsume.java:147)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPoo
l.java:654)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool
.java:572)
at java.lang.Thread.run(Unknown Source)
2017-01-30 13:03:12.379:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-49: Unexpected
thread death: org.eclipse.jetty.util.thread.QueuedThreadPool$3@595550f0 in qtp1
681595665{STARTED,8<=17<=200,i=6,q=0}
2017-01-30 13:03:12.801:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-41:
java.lang.NoSuchMethodError: sun.security.ssl.SupportedEllipticCurvesExtension.c
urveIds()[I
at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandsh
aker.java:1470)
at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.
java:1272)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.
java:1076)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:7
42)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.jav
a:225)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConn
ection.java:613)
at org.eclipse.jetty.server.NegotiatingServerConnection.fill(Negotiating
ServerConnection.java:153)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(Negot
iatingServerConnection.java:98)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abstra
ctConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:
192)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abstra
ctConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoin
t.java:75)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceA
ndRun(ExecuteProduceConsume.java:213)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(Exec
uteProduceConsume.java:147)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPoo
l.java:654)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool
.java:572)
at java.lang.Thread.run(Unknown Source)
2017-01-30 13:03:12.832:WARN:eek:ejut.QueuedThreadPool:qtp1681595665-41: Unexpected
thread death: org.eclipse.jetty.util.thread.QueuedThreadPool$3@595550f0 in qtp1
681595665{STARTED,8<=17<=200,i=6,q=0}
 

Bladimir Carrillo

Member
Licensed User
Longtime User
I don't think that it is related to the SSL key. Http2 requires some configuration. Start with disabling this feature.
After several failed attempts, I've finally been able to solve the problem. First I tried to solve it by recompiling the application with different name, but it did not work. Then I decided to configure a new server with http and https access the same as the first, I ran the application and the problem disappeared. Users can now enter the application via https without problem.

Any ideas ?
 

jeffwu-00

Member
Licensed User
I used B4J Tutorial [Server] SSL Connections (https://www.b4x.com/android/forum/threads/server-ssl-connections.40130/) and established an https server. But my host credentials are generated using Keytool, not valid credentials. If I use httpjob.download (), I can connect to the https server normally. But if I use httpjob.PostString () I cannot connect to the https server. I found a solution for [B4X] Trust all SSL Socket in the forum (https://www.b4x.com/android/forum/threads/b4x-trust-all-ssl-socket.101952/#content). I do n’t know how B4J (1st post) and B4A (2nd post) mentioned in this solution should be used. Thank you.
 
Status
Not open for further replies.
Top