https (ssl) connection

Daniel79

i need to connect to a https server..... is possible with netlinx code?

thank's
Daniel.

ericmedley

Yup, it is.

Daniel79

how? can you help me?

thank's

champ

That's a cruel answer Eric, not even a hint.

I don't know the answer so I would guess that you would have to find a java class with a https client and do it in Duet.
If not then you may need to write a gateway app on a PC to do it.
I'm no authority on ssl encryption but I'm pretty confident doing it in Netlinx code would slow the processor to a crawl and break your spirit in the attempt to code it.

ericmedley

champ wrote: »

That's a cruel answer Eric, not even a hint.

I don't know the answer so I would guess that you would have to find a java class with a https client and do it in Duet.
If not then you may need to write a gateway app on a PC to do it.
I'm no authority on ssl encryption but I'm pretty confident doing it in Netlinx code would slow the processor to a crawl and break your spirit in the attempt to code it.

Actually, it was not a cruel answer but a typo. (omission...). I meant to type it is not). Sorry about the tease. It was not intended. This is one of the big reasons I've wanted to completely switch over to Duet as I think (in theory) it should be possible to do it within that framework. But the other side of that is that it would indeed probably bring a lesser processor to its knees.

Daniel79

thank's i ask to amx support and is not possible....

GregG

I went through the effort and got it working with a duet using the "bouncy castle" open source java library for ssl, but the initial connection setup - opening the port and establishing ssl-tls took about 10 seconds.

If you could keep the port open after that you might be ok, but the device I needed to connect with did not honor keep-alive and dropped every connection right after it was serviced.

We finally ended up putting a little PHP script on a linux box and using it as a relay from http to https - this, of course, ruined the SSL security, but since it was just changing channels on a DirecTV streaming system, there was never any initial requirement for security.

true

GregG wrote: »

We finally ended up putting a little PHP script on a linux box and using it as a relay from http to https - this, of course, ruined the SSL security, but since it was just changing channels on a DirecTV streaming system, there was never any initial requirement for security.

VLAN and / or dual home. Of course, security requirements depend on the network...

GregG

The AMX gear was in one VLAN, the video streamer was in another (initially because of the overwhelming volume of udp packets it was spewing all the time), and the php script was on a machine with access to both.

Since everything was pro grade cisco, it probably was pretty secure. The only viable intercept attacks would have had to be MitMs between the linux box and the switch, or the amx box and the switch - both of which were in the same secured server room, plugged into a local switch.

JasonS

I looked at trying to use some software called Stunnel to do this, but I never go to the point of actually trying it.

RichardHamilton

JasonS wrote: »

I looked at trying to use some software called Stunnel to do this, but I never go to the point of actually trying it.

Looking into this issue (since we now have an installation of Cisco IPTV to deal with), almost a year later.

Sorry to say, but Stunnel does not appear to be a solution. It is Unix/Win32 based.

My solution at this time has been to create an app that will sit on a pc, that bridges the AMX(http) network thru to the Cisco(https) network. It takes calls in on http port 80 and translates them back out on the https:ip for the targetted Cisco set top box.

So far, it has performed what we want on bench tests. I'm about to apply it into the installation. Once I get around the network paranoia I'll provide an update once it's in and working.

mstocum

GregG wrote: »

I went through the effort and got it working with a duet using the "bouncy castle" open source java library for ssl, but the initial connection setup - opening the port and establishing ssl-tls took about 10 seconds.

That's similar to what I found when using the Apache Commons HttpClient library. Grabbing a URL over HTTPS took about 10 seconds, while HTTP was some fraction of a second. This was on an NI-4100. Maybe with the NX processors we'll finally have the CPU power to do HTTPS.

AMXJeff

AMX's version 4 firmware has SSL libraries included.

import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

I tested it, and it actually worked, then I tested with google.com and my master not so slowly lost memory and died.

		try
		{
	        int port = 443;
	        String hostname = "www.google.com";

	        SocketFactory socketFactory = SSLSocketFactory.getDefault();
	        Socket socket = socketFactory.createSocket(hostname, port);

	        // Create streams to securely send and receive data to the server
	        InputStream in = socket.getInputStream();
	        OutputStream out = socket.getOutputStream();

	        BufferedReader socketReader = new BufferedReader(new InputStreamReader(in));
	        PrintWriter socketWriter = new PrintWriter(out);

	        socketWriter.println("GET /");
	        socketWriter.flush();
	        String line=null;
	        StringBuffer html = new StringBuffer();
	        while((line=socketReader.readLine())!=null){
	        	html.append(line+"\n");
	        }
	        // Read from in and write to out...
	        System.out.println(html.toString());

	        // Close the socket
	        socketReader.close();
	        socketWriter.close();
	        in.close();
	        out.close();
	    }
		catch (Exception e)
		{
			System.out.println(e.getMessage());
		}

However on a good note, was talking with my buds at Infocomm and the new master seems rock solid with SSL.

Can't wait to get my hands on the new controller!

GregG

Yeah, we have 2 NX1200's on order here, one of them just for me to take home and do some real hack.... er... learning, yeah, learning.

Almost forgot the old "No hacking" rule there Jeff.

AMXJeff

GregG wrote: »

Yeah, we have 2 NX1200's on order here, one of them just for me to take home and do some real hack.... er... learning, yeah, learning.

Almost forgot the old "No hacking" rule there Jeff.

Yeah, I think I forgot that rule too...

rosevear

Error message using

I'm running Firmware V4.1.404 on an NI4100 but seems to get

Line 19 (02:39:00):: java.lang.NoClassDefFoundError: javax/net/ssl/SSLSocketFactory

when calling create socket using javax.net.ssl.SSLSocketFactory and javax.net.ssl.SSLSocket;

Is there something obvious I'm missing ?

Thanks for any insight you can provide

AMXJeff

rosevear wrote: »

I'm running Firmware V4.1.404 on an NI4100 but seems to get

Line 19 (02:39:00):: java.lang.NoClassDefFoundError: javax/net/ssl/SSLSocketFactory

when calling create socket using javax.net.ssl.SSLSocketFactory and javax.net.ssl.SSLSocket;

Is there something obvious I'm missing ?

Thanks for any insight you can provide

You may need to use DynamicImport to have your module access those libraries.

vincen

AMXJeff wrote: »

AMX's version 4 firmware has SSL libraries included.

import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

I tested it, and it actually worked, then I tested with google.com and my master not so slowly lost memory and died.

However on a good note, was talking with my buds at Infocomm and the new master seems rock solid with SSL.

Can't wait to get my hands on the new controller!

Did you get a chance to get it working on NX controlers ? and if so would you mind to share the code or duet module ?

Thanks