===== Web Sockets Client and Server ===== ==== Overview ==== MIStudio provides both a WebSocket Server and a WebSocket Client. Both the WebSocket Server and Client can run without security, or with a known CA (the default) or with self-signed certificates. ==== Example: Running Without Security ==== WebSockets can run without security using a socket URL which is of the format ws://hostname:port Start a new project in MIStudio and add a SwingTextField and an Annuniciator. {{:pasted:20220830-230837.png}} The SwingTextField will be used to send a String value to the Server, and the Annunciator will be used to show this value using the Client which has a connection to the Server. Copy these graphics to the MIStudio Diagram window. Add a WebSocketClient bean and a WebSocketServer bean to the diagram window. Connect the SwingTextField to the Input of the WebSocketSever. Connect the Output of the WebSocketClient to the Annunciator input. {{:pasted:20220830-230029.png}} The only configuration needed for the no-security test is to type the URL of the WebSocket Server into the WebSocket Client's Server URI. For this test the WebSocket Server is running on the same system as the client (localhost), and the server is using port 8887, so the URI is ws://localhost:8887. Note that the URI is ws://, and not wss://, for a no-security (insecure) connection. A secure connection uses wss:// and requires certificates. {{:pasted:20220830-230220.png}} To test this insecure connection, put MIStudio into LIVE mode and use the MIStudio Test Frame to enter a value into the text field. It will appear in the client's annunciator. The steps to use the WebSocket server and client with a secure connection is described in the next sections, starting with making a certificate for the server. ==== Self-Signed Certificate Generation ==== To run the server with self-signed certificates you need to generate a public and private certificate for the server and the public certificate must be moved to the client. Use OpenSSL version 1.1.1q and not OpenSSL 3. OpenSSL is usually installed by default on Linux systems. For Windows you can get OpenSSL 1.1.1q from https://slproweb.com/products/Win32OpenSSL.html To generate the private (key.pem) and public (cert.pem) certificates run: openssl req -newkey rsa:2048 -x509 -keyout key.pem -out cert.pem -days 365 OpenSSL will prompt you for several values. You can enter a dot (".") for no answer to the questions, or enter the values when prompted. Passphrase: he tool will prompt us to enter a PEM passphrase and other information. Choose a passphrase of 4 or more characters, but remember what this passphrase is because you'll need to use this in the next OpenSSL generator step. To generate a private key without encrypting with a passphrase use the -nodes (short for "no DES") option openssl req -newkey rsa:2048 -nodes -x509 -keyout key.pem -out cert.pem -days 365 Common Name: When prompted for the "Common Name" add the name of the server. If you are testing on "localhost", as when you test in MIStudio or MIX, answer with "localhost". If you plan to test on two networked systems, enter the web address of where the server will be running (do not enter the wss part, only the web server address, such as www.domainname.com). Common Name (e.g. server FQDN or YOUR name) []:localhost Once we've answered all the prompts, the openssl tool outputs two files: * key.pem (the private key) * cert.pem (a public certificate) We'll use these files to generate our self-signed certificate. Some additional details are provided at:[[https://www.baeldung.com/convert-pem-to-jks|Converting a PEM File to Java KeyStore Format]] which was the source of this information. The server requires that the certificate be in PKCS12 format. So we need to convert the cert.pem generated in the step above to cert.p12 (a certificate in PKCS12 format). To convert the server certificate PEM into a PKCS12 format, and assigning "mix123" as the new certificate's password: openssl pkcs12 -export -in cert.pem -inkey key.pem -out cert.p12 -passout pass:mix123 While the command runs, you'll be prompted to enter the passphrase that we created previously for key.pem. Enter pass phrase for key.pem (this is the passphrase you entered above). The command line above assigns the password "mix123" to the new cert.p12 certificate. You can use the same passphrase as you entered above, or a different one for the new certificate. After that, you'll have a cert.p12 KeyStore stored in PCKS12 format. Copy cert.p12 and cert.pem into the UserFiles folder of the MIStudio project. Set the "P12Certificate" property to be "cert.p12" and the Cert Password to be the password entered above (mix123 for this example). Set the "TrustedCert" property in the client to be "cert.pem" (or copy the certificate to a different web socket client following the instructions for that client). ==== Server Properties ==== WS Port:(Port)This will be the port in the URL, eg ws:%%//%%yourhost:port Certificate file name:(P12Certificate)The name of the file containing the PKCS12 formatted certificate Certificate Password:(CertPassword)The password of the certificate ==== Client Properties ==== Server URI:(ServerUri)This URI of the server, eg wss:%%//%%yourhost:port Be sure to use wss:%%//%% for a secure connection (with certificates) and ws:%%//%% for an insecure (no certificates) connection Trusted Certificate:(TrustedCert)The trusted server certificate in PEM format. Only needed for a secure connection. ==== Examples of Use ==== As simple usage of WebSockets in MIStudio might look like this: {{:pasted:20220827-144535.png?600|Websocket Configuration}} Values typed into the TextField, connected to the server, will be seen in the Annunciator, connected to the Client. The server configuration is: {{:pasted:20220827-144717.png?400|Server Configuration}} The client configuration is: {{:pasted:20220827-144656.png?400|Client Configuration}}