The middleware has been designed to be configurable and extensible to suit the client needs, so the startup configuration can be changed via parameters when calling it. This configuration can be stored in a file.

The configuration for the Middlewareis always a single line with one of the following formats:

file <FILENAME>
or,
<CLASSNAME> <ARGS>

In the first case, the Middleware will read the first line of the file <FILENAME> and load it as the configuration. In the second case, <CLASSNAME> shuld be the name of a class that implements the api.PSPort interface, and <ARGS> may be different parameters depending on the class (explained below). If <CLASSNAME> does not specify package, then api.<CLASSNAME> will be assumed.

For example:

file myConfig.ini
or,
PSPortTCP -a 127.0.0.1 -p 5434

The API provides two types of connections:

• A simple TCP connection (PSPortTCP): This connection will be unencrypted, everithing sent will be in plaintext and clients will be recognized by IP address and port. The Broker should be launched with TCPListener for the connection to work.
• A SSL connection (PSPortSSL): This connection will be encrypted, should provide autenticity, confidenciality and integrity under most configurations. Authentication is achieved via certificates, which will be generated using the keytool application that the jre provides. The Broker should be launched with SSLListener for the connection to work.

Depending on your implementation, you will have to choose which type of connection to be used. The broker and the middleware must use the same connection scheme in order to work.

To initialize a TCP connection, you have to have a configuration with this format:

PSPortTCP -a <ADDRESS> -p <PORT>

For example, and by default:

PSPortTCP -a 127.0.0.1 -p 5434

To create a SSL connection, first, we have to create a key store. To do it, we may use keytool that comes with the jre to generate it:

keytool -genkeypair -keystore <PATH TO THE KEY STORE> -keyalg RSA -sigalg SHA256withRSA -storetype JKS -validity <VALIDITY-DAYS>

You will be asked some questions to create it, for example, the password of the key store. This password will be passed to the Middleware via configuration.

There are some constraints to how to create the keystore: Most importattly, both the middleware and broker require that the keystore tipe is JKS -storetype JKS (should be the default). On the other hand, the certificate password and the keystore password must be the same (-storepass and -keypass, both of them configured via the -kp switch in PSPorttSSL). Also, note that -keyalg RSA -sigalg SHA256withRSA works with the PSPorttSSL default cipher (TLS_RSA_WITH_AES_128_CBC_SHA256), whereas you may need to change the cipher (-c switch in PSPortSSL) if you use a different keyalg/sigalg for the certificate (The handshake fails if an incompatible cipher is used).

In order to see how set up the keystores, you might want to look at the AutoKeytool project.

To initialize the SSL connection using the key store, you will have to have a configuration with this format:

PSPortSSL -a <ADDRESS> -p <PORT> -t <PATH TO THE TRUSTED KEY STORE> -k <PATH TO THE KEY STORE> -kp <KEY STORE PASSWORD> -pr <PROTOCOL> -c <CIPHER_SUITE>

The <PATH TO THE KEY STORE> points to the keystore where the private key for the Middleware client to authenticate is. On the other hand, <PATH TO THE TRUSTED KEY STORE> points to the keystore where the trusted Broker public keys are.

For example, and by default:

PSPortSSL -a 127.0.0.1 -p 5434 -t .keystore -k .keystore -kp snowflake -pr TLSv1.2 -c TLS_RSA_WITH_AES_128_CBC_SHA256