Step of creating a secure server socket

1. Generate public keys and certificates using keytool.
2. Pay money to have your certificates authenticated by a trusted third party such as Comodo.
3. Create an SSLContext for the algorithm you’ll use.
4. Create a TrustManagerFactory for the source of certificate material you’ll be using.
5. Create a KeyManagerFactory for the type of key material you’ll be using.
6. Create a KeyStore object for the key and certificate database. (Oracle’s default is JKS.)
7. Fill the KeyStore object with keys and certificates; for instance, by loading them from the filesystem using the passphrase they’re encrypted with.
8. Initialize the KeyManagerFactory with the KeyStore and its passphrase.
9. Initialize the context with the necessary key managers from the KeyManagerFactory, trust managers from the TrustManagerFactory, and a source of randomness. (The last two can be null if you’re willing to accept the defaults.

10. import java.io.*;
    import java.net.*;
    import java.security.*;
    import java.security.cert.CertificateException;
    import java.util.Arrays;
    
    import javax.net.ssl.*;
    
    public class SecureOrderTaker {
    
        public final static int PORT = 7000;
        public final static String algorithm = "SSL";
    
        public static void main(String[] args) {
            try {
                SSLContext context = SSLContext.getInstance(algorithm);
    
                // The reference implementation only supports X.509 keys
                KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    
                // Oracle's default kind of key store
                KeyStore ks = KeyStore.getInstance("JKS");
    
                // For security, every key store is encrypted with a
                // passphrase that must be provided before we can load
                // it from disk. The passphrase is stored as a char[] array
                // so it can be wiped from memory quickly rather than
                // waiting for a garbage collector.
                char[] password = System.console().readPassword();
                ks.load(new FileInputStream("jnp4e.keys"), password);
                kmf.init(ks, password);
                context.init(kmf.getKeyManagers(), null, null);
    
                // wipe the password
                Arrays.fill(password, '0');
    
                SSLServerSocketFactory factory = context.getServerSocketFactory();
    
                SSLServerSocket server = (SSLServerSocket) factory.createServerSocket(PORT);
    
                // add anonymous (non-authenticated) cipher suites
                String[] supported = server.getSupportedCipherSuites();
                String[] anonCipherSuitesSupported = new String[supported.length];
                int numAnonCipherSuitesSupported = 0;
                for (int i = 0; i < supported.length; i++) {
                    if (supported[i].indexOf("_anon_") > 0) {
                        anonCipherSuitesSupported[numAnonCipherSuitesSupported++] = supported[i];
                    }
                }
    
                String[] oldEnabled = server.getEnabledCipherSuites();
                String[] newEnabled = new String[oldEnabled.length + numAnonCipherSuitesSupported];
                System.arraycopy(oldEnabled, 0, newEnabled, 0, oldEnabled.length);
                System.arraycopy(anonCipherSuitesSupported, 0, newEnabled, oldEnabled.length, numAnonCipherSuitesSupported);
    
                server.setEnabledCipherSuites(newEnabled);
    
                // Now all the set up is complete and we can focus
                // on the actual communication.
                while (true) {
                    // This socket will be secure,
                    // but there's no indication of that in the code!
                    try (Socket theConnection = server.accept()) {
                        InputStream in = theConnection.getInputStream();
                        int c;
                        while ((c = in.read()) != -1) {
                            System.out.write(c);
                        }
                    } catch (IOException ex) {
                        ex.printStackTrace();
                    }
                }
            } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException
                    | CertificateException | UnrecoverableKeyException ex) {
                ex.printStackTrace();
            }
        }
    }