Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Two Way SSL with Sun JSSE [urgent]

Reply
Thread Tools

Two Way SSL with Sun JSSE [urgent]

 
 
Deepak Nayal
Guest
Posts: n/a
 
      10-20-2003
Hi All,

I have written the following JAVA program for two way SSL, using Sun JSSE.
/*************************/
/**
* @author Deepak Nayal
* Created on Oct 19, 2003 11:37:10 AM
*/

import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;
import com.sun.net.ssl.internal.ssl.Provider;

public class SSLClient {

public static void main(String[] args) throws Exception{

final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
final String KEYSTOREPASS = "mystore";
final String HOST = "localhost";
final int PORT = 7002;
final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
Security.addProvider(new Provider());

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray ());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks,KEYSTOREPASS.toCharArray());
SSLContext sslctx = SSLContext.getInstance("SSLv3");
sslctx.init(kmf.getKeyManagers(),null,null);

SSLSocketFactory sockFactory =
(SSLSocketFactory)sslctx.getSocketFactory();
SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
OutputStream out = sock.getOutputStream();
out.write(cmd.getBytes());
out.flush();

BufferedReader read = new BufferedReader(new
InputStreamReader(sock.getInputStream()));

String line=null;
while((line=read.readLine()) != null)
System.out.println(line);
}
}
/*************************/

But whenever I run this example, I am getting the following error :-

/*************************/
Exception in thread "main" javax.net.ssl.SSLException: Received fatal
alert: handshake_failure (no cipher suites in common)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(Dasho A6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Dasho A6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Dasho A6275)
at om.sun.net.ssl.internal.ssl.AppOutputStream.write( DashoA6275)
at java.io.OutputStream.write(OutputStream.java:56)
at SSLClient.main(SSLClient.java:36)
/*************************/

This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
JSSE, two way SSl works fine with the same KeyStore. I have not explored
much of Sun JSSE. Can anybody please let me know if I am doing something
wrong in my code.

Any pointers in this direction will be highly appreciated.
Thanks in Advance.
Deepak Nayal


 
Reply With Quote
 
 
 
 
Deepak Nayal
Guest
Posts: n/a
 
      10-21-2003

Has nobody ever configured two-way SSL using Sun JSSE ?
I posted a message earlier also regarding a two-way SSL
issue and nobody answered.

This realy is very discouraging.


Deepak Nayal wrote:
> Hi All,
>
> I have written the following JAVA program for two way SSL, using Sun JSSE.
> /*************************/
> /**
> * @author Deepak Nayal
> * Created on Oct 19, 2003 11:37:10 AM
> */
>
> import java.io.*;
> import java.security.*;
> import java.security.cert.*;
> import javax.net.ssl.*;
> import com.sun.net.ssl.*;
> import com.sun.net.ssl.internal.ssl.Provider;
>
> public class SSLClient {
>
> public static void main(String[] args) throws Exception{
>
> final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
> final String KEYSTOREPASS = "mystore";
> final String HOST = "localhost";
> final int PORT = 7002;
> final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
> Security.addProvider(new Provider());
>
> KeyStore ks = KeyStore.getInstance("JKS");
> ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray ());
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks,KEYSTOREPASS.toCharArray());
> SSLContext sslctx = SSLContext.getInstance("SSLv3");
> sslctx.init(kmf.getKeyManagers(),null,null);
>
> SSLSocketFactory sockFactory =
> (SSLSocketFactory)sslctx.getSocketFactory();
> SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
> OutputStream out = sock.getOutputStream();
> out.write(cmd.getBytes());
> out.flush();
>
> BufferedReader read = new BufferedReader(new
> InputStreamReader(sock.getInputStream()));
>
> String line=null;
> while((line=read.readLine()) != null)
> System.out.println(line);
> }
> }
> /*************************/
>
> But whenever I run this example, I am getting the following error :-
>
> /*************************/
> Exception in thread "main" javax.net.ssl.SSLException: Received fatal
> alert: handshake_failure (no cipher suites in common)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(Dasho A6275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Dasho A6275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Dasho A6275)
> at om.sun.net.ssl.internal.ssl.AppOutputStream.write( DashoA6275)
> at java.io.OutputStream.write(OutputStream.java:56)
> at SSLClient.main(SSLClient.java:36)
> /*************************/
>
> This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
> JSSE, two way SSl works fine with the same KeyStore. I have not explored
> much of Sun JSSE. Can anybody please let me know if I am doing something
> wrong in my code.
>
> Any pointers in this direction will be highly appreciated.
> Thanks in Advance.
> Deepak Nayal
>
>


 
Reply With Quote
 
 
 
 
EJP
Guest
Posts: n/a
 
      10-21-2003
How do you expect to read a line if you never write a line terminator?

Deepak Nayal wrote:
>
> Has nobody ever configured two-way SSL using Sun JSSE ?
> I posted a message earlier also regarding a two-way SSL
> issue and nobody answered.
>
> This realy is very discouraging.
>
> Deepak Nayal wrote:
> > Hi All,
> >
> > I have written the following JAVA program for two way SSL, using Sun JSSE.
> > /*************************/
> > /**
> > * @author Deepak Nayal
> > * Created on Oct 19, 2003 11:37:10 AM
> > */
> >
> > import java.io.*;
> > import java.security.*;
> > import java.security.cert.*;
> > import javax.net.ssl.*;
> > import com.sun.net.ssl.*;
> > import com.sun.net.ssl.internal.ssl.Provider;
> >
> > public class SSLClient {
> >
> > public static void main(String[] args) throws Exception{
> >
> > final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
> > final String KEYSTOREPASS = "mystore";
> > final String HOST = "localhost";
> > final int PORT = 7002;
> > final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
> > Security.addProvider(new Provider());
> >
> > KeyStore ks = KeyStore.getInstance("JKS");
> > ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray ());
> > KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> > kmf.init(ks,KEYSTOREPASS.toCharArray());
> > SSLContext sslctx = SSLContext.getInstance("SSLv3");
> > sslctx.init(kmf.getKeyManagers(),null,null);
> >
> > SSLSocketFactory sockFactory =
> > (SSLSocketFactory)sslctx.getSocketFactory();
> > SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
> > OutputStream out = sock.getOutputStream();
> > out.write(cmd.getBytes());
> > out.flush();
> >
> > BufferedReader read = new BufferedReader(new
> > InputStreamReader(sock.getInputStream()));
> >
> > String line=null;
> > while((line=read.readLine()) != null)
> > System.out.println(line);
> > }
> > }
> > /*************************/
> >
> > But whenever I run this example, I am getting the following error :-
> >
> > /*************************/
> > Exception in thread "main" javax.net.ssl.SSLException: Received fatal
> > alert: handshake_failure (no cipher suites in common)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(Dasho A6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Dasho A6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Dasho A6275)
> > at om.sun.net.ssl.internal.ssl.AppOutputStream.write( DashoA6275)
> > at java.io.OutputStream.write(OutputStream.java:56)
> > at SSLClient.main(SSLClient.java:36)
> > /*************************/
> >
> > This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
> > JSSE, two way SSl works fine with the same KeyStore. I have not explored
> > much of Sun JSSE. Can anybody please let me know if I am doing something
> > wrong in my code.
> >
> > Any pointers in this direction will be highly appreciated.
> > Thanks in Advance.
> > Deepak Nayal
> >
> >

 
Reply With Quote
 
soft-eng
Guest
Posts: n/a
 
      10-21-2003
There are some working examples on Sun site. You
should start with that. If you started with
weblogic working examples, you might have
the wrong SSL technology-set specified. For
instance, where did you get "SSLv3", and did
you check if it's supported?

Deepak Nayal <(E-Mail Removed)> wrote in message news:<bn1ugs$s3kij$(E-Mail Removed)-berlin.de>...
> Has nobody ever configured two-way SSL using Sun JSSE ?
> I posted a message earlier also regarding a two-way SSL
> issue and nobody answered.
>
> This realy is very discouraging.
>
>
> Deepak Nayal wrote:
> > Hi All,
> >
> > I have written the following JAVA program for two way SSL, using Sun JSSE.
> > /*************************/
> > /**
> > * @author Deepak Nayal
> > * Created on Oct 19, 2003 11:37:10 AM
> > */
> >
> > import java.io.*;
> > import java.security.*;
> > import java.security.cert.*;
> > import javax.net.ssl.*;
> > import com.sun.net.ssl.*;
> > import com.sun.net.ssl.internal.ssl.Provider;
> >
> > public class SSLClient {
> >
> > public static void main(String[] args) throws Exception{
> >
> > final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
> > final String KEYSTOREPASS = "mystore";
> > final String HOST = "localhost";
> > final int PORT = 7002;
> > final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
> > Security.addProvider(new Provider());
> >
> > KeyStore ks = KeyStore.getInstance("JKS");
> > ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray ());
> > KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> > kmf.init(ks,KEYSTOREPASS.toCharArray());
> > SSLContext sslctx = SSLContext.getInstance("SSLv3");
> > sslctx.init(kmf.getKeyManagers(),null,null);
> >
> > SSLSocketFactory sockFactory =
> > (SSLSocketFactory)sslctx.getSocketFactory();
> > SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
> > OutputStream out = sock.getOutputStream();
> > out.write(cmd.getBytes());
> > out.flush();
> >
> > BufferedReader read = new BufferedReader(new
> > InputStreamReader(sock.getInputStream()));
> >
> > String line=null;
> > while((line=read.readLine()) != null)
> > System.out.println(line);
> > }
> > }
> > /*************************/
> >
> > But whenever I run this example, I am getting the following error :-
> >
> > /*************************/
> > Exception in thread "main" javax.net.ssl.SSLException: Received fatal
> > alert: handshake_failure (no cipher suites in common)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(Dasho A6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Dasho A6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Dasho A6275)
> > at om.sun.net.ssl.internal.ssl.AppOutputStream.write( DashoA6275)
> > at java.io.OutputStream.write(OutputStream.java:56)
> > at SSLClient.main(SSLClient.java:36)
> > /*************************/
> >
> > This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
> > JSSE, two way SSl works fine with the same KeyStore. I have not explored
> > much of Sun JSSE. Can anybody please let me know if I am doing something
> > wrong in my code.
> >
> > Any pointers in this direction will be highly appreciated.
> > Thanks in Advance.
> > Deepak Nayal
> >
> >

 
Reply With Quote
 
Deepak Nayal
Guest
Posts: n/a
 
      10-21-2003

Hi soft-eng,

Thanks for getting back at it(At least someone has).
I refered to this link for my SSL program :-
http://developer.java.sun.com/develo...ecureinternet/

Following is a snippet from it.
/**************************/
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystore), keystorepass);
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypassword);
SSLContext sslcontext =
SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), null, null);
ServerSocketFactory ssf =
sslcontext.getServerSocketFactory();
SSLServerSocket serversocket = (SSLServerSocket)
ssf.createServerSocket(HTTPS_PORT);
return serversocket;
/**************************/

Do you think this implementation is wrong? I have searched a lot on the
NET and this link is the closed I got to an example for two-way SSL.
Others were vendor specific, like Pramati, Weblogic, Borland etc.

Could you please point me to a two-way SSL example, using Sun JSSE.

Thanks again for your effort.


soft-eng wrote:
> There are some working examples on Sun site. You
> should start with that. If you started with
> weblogic working examples, you might have
> the wrong SSL technology-set specified. For
> instance, where did you get "SSLv3", and did
> you check if it's supported?
>
> Deepak Nayal <(E-Mail Removed)> wrote in message news:<bn1ugs$s3kij$(E-Mail Removed)-berlin.de>...
>
>>Has nobody ever configured two-way SSL using Sun JSSE ?
>>I posted a message earlier also regarding a two-way SSL
>>issue and nobody answered.
>>
>>This realy is very discouraging.
>>
>>
>>Deepak Nayal wrote:
>>
>>>Hi All,
>>>
>>>I have written the following JAVA program for two way SSL, using Sun JSSE.
>>>/*************************/
>>>/**
>>> * @author Deepak Nayal
>>> * Created on Oct 19, 2003 11:37:10 AM
>>> */
>>>
>>>import java.io.*;
>>>import java.security.*;
>>>import java.security.cert.*;
>>>import javax.net.ssl.*;
>>>import com.sun.net.ssl.*;
>>>import com.sun.net.ssl.internal.ssl.Provider;
>>>
>>>public class SSLClient {
>>>
>>> public static void main(String[] args) throws Exception{
>>>
>>> final String KEYSTORE = "G:/Personal/Java/SSL/mystore";
>>> final String KEYSTOREPASS = "mystore";
>>> final String HOST = "localhost";
>>> final int PORT = 7002;
>>> final String cmd = "GET /test.jsp HTTP/1.0\r\n\r\n";
>>> Security.addProvider(new Provider());
>>>
>>> KeyStore ks = KeyStore.getInstance("JKS");
>>> ks.load(new FileInputStream(KEYSTORE),KEYSTOREPASS.toCharArray ());
>>> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
>>> kmf.init(ks,KEYSTOREPASS.toCharArray());
>>> SSLContext sslctx = SSLContext.getInstance("SSLv3");
>>> sslctx.init(kmf.getKeyManagers(),null,null);
>>>
>>> SSLSocketFactory sockFactory =
>>>(SSLSocketFactory)sslctx.getSocketFactory();
>>> SSLSocket sock = (SSLSocket)sockFactory.createSocket(HOST,PORT);
>>> OutputStream out = sock.getOutputStream();
>>> out.write(cmd.getBytes());
>>> out.flush();
>>>
>>> BufferedReader read = new BufferedReader(new
>>>InputStreamReader(sock.getInputStream()));
>>>
>>> String line=null;
>>> while((line=read.readLine()) != null)
>>> System.out.println(line);
>>> }
>>>}
>>>/*************************/
>>>
>>>But whenever I run this example, I am getting the following error :-
>>>
>>>/*************************/
>>>Exception in thread "main" javax.net.ssl.SSLException: Received fatal
>>>alert: handshake_failure (no cipher suites in common)
>>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(Dasho A6275)
>>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Dasho A6275)
>>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Dasho A6275)
>>> at om.sun.net.ssl.internal.ssl.AppOutputStream.write( DashoA6275)
>>> at java.io.OutputStream.write(OutputStream.java:56)
>>> at SSLClient.main(SSLClient.java:36)
>>>/*************************/
>>>
>>>This seems to be more of a SSL issue, but when I use Weblogic(Certicom)
>>>JSSE, two way SSl works fine with the same KeyStore. I have not explored
>>>much of Sun JSSE. Can anybody please let me know if I am doing something
>>> wrong in my code.
>>>
>>>Any pointers in this direction will be highly appreciated.
>>>Thanks in Advance.
>>>Deepak Nayal
>>>
>>>


 
Reply With Quote
 
Pankaj Kumar
Guest
Posts: n/a
 
      10-21-2003
Hello Deepak,

In most likelyhood, you have a certificate signing algorithm mismatch
(RSA vs. DSA) between the client and server. Refer to
http://www.j2ee-security.net/phpBB2/viewtopic.php?t=9 for discussion
around a similar problem.

Pankaj Kumar
http://www.j2ee-security.net
 
Reply With Quote
 
soft-eng
Guest
Posts: n/a
 
      10-22-2003
Deepak Nayal <(E-Mail Removed)> wrote in message news:<bn49bo$togtm$(E-Mail Removed)-berlin.de>...
> Hi soft-eng,
>
> Thanks for getting back at it(At least someone has).
> I refered to this link for my SSL program :-
> http://developer.java.sun.com/develo...ecureinternet/
>
> Following is a snippet from it.
> /**************************/
> KeyStore ks = KeyStore.getInstance("JKS");
> ks.load(new FileInputStream(keystore), keystorepass);
> KeyManagerFactory kmf =
> KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, keypassword);
> SSLContext sslcontext =
> SSLContext.getInstance("SSLv3");
> sslcontext.init(kmf.getKeyManagers(), null, null);
> ServerSocketFactory ssf =
> sslcontext.getServerSocketFactory();
> SSLServerSocket serversocket = (SSLServerSocket)
> ssf.createServerSocket(HTTPS_PORT);
> return serversocket;
> /**************************/


Where are you getting all of this? I see at this URL (in Code
Sample 2), just:

SocketFactory factory = SSLSocketFactory.getDefault();
Socket s = factory.createSocket(hostname, HTTPS_PORT);

And the rest of the code is doing exactly what you seem
to want to be doing -- writing a "GET" to the port and
reading a page back.

Can you make the Code Sample 2 work as is? If it works,
and stops working when you add some of your own key-management,
that would be the point to start looking for the problem.

Also, I am not sure what's your concern about "two way".
All network connections are two way. And since many
SSL implementations exist, the development task
is an easy one -- step 1 is to get a client to work
and test it with some standard SSL website, step 2 is
to get a server to work and test with some standard browser, step 3
is to get your client and server to talk to
each other, and there you have a 2-way connection.
And if you want at that time, you can then abandon
HTTP and start your own communication protocols.
 
Reply With Quote
 
Deepak Nayal
Guest
Posts: n/a
 
      10-22-2003
soft-eng wrote:
> Deepak Nayal <(E-Mail Removed)> wrote in message news:<bn49bo$togtm$(E-Mail Removed)-berlin.de>...
>
>>Hi soft-eng,
>>
>>Thanks for getting back at it(At least someone has).
>>I refered to this link for my SSL program :-
>>http://developer.java.sun.com/develo...ecureinternet/
>>
>>Following is a snippet from it.
>>/**************************/
>>KeyStore ks = KeyStore.getInstance("JKS");
>> ks.load(new FileInputStream(keystore), keystorepass);
>> KeyManagerFactory kmf =
>> KeyManagerFactory.getInstance("SunX509");
>> kmf.init(ks, keypassword);
>> SSLContext sslcontext =
>> SSLContext.getInstance("SSLv3");
>> sslcontext.init(kmf.getKeyManagers(), null, null);
>> ServerSocketFactory ssf =
>> sslcontext.getServerSocketFactory();
>> SSLServerSocket serversocket = (SSLServerSocket)
>> ssf.createServerSocket(HTTPS_PORT);
>> return serversocket;
>>/**************************/

>
>
> Where are you getting all of this? I see at this URL (in Code
> Sample 2), just:
>
> SocketFactory factory = SSLSocketFactory.getDefault();
> Socket s = factory.createSocket(hostname, HTTPS_PORT);
>
> And the rest of the code is doing exactly what you seem
> to want to be doing -- writing a "GET" to the port and
> reading a page back.


---------------------------------------------------------
The one that I am using is given at Code Sample 2.
---------------------------------------------------------

>
> Can you make the Code Sample 2 work as is? If it works,
> and stops working when you add some of your own key-management,
> that would be the point to start looking for the problem.


---------------------------------------------------------
Didn't quite get that.

Do you think the Code Sample 2 will not work.
---------------------------------------------------------

> Also, I am not sure what's your concern about "two way".
> All network connections are two way. And since many
> SSL implementations exist, the development task
> is an easy one -- step 1 is to get a client to work
> and test it with some standard SSL website, step 2 is
> to get a server to work and test with some standard browser, step 3
> is to get your client and server to talk to
> each other, and there you have a 2-way connection.
> And if you want at that time, you can then abandon
> HTTP and start your own communication protocols.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SOS trying to make work sun JSSE within IBM jdk. hernan.rancati@gmail.com Java 2 11-29-2006 06:45 PM
JSSE and Tomcat 4.1 / Sun JDK 1.4.2 - No trusted certificate found Neill Java 0 06-07-2005 04:21 PM
JSSE and SSL - No trusted certificate found Neill Java 0 06-07-2005 03:31 AM
Help me understand SSL/JSSE! Brian J. Sayatovic Java 0 10-03-2003 06:41 PM
JSSE -- SSL with client authentication and keystore with multiplecerts John Salvo Java 3 09-09-2003 01:04 AM



Advertisments