harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kamal kumar <skamalaku...@yahoo.com>
Subject [classlib][io][x-net][crypto]:failed to establish SSL connection with SSL Server certificate with key usage extension
Date Mon, 04 Oct 2010 09:55:50 GMT
I tested my SSL Server(Server Auth only), Client program (Server Auth only) with Harmony JDK
version 1.5. This program uses HarmonyJSSE provider. I tried this program with Server certificate
with Critical KeyUsage extension with (digital signature and key encipherment). But SSL Client
throws exception at the Cipher.init function. I have attached the stack trace below.

Cipher.init(int, Certificate, SecureRandom) line: 818	
Cipher.init(int, Certificate) line: 751	
ClientHandshakeImpl.processServerHelloDone() line: 411 [local variables unavailable]	
ClientHandshakeImpl.unwrap(byte[]) line: 289	
SSLRecordProtocol.unwrap() line: 413	
SSLSocketImpl.doHandshake() line: 742	
SSLSocketImpl.startHandshake() line: 451 [local variables unavailable]	
SSLSocketImpl.writeAppData(byte[], int, int) line: 674	
SSLSocketOutputStream.write(byte[]) line: 47	
SslClient.main(String[]) line: 79


The following code in the Cipher.init(int, Certificate, SecureRandom) function throws the
exception.
if (opmode == ENCRYPT_MODE && (!keyUsage[7])) {
                            throw new InvalidKeyException(
                                    Messages.getString("crypto.1A")); //$NON-NLS-1$
                        } else 

I have given the SSL Server code below.
================
import java.io.*;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;

import javax.net.ssl.*;





/**
* Java SSL Server Program using Application ID.
*/
public class JavaSslServer {
   

   public static void main(String args[]) {
       /*
        * Set up to catch any exceptions thrown.
        */
       try {
           /*
            * Allocate and initialize a KeyStore object.
            */
    	   Security.removeProvider("DRLCertFactory");
           char[] password = "password".toCharArray();
           KeyStore ks = KeyStore.getInstance("PKCS12");
           FileInputStream fis = new FileInputStream("kamalcriticalkeyusage.p12");
           ks.load(fis, password);
           /*
            * Allocate and initialize a KeyManagerFactory.
            */
           KeyManagerFactory kmf =
                             KeyManagerFactory.getInstance("X509","HarmonyJSSE");
           kmf.init(ks, password);
           
           ks = KeyStore.getInstance("PKCS12");
           fis = new FileInputStream("kamalcriticalkeyusage.p12");
           ks.load(fis, password);
           /*
            * Allocate and initialize a TrustManagerFactory.
            */
           TrustManagerFactory tmf =
                           TrustManagerFactory.getInstance("X509","HarmonyJSSE");
           tmf.init(ks);
           /* 
            * Allocate and initialize an SSLContext.
            */
           SSLContext c =
                      SSLContext.getInstance("TLS", "HarmonyJSSE");
           c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
           /*
            * Get the an SSLServerSocketFactory from the SSLContext.
            */
           SSLServerSocketFactory sf = c.getServerSocketFactory();
           /*
            * Create an SSLServerSocket.
            */
           SSLServerSocket ss =
               (SSLServerSocket) sf.createServerSocket(13333);
           /*
            * Perform an accept() to create an SSLSocket.
            */
           SSLSocket s = (SSLSocket) ss.accept();
           /*
            * Receive a message from the client using the secure session.
            */
           InputStream is = s.getInputStream();
           byte[] buffer = new byte[1024];
           int bytesRead = is.read(buffer);
           if (bytesRead == -1)
               throw new IOException("Unexpected End-of-file Received");
           String received = new String(buffer, 0, bytesRead);
           /*
            * Write results to screen.
            */
           System.out.println("Read " + received.length() + " bytes...");
           System.out.println(received);
           /*
            * Echo the message back to the client using the secure session.
            */
           OutputStream os = s.getOutputStream();
           os.write(received.getBytes());
           /*
            * Write results to screen.
            */
           System.out.println("Wrote " + received.length() + " bytes...");
           System.out.println(received);
       } catch (Exception e) {
           System.out.println("Unexpected exception caught: " +
                              e.getMessage());
           e.printStackTrace();
       }
   }
   
}
==========================================
SSL Client code is given below.

==========================================
import java.io.*;
import java.security.KeyStore;
import java.security.Security;

import javax.net.ssl.*;

/**
 * SSL Client Program.
 */
public class SslClient {
   
   /**
    * SslClient main method.
    *
    * @param args the command line arguments (not used)
    */
   public static void main(String args[]) {
       /*
        * Set up to catch any exceptions thrown.
        */
       try {
           /*
            * Initialize an SSLConfiguration object to specify an application
            * ID.  "MY_CLIENT_APP" must be registered and configured
            * correctly with the Digital Certificate Manager (DCM).
            */
           
           /*
            * Get a KeyStore object from the SSLConfiguration object.
            */
    	   Security.removeProvider("DRLCertFactory");
    	   char[] password = "password".toCharArray();
           KeyStore ks = KeyStore.getInstance("PKCS12");
           FileInputStream fis = new FileInputStream("kamalcriticalkeyusage.p12");
           ks.load(fis, password);
           /*
            * Allocate and initialize a KeyManagerFactory.
            
           KeyManagerFactory kmf =
                             KeyManagerFactory.getInstance("X509");
           kmf.init(ks, password);*/
           /*
            * Allocate and initialize a TrustManagerFactory.
            */
           TrustManagerFactory tmf =
                           TrustManagerFactory.getInstance("X509");
           tmf.init(ks);

           /*
            * Allocate and initialize a KeyManagerFactory.
            */

           /*
            * Allocate and initialize a TrustManagerFactory.
            */

           /* 
            * Allocate and initialize an SSLContext.
            */
           SSLContext c =
                      SSLContext.getInstance("TLS", "HarmonyJSSE");
           c.init(null, tmf.getTrustManagers(), null);
           /*
            * Get the an SSLSocketFactory from the SSLContext.
            */
           SSLSocketFactory sf = c.getSocketFactory();
           /*
            * Create an SSLSocket.
            *
            * Change the hard-coded IP address to the IP address or host name
            * of the server.
            */
           SSLSocket s = (SSLSocket) sf.createSocket("172.16.145.156", 13333);
           /*
            * Send a message to the server using the secure session.
            */
           String sent = "Test of java SSL write";
           OutputStream os = s.getOutputStream();
           os.write(sent.getBytes());
           /*
            * Write results to screen.
            */
           System.out.println("Wrote " + sent.length() + " bytes...");
           System.out.println(sent);
           /*
            * Receive a message from the server using the secure session.
            */
           InputStream is = s.getInputStream();
           byte[] buffer = new byte[1024];
           int bytesRead = is.read(buffer);
           if (bytesRead == -1)
               throw new IOException("Unexpected End-of-file Received");
           String received = new String(buffer, 0, bytesRead);
           /*
            * Write results to screen.
            */
           System.out.println("Read " + received.length() + " bytes...");
           System.out.println(received);
       } catch (Exception e) {
           System.out.println("Unexpected exception caught: " +
                              e.getMessage());
           e.printStackTrace();
       }
   }
   
}
===========================================================
I have attached the p12 file I used with this program. ==========================================

Can you please give your opinion on this issue.

Regards,
Kamal.


      
Mime
View raw message