mina-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark <elihusma...@gmail.com>
Subject Re: Establishing SSL connection in Android
Date Thu, 22 Apr 2010 03:09:49 GMT
I don't think I have any information that would help you further.  I
have not had the chance to write any software for the android.  I have
done some work with MINA and SSL, but I was using certificates I
generated using OpenSSL.  Not sure if you want to try this route or
even if Android supports that.  One thing I would recommend is writing
simple client/server apps that use your certs and find out if the
handshake works then.  If it does, then we can say that its either
MINA or Android.

HTH,
Mark


On Tue, Apr 20, 2010 at 11:27 AM, Pavol Kaiser <pavol.kaiser@gmail.com> wrote:
> Hello Mark,
>
> I was creating my certificates using KeyTool IUI. This application is
> available for free to download here
> http://www.icewalkers.com/Linux/Software/530730/KeyTool-IUI.html
>
> The reason why I could not use the standard java keytool is that android
> does not support JKS keystore. It supports only BKS keystore and I was not
> able to add support for JKS to android. However I was able to add support
> for BKS in standard Java using library from Bouncy Castle
> http://www.bouncycastle.org/ as following:
>        Security.addProvider(new BouncyCastleProvider());
>
>
> Anyway if I understand the handshake process correctly, I don't need to
> provide any certificate. The point is that client generates keys (private
> and public). Then he sends the public key to the server which generates his
> private and public keys. The server then sends the public key back to the
> client. Now the client can use the server public key to encrypt his messages
> and the server will decrypt them using his private key. As well the server
> can encrypt messages with the client public key and the client can decrypt
> them using his private key.
> Providing certificate in the beginning of the handshake process can help to
> prevent attack "Man In the Middle" but the process should work even without
> the certificate.
> So what I tried to do after I got the error with standard setup which I can
> see in
> http://mina.apache.org/report/trunk/xref/org/apache/mina/example/echoserver/ssl/BogusSSLContextFactory.htmlwas
> that I used empty keystores without any keys or certificates. The
> error
> was still there.
>
> I suppose therefore that the problem is not that I used incorrect keys. The
> keys that are generated in the handshake process are somehow invalid and
> when the exception mentions a public key, I believe it means the public key
> that was generated in the handshake process and sent to it from the server.
>
> If I am wrong please correct me.
>
> I should also correct my previous statement when I said that the error
> occurs when I send a message. The error occurs even if I don't send any
> message. I get the connection and after a while it fails. I suppose that the
> handshake process is executed in separated thread and that is why the error
> occurs with some delay.
>
> Thank you for any help
>
>
> Pavol Kaiser
>
>
> On 20 April 2010 16:07, Mark <elihusmails@gmail.com> wrote:
>
>> How are you creating your certificates?
>>
>>
>> On Tue, Apr 20, 2010 at 5:22 AM, Pavol Kaiser <pavol.kaiser@gmail.com>
>> wrote:
>> > Hello,
>> >
>> > I am trying to establish a SSL connection from a client application
>> running
>> > on Android to a server running on Windows machine.
>> > Connection seems to be established but when I try to send a message I get
>> an
>> > error (see below). When implementing this I was following the EchoServer
>> > example here
>> >
>> http://mina.apache.org/report/trunk/xref/org/apache/mina/example/echoserver/
>> > .
>> > The same code works when I try to connect from a client running on
>> Windows.
>> > Unsecure connection works even on Android correctly.
>> >
>> > Below is the exception that I get:
>> >
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):
>> > javax.net.ssl.SSLHandshakeException: SSL handshake failed.
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> > org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:220)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:264)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> > java.lang.Thread.run(Thread.java:1096)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217): Caused by:
>> > javax.net.ssl.SSLException: Error occured in delegated
>> > task:javax.net.ssl.SSLException: Unexpected exception
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.harmony.xnet.provider.jsse.HandshakeProtocol.fatalAlert(HandshakeProtocol.java:324)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.harmony.xnet.provider.jsse.HandshakeProtocol.wrap(HandshakeProtocol.java:276)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.harmony.xnet.provider.jsse.SSLEngineImpl.wrap(SSLEngineImpl.java:708)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> > javax.net.ssl.SSLEngine.wrap(SSLEngine.java:462)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> > org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:514)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> > org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     ... 9 more
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217): Caused by:
>> > org.apache.harmony.xnet.provider.jsse.AlertException:
>> > javax.net.ssl.SSLException: Unexpected exception
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.harmony.xnet.provider.jsse.HandshakeProtocol.fatalAlert(HandshakeProtocol.java:324)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.harmony.xnet.provider.jsse.ClientHandshakeImpl.processServerHelloDone(ClientHandshakeImpl.java:421)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.harmony.xnet.provider.jsse.ClientHandshakeImpl$1.run(ClientHandshakeImpl.java:287)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.harmony.xnet.provider.jsse.ClientHandshakeImpl$1.run(ClientHandshakeImpl.java:286)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> java.security.AccessController.doPrivilegedImpl(AccessController.java:205)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> > java.security.AccessController.doPrivileged(AccessController.java:178)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.harmony.xnet.provider.jsse.DelegatedTask.run(DelegatedTask.java:54)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> > org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:685)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> > org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:486)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     ... 11 more
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217): Caused by:
>> > javax.net.ssl.SSLException: Unexpected exception
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     ... 20 more
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217): Caused by:
>> > java.security.InvalidKeyException: The public key in the certificate
>> cannot
>> > be used for ENCRYPT_MODE
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> > javax.crypto.Cipher.init(Cipher.java:815)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> > javax.crypto.Cipher.init(Cipher.java:747)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     at
>> >
>> org.apache.harmony.xnet.provider.jsse.ClientHandshakeImpl.processServerHelloDone(ClientHandshakeImpl.java:418)
>> > 04-20 08:47:32.168: ERROR/ConnectionManager(217):     ... 18 more
>> >
>> >
>> > I found out in the Cipher class that this exception is thrown if one
>> wants
>> > to use a certificate for encryption and the certificate has set extension
>> > "critical" but doesn't have extension "encipherOnly". Is it possible that
>> > these attributes are not correctly set by Mina or Android during the
>> > creation of a Certificate?
>> > Is Mina supported on Android? If not do you plan to support it in near
>> > future (next few months)?
>> > Do you know any possible workaround for this?
>> >
>> > I was trying to solve this for last few days and I am quite desperate.
>> Any
>> > help is welcome.
>> >
>> > Thank you
>> >
>> > Pavol Kaiser
>> >
>>
>

Mime
View raw message