"Failed set trust point in ssl context" when using SSL communication

Discussion in 'Java' started by emukang, Dec 20, 2005.

  1. emukang

    emukang Guest

    hello,

    I am now developing a client and server system which needs SSL support.
    As this system is developed by microsoft j++, so I can only use the SSL
    package which support jdk1.1.

    Now I only found that oracle has a solution for SSL which support
    jkd1.1(SUN's jsse package only support from jdk1.2). It described the
    method and sample code in Oracle Advanced Security Administrator's
    Guide Release 2 (9.2)
    (http://web.urz.uni-heidelberg.de/Un...racle.doc.816/network.816/a76932/appf_ora.htm)

    I tried it, but met "Failed set trust point in ssl context" when using
    SSL communication.

    I think the problem is in initCredential() of server side. I used
    keytool to generate a self signed certificate, and use addTrustedCert()
    to add the certificate. But it always report error.

    There is also another method which named setWallet to import a wallet
    file generated by oracle wallet manager. I also tried this, but when I
    tried to use oracle wallet manager to export wallet, it always report
    "wallet must have at least one certificate to export".

    So would you please help me to solve this problem? Thank you very much.

    Below is the source code, to compile and run it, you need
    javax-ssl-1_1.jar and jssl-1_1.jar in your classpath, and njssl9.dll in
    your PATH enviroment. If you installed oracle in your machine, then
    these 3 files can get from \\oracle\ora92\bin and \\oracle\ora92\jlib.

    ---------------------------------------------------------------------------------------------------------------------
    Server compile running command
    ---------------------------------------------------------------------------------------------------------------------
    D:\project\test>javac -classpath
    "C:\javax-ssl-1_1.jar;C:jssl-1_1.jar;." SecureHelloServer.java

    D:\project\test>java -classpath "C:\javax-ssl-1_1.jar;C:jssl-1_1.jar;."
    SecureHelloServer
    Wating for client...
    IO exception caught:
    java.io.IOException: javax.net.ssl.SSLException: Failed set trust point
    in ssl c
    ontext
    at
    oracle.security.ssl.OracleSSLSocketImpl.startHandshake(OracleSSLSocke
    tImpl.java)
    at
    oracle.security.ssl.OracleSSLServerSocketImpl.accept(OracleSSLServerS
    ocketImpl.java)
    at SecureHelloServer.main(SecureHelloServer.java:109)

    ---------------------------------------------------------------------------------------------------------------------
    Client compile & running command
    ---------------------------------------------------------------------------------------------------------------------
    D:\project\test>javac -classpath
    "C:\javax-ssl-1_1.jar;C:jssl-1_1.jar;." SecureHelloClient.java
    D:\project\test>java -classpath "C:\javax-ssl-1_1.jar;C:jssl-1_1.jar;."
    SecureHelloClient
    Connection aborted by peer: socket write error
    IO exception caught:
    java.io.IOException: javax.net.ssl.SSLException: SSL handshake failed:
    SSLConnec
    tionClosedGraceful
    at
    oracle.security.ssl.OracleSSLSocketImpl.startHandshake(OracleSSLSocke
    tImpl.java)
    at SecureHelloClient.main(SecureHelloClient.java:62)

    ---------------------------------------------------------------------------------------------------------------------
    Server source code
    ---------------------------------------------------------------------------------------------------------------------
    // SecureHelloServer.java

    import java.net.*;
    import java.io.*;
    import java.util.*;
    import java.lang.*;

    import javax.net.*;
    import javax.net.ssl.*;

    import javax.security.cert.X509Certificate;
    import oracle.security.ssl.OracleSSLServerSocketFactoryImpl;
    import oracle.security.ssl.OracleSSLServerSocketFactory;
    import oracle.security.ssl.OracleSSLProtocolVersion;
    import oracle.security.ssl.OracleSSLCredential;


    public class SecureHelloServer
    {

    private static byte[] getBytesFromFile(File file) throws
    IOException {
    InputStream is = new FileInputStream(file);

    // Get the size of the file
    long length = file.length();

    // You cannot create an array using a long type.
    // It needs to be an int type.
    // Before converting to an int type, check
    // to ensure that file is not larger than Integer.MAX_VALUE.
    if (length > Integer.MAX_VALUE) {
    // File is too large
    }

    // Create the byte array to hold the data
    byte[] bytes = new byte[(int)length];

    // Read in the bytes
    int offset = 0;
    int numRead = 0;
    while (offset < bytes.length
    && (numRead=is.read(bytes, offset, bytes.length-offset)) >= 0) {
    offset += numRead;
    }

    // Ensure all the bytes have been read in
    if (offset < bytes.length) {
    throw new IOException("Could not completely read file
    "+file.getName());
    }

    // Close the input stream and return bytes
    is.close();
    return bytes;
    }

    public static void main(String[] args)
    {
    // We will use Oracle implementation here
    java.util.Properties prop = System.getProperties();
    prop.put("SSLServerSocketFactoryImplClass",

    "oracle.security.ssl.OracleSSLServerSocketFactoryImpl");
    try
    {
    // Get the default socket factory
    OracleSSLServerSocketFactory sslSrvSocketFactory
    =
    (OracleSSLServerSocketFactory)SSLServerSocketFactory.getDefault();

    // Set the SSL protocol version

    sslSrvSocketFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_3_0);

    // Create the ssl credential object
    OracleSSLCredential sslCredObj = new
    OracleSSLCredential();

    sslCredObj.addTrustedCert(getBytesFromFile(new
    File("C:\\certificate\\serverTrust")));

    // If you are using Oracle's wallet, certdb.txt, you
    can use setWallet as follows:
    //sslCredObj.setWallet("C:\\certificate\\certdb.txt",
    "servicedesk123");

    // If you are not using Oracle Wallet Manager, see the
    SecureHelloClient
    // program example.

    // Add ssl credential to the ssl context
    sslSrvSocketFactory.setSSLCredentials(sslCredObj);

    // Create the server socket
    SSLServerSocket sslSrvSocket =

    (SSLServerSocket)sslSrvSocketFactory.createServerSocket(8443);

    // Print the available ciphers
    String [] ciphers =
    sslSrvSocket.getSupportedCipherSuites() ;

    // Select the ciphers you want and put it.
    // Here we will put all available ciphers.
    // You can also set particular cipher suite.
    // Construct a cipher list and in a string array and
    // pass it to setEnabledCipherSuites.
    sslSrvSocket.setEnabledCipherSuites(ciphers);

    // We are creating ssl server socket, so set the mode
    to false.
    sslSrvSocket.setUseClientMode(false);

    // If you want do client side authentication then set
    it to true.
    // We won't do client side authintication here.
    sslSrvSocket.setNeedClientAuth(false);


    System.out.println("Wating for client...");
    // Now accept a client connection
    Socket pSocket = sslSrvSocket.accept();

    if (sslSrvSocket.getNeedClientAuth() == true)
    {
    System.out.println("Printing client
    information:");
    X509Certificate[] peerCerts
    =

    ((javax.net.ssl.SSLSocket)pSocket).getSession().getPeerCertificateChain();

    if (peerCerts != null)
    {
    for(int i =0; i < peerCerts.length; i++)
    {
    System.out.println("Peer Certificate
    ["+i+"] Information:");
    System.out.println("- Subject: " +
    peerCerts.getSubjectDN().getName());
    System.out.println("- Issuer: " +
    peerCerts.getIssuerDN().getName());
    System.out.println("- Version: " +
    peerCerts.getVersion());
    System.out.println("- Start Time: " +
    peerCerts.getNotBefore().toString());
    System.out.println("- End Time: " +
    peerCerts.getNotAfter().toString());
    System.out.println("- Signature
    Algorithm: " +
    peerCerts.getSigAlgName());
    System.out.println("- Serial Number: " +
    peerCerts.getSerialNumber());

    }
    }
    else
    System.out.println("Failed to get peer
    certificates");
    }

    // Now do data exchange with client
    OutputStream out = pSocket.getOutputStream();
    InputStream in = pSocket.getInputStream();

    String inputLine, outputLine;
    byte [] msg = new byte[1024];

    int readLen = in.read(msg, 0, msg.length);
    if(readLen>0)
    {
    inputLine = new String(msg, 0, readLen);
    if(inputLine.startsWith("HELLO"))
    {
    outputLine = "Hello !! Current Server Time: "
    + new Date().toString();
    outputLine.getBytes();
    out.write(outputLine.getBytes());
    }
    System.out.println("Client Message: " + inputLine
    );
    }
    else
    System.out.println("Can't read data from client");

    // Close all sockets and streams
    out.close();
    in.close();
    pSocket.close();
    sslSrvSocket.close();
    }
    catch(SSLException e)
    {
    System.out.println("SSL exception caught:");
    e.printStackTrace();
    }
    catch(IOException e)
    {
    System.out.println("IO exception caught:");
    e.printStackTrace();
    }
    catch(Exception e)
    {
    System.out.println("Exception caught:");
    e.printStackTrace();
    }
    }
    }

    ---------------------------------------------------------------------------------------------------------------------
    Client source code
    ---------------------------------------------------------------------------------------------------------------------
    // SecureHelloClient.java
    import java.net.*;
    import java.io.*;
    import java.util.*;

    import javax.net.ssl.*;

    import javax.security.cert.X509Certificate;
    import oracle.security.ssl.OracleSSLCredential;
    import oracle.security.ssl.OracleSSLSocketFactory;
    import oracle.security.ssl.OracleSSLProtocolVersion;
    import oracle.security.ssl.OracleSSLSession;

    public class SecureHelloClient
    {
    public static void main(String argv[])
    {
    String hostName = "localhost";

    //if(argv.length != 0)
    // String hostName = argv[0];

    // Set the SSLSocketFactoryImpl class as follows:
    java.util.Properties prop = System.getProperties();
    prop.put("SSLSocketFactoryImplClass",
    "oracle.security.ssl.OracleSSLSocketFactoryImpl");

    try
    {
    // Get the default socket factory
    OracleSSLSocketFactory sSocFactory
    =
    (OracleSSLSocketFactory)SSLSocketFactory.getDefault();


    sSocFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_3_0);

    OracleSSLCredential sslCredObj = new
    OracleSSLCredential();

    // Set the certificate chain and private key if the
    // server requires client authentication
    //sslCredObj.addCertChain(caCert)
    //sslCredObj.addCertchain(userCert)
    //sslCredObj.setPrivateKey(userPvtKey, userPassword)

    // Populate credential object
    //sslCredObj.addTrustedCert(trustedCert);
    sSocFactory.setSSLCredentials(sslCredObj);

    // Create the socket using factory
    SSLSocket jsslSoc =
    (SSLSocket)sSocFactory.createSocket(hostName,
    8443);

    String [] ciphers = jsslSoc.getSupportedCipherSuites()
    ;

    // Select the ciphers you want and put them.
    // Here we will put all availabel ciphers
    jsslSoc.setEnabledCipherSuites(ciphers);

    // We are creating socket in client mode
    jsslSoc.setUseClientMode(true);

    // Do SSL handshake
    jsslSoc.startHandshake();

    // Print negotiated cipher
    System.out.println("Negotiated Cipher Suite: "
    +jsslSoc.getSession().getCipherSuite());

    System.out.println("");
    X509Certificate[] peerCerts
    =
    ((javax.net.ssl.SSLSocket)jsslSoc).getSession().getPeerCertificateChain();

    if (peerCerts != null)
    {
    System.out.println("Printing server
    information:");
    for(int i =0; i < peerCerts.length; i++)
    {
    System.out.println("Peer Certificate
    ["+i+"] Information:");
    System.out.println("- Subject: " +
    peerCerts.getSubjectDN().getName());
    System.out.println("- Issuer: " +
    peerCerts.getIssuerDN().getName());
    System.out.println("- Version: " +
    peerCerts.getVersion());
    System.out.println("- Start Time: " +
    peerCerts.getNotBefore().toString());
    System.out.println("- End Time: " +
    peerCerts.getNotAfter().toString());
    System.out.println("- Signature Algorithm: "
    + peerCerts.getSigAlgName());

    System.out.println("- Serial Number: " +
    peerCerts.getSerialNumber());
    }
    }
    else
    System.out.println("Failed to get peer
    certificates");

    // Now do data exchange with client
    OutputStream out = jsslSoc.getOutputStream();
    InputStream in = jsslSoc.getInputStream();

    String inputLine, outputLine;
    byte [] msg = new byte[1024];

    outputLine = "HELLO";
    out.write(outputLine.getBytes());
    int readLen = in.read(msg, 0, msg.length);
    if(readLen > 0)
    {
    inputLine = new String(msg, 0, readLen);
    System.out.println("");
    System.out.println("Server Message:");
    System.out.println(inputLine );
    }
    else
    System.out.println("Can't read data from client");

    // Close all sockets and streams
    out.close();
    in.close();
    jsslSoc.close();
    }
    catch(SSLException e)
    {
    System.out.println("SSL exception caught:");
    e.printStackTrace();
    }
    catch(IOException e)
    {
    System.out.println("IO exception caught:");
    e.printStackTrace();
    }
    catch(Exception e)
    {
    System.out.println("Exception caught:");
    e.printStackTrace();
    }
    }
    }
     
    emukang, Dec 20, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. 620
    Replies:
    2
    Views:
    1,007
    Murat Tunaboylu
    Jan 6, 2004
  2. CW
    Replies:
    2
    Views:
    522
  3. pal
    Replies:
    5
    Views:
    2,870
    Roedy Green
    Oct 31, 2005
  4. SSL Communication

    , Jul 30, 2004, in forum: Ruby
    Replies:
    2
    Views:
    87
    GOTOU Yuuzou
    Aug 1, 2004
  5. poseid
    Replies:
    2
    Views:
    275
    poseid
    Jul 25, 2010
Loading...

Share This Page