Mac OS X and SSL

Discussion in 'Java' started by JScoobyCed, Jun 21, 2005.

  1. JScoobyCed

    JScoobyCed Guest

    Hi,

    I have a 3-tiers application written in Java (all tiers). It is a kind
    of file server (it does some processing on files once uploaded).

    Communication is simple:

    client --> server --> backup
    and
    server --> client

    Here, "-->" means: "send a file to"

    Each connection is a Socket --> ServerSocket using SSL. The Socket is
    created this way:

    <code>
    SocketFactory ssf = sslcontext.getSocketFactory();
    SSLSocket socket = (SSLSocket)ssf.createSocket(server, port);
    </code>

    The ServerSocket is created this way:

    <code>
    ServerSocketFactory ssf = sslcontext.getServerSocketFactory();
    SSLServerSocket serversocket =
    (SSLServerSocket)ssf.createServerSocket(port);
    </code>

    Before creating those object, an initialization is done:

    <code>
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(getClass().getResourceAsStream(keystore),
    keystorepass.toCharArray());
    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, keypassword.toCharArray());
    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
    tmf.init(ks);
    sslcontext = SSLContext.getInstance("SSLv3");
    sslcontext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
    </code>

    When I run all client, server and backup on my machine (WinXP), all
    works well.
    But if I start the backup and the server on a remote server (both on the
    same server) and I try to connect from my machine there is a problem
    between server --> backup.
    The remote server is Mac OS X. I can send the file from my client to the
    server. Then when it sends the same file to the backup, it throws an
    Exception:

    On server:
    <Exception>
    javax.net.ssl.SSLException
    Connection has been shutdown: javax.net.ssl.SSLHandshakeException:
    sun.security.validator.ValidatorException: No trusted certificate found
    com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
    com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
    net.rochefolle.cedcore.net.InputStreamUtility._readBytes(InputStreamUtility.java:39)
    </Exception>

    On backup:
    <Exception>
    javax.net.ssl.SSLHandshakeException
    Received fatal alert: certificate_unknown
    com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
    com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275)
    com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
    com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
    com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
    net.rochefolle.cedcore.net.InputStreamUtility._readBytes(InputStreamUtility.java:39)
    </Exception>

    I use for all communication a certificate generated by "keytool". The
    file is put in the JAR file of the application (one certificate in the
    client, one in the server and one in the backup). That means the server
    uses the same certificate to listen to the client (ServerSocket) and to
    connect the backup (Socket).

    Any idea that would help? Thanks a lot.

    --
    JSC
     
    JScoobyCed, Jun 21, 2005
    #1
    1. Advertising

  2. JScoobyCed

    JScoobyCed Guest

    Well, after investigation, I could figure out that Mac OS X requires a
    specific way to make the certificate for SSL.
    If I use the same name for the alias, keystore and passwords
    (keystorepassword and keypassword), the "-Djavax.net.debug=ssl" will not
    show that the certificate is trusted.
    If I use a different value for the passwords, it shows the certificate
    is trusted.

    --
    JSC
     
    JScoobyCed, Jun 22, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. 620
    Replies:
    2
    Views:
    1,015
    Murat Tunaboylu
    Jan 6, 2004
  2. CW
    Replies:
    2
    Views:
    527
  3. Sean Wolfe
    Replies:
    1
    Views:
    2,270
    Joerg Jooss
    Apr 28, 2005
  4. John Smith
    Replies:
    0
    Views:
    393
    John Smith
    Oct 5, 2006
  5. Pavel Smerk
    Replies:
    3
    Views:
    144
    Michal Suchanek
    Aug 15, 2006
Loading...

Share This Page