J
JScoobyCed
Hi,
I have a 3-tiers application written in Java (all tiers). It is a kind
of file server (it does some processing on files once uploaded).
Communication is simple:
client --> server --> backup
and
server --> client
Here, "-->" means: "send a file to"
Each connection is a Socket --> ServerSocket using SSL. The Socket is
created this way:
<code>
SocketFactory ssf = sslcontext.getSocketFactory();
SSLSocket socket = (SSLSocket)ssf.createSocket(server, port);
</code>
The ServerSocket is created this way:
<code>
ServerSocketFactory ssf = sslcontext.getServerSocketFactory();
SSLServerSocket serversocket =
(SSLServerSocket)ssf.createServerSocket(port);
</code>
Before creating those object, an initialization is done:
<code>
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(getClass().getResourceAsStream(keystore),
keystorepass.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypassword.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
sslcontext = SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
</code>
When I run all client, server and backup on my machine (WinXP), all
works well.
But if I start the backup and the server on a remote server (both on the
same server) and I try to connect from my machine there is a problem
between server --> backup.
The remote server is Mac OS X. I can send the file from my client to the
server. Then when it sends the same file to the backup, it throws an
Exception:
On server:
<Exception>
javax.net.ssl.SSLException
Connection has been shutdown: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
net.rochefolle.cedcore.net.InputStreamUtility._readBytes(InputStreamUtility.java:39)
</Exception>
On backup:
<Exception>
javax.net.ssl.SSLHandshakeException
Received fatal alert: certificate_unknown
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
net.rochefolle.cedcore.net.InputStreamUtility._readBytes(InputStreamUtility.java:39)
</Exception>
I use for all communication a certificate generated by "keytool". The
file is put in the JAR file of the application (one certificate in the
client, one in the server and one in the backup). That means the server
uses the same certificate to listen to the client (ServerSocket) and to
connect the backup (Socket).
Any idea that would help? Thanks a lot.
I have a 3-tiers application written in Java (all tiers). It is a kind
of file server (it does some processing on files once uploaded).
Communication is simple:
client --> server --> backup
and
server --> client
Here, "-->" means: "send a file to"
Each connection is a Socket --> ServerSocket using SSL. The Socket is
created this way:
<code>
SocketFactory ssf = sslcontext.getSocketFactory();
SSLSocket socket = (SSLSocket)ssf.createSocket(server, port);
</code>
The ServerSocket is created this way:
<code>
ServerSocketFactory ssf = sslcontext.getServerSocketFactory();
SSLServerSocket serversocket =
(SSLServerSocket)ssf.createServerSocket(port);
</code>
Before creating those object, an initialization is done:
<code>
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(getClass().getResourceAsStream(keystore),
keystorepass.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypassword.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
sslcontext = SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
</code>
When I run all client, server and backup on my machine (WinXP), all
works well.
But if I start the backup and the server on a remote server (both on the
same server) and I try to connect from my machine there is a problem
between server --> backup.
The remote server is Mac OS X. I can send the file from my client to the
server. Then when it sends the same file to the backup, it throws an
Exception:
On server:
<Exception>
javax.net.ssl.SSLException
Connection has been shutdown: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
net.rochefolle.cedcore.net.InputStreamUtility._readBytes(InputStreamUtility.java:39)
</Exception>
On backup:
<Exception>
javax.net.ssl.SSLHandshakeException
Received fatal alert: certificate_unknown
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
net.rochefolle.cedcore.net.InputStreamUtility._readBytes(InputStreamUtility.java:39)
</Exception>
I use for all communication a certificate generated by "keytool". The
file is put in the JAR file of the application (one certificate in the
client, one in the server and one in the backup). That means the server
uses the same certificate to listen to the client (ServerSocket) and to
connect the backup (Socket).
Any idea that would help? Thanks a lot.