This content has been marked as final.
Show 2 replies
-
1. Re: HTTPS Client auth from within JBoss
stone_42 Jan 31, 2007 5:36 AM (in response to stone_42)Hello again,
I simplified my example and tried to run a scenario similar to scenario 2 from http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLSetup, but with my own client implementation.
My code isSSLContext context; KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore truststore = KeyStore.getInstance(KeyStore .getDefaultType()); char[] password = "123456".toCharArray(); String keyStoreLocation = "META-INF/client.keystore"; String trustStoreLocation = "META-INF/client.truststore"; InputStream is = getClass().getResourceAsStream(keyStoreLocation); keystore.load(is, password); is = getClass().getResourceAsStream(trustStoreLocation); truststore.load(is, password); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(keystore, password); TrustManagerFactory tmf = TrustManagerFactory .getInstance("SunX509"); tmf.init(truststore); context = SSLContext.getInstance("SSL"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(context .getSocketFactory()); HttpsURLConnection .setDefaultHostnameVerifier(new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } }); URL url = new URL("https://node3058.it.de:8443"); URLConnection uc = url.openConnection(); uc.connect();
I use certificates created as described on the wiki page. I run my code once from a java standalone client and once from within an EJB running in JBoss. From the standalone client, everything runs fine, from within JBoss, I get the exceptionjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133) ... 84 more Caused by: sun.security.validator.ValidatorException: No trusted certificate found at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304) at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107) at sun.security.validator.Validator.validate(Validator.java:203) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840) ... 94 more
Can anyone tell me where the difference is between a ssl client in a standalone java application and a ssl client running in JBoss?
Regards,
Martin -
2. Re: HTTPS Client auth from within JBoss
stone_42 Jan 31, 2007 5:44 AM (in response to stone_42)Hello again,
I found my problem, very stupid.
My keystore and truststore files were not at the requested location in the classpath, and the keyStore implementation accepts null as InputStream parameter in the load() method.
Now, everything is running fine.
Regards,
Martin