jessie-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Jessie-discuss] MacException when connecting - getting closer

From: Martin Egholm Nielsen
Subject: [Jessie-discuss] MacException when connecting - getting closer
Date: Tue, 19 Apr 2005 16:00:54 +0200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050319 
Hi again,

Getting closer in solving my problem...
In order get pass my problems from the previous thread, I turned to "OpenSSL" for creating PEM-formatted certificates and private-passwords:
$ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout privatekey.pem -out certificate.pem 

These two files fit into PrivateCredentials#add(InputStream,InputStream).
So I got my SSLContext initialised, and is able to create a SSLServerSocketFactory, and a listening ServerSocket from there.
Further, when connecting to the serversocket with Mozilla or Opera I'm prompted with this new certificate - so that's great. 
However, something is going wrong somewhere.
After the socket gets connected I try to read from it - expecting to get the "GET" request. But no luck...
With Mozilla no exceptions are thrown - it just hangs there for a while, and then popsup with an error dialog stating an error code of "-8092". According to http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html 
this is "Unable to generate public-private key pair.".
With both Opera and IE the fault is another. On the serverside, I'm thrown a MacException: 
org.metastatic.jessie.provider.MacException
at org.metastatic.jessie.provider.GNUSecurityParameters.decrypt(GNUSecurityParameters.java:307) at org.metastatic.jessie.provider.RecordInput.readRecord(RecordInput.java:207) 
        at org.metastatic.jessie.provider.RecordInput.read(RecordInput.java:109)
at org.metastatic.jessie.provider.RecordInputStream.read(RecordInputStream.java:102) at org.metastatic.jessie.provider.RecordInputStream.read(RecordInputStream.java:97) at org.metastatic.jessie.provider.RecordInputStream.read(RecordInputStream.java:84) at org.metastatic.jessie.provider.SSLSocketInputStream.read(SSLSocketInputStream.java:112) at org.metastatic.jessie.provider.DigestInputStream.read(DigestInputStream.java:82) 
        at 
org.metastatic.jessie.provider.Handshake$Type.read(Handshake.java:372)
        at org.metastatic.jessie.provider.Handshake.read(Handshake.java:117)
        at org.metastatic.jessie.provider.Handshake.read(Handshake.java:104)
at org.metastatic.jessie.provider.SSLSocket.doServerHandshake(SSLSocket.java:2982) at org.metastatic.jessie.provider.SSLSocket.startHandshake(SSLSocket.java:523) at org.metastatic.jessie.provider.SSLSocket.checkHandshakeDone(SSLSocket.java:1099) at org.metastatic.jessie.provider.SSLSocketInputStream.read(SSLSocketInputStream.java:138) 
        at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source)
        at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source)
        at sun.nio.cs.StreamDecoder.read(Unknown Source)
        at java.io.InputStreamReader.read(Unknown Source)
        at java.io.BufferedReader.fill(Unknown Source)
        at java.io.BufferedReader.readLine(Unknown Source)
        at java.io.BufferedReader.readLine(Unknown Source)
        at test.Test1.main(Test1.java:93)
Exception in thread "main"
I've tried with Sun's Java and actually also with GCJ 3.4.3 (with 1.4 support in SSLSocket!), and the results are identical.
I've attached the source code and certificates-stuff if anybody wants to try... 

Best regard,
 Martin Egholm

package test;

import gnu.crypto.pad.WrongPaddingException;

import java.io.*;
import java.net.ServerSocket;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;

import javax.net.ssl.*;

import org.metastatic.jessie.PrivateCredentials;
import org.metastatic.jessie.StaticTrustAnchors;
import org.metastatic.jessie.provider.Jessie;

public class Test1
{
  public static void main(String[] args) throws KeyManagementException,
      InvalidAlgorithmParameterException, KeyStoreException,
      UnrecoverableKeyException, InvalidKeyException, CertificateException,
      InvalidKeySpecException, NoSuchAlgorithmException, IOException,
      WrongPaddingException
  {
    Provider jessie = new Jessie();

    Security.insertProviderAt(jessie, 1);

    // KEYMANAGER
    KeyManagerFactory kmf = KeyManagerFactory.getInstance("JessieX509", jessie);

    PrivateCredentials pc = new PrivateCredentials();
    InputStream certChainIS = new FileInputStream(new File("certificate.pem"));
    InputStream keyIS = new FileInputStream(new File("privatekey.pem"));
    pc.add(certChainIS, keyIS);
    kmf.init(pc);

    KeyManager[] km = kmf.getKeyManagers();

    // TRUSTMANAGER
    TrustManagerFactory tmf = TrustManagerFactory.getInstance("JessieX509",
        jessie);
    tmf.init(StaticTrustAnchors.CA_CERTS);
    TrustManager[] tm = tmf.getTrustManagers();

    // SECURE RANDOM
    SecureRandom sr = SecureRandom.getInstance("CSPRNG", jessie);

    // SSL CONTEXT
    SSLContext sslc = SSLContext.getInstance("TLS", jessie);
    sslc.init(km, tm, sr);

    // ...AND FINALLY
    SSLServerSocketFactory f = sslc.getServerSocketFactory();

    ServerSocket ss = f.createServerSocket(443);

    System.out.println("Accepting...");
    SSLSocket s = (SSLSocket) ss.accept();
    System.out.println("Accepted!");

    // ...CONNECTED
    InputStream is = s.getInputStream();
    OutputStream os = s.getOutputStream();
    BufferedReader br = new BufferedReader(new InputStreamReader(is));
    String str;
    while ((str = br.readLine()) != null)
    {
      System.out.println(str);
    } // while

    System.out.println( "Out!" );
  } // main
} // Test1

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCyd6WF5ccjgsQ08pEQCOr9OhMWbA+KD7ixDaeijRhWtYaanDYJ
JBVVIIZGKBsuo94GCZ5EoQgXW6FzKRkUuZrUHw47oxJj1BkZ0+nW4cVcRwQzW32X
wkxlmwyp8ismrfUICBKmP904f+/cXp5uLIrf8bn5P6zxQNz0Ug10zJyTgQIDAQAB
AoGAERfela2FXkRXEI8vD68a+rgGPf6JmnqZAPRC2xHSg/OM+d/+WO/Iz0d3NN8A
g34UdNWVABPAV6RiGUqVaWPBjWh9oZdsDwL41hgp6qdbvWwf+k14mbYDJaa5ncte
+zG19ZGAglR7zw0YaJDbqZxsjgzO1jMNJDCIcISWk0m9eMECQQDnQJMnzuHX8vfl
ueMeD7GnNXAiy44t/ERjsQIWq/JPqEe5jDc3iJ+/MO9H8VhRneZxspWEE36miean
zA+COr35AkEAxZD37RsIU1nX/UbhUal7KEt2SO5uSlZC08s4EcoPgymAqkkaChQY
feHkRLYzqiQ3o80HE5jTekiR4pL35T+DyQJBAIg+z3Rgu0bT66H5hworDOwK2+pk
K3yEaHajzys0Wyr7Zma3acDaSeQHHLMySmqrsR3DrbuHENNl4/NwkqKToWECQCPN
FWBeGbAhA8bd5U7LC4pNwm2M52eJIisHFG4E07LM/ofdH17cLWQCXz8kVVBrp7mD
GdkvRINQSz9nqoxcaiECQQCX+lL0qdDkjOdWFux+BQf4QsqLgiNBZ2O62pOutuJ0
FDkPah9iNRAiMWn8RSPtkEFLR8rJDbNBB5yScBUaRd5e
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
MIIDCjCCAnOgAwIBAgIJAKyuDqculR4iMA0GCSqGSIb3DQEBBAUAMGIxEjAQBgNV
BAMTCWxvY2FsaG9zdDESMBAGA1UECxMJU29tZSBVbml0MQ8wDQYDVQQKEwZNeSBP
cmcxDTALBgNVBAcTBEhlcmUxCzAJBgNVBAgTAk5BMQswCQYDVQQGEwJESzAeFw0w
NTA0MTkxMzUyNDNaFw0wNjA0MTkxMzUyNDNaMGIxEjAQBgNVBAMTCWxvY2FsaG9z
dDESMBAGA1UECxMJU29tZSBVbml0MQ8wDQYDVQQKEwZNeSBPcmcxDTALBgNVBAcT
BEhlcmUxCzAJBgNVBAgTAk5BMQswCQYDVQQGEwJESzCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAsnelheXHI4LENPKREAjq/ToTFmwPig+4sQ2noo0YVrWGmpw2
CSQVVSCGRigbLqPeBgmeRKEIF1uhcykZFLma1B8OO6MSY9QZGdPp1uHFXEcEM1t9
l8JMZZsMqfIrJq31CAgSpj/dOH/v3F6ebiyK3/G5+T+s8UDc9FINdMyck4ECAwEA
AaOBxzCBxDAdBgNVHQ4EFgQU65MP/0mrk45UF+GZCQVKoTtm86wwgZQGA1UdIwSB
jDCBiYAU65MP/0mrk45UF+GZCQVKoTtm86yhZqRkMGIxEjAQBgNVBAMTCWxvY2Fs
aG9zdDESMBAGA1UECxMJU29tZSBVbml0MQ8wDQYDVQQKEwZNeSBPcmcxDTALBgNV
BAcTBEhlcmUxCzAJBgNVBAgTAk5BMQswCQYDVQQGEwJES4IJAKyuDqculR4iMAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAAkCGAT7y+KU57VBMyuqUAmYH
5KUpDcN1UjmpdhKLH+mBQP3lpwBvC01p9Vj011Cb4sjg0Wp3Y94g8wu2aEfoPtfU
17kknc+fZ17y/HylJF/i6vxG5Ljugv9y0/qkCeB3+1VzSgaQL9ZeuWQ3wauhzFJk
D2jfCV8Vr6pMubcugu0=
-----END CERTIFICATE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]