Need help with SSL
Hi, want to establish the SSL connection with client authentication.
I have Server`s certificate in JKS (name 'serv_trust', no password)
and my certificate in P12 (client.p12)
So, i have some exceptions executing my application:
Sorry for my english.
java.net.UnknownHostException: https://online.serv.com
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:153)
at java.net.Socket.connect(Socket.java:452)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(DashoA12275)
at SSLSocketClientWithClientAuth.main(SSLSocketClientWithClientAuth.java:40)
And my code:
System.setProperty
("javax.net.ssl.trustStore","serv_trust");
Security.addProvider((Provider)Class.forName
("com.sun.crypto.provider.SunJCE").newInstance());
java.security.Security.addProvider
(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
try{
System.setProperty ("javax.net.ssl.keyStoreType","pkcs12");
System.setProperty ("javax.net.ssl.keyStorePassword","123456789");
System.setProperty ("javax.net.ssl.keyStore","client.p12");
SSLSocketFactory factory =
(SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket =
(SSLSocket)factory.createSocket("https://online.serv.com", 443);
socket.startHandshake();
socket.startHandshake();
PrintWriter out =new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(
socket.getOutputStream())));
out.println("GET ");
out.println();
out.flush();
if (out.checkError())
System.out.println(
"SSLSocketClient: java.io.PrintWriter error");
BufferedReader in =new BufferedReader(
new InputStreamReader(
socket.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) !=null)
System.out.println(inputLine);
in.close();
out.close();
socket.close();
And debug:
keyStore is : client.p12
keyStore type is : pkcs12
init keystore
init keymanager of type SunX509
***
found key for : my certificate
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=pavel.a@mail.com, CN=www.myhost.com, OU=development, O=DK, L=City, ST=US, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
d6a408ae 36632041 0a5d9da4 edc4c98d 01be3fbd ad02ca8b 88445fcf 5de8b6c2
cc60dc18 61f25cf3 fc9eba3c 637f6ca0 e933795c 6c74b8e9 bd158f51 ed5fe584
e7566e56 894e215f fc1f492f 2fc4a21c 526edd31 4953ebab 6cb1c5b8 52d4d09f
3bd8abf1 8e71e1d4 3187a60f f5bcae58 98d11be3 b6108ba8 c1cbb6ac ff60b88d
Validity: [From: Wed Dec 22 11:00:26 MSK 2004,
To: Thu Dec 22 11:00:26 MSK 2005]
Issuer: EMAILADDRESS=x509@serv.com, CN=Alexander Alexandrov, OU=IT Division, O=Company Ltd, L=City, ST=City, C=US
SerialNumber: [1a]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 6572 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 57 5E 20 18 C6 CC 62 6FE6 E6 57 D9 0A 99 31 0E W^ ...bo..W...1.
0010: E1 78 24 92.x$.
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: CD 2D 38 1C 58 DE BC FC2C B8 86 EC F6 2C 57 25 .-8.X...,....,W%
0010: AD 89 28 65..(e
]
[EMAILADDRESS=x509@serv.ru, CN=Alexander Alexandrov, OU=IT Division, O=Company Ltd, L=City, ST=City, C=US]
SerialNumber: [00]
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
]
Algorithm: [MD5withRSA]
Signature:
0000: 82 D6 0F 08 32 98 42 801D D4 D6 50 5E 55 A2 B1 ....2.B....P^U..
0010: D3 C2 11 40 65 39 3A 6CA3 6D 2E C5 A2 3B 2C 43 ...@e9:l.m...;,C
0020: 96 B8 D3 13 9A F6 95 F89D C8 DA 56 7B 11 BD 75 ...........V...u
0030: 1B 9E ED 18 B4 B9 E3 77FE C4 49 A1 48 EC E5 93 .......w..I.H...
0040: 95 C5 BD 6B 7F 5B A9 429E 22 FE 5A FE 2A 39 C2 ...k.[.B.".Z.*9.
0050: C1 9C 96 E3 1E 25 AC 42BE AF 1C F7 B6 83 48 0F .....%.B......H.
0060: 2E 02 4E 99 37 1D 01 C687 E8 0E 57 DD C8 16 99 ..N.7......W....
0070: E4 6B D1 D9 93 AD 57 C32A D9 41 92 72 25 D6 DF .k....W.*.A.r%..
]
***
trustStore is: serv_trust
trustStore type is : jks
init truststore
adding as trusted cert:
Subject: EMAILADDRESS=x509@serv.com, CN=Alexander Alexandrov, OU=IT Division, O=Company Ltd, L=City, ST=City, C=US
Issuer: EMAILADDRESS=x509@serv.com, CN=Alexander Alexandrov, OU=IT Division, O=Company Ltd, L=City, ST=City, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 14 18:43:06 MSD 2004 until Wed Sep 14 18:43:06 MSD 2005
init context
trigger seeding of SecureRandom
done seeding SecureRandom
java.net.UnknownHostException: https://online.serv.com.ru
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:153)
at java.net.Socket.connect(Socket.java:452)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(DashoA12275)
at SSLSocketClientWithClientAuth.main(SSLSocketClientWithClientAuth.java:40)
