Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Other Security APIs, Tools, and Issues

using different keystore at runtime

Hi everybody,

I have the following problem:

I've written an application which is able to send different kind of requests to an https server by using the jakarta HTTPClient.

For the connection you can specify the url, the keystore and the corresponding password.

If you send a request for the first time it works fine but if you change the parameters(application is still running) an exception occures: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found (the keystore should be correct)

what could be the problem and how can I solve it

here is my code:

public void sendRequest() {

HttpClient client = null;

Header header = null;

int statusCode = -1;

try {

System.setProperty("javax.net.ssl.trustStore", this.szKeyStore);

System.setProperty("javax.net.ssl.trustStorePassword", this.szPassword);

System.out.println(System.getProperty("javax.net.ssl.trustStore"));

client = new HttpClient();

// Create a method instance.

post = new PostMethod(szUrl);

header = new Header("Content-Type", "text/xml");

post.addRequestHeader(header);

header = new Header("Charset", "ISO-8859-1");

post.addRequestHeader(header);

post.setRequestHeader("Content-type", "application/x-www-form-urlencoded");

RequestEntity re = new StringRequestEntity(szRequest);

post.setRequestEntity(re);

try {

statusCode = client.executeMethod(post);

} catch (Exception exc) {

JOptionPane.showMessageDialog(listener, "not able to connect via HTTPS\n check settings");

System.err.print("Exception while sending request: " + exc.toString());

//post = null;

//header = null;

//client = null;

// return;

}

if (statusCode != HttpStatus.SC_OK) {

System.err.println("Method failed: " + post.getStatusLine());

}

// Read the response body.

byte[] responseBody = post.getResponseBody();

// Deal with the response.

// Use caution: ensure correct character encoding and is not binary data

szResponse = new String(responseBody);

listener.requestReceived(szResponse);

post = null;

header = null;

client = null;

} catch (Exception e) {

System.err.println("Execption in sendRequest: " + e.getMessage());

e.printStackTrace();

} finally {

// Release the connection.

if (post != null) post.releaseConnection();

}

}

Thanks a lot

[2563 byte] By [tom.fritza] at [2007-10-2 9:53:36]
«« Moving files to sub-idrectory?
»» Generating Word doc with java on Unix/Solaris
# 1

> If you send a request for the first time it works

> fine but if you change the parameters(application is

> still running) an exception occures:

> javax.net.ssl.SSLHandshakeException:

> sun.security.validator.ValidatorException: No trusted

> certificate found (the keystore should be correct)

>

> what could be the problem

The error message suggests that your keystore does not contain the certificate.

Please post code in the appropriate tags.

_bensmytha at 2007-7-16 23:58:28 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 2
But this could not be the case because when I restart the application and sent a request with new keystore parameters it works properly again.It seems that the JVM only take the first keystore he got and then do not allow any modification during runtime.
tom.fritza at 2007-7-16 23:58:28 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 3

> But this could not be the case because when I restart

> the application and sent a request with new keystore

> parameters it works properly again.

> It seems that the JVM only take the first keystore he

> got and then do not allow any modification during

> runtime.

The code you have posted doesn't show how you change the keystore value. Presumably you modify this.szKeyStore

_bensmytha at 2007-7-16 23:58:28 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 4
Yes, this value is a String read out from GUI where you can specify the path of the keystore.
tom.fritza at 2007-7-16 23:58:28 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 5
> Yes, this value is a String read out from GUI where> you can specify the path of the keystore.What is the precise output from the program?(what does System.out.println(System.getProperty("javax.net.ssl.trustStore")); produce)
_bensmytha at 2007-7-16 23:58:28 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 6
the first time it produce myfirstName.keystore and the second time mysecondName.keystoreThese values/keystores are correct but I got nevertheless an exception during the second request.
tom.fritza at 2007-7-16 23:58:28 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 7

> the first time it produce myfirstName.keystore and

> the second time mysecondName.keystore

> These values/keystores are correct but I got

> nevertheless an exception during the second request.

Are you sure?

As a test: try mysecondName.keystore then myfirstName.keystore. If it fails on the first run you know where the problem is.

_bensmytha at 2007-7-16 23:58:28 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 8
Yes, that's what the output says and I have no idea what the problem could be.
tom.fritza at 2007-7-16 23:58:28 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 9
> Yes, that's what the output says and I have no idea> what the problem could be.Have you tried the above?
_bensmytha at 2007-7-16 23:58:28 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 10
If you are setting javax.net.ssl.keystore or javax.net.ssl.keystore and expecting the change to take effect it won't. These properties are only read once. You will have to get the effect you want by writing your own KeyStoreManager or TrustStoreManager.
ejpa at 2007-7-16 23:58:28 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 11
Do you have some example code to write a KeyStoreManager/TrustStoreManager
tom.fritza at 2007-7-16 23:58:28 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 12

Presumably the following would work:public class Demo {

private KeyStore keyStore;

public Demo() {

keyStore = KeyStore.getInstance(KeyStore.getDefaultType());

}

public void setKeyStore(String filename, String password) {

FileInputStream fis = new FileInputStream(filename);

keyStore.load(fis, password.toCharArray()); //NB: Should overwrite String password ?

fis.close();

}

}

_bensmytha at 2007-7-16 23:58:28 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 13
Thanks a lot the application is working now :)
tom.fritza at 2007-7-16 23:58:28 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
Security
Other Security APIs, Tools, and Issues

Security New Topic

Security Hot Topic

Security

All Classified