[jboss-user] [Security & JAAS/JBoss] - Re: HTTPS Client auth from within JBoss

stone_42 do-not-reply at jboss.com
Wed Jan 31 05:36:47 EST 2007 

Hello again,

I simplified my example and tried to run a scenario similar to scenario 2 from http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLSetup, but with my own client implementation.
My code is 			SSLContext context;
  | 			KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
  | 			KeyStore truststore = KeyStore.getInstance(KeyStore
  | 					.getDefaultType());
  | 			char[] password = "123456".toCharArray();
  | 			String keyStoreLocation = "META-INF/client.keystore";
  | 			String trustStoreLocation = "META-INF/client.truststore";
  | 			InputStream is = getClass().getResourceAsStream(keyStoreLocation);
  | 			keystore.load(is, password);
  | 			is = getClass().getResourceAsStream(trustStoreLocation);
  | 			truststore.load(is, password);
  | 			KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
  | 			kmf.init(keystore, password);
  | 			TrustManagerFactory tmf = TrustManagerFactory
  | 					.getInstance("SunX509");
  | 			tmf.init(truststore);
  | 
  | 			context = SSLContext.getInstance("SSL");
  | 			context.init(kmf.getKeyManagers(), tmf.getTrustManagers(),
  | 					new SecureRandom());
  | 			HttpsURLConnection.setDefaultSSLSocketFactory(context
  | 					.getSocketFactory());
  | 			HttpsURLConnection
  | 					.setDefaultHostnameVerifier(new HostnameVerifier() {
  | 						public boolean verify(String arg0, SSLSession arg1) {
  | 							return true;
  | 						}
  | 					});
  | 			URL url = new URL("https://node3058.it.de:8443");
  | 			URLConnection uc = url.openConnection();
  | 			uc.connect();
  | 
I use certificates created as described on the wiki page. I run my code once from a java standalone client and once from within an EJB running in JBoss. From the standalone client, everything runs fine, from within JBoss, I get the exception
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
  |         at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
  |         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
  |         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
  |         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
  |         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
  |         at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
  |         at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
  |         at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
  |         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
  |         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
  |         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
  |         at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
  |         at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
  |         at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
  |         ... 84 more
  | Caused by: sun.security.validator.ValidatorException: No trusted certificate found
  |         at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
  |         at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
  |         at sun.security.validator.Validator.validate(Validator.java:203)
  |         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
  |         at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
  |         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840)
  |         ... 94 more

Can anyone tell me where the difference is between a ssl client in a standalone java application and a ssl client running in JBoss?

Regards,
Martin

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4008734#4008734

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4008734

More information about the jboss-user mailing list