[jboss-user] [Security & JAAS/JBoss] - Re: HTTPS Client auth from within JBoss
stone_42
do-not-reply at jboss.com
Wed Jan 31 05:36:47 EST 2007
Hello again,
I simplified my example and tried to run a scenario similar to scenario 2 from http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLSetup, but with my own client implementation.
My code is SSLContext context;
| KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
| KeyStore truststore = KeyStore.getInstance(KeyStore
| .getDefaultType());
| char[] password = "123456".toCharArray();
| String keyStoreLocation = "META-INF/client.keystore";
| String trustStoreLocation = "META-INF/client.truststore";
| InputStream is = getClass().getResourceAsStream(keyStoreLocation);
| keystore.load(is, password);
| is = getClass().getResourceAsStream(trustStoreLocation);
| truststore.load(is, password);
| KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
| kmf.init(keystore, password);
| TrustManagerFactory tmf = TrustManagerFactory
| .getInstance("SunX509");
| tmf.init(truststore);
|
| context = SSLContext.getInstance("SSL");
| context.init(kmf.getKeyManagers(), tmf.getTrustManagers(),
| new SecureRandom());
| HttpsURLConnection.setDefaultSSLSocketFactory(context
| .getSocketFactory());
| HttpsURLConnection
| .setDefaultHostnameVerifier(new HostnameVerifier() {
| public boolean verify(String arg0, SSLSession arg1) {
| return true;
| }
| });
| URL url = new URL("https://node3058.it.de:8443");
| URLConnection uc = url.openConnection();
| uc.connect();
|
I use certificates created as described on the wiki page. I run my code once from a java standalone client and once from within an EJB running in JBoss. From the standalone client, everything runs fine, from within JBoss, I get the exception
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
| at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
| at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
| at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
| at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
| at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
| at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
| ... 84 more
| Caused by: sun.security.validator.ValidatorException: No trusted certificate found
| at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
| at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
| at sun.security.validator.Validator.validate(Validator.java:203)
| at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
| at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840)
| ... 94 more
Can anyone tell me where the difference is between a ssl client in a standalone java application and a ssl client running in JBoss?
Regards,
Martin
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4008734#4008734
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4008734
More information about the jboss-user
mailing list