1 Reply Latest reply: Feb 5, 2009 11:38 PM by 843851 RSS

    Help Client Authentification SSL

    843851
      Hi everybody,
      First excuse me for my English because it is not my natural language.

      Mi problem is that I am trying to create an SSL communication with client authentication, PC is the server and STB is the client, if I didn't put this sentence in the server "sslServerSocket.setNeedClientAuth(true);" the comunication is OK, but in the moment that I include this line the server return me an error saying "null cert chain", Anyone know why?

      This is my code

      MHP client code
      try {
                     SSLSocketFactory sslsocketfactory = null;
                     SSLContext ctx;
      KeyManagerFactory kmf;
      TrustManagerFactory tmf;
      KeyStore ks;
      char[] passphrase = "importkey".toCharArray();
      
        
      try {
                 
       ctx = SSLContext.getInstance("TLS");
      
      
             kmf = DVBKeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
             tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
             ks = KeyStore.getInstance("JKS");
                 
             ks.load(new FileInputStream("./data/keystore"), passphrase);
             
             kmf.init(ks, passphrase);
             tmf.init(ks);
             ctx.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null);
                  
       sslsocketfactory = ctx.getSocketFactory();
                       
             KeyManager[] key = kmf.getKeyManagers();
             for(int i=0;i<key.length;i++)
             {
                  System.out.println(key.toString());
           }
           Enumeration enumeration = ks.aliases();
           
                          while (enumeration.hasMoreElements()) {

                          String alias = enumeration.nextElement().toString();
                          java.security.cert.Certificate[] certs = ks.getCertificateChain( alias );
           System.out.println("++++++++++++++++"+alias+"++++++++");
                          System.out.println(certs[0].toString());
                          }
      } catch (Exception e) {

      throw new IOException(e.getMessage());

      }


      SSLSocket sslSocket = (SSLSocket)sslsocketfactory.createSocket(this.TLS_SERVER_IP,this.TLS_SERVER_PORT);

           System.out.println("Certificate the server&keystore:Before the getSession");
                     SSLSession session=sslSocket.getSession();
                          
                     System.out.println("Chiper used: "+session.getCipherSuite());
                     // Create an OutputStream

                     if(!(session.getCipherSuite().toUpperCase()).equals(this.errorHandShake)){
           
                               System.out.println("Before ObjectOutputStream y ObjectInputStream");
                               ObjectOutputStream out = null;
                               System.out.println("1");
                               out = new ObjectOutputStream(sslSocket.getOutputStream());
                     System.out.println("2");
                     ObjectInputStream stdIn = null;
                     System.out.println("3");
                     stdIn = new ObjectInputStream(sslSocket.getInputStream());
                     System.out.println("4");
                     //Envio del Objeto
                     if((out!=null)&&(stdIn!=null)){
                          Resultado r = new Resultado();
                          r.setError("come on sdor");
                          logger.info("Before send Obj.");
                          out.writeObject(r);
                          
                          logger.info("Before read Obj. Result");
                          Resultado obj= (Resultado)stdIn.readObject();
                          
                          System.out.println("Objet arrived :"+obj.getError());
                                    // Closing the Streams and the Socket
                                    out.close();
                                    stdIn.close();
                     }     
                                    
                          }
                
                     sslSocket.close();
                }catch (Exception e) {
                     System.out.println("Exception occured: " +e);
                     e.printStackTrace();
                }               
      *SSL Server*
      System.setProperty("javax.net.ssl.keyStore", "C://keystore");
      System.setProperty("javax.net.ssl.keyStorePassword", "importkey");
      System.setProperty("javax.net.ssl.trustStore", "C://keystore");     
      System.setProperty("javax.net.ssl.trustStorePassword", "importkey");



      SSLServerSocketFactory sslServerSocketFactory =
           (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();

      SSLServerSocket sslServerSocket =
      (SSLServerSocket) sslServerSocketFactory.createServerSocket(serverPort);


      sslServerSocket.setNeedClientAuth(true);




      SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
      /*

      String[] enumeration = sslSocket.getEnabledCipherSuites();
                     for(int i=0;i<enumeration.length;i++)
                     {
                          logger.info("cipher exis "+enumeration[i]);
                     }
                     enumeration = sslSocket.getSupportedCipherSuites();
                     for(int i=0;i<enumeration.length;i++)
                     {
                          logger.info("cipher supor "+enumeration[i]);
                     }
                     enumeration = sslSocket.getSupportedProtocols();
                     for(int i=0;i<enumeration.length;i++)
                     {
                          logger.info("protocol supor "+enumeration[i]);
                     }
      */


      ObjectOutputStream out = new ObjectOutputStream(sslSocket.getOutputStream());
      ObjectInputStream in = new ObjectInputStream(sslSocket.getInputStream());


      if (null != in && null != out){
           if(in!=null)
                System.out.println("Somethig has arrived!!");
           if(out!=null)
                System.out.println("I'm going to send something!!");
           }


      } catch (IOException ioe) {
           System.out.println(ioe);
      logger.error(ioe.getMessage());
      }
      logger.info("Secure Server End");
      Thanks in advance for your help.
      
      P.D: I'm using MHP 1.1.2                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        
        • 1. Re: Help Client Authentification SSL
          843851
          Hello, Before I review your code snippet in details, let me share.
          In SSL communication, server authentication is default operation
          achieved before any secure channel is opened between a client and a server.
          It means before you "setNeedClientAuth(true)" server authentication was carried out, maybe you didn't noticed.

          But once you require client authentication also by your calling "setNeedClientAuth(true)" which is optional operation,
          you need certification chain also in STB. You seems already have certification chain in PC but not in STB now.

          I hope this helps you.