5 Replies Latest reply: Apr 13, 2011 9:27 PM by EJP RSS

    Exception during client auth handshake

    852276
      I have a client device that must run java 1.3. I've downloaded and installed jce 1.2.2. The server side is running java 1.6. The source code comes right out of the Beginning Cryptography with Java book (with a couple of minor tweaks to get it to compile with com.sun.net.ssl.). The example uses jks keystore for the trust and server keystores and pkcs12 for the client keystore. However, I've tried different combination with all being jks, bks, etc. with the same result. Below s the output from the client and server with javax.net.debug=all. The source code will follow in a reply (exceeded max message length).

      This one is stumping me and is probably something simple I'm doing wrong. Any advice?

      Best Regards,
      Bill

      client output:

      C:\tmp>java SSLClientWithClientAuthExample
      generating ssl context
      ***
      found key for : client
      chain [0] = [
      [
      Version: V3
      Subject: CN=Test Intermediate Certificate
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

      Key: RSA Public Key
      modulus: 8da700d381b9a2e7d165b832ce2acff8966e58c5e1c7c504a4ee34787dc2f7d7cfb5cb898c8062ab42ab774d2d43037835f
      ec8ebf90d0a35fb311c80bba10ca9
      public exponent: 10001

      Validity: [From: Mon Apr 11 17:24:52 GMT 2011,
                     To: Mon Apr 18 17:24:52 GMT 2011]
      Issuer: CN=Test Intermediate Certificate
      SerialNumber: [    01]

      Certificate Extensions: 4
      [1]: ObjectId: 2.5.29.14 Criticality=false
      SubjectKeyIdentifier [
      KeyIdentifier [
      0000: 6E CE 8C 98 15 07 38 45 96 2B 8A F4 D8 A0 54 ED n.....8E.+....T.
      0010: BE 5D 22 35 .]"5
      ]
      ]

      [2]: ObjectId: 2.5.29.35 Criticality=false
      AuthorityKeyIdentifier [
      KeyIdentifier [
      0000: 17 78 F7 85 E0 A0 25 AE 3B 95 C4 B3 85 E5 52 1E .x....%.;.....R.
      0010: 83 EB D1 CA ....
      ]

      [CN=Test CA Certificate]
      SerialNumber: [    01]
      ]

      [3]: ObjectId: 2.5.29.15 Criticality=true
      KeyUsage [
      DigitalSignature
      Key_CertSign
      Crl_Sign
      ]

      [4]: ObjectId: 2.5.29.19 Criticality=true
      BasicConstraints:[
      CA:true
      PathLen:0
      ]

      ]
      Algorithm: [SHA1withRSA]
      Signature:
      0000: AB AA CF 26 4C D2 3D 61 A0 CE FC 09 37 3E 02 3E ...&L.=a....7>.>
      0010: 6F C4 11 CC 27 95 80 3C 8F C0 FA 23 A2 5C 8F AB o...'..<...#.\..
      0020: 48 F1 DF 09 6E 8B D9 57 9F D7 B7 BC E6 37 11 8A H...n..W.....7..
      0030: 50 C6 B3 36 17 B4 0E EE 4A 11 66 AD 7E 8E FF 2D P..6....J.f....-

      ]
      chain [1] = [
      [
      Version: V3
      Subject: CN=Test Intermediate Certificate
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

      Key: RSA Public Key
      modulus: ac4cd3625db770408b09871284d06bbda0900e87edecb2771e3be11c5d10b0ff2467ec49035f86cc76fc5162ebd7d658809
      23fff3d4927658c0cb2acdf8afb93
      public exponent: 10001

      Validity: [From: Mon Apr 11 17:24:52 GMT 2011,
                     To: Mon Apr 18 17:24:52 GMT 2011]
      Issuer: CN=Test CA Certificate
      SerialNumber: [    01]

      Certificate Extensions: 4
      [1]: ObjectId: 2.5.29.14 Criticality=false
      SubjectKeyIdentifier [
      KeyIdentifier [
      0000: 17 78 F7 85 E0 A0 25 AE 3B 95 C4 B3 85 E5 52 1E .x....%.;.....R.
      0010: 83 EB D1 CA ....
      ]
      ]

      [2]: ObjectId: 2.5.29.35 Criticality=false
      AuthorityKeyIdentifier [
      KeyIdentifier [
      0000: FD 9E 21 88 68 08 F4 F6 5D B9 87 27 AC 1B 49 63 ..!.h...]..'..Ic
      0010: B0 B9 62 94 ..b.
      ]

      [CN=Test CA Certificate]
      SerialNumber: [    01]
      ]

      [3]: ObjectId: 2.5.29.15 Criticality=true
      KeyUsage [
      DigitalSignature
      Key_CertSign
      Crl_Sign
      ]

      [4]: ObjectId: 2.5.29.19 Criticality=true
      BasicConstraints:[
      CA:true
      PathLen:0
      ]

      ]
      Algorithm: [SHA1withRSA]
      Signature:
      0000: 41 FF 61 9E 87 73 C7 FA 82 8C 06 7B AB AC 65 E2 A.a..s........e.
      0010: 6B 00 F7 F7 61 DF 99 AE 8D B3 3D EF 1C 86 AC 62 k...a.....=....b
      0020: 61 2C F8 70 63 27 38 BD 20 83 E4 F6 27 91 B5 F4 a,.pc'8. ...'...
      0030: D9 FE CF 15 D7 AD 19 8D C4 A1 4A 14 99 F9 3F D2 ..........J...?.

      ]
      chain [2] = [
      [
      Version: V1
      Subject: CN=Test CA Certificate
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

      Key: RSA Public Key
      modulus: d0f0236eea7077b35eb0e4de229b2da89c3295905cf5745d2243ae96136e663e1e2e38ee95630717a6ac8b85c5dd77645d3
      e87acd7b1f2edea3bc1da0b3290cd
      public exponent: 10001

      Validity: [From: Mon Apr 11 17:24:51 GMT 2011,
                     To: Mon Apr 18 17:24:52 GMT 2011]
      Issuer: CN=Test CA Certificate
      SerialNumber: [    01]

      ]
      Algorithm: [SHA1withRSA]
      Signature:
      0000: 2B CB 62 62 95 0C 32 2B 1C 61 B4 0D 4B 42 AD 6E +.bb..2+.a..KB.n
      0010: 54 08 DF DB 30 68 62 BF 1D 79 DA 87 49 48 D0 48 T...0hb..y..IH.H
      0020: 50 E6 DD 6A 7A CD D1 55 F4 A1 EA 47 63 11 85 0B P..jz..U...Gc...
      0030: 6B CF 1E EE 45 CE 4C 53 62 70 FC D7 86 2E 5C 50 k...E.LSbp....\P

      ]
      ***
      adding as trusted cert: [
      [
      Version: V1
      Subject: CN=Test CA Certificate
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

      Key: RSA Public Key
      modulus: d0f0236eea7077b35eb0e4de229b2da89c3295905cf5745d2243ae96136e663e1e2e38ee95630717a6ac8b85c5dd77645d3
      e87acd7b1f2edea3bc1da0b3290cd
      public exponent: 10001

      Validity: [From: Mon Apr 11 17:24:51 GMT 2011,
                     To: Mon Apr 18 17:24:52 GMT 2011]
      Issuer: CN=Test CA Certificate
      SerialNumber: [    01]

      ]
      Algorithm: [SHA1withRSA]
      Signature:
      0000: 2B CB 62 62 95 0C 32 2B 1C 61 B4 0D 4B 42 AD 6E +.bb..2+.a..KB.n
      0010: 54 08 DF DB 30 68 62 BF 1D 79 DA 87 49 48 D0 48 T...0hb..y..IH.H
      0020: 50 E6 DD 6A 7A CD D1 55 F4 A1 EA 47 63 11 85 0B P..jz..U...Gc...
      0030: 6B CF 1E EE 45 CE 4C 53 62 70 FC D7 86 2E 5C 50 k...E.LSbp....\P

      ]
      trigger seeding of SecureRandom
      done seeding SecureRandom
      %% No cached client session
      *** ClientHello, v3.1
      RandomCookie: GMT: 1285765653 bytes = { 6, 163, 211, 179, 47, 154, 152, 106, 1, 110, 183, 72, 111, 187, 138, 218, 142,
      128, 74, 129, 192, 43, 34, 81, 17, 67, 56, 146 }
      Session ID: {}
      Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
      Compression Methods: { 0 }
      ***
      [write] MD5 and SHA1 hashes: len = 59
      0000: 01 00 00 37 03 01 4D A3 3A 15 06 A3 D3 B3 2F 9A ...7..M.:...../.
      0010: 98 6A 01 6E B7 48 6F BB 8A DA 8E 80 4A 81 C0 2B .j.n.Ho.....J..+
      0020: 22 51 11 43 38 92 00 00 10 00 05 00 04 00 09 00 "Q.C8...........
      0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
      main, WRITE: SSL v3.1 Handshake, length = 59
      [write] MD5 and SHA1 hashes: len = 77
      0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
      0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
      0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 4D A3 3A .............M.:
      0030: 15 06 A3 D3 B3 2F 9A 98 6A 01 6E B7 48 6F BB 8A ...../..j.n.Ho..
      0040: DA 8E 80 4A 81 C0 2B 22 51 11 43 38 92 ...J..+"Q.C8.
      main, WRITE: SSL v2, contentType = 22, translated length = 16310
      main, READ: SSL v3.1 Handshake, length = 429
      *** ServerHello, v3.1
      RandomCookie: GMT: 1285765653 bytes = { 220, 153, 151, 106, 4, 1, 79, 143, 65, 144, 188, 23, 205, 160, 233, 120, 202, 1
      40, 208, 241, 226, 177, 32, 189, 76, 78, 91, 130 }
      Session ID: {77, 163, 58, 21, 74, 209, 53, 180, 124, 123, 76, 168, 187, 176, 66, 56, 18, 233, 121, 112, 166, 46, 134, 4
      6, 22, 79, 101, 212, 169, 227, 163, 176}
      Cipher Suite: { 0, 5 }
      Compression Method: 0
      ***
      %% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
      ** SSL_RSA_WITH_RC4_128_SHA
      [read] MD5 and SHA1 hashes: len = 74
      0000: 02 00 00 46 03 01 4D A3 3A 15 DC 99 97 6A 04 01 ...F..M.:....j..
      0010: 4F 8F 41 90 BC 17 CD A0 E9 78 CA 8C D0 F1 E2 B1 O.A......x......
      0020: 20 BD 4C 4E 5B 82 20 4D A3 3A 15 4A D1 35 B4 7C .LN[. M.:.J.5..
      0030: 7B 4C A8 BB B0 42 38 12 E9 79 70 A6 2E 86 2E 16 .L...B8..yp.....
      0040: 4F 65 D4 A9 E3 A3 B0 00 05 00 Oe........
      *** Certificate chain
      chain [0] = [
      [
      Version: V1
      Subject: CN=Test CA Certificate
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

      Key: RSA Public Key
      modulus: d0f0236eea7077b35eb0e4de229b2da89c3295905cf5745d2243ae96136e663e1e2e38ee95630717a6ac8b85c5dd77645d3
      e87acd7b1f2edea3bc1da0b3290cd
      public exponent: 10001

      Validity: [From: Mon Apr 11 17:24:51 GMT 2011,
                     To: Mon Apr 18 17:24:52 GMT 2011]
      Issuer: CN=Test CA Certificate
      SerialNumber: [    01]

      ]
      Algorithm: [SHA1withRSA]
      Signature:
      0000: 2B CB 62 62 95 0C 32 2B 1C 61 B4 0D 4B 42 AD 6E +.bb..2+.a..KB.n
      0010: 54 08 DF DB 30 68 62 BF 1D 79 DA 87 49 48 D0 48 T...0hb..y..IH.H
      0020: 50 E6 DD 6A 7A CD D1 55 F4 A1 EA 47 63 11 85 0B P..jz..U...Gc...
      0030: 6B CF 1E EE 45 CE 4C 53 62 70 FC D7 86 2E 5C 50 k...E.LSbp....\P

      ]
      ***
      updated/found trusted cert: [
      [
      Version: V1
      Subject: CN=Test CA Certificate
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

      Key: RSA Public Key
      modulus: d0f0236eea7077b35eb0e4de229b2da89c3295905cf5745d2243ae96136e663e1e2e38ee95630717a6ac8b85c5dd77645d3
      e87acd7b1f2edea3bc1da0b3290cd
      public exponent: 10001

      Validity: [From: Mon Apr 11 17:24:51 GMT 2011,
                     To: Mon Apr 18 17:24:52 GMT 2011]
      Issuer: CN=Test CA Certificate
      SerialNumber: [    01]

      ]
      Algorithm: [SHA1withRSA]
      Signature:
      0000: 2B CB 62 62 95 0C 32 2B 1C 61 B4 0D 4B 42 AD 6E +.bb..2+.a..KB.n
      0010: 54 08 DF DB 30 68 62 BF 1D 79 DA 87 49 48 D0 48 T...0hb..y..IH.H
      0020: 50 E6 DD 6A 7A CD D1 55 F4 A1 EA 47 63 11 85 0B P..jz..U...Gc...
      0030: 6B CF 1E EE 45 CE 4C 53 62 70 FC D7 86 2E 5C 50 k...E.LSbp....\P

      ]
      [read] MD5 and SHA1 hashes: len = 307
      0000: 0B 00 01 2F 00 01 2C 00 01 29 30 82 01 25 30 81 .../..,..)0..%0.
      0010: D0 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
      0020: 05 05 00 30 1E 31 1C 30 1A 06 03 55 04 03 0C 13 ...0.1.0...U....
      0030: 54 65 73 74 20 43 41 20 43 65 72 74 69 66 69 63 Test CA Certific
      0040: 61 74 65 30 1E 17 0D 31 31 30 34 31 31 31 37 32 ate0...110411172
      0050: 34 35 31 5A 17 0D 31 31 30 34 31 38 31 37 32 34 451Z..1104181724
      0060: 35 32 5A 30 1E 31 1C 30 1A 06 03 55 04 03 0C 13 52Z0.1.0...U....
      0070: 54 65 73 74 20 43 41 20 43 65 72 74 69 66 69 63 Test CA Certific
      0080: 61 74 65 30 5C 30 0D 06 09 2A 86 48 86 F7 0D 01 ate0\0...*.H....
      0090: 01 01 05 00 03 4B 00 30 48 02 41 00 D0 F0 23 6E .....K.0H.A...#n
      00A0: EA 70 77 B3 5E B0 E4 DE 22 9B 2D A8 9C 32 95 90 .pw.^...".-..2..
      00B0: 5C F5 74 5D 22 43 AE 96 13 6E 66 3E 1E 2E 38 EE \.t]"C...nf>..8.
      00C0: 95 63 07 17 A6 AC 8B 85 C5 DD 77 64 5D 3E 87 AC .c........wd]>..
      00D0: D7 B1 F2 ED EA 3B C1 DA 0B 32 90 CD 02 03 01 00 .....;...2......
      00E0: 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 .0...*.H........
      00F0: 03 41 00 2B CB 62 62 95 0C 32 2B 1C 61 B4 0D 4B .A.+.bb..2+.a..K
      0100: 42 AD 6E 54 08 DF DB 30 68 62 BF 1D 79 DA 87 49 B.nT...0hb..y..I
      0110: 48 D0 48 50 E6 DD 6A 7A CD D1 55 F4 A1 EA 47 63 H.HP..jz..U...Gc
      0120: 11 85 0B 6B CF 1E EE 45 CE 4C 53 62 70 FC D7 86 ...k...E.LSbp...
      0130: 2E 5C 50 .\P
      *** CertificateRequest
      Cert Types: RSA, DSS, Type-64,
      Cert Authorities:
      <CN=#0C1354657374204341204365727469666963617465>
      [read] MD5 and SHA1 hashes: len = 44
      0000: 0D 00 00 28 03 01 02 40 00 22 00 20 30 1E 31 1C ...(...@.". 0.1.
      0010: 30 1A 06 03 55 04 03 0C 13 54 65 73 74 20 43 41 0...U....Test CA
      0020: 20 43 65 72 74 69 66 69 63 61 74 65 Certificate
      *** ServerHelloDone
      [read] MD5 and SHA1 hashes: len = 4
      0000: 0E 00 00 00 ....
      *** Certificate chain
      ***
      *** ClientKeyExchange, RSA PreMasterSecret, v3.1
      Random Secret: { 3, 1, 141, 137, 165, 207, 1, 152, 104, 34, 55, 25, 38, 212, 142, 171, 70, 90, 118, 19, 219, 159, 179,
      233, 155, 214, 77, 78, 193, 82, 0, 198, 23, 24, 3, 16, 2, 190, 142, 222, 61, 102, 217, 224, 29, 27, 128, 229 }
      [write] MD5 and SHA1 hashes: len = 77
      0000: 0B 00 00 03 00 00 00 10 00 00 42 00 40 11 1E 58 ..........B.@..X
      0010: FF C9 E6 D8 FA DB 33 12 45 B2 D6 12 C3 35 4D 3C ......3.E....5M<
      0020: 34 C4 0A B3 21 2C F6 59 C9 F5 F2 0D A8 B2 EB 9A 4...!,.Y........
      0030: 83 F7 E2 8B D4 D7 13 A7 22 40 5F 50 4E F4 C7 91 ........"@_PN...
      0040: 8C 4F 58 92 42 8B 41 20 CF 95 C3 F5 F6 .OX.B.A .....
      main, WRITE: SSL v3.1 Handshake, length = 77
      SESSION KEYGEN:
      PreMaster Secret:
      0000: 03 01 8D 89 A5 CF 01 98 68 22 37 19 26 D4 8E AB ........h"7.&...
      0010: 46 5A 76 13 DB 9F B3 E9 9B D6 4D 4E C1 52 00 C6 FZv.......MN.R..
      0020: 17 18 03 10 02 BE 8E DE 3D 66 D9 E0 1D 1B 80 E5 ........=f......
      CONNECTION KEYGEN:
      Client Nonce:
      0000: 4D A3 3A 15 06 A3 D3 B3 2F 9A 98 6A 01 6E B7 48 M.:...../..j.n.H
      0010: 6F BB 8A DA 8E 80 4A 81 C0 2B 22 51 11 43 38 92 o.....J..+"Q.C8.
      Server Nonce:
      0000: 4D A3 3A 15 DC 99 97 6A 04 01 4F 8F 41 90 BC 17 M.:....j..O.A...
      0010: CD A0 E9 78 CA 8C D0 F1 E2 B1 20 BD 4C 4E 5B 82 ...x...... .LN[.
      Master Secret:
      0000: AD D3 E5 AF FE 73 D5 9A 49 22 67 0D 78 14 F5 05 .....s..I"g.x...
      0010: 91 70 47 8C 7A 5B 61 0F D4 4A 76 2C B4 71 37 BE .pG.z[a..Jv,.q7.
      0020: EB 71 99 F1 33 E9 64 8F 96 A2 3A 59 53 32 87 6E .q..3.d...:YS2.n
      Client MAC write Secret:
      0000: 2E F8 2E E9 83 50 D2 68 AF 29 E5 13 7E B4 39 4F .....P.h.)....9O
      0010: 85 C1 21 F0 ..!.
      Server MAC write Secret:
      0000: 15 47 D5 C6 D2 13 14 B2 62 DC E9 6E 1C 50 6A 8F .G......b..n.Pj.
      0010: CC 10 29 88 ..).
      Client write key:
      0000: 05 D2 94 63 D5 F0 ED 18 68 83 D7 2F CF 04 24 DA ...c....h../..$.
      Server write key:
      0000: B7 FB A0 E0 BB FA 09 BD 11 CA 6B 29 9D BB F0 97 ..........k)....
      ... no IV for cipher
      main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
      *** Finished, v3.1
      verify_data: { 255, 180, 1, 236, 211, 144, 97, 49, 230, 235, 26, 146 }
      ***
      [write] MD5 and SHA1 hashes: len = 16
      0000: 14 00 00 0C FF B4 01 EC D3 90 61 31 E6 EB 1A 92 ..........a1....
      Plaintext before ENCRYPTION: len = 36
      0000: 14 00 00 0C FF B4 01 EC D3 90 61 31 E6 EB 1A 92 ..........a1....
      0010: 6A 5B E0 13 DA 40 82 F1 0C 6E FA D4 49 75 C2 0D j[...@...n..Iu..
      0020: BE F7 DE 92 ....
      main, WRITE: SSL v3.1 Handshake, length = 36
      Exception in thread "main" java.net.SocketException: Connection aborted by peer: socket write error
      at java.net.SocketOutputStream.socketWrite(Native Method)
      at java.net.SocketOutputStream.write(SocketOutputStream.java:91)
      at com.sun.net.ssl.internal.ssl.OutputRecord.a(DashoA12275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
      at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(DashoA12275)
      at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(DashoA12275)
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.c(DashoA12275)
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA12275)
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA12275)
      at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA12275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
      at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
      at java.io.OutputStream.write(OutputStream.java:56)
      at SSLClientExample.doProtocol(SSLClientExample.java:48)
      at SSLClientWithClientAuthExample.main(SSLClientWithClientAuthExample.java:46)


      server output:

      D:\niagara\r3dev\fw\plat\platCrypto\cryptoTest\samples>java SSLServerWithClientAuthExample
      ***
      found key for : server
      chain [0] = [
      [
      Version: V1
      Subject: CN=Test CA Certificate
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

      Key: RSA Public Key
      modulus: d0f0236eea7077b35eb0e4de229b2da89c3295905cf5745d2243ae96136e663e1e2e38ee95630717a6ac8b85c5dd77645d3e87acd7b1f2edea3bc1d
      a0b3290cd
      public exponent: 10001

      Validity: [From: Mon Apr 11 13:24:51 EDT 2011,
                     To: Mon Apr 18 13:24:52 EDT 2011]
      Issuer: CN=Test CA Certificate
      SerialNumber: [    01]

      ]
      Algorithm: [SHA1withRSA]
      Signature:
      0000: 2B CB 62 62 95 0C 32 2B 1C 61 B4 0D 4B 42 AD 6E +.bb..2+.a..KB.n
      0010: 54 08 DF DB 30 68 62 BF 1D 79 DA 87 49 48 D0 48 T...0hb..y..IH.H
      0020: 50 E6 DD 6A 7A CD D1 55 F4 A1 EA 47 63 11 85 0B P..jz..U...Gc...
      0030: 6B CF 1E EE 45 CE 4C 53 62 70 FC D7 86 2E 5C 50 k...E.LSbp....\P

      ]
      ***
      adding as trusted cert:
      Subject: CN=Test CA Certificate
      Issuer: CN=Test CA Certificate
      Algorithm: RSA; Serial number: 0x1
      Valid from Mon Apr 11 13:24:51 EDT 2011 until Mon Apr 18 13:24:52 EDT 2011

      X509KeyManager passed to SSLContext.init(): need an X509ExtendedKeyManager for SSLEngine use
      trigger seeding of SecureRandom
      done seeding SecureRandom
      Setting client auth required
      Allow unsafe renegotiation: false
      Allow legacy hello messages: true
      Is initial handshake: true
      Is secure renegotiation: false
      matching alias: server
      main, called closeSocket()
      Allow unsafe renegotiation: false
      Allow legacy hello messages: true
      Is initial handshake: true
      Is secure renegotiation: false
      Session started.
      [Raw read]: length = 5
      0000: 80 4D 01 03 01 .M...
      [Raw read]: length = 74
      0000: 00 24 00 00 00 20 00 00 05 00 00 04 01 00 80 00 .$... ..........
      0010: 00 09 06 00 40 00 00 0A 07 00 C0 00 00 12 00 00 ....@...........
      0020: 13 00 00 03 02 00 80 00 00 11 4D A3 3A 15 06 A3 ..........M.:...
      0030: D3 B3 2F 9A 98 6A 01 6E B7 48 6F BB 8A DA 8E 80 ../..j.n.Ho.....
      0040: 4A 81 C0 2B 22 51 11 43 38 92 J..+"Q.C8.
      [read] MD5 and SHA1 hashes: len = 3
      0000: 01 03 01 ...
      [read] MD5 and SHA1 hashes: len = 74
      0000: 00 24 00 00 00 20 00 00 05 00 00 04 01 00 80 00 .$... ..........
      0010: 00 09 06 00 40 00 00 0A 07 00 C0 00 00 12 00 00 ....@...........
      0020: 13 00 00 03 02 00 80 00 00 11 4D A3 3A 15 06 A3 ..........M.:...
      0030: D3 B3 2F 9A 98 6A 01 6E B7 48 6F BB 8A DA 8E 80 ../..j.n.Ho.....
      0040: 4A 81 C0 2B 22 51 11 43 38 92 J..+"Q.C8.
      main, READ: SSL v2, contentType = Handshake, translated length = 59
      *** ClientHello, TLSv1
      RandomCookie: GMT: 1285765653 bytes = { 6, 163, 211, 179, 47, 154, 152, 106, 1, 110, 183, 72, 111, 187, 138, 218, 142, 128, 74, 129, 192, 4
      3, 34, 81, 17, 67, 56, 146 }
      Session ID: {}
      Cipher Suites: [SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WIT
      H_DES_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
      Compression Methods: { 0 }
      ***
      Warning: No renegotiation indication in ClientHello, allow legacy ClientHello
      %% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
      *** ServerHello, TLSv1
      RandomCookie: GMT: 1285765653 bytes = { 220, 153, 151, 106, 4, 1, 79, 143, 65, 144, 188, 23, 205, 160, 233, 120, 202, 140, 208, 241, 226, 1
      77, 32, 189, 76, 78, 91, 130 }
      Session ID: {77, 163, 58, 21, 74, 209, 53, 180, 124, 123, 76, 168, 187, 176, 66, 56, 18, 233, 121, 112, 166, 46, 134, 46, 22, 79, 101, 212,
      169, 227, 163, 176}
      Cipher Suite: SSL_RSA_WITH_RC4_128_SHA
      Compression Method: 0
      ***
      Cipher suite: SSL_RSA_WITH_RC4_128_SHA
      *** Certificate chain
      chain [0] = [
      [
      Version: V1
      Subject: CN=Test CA Certificate
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

      Key: RSA Public Key
      modulus: d0f0236eea7077b35eb0e4de229b2da89c3295905cf5745d2243ae96136e663e1e2e38ee95630717a6ac8b85c5dd77645d3e87acd7b1f2edea3bc1d
      a0b3290cd
      public exponent: 10001

      Validity: [From: Mon Apr 11 13:24:51 EDT 2011,
                     To: Mon Apr 18 13:24:52 EDT 2011]
      Issuer: CN=Test CA Certificate
      SerialNumber: [    01]

      ]
      Algorithm: [SHA1withRSA]
      Signature:
      0000: 2B CB 62 62 95 0C 32 2B 1C 61 B4 0D 4B 42 AD 6E +.bb..2+.a..KB.n
      0010: 54 08 DF DB 30 68 62 BF 1D 79 DA 87 49 48 D0 48 T...0hb..y..IH.H
      0020: 50 E6 DD 6A 7A CD D1 55 F4 A1 EA 47 63 11 85 0B P..jz..U...Gc...
      0030: 6B CF 1E EE 45 CE 4C 53 62 70 FC D7 86 2E 5C 50 k...E.LSbp....\P

      ]
      ***
      *** CertificateRequest
      Cert Types: RSA, DSS, ECDSA
      Cert Authorities:
      <CN=Test CA Certificate>
      *** ServerHelloDone
      [write] MD5 and SHA1 hashes: len = 429
      0000: 02 00 00 46 03 01 4D A3 3A 15 DC 99 97 6A 04 01 ...F..M.:....j..
      0010: 4F 8F 41 90 BC 17 CD A0 E9 78 CA 8C D0 F1 E2 B1 O.A......x......
      0020: 20 BD 4C 4E 5B 82 20 4D A3 3A 15 4A D1 35 B4 7C .LN[. M.:.J.5..
      0030: 7B 4C A8 BB B0 42 38 12 E9 79 70 A6 2E 86 2E 16 .L...B8..yp.....
      0040: 4F 65 D4 A9 E3 A3 B0 00 05 00 0B 00 01 2F 00 01 Oe.........../..
      0050: 2C 00 01 29 30 82 01 25 30 81 D0 02 01 01 30 0D ,..)0..%0.....0.
      0060: 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 1E 31 ..*.H........0.1
      0070: 1C 30 1A 06 03 55 04 03 0C 13 54 65 73 74 20 43 .0...U....Test C
      0080: 41 20 43 65 72 74 69 66 69 63 61 74 65 30 1E 17 A Certificate0..
      0090: 0D 31 31 30 34 31 31 31 37 32 34 35 31 5A 17 0D .110411172451Z..
      00A0: 31 31 30 34 31 38 31 37 32 34 35 32 5A 30 1E 31 110418172452Z0.1
      00B0: 1C 30 1A 06 03 55 04 03 0C 13 54 65 73 74 20 43 .0...U....Test C
      00C0: 41 20 43 65 72 74 69 66 69 63 61 74 65 30 5C 30 A Certificate0\0
      00D0: 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 4B ...*.H.........K
      00E0: 00 30 48 02 41 00 D0 F0 23 6E EA 70 77 B3 5E B0 .0H.A...#n.pw.^.
      00F0: E4 DE 22 9B 2D A8 9C 32 95 90 5C F5 74 5D 22 43 ..".-..2..\.t]"C
      0100: AE 96 13 6E 66 3E 1E 2E 38 EE 95 63 07 17 A6 AC ...nf>..8..c....
      0110: 8B 85 C5 DD 77 64 5D 3E 87 AC D7 B1 F2 ED EA 3B ....wd]>.......;
      0120: C1 DA 0B 32 90 CD 02 03 01 00 01 30 0D 06 09 2A ...2.......0...*
      0130: 86 48 86 F7 0D 01 01 05 05 00 03 41 00 2B CB 62 .H.........A.+.b
      0140: 62 95 0C 32 2B 1C 61 B4 0D 4B 42 AD 6E 54 08 DF b..2+.a..KB.nT..
      0150: DB 30 68 62 BF 1D 79 DA 87 49 48 D0 48 50 E6 DD .0hb..y..IH.HP..
      0160: 6A 7A CD D1 55 F4 A1 EA 47 63 11 85 0B 6B CF 1E jz..U...Gc...k..
      0170: EE 45 CE 4C 53 62 70 FC D7 86 2E 5C 50 0D 00 00 .E.LSbp....\P...
      0180: 28 03 01 02 40 00 22 00 20 30 1E 31 1C 30 1A 06 (...@.". 0.1.0..
      0190: 03 55 04 03 0C 13 54 65 73 74 20 43 41 20 43 65 .U....Test CA Ce
      01A0: 72 74 69 66 69 63 61 74 65 0E 00 00 00 rtificate....
      main, WRITE: TLSv1 Handshake, length = 429
      [Raw write]: length = 434
      0000: Finalizer, called close()
      16 03 01 01 AD 02 00 00 46 03 01 4D A3 3A 15 DC Finalizer, called closeInternal(true)
      ........F..M.:..
      0010: 99 97 6A 04 01 4F 8F 41 90 BC 17 CD A0 E9 78 CA ..j..O.A......x.
      0020: 8C D0 F1 E2 B1 20 BD 4C 4E 5B 82 20 4D A3 3A 15 ..... .LN[. M.:.
      0030: 4A D1 35 B4 7C 7B 4C A8 BB B0 42 38 12 E9 79 70 J.5...L...B8..yp
      0040: A6 2E 86 2E 16 4F 65 D4 A9 E3 A3 B0 00 05 00 0B .....Oe.........
      0050: 00 01 2F 00 01 2C 00 01 29 30 82 01 25 30 81 D0 ../..,..)0..%0..
      0060: 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 ...0...*.H......
      0070: 05 00 30 1E 31 1C 30 1A 06 03 55 04 03 0C 13 54 ..0.1.0...U....T
      0080: 65 73 74 20 43 41 20 43 65 72 74 69 66 69 63 61 est CA Certifica
      0090: 74 65 30 1E 17 0D 31 31 30 34 31 31 31 37 32 34 te0...1104111724
      00A0: 35 31 5A 17 0D 31 31 30 34 31 38 31 37 32 34 35 51Z..11041817245
      00B0: 32 5A 30 1E 31 1C 30 1A 06 03 55 04 03 0C 13 54 2Z0.1.0...U....T
      00C0: 65 73 74 20 43 41 20 43 65 72 74 69 66 69 63 61 est CA Certifica
      00D0: 74 65 30 5C 30 0D 06 09 2A 86 48 86 F7 0D 01 01 te0\0...*.H.....
      00E0: 01 05 00 03 4B 00 30 48 02 41 00 D0 F0 23 6E EA ....K.0H.A...#n.
      00F0: 70 77 B3 5E B0 E4 DE 22 9B 2D A8 9C 32 95 90 5C pw.^...".-..2..\
      0100: F5 74 5D 22 43 AE 96 13 6E 66 3E 1E 2E 38 EE 95 .t]"C...nf>..8..
      0110: 63 07 17 A6 AC 8B 85 C5 DD 77 64 5D 3E 87 AC D7 c........wd]>...
      0120: B1 F2 ED EA 3B C1 DA 0B 32 90 CD 02 03 01 00 01 ....;...2.......
      0130: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
      0140: 41 00 2B CB 62 62 95 0C 32 2B 1C 61 B4 0D 4B 42 A.+.bb..2+.a..KB
      0150: AD 6E 54 08 DF DB 30 68 62 BF 1D 79 DA 87 49 48 .nT...0hb..y..IH
      0160: D0 48 50 E6 DD 6A 7A CD D1 55 F4 A1 EA 47 63 11 .HP..jz..U...Gc.
      0170: 85 0B 6B CF 1E EE 45 CE 4C 53 62 70 FC D7 86 2E ..k...E.LSbp....
      0180: 5C 50 0D 00 00 28 03 01 02 40 00 22 00 20 30 1E \P...(...@.". 0.
      0190: 31 1C 30 1A 06 03 55 04 03 0C 13 54 65 73 74 20 1.0...U....Test
      01A0: 43 41 20 43 65 72 74 69 66 69 63 61 74 65 0E 00 CA Certificate..
      01B0: 00 00 ..
      [Raw read]: length = 5
      0000: 16 03 01 00 4D ....M
      [Raw read]: length = 77
      0000: 0B 00 00 03 00 00 00 10 00 00 42 00 40 11 1E 58 ..........B.@..X
      0010: FF C9 E6 D8 FA DB 33 12 45 B2 D6 12 C3 35 4D 3C ......3.E....5M<
      0020: 34 C4 0A B3 21 2C F6 59 C9 F5 F2 0D A8 B2 EB 9A 4...!,.Y........
      0030: 83 F7 E2 8B D4 D7 13 A7 22 40 5F 50 4E F4 C7 91 ........"@_PN...
      0040: 8C 4F 58 92 42 8B 41 20 CF 95 C3 F5 F6 .OX.B.A .....
      main, READ: TLSv1 Handshake, length = 77
      *** Certificate chain
      ***
      main, SEND TLSv1 ALERT: fatal, description = bad_certificate
      main, WRITE: TLSv1 Alert, length = 2
      [Raw write]: length = 7
      0000: 15 03 01 00 02 02 2A ......*
      main, called closeSocket()
      main, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
      Exception in thread "main" javax.net.ssl.SSLHandshakeException: null cert chain
      at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:231)
      at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1369)
      at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:160)
      at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
      at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
      at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
      at java.io.OutputStream.write(OutputStream.java:58)
      at SSLServerExample.doProtocol(SSLServerExample.java:61)
      at SSLServerWithClientAuthExample.main(SSLServerWithClientAuthExample.java:31)
        • 1. Re: Exception during client auth handshake
          852276
          As promised, here is the source for the examples.



          import java.io.FileOutputStream;
          import java.security.KeyStore;
          import java.security.cert.Certificate;

          /**
          * Create the various credentials for an SSL session
          */
          public class BCCreateKeyStores
          {
          public static void main(String[] args)
          throws Exception
          {
          X500PrivateCredential rootCredential = Utils.createRootCredential();
          X500PrivateCredential interCredential = Utils.createIntermediateCredential(rootCredential.getPrivateKey(), rootCredential.getCertificate());
          X500PrivateCredential endCredential = Utils.createEndEntityCredential(interCredential.getPrivateKey(), interCredential.getCertificate());

          // client credentials
          KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");

          keyStore.load(null, null);

          keyStore.setKeyEntry(Utils.CLIENT_NAME, endCredential.getPrivateKey(), Utils.CLIENT_PASSWORD,
          new Certificate[] { endCredential.getCertificate(), interCredential.getCertificate(), rootCredential.getCertificate() });

          keyStore.store(new FileOutputStream(Utils.CLIENT_NAME + ".p12"), Utils.CLIENT_PASSWORD);

          // trust store for client
          keyStore = KeyStore.getInstance("JKS");

          keyStore.load(null, null);

          keyStore.setCertificateEntry(Utils.SERVER_NAME, rootCredential.getCertificate());

          keyStore.store(new FileOutputStream(Utils.TRUST_STORE_NAME + ".jks"), Utils.TRUST_STORE_PASSWORD);

          // server credentials
          keyStore = KeyStore.getInstance("JKS");

          keyStore.load(null, null);

          keyStore.setKeyEntry(Utils.SERVER_NAME, rootCredential.getPrivateKey(), Utils.SERVER_PASSWORD,
          new Certificate[] { rootCredential.getCertificate() });

          keyStore.store(new FileOutputStream(Utils.SERVER_NAME + ".jks"), Utils.SERVER_PASSWORD);
          }
          }

          import java.io.IOException;
          import java.io.InputStream;
          import java.io.OutputStream;
          import java.net.Socket;

          import javax.net.ssl.SSLSocket;
          import javax.net.ssl.SSLSocketFactory;

          /**
          * Basic SSL Client - using the '!' protocol.
          */
          public class BCSSLClientExample
          {
          /**
          * Carry out the '!' protocol - client side.
          */
          static void doProtocol(
          Socket cSock)
          throws IOException
          {
          OutputStream out = cSock.getOutputStream();
          InputStream in = cSock.getInputStream();

          out.write(Utils.toByteArray("World"));
          out.write('!');

          int ch = 0;
          while ((ch = in.read()) != '!')
          {
          System.out.print((char)ch);
          }

          System.out.println((char)ch);
          }

          public static void main(
          String[] args)
          throws Exception
          {
          SSLSocketFactory fact = (SSLSocketFactory)SSLSocketFactory.getDefault();
          SSLSocket cSock = (SSLSocket)fact.createSocket("137.19.61.127", Utils.PORT_NO);

          doProtocol(cSock);
          }
          }

          import java.io.FileInputStream;
          import java.security.KeyStore;

          import com.sun.net.ssl.KeyManagerFactory;
          import com.sun.net.ssl.SSLContext;
          import javax.net.ssl.SSLSocket;
          import javax.net.ssl.SSLSocketFactory;

          /**
          * SSL Client with client-side authentication.
          */
          public class BCSSLClientWithClientAuthExample
          extends BCSSLClientExample
          {
          /**
          * Create an SSL context with a KeyManager providing our identity
          */
          static SSLContext createSSLContext()
          throws Exception
          {
          // set up a key manager for our local credentials
                    KeyManagerFactory mgrFact = KeyManagerFactory.getInstance("SunX509");
                    KeyStore clientStore = KeyStore.getInstance("PKCS12");

                    clientStore.load(new FileInputStream("client.p12"), Utils.CLIENT_PASSWORD);

                    mgrFact.init(clientStore, Utils.CLIENT_PASSWORD);
                    
                    // create a context and set up a socket factory
                    SSLContext sslContext = SSLContext.getInstance("TLS");

                    sslContext.init(mgrFact.getKeyManagers(), null, null);
                    
          return sslContext;
          }

          public static void main(
          String[] args)
          throws Exception
          {
          System.getProperties().setProperty("javax.net.debug", "all");
                    SSLContext sslContext = createSSLContext();
                    SSLSocketFactory fact = sslContext.getSocketFactory();
          SSLSocket cSock = (SSLSocket)fact.createSocket("137.19.61.127", Utils.PORT_NO);

          doProtocol(cSock);
          }
          }

          import java.io.IOException;
          import java.io.InputStream;
          import java.io.OutputStream;
          import java.net.Socket;

          import javax.net.ssl.SSLServerSocket;
          import javax.net.ssl.SSLServerSocketFactory;
          import javax.net.ssl.SSLSocket;

          /**
          * Basic SSL Server - using the '!' protocol.
          */
          public class BCSSLServerExample
          {
          /**
          * Carry out the '!' protocol - server side.
          */
          static void doProtocol(
          Socket sSock)
          throws IOException
          {
          System.out.println("session started.");

          InputStream in = sSock.getInputStream();
          OutputStream out = sSock.getOutputStream();

          out.write(Utils.toByteArray("Hello "));

          int ch = 0;
          while ((ch = in.read()) != '!')
          {
          out.write(ch);
          }

          out.write('!');

          sSock.close();

          System.out.println("session closed.");
          }

          public static void main(
          String[] args)
          throws Exception
          {
          SSLServerSocketFactory fact = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
          SSLServerSocket sSock = (SSLServerSocket)fact.createServerSocket(Utils.PORT_NO);

          SSLSocket sslSock = (SSLSocket)sSock.accept();

          doProtocol(sslSock);
          }
          }

          import javax.net.ssl.SSLServerSocket;
          import javax.net.ssl.SSLServerSocketFactory;
          import javax.net.ssl.SSLSocket;

          /**
          * Basic SSL Server with client authentication.
          */
          public class BCSSLServerWithClientAuthExample
          extends BCSSLServerExample
          {
          public static void main(
          String[] args)
          throws Exception
          {
          System.getProperties().setProperty("javax.net.debug", "all");
          SSLServerSocketFactory fact = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
          SSLServerSocket sSock = (SSLServerSocket)fact.createServerSocket(Utils.PORT_NO);

          sSock.setNeedClientAuth(true);

          SSLSocket sslSock = (SSLSocket)sSock.accept();

          doProtocol(sslSock);
          }
          }

          import java.io.ByteArrayOutputStream;
          import java.io.OutputStreamWriter;
          import java.math.BigInteger;
          import java.security.KeyPair;
          import java.security.KeyPairGenerator;
          import java.security.MessageDigest;
          import java.security.NoSuchAlgorithmException;
          import java.security.NoSuchProviderException;
          import java.security.PrivateKey;
          import java.security.PublicKey;
          import java.security.SecureRandom;
          import java.security.cert.X509Certificate;
          import java.util.Date;

          import javax.crypto.KeyGenerator;
          import javax.crypto.SecretKey;
          import javax.crypto.spec.IvParameterSpec;

          import org.bouncycastle.asn1.x509.BasicConstraints;
          import org.bouncycastle.asn1.x509.KeyUsage;
          import org.bouncycastle.asn1.x509.X509Extension;
          import org.bouncycastle.jce.PKCS10CertificationRequest;
          import org.bouncycastle.jce.PrincipalUtil;
          import org.bouncycastle.jce.X509Principal;
          import org.bouncycastle.openssl.PEMWriter;
          import org.bouncycastle.x509.X509V1CertificateGenerator;
          import org.bouncycastle.x509.X509V3CertificateGenerator;
          import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
          import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

          public class Utils
          {
          private static String     DIGITS = "0123456789abcdef";

          private static final int VALIDITY_PERIOD = 7 * 24 * 60 * 60 * 1000;

          public static String HOST_NAME = "localhost";
          public static int PORT_NO = 9020;

          public static String ROOT_ALIAS = "root";
          public static String INTERMEDIATE_ALIAS = "intermediate";
          public static String END_ENTITY_ALIAS = "end";

          public static String SERVER_NAME = "server";
          public static char[] SERVER_PASSWORD = "serverPassword".toCharArray();

          public static String CLIENT_NAME = "client";
          public static char[] CLIENT_PASSWORD = "clientPassword".toCharArray();

          public static String TRUST_STORE_NAME = "trustStore";
          public static char[] TRUST_STORE_PASSWORD = "trustPassword".toCharArray();

          public static String toHex(byte[] data, int length)
          {
          StringBuffer     buf = new StringBuffer();

          for (int i = 0; i != length; i++)
          {
          int     v = data[i] & 0xff;

          buf.append(DIGITS.charAt(v >> 4));
          buf.append(DIGITS.charAt(v & 0xf));
          }

          return buf.toString();
          }

          /**
          * Return the passed in byte array as a hex string.
          *
          * @param data the bytes to be converted.
          * @return a hex representation of data.
          */
          public static String toHex(byte[] data)
          {
          return toHex(data, data.length);
          }

               public static SecretKey createKeyForAES(int bitlength, SecureRandom random)
          throws NoSuchAlgorithmException, NoSuchProviderException
          {
          KeyGenerator generator = KeyGenerator.getInstance("AES", "BC");
          generator.init(256, random);
          return generator.generateKey();
          }

          public static IvParameterSpec createCtrIvForAES(int messageNumber, SecureRandom random)
          {
          byte[] ivBytes = new byte[16];
          random.nextBytes(ivBytes);

          ivBytes[0] = (byte) (messageNumber >> 24);
          ivBytes[1] = (byte) (messageNumber >> 16);
          ivBytes[2] = (byte) (messageNumber >> 8);
          ivBytes[3] = (byte) (messageNumber >> 0);

          for (int i = 0; i != 7; i++)
          {
          ivBytes[8 + i] = 0;
          }
          ivBytes[15] = 1;

          return new IvParameterSpec(ivBytes);
          }

          public static byte[] toByteArray(String string)
          {
          byte[] bytes = new byte[string.length()];
          char[] chars = string.toCharArray();

          for (int i = 0; i != chars.length; i++)
          {
          bytes[i] = (byte) chars;
          }

          return bytes;
          }

          public static String toString(byte[] bytes)
          {
          return Utils.toString(bytes, bytes.length);
          }

          public static String toString(byte[] bytes, int length)
          {
          char[] chars = new char[length];
          for (int i = 0; i != chars.length; i++)
          {
          chars[i] = (char) (bytes[i] & 0xff);
          }

          return new String(chars);
          }

          public static KeyPair generateRSAKeyPair()
          throws Exception
          {
          return Utils.generateRSAKeyPair(1024);
          }

          public static KeyPair generateRSAKeyPair(int keySize)
          throws Exception
          {
          KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
          kpGen.initialize(keySize, new SecureRandom());
          return kpGen.generateKeyPair();
          }

          public static KeyPair generateDSAKeyPair()
          throws Exception
          {
          return Utils.generateDSAKeyPair(1024);
          }
          public static KeyPair generateDSAKeyPair(int keySize)
          throws Exception
          {
          KeyPairGenerator kpGen = KeyPairGenerator.getInstance("DSA", "BC");
          kpGen.initialize(keySize, new SecureRandom());
          return kpGen.generateKeyPair();
          }

          private static class FixedRand extends SecureRandom
          {
          MessageDigest sha;
          byte[] state;

          FixedRand()
          {
          try
          {
          this.sha = MessageDigest.getInstance("SHA-1", "BC");
          this.state = sha.digest();
          }
          catch(Exception e)
          {
          throw new RuntimeException("can't find SHA-1");
          }
          }

          public void nextBytes(byte[] bytes)
          {
          int off = 0;
          sha.update(state);

          while (off < bytes.length)
          {
          state = sha.digest();
          if (bytes.length - off > state.length)
          {
          System.arraycopy(state, 0, bytes, off, state.length);
          }
          else
          {
          System.arraycopy(state, 0, bytes, off, bytes.length - off);
          }

          off += state.length;
          sha.update(state);
          }
          }
          }

          public static SecureRandom createFixedRandom()
          {
          return new FixedRand();
          }

          public static void dumpX509Cert(X509Certificate x509Cert)
          throws Exception
          {
          ByteArrayOutputStream bOut = new ByteArrayOutputStream();
          PEMWriter writer = new PEMWriter(new OutputStreamWriter(bOut));
          writer.writeObject(x509Cert);
          writer.close();
          System.out.write(bOut.toByteArray());
          }

          public static void dumpPKCS10CertRequest(PKCS10CertificationRequest request)
          throws Exception
          {
          ByteArrayOutputStream bOut = new ByteArrayOutputStream();
          PEMWriter writer = new PEMWriter(new OutputStreamWriter(bOut));
          writer.writeObject(request);
          writer.close();
          System.out.write(bOut.toByteArray());
          }

          public static X509Certificate generateRootCert(KeyPair pair)
          throws Exception
          {
          X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();

          certGen.setSerialNumber(BigInteger.valueOf(1));
          certGen.setIssuerDN(new X509Principal("CN=Test CA Certificate"));
          certGen.setNotBefore(new Date(System.currentTimeMillis()));
          certGen.setNotAfter(new Date(System.currentTimeMillis() + VALIDITY_PERIOD));
          certGen.setSubjectDN(new X509Principal("CN=Test CA Certificate"));
          certGen.setPublicKey(pair.getPublic());
          certGen.setSignatureAlgorithm("SHA1WithRSAEncryption");

          return certGen.generate(pair.getPrivate(), "BC");
          }

          public static X509Certificate generateIntermediateCert(PublicKey intKey,
          PrivateKey caKey,
          X509Certificate caCert)
          throws Exception
          {
          X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

          certGen.setSerialNumber(BigInteger.valueOf(1));
          certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
          certGen.setNotBefore(new Date(System.currentTimeMillis()));
          certGen.setNotAfter(new Date(System.currentTimeMillis() + VALIDITY_PERIOD));
          certGen.setSubjectDN(new X509Principal("CN=Test Intermediate Certificate"));
          certGen.setPublicKey(intKey);
          certGen.setSignatureAlgorithm("SHA1WithRSAEncryption");

          certGen.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
          certGen.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey));
          certGen.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(0));
          certGen.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));

          return certGen.generate(caKey, "BC");
          }

          public static X509Certificate generateEndEntityCert(PublicKey entityKey,
          PrivateKey caKey,
          X509Certificate caCert)
          throws Exception
          {
          X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

          certGen.setSerialNumber(BigInteger.valueOf(1));
          certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
          certGen.setNotBefore(new Date(System.currentTimeMillis()));
          certGen.setNotAfter(new Date(System.currentTimeMillis() + VALIDITY_PERIOD));
          certGen.setSubjectDN(new X509Principal("CN=Test End Certificate"));
          certGen.setPublicKey(entityKey);
          certGen.setSignatureAlgorithm("SHA1WithRSAEncryption");

          certGen.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
          certGen.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey));
          certGen.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false));
          certGen.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));

          return certGen.generate(caKey, "BC");
          }

          public static X500PrivateCredential createRootCredential()
          throws Exception
          {
          KeyPair rootPair = Utils.generateRSAKeyPair(512);
          X509Certificate rootCert = Utils.generateRootCert(rootPair);
          return new X500PrivateCredential(rootCert, rootPair.getPrivate(), ROOT_ALIAS);
          }

          public static X500PrivateCredential createIntermediateCredential(PrivateKey caKey,
          X509Certificate caCert)
          throws Exception
          {
          KeyPair interPair = Utils.generateRSAKeyPair(512);
          X509Certificate interCert = Utils.generateIntermediateCert(interPair.getPublic(), caKey, caCert);
          return new X500PrivateCredential(interCert, interPair.getPrivate(), INTERMEDIATE_ALIAS);
          }

          public static X500PrivateCredential createEndEntityCredential(PrivateKey caKey,
          X509Certificate caCert)
          throws Exception
          {
          KeyPair endPair = Utils.generateRSAKeyPair(512);
          X509Certificate endCert = Utils.generateIntermediateCert(endPair.getPublic(), caKey, caCert);
          return new X500PrivateCredential(endCert, endPair.getPrivate(), END_ENTITY_ALIAS);
          }
          }
          • 2. Re: Exception during client auth handshake
            EJP
            Your single program to create all the key stores and trust stores doesn't make sense from a security point of view. The server & client private keys are supposed to be private, to the client & server respectively. Having a single piece of code 'knows' both is a prima facie security breach.

            The 'bad certificate' alert says that this end has received a certificate from the peer that it doesn't understand.
            • 3. Re: Exception during client auth handshake
              852276
              The code provided wasn't meant to be a real implementation but to demonstrate client validation as I develop the code for our embedded platform.

              When I run the client and server where both are java 1.4+, the handshake is successful. It has problems the moment I drop back to 1.3 with jce 1.2.2 and jsse modules. This problem originally appeared when I was trying to get it to work with our embedded platform which runs j9 2.3 (java 1.3+ equiv). In order to remove some of the unknowns, I ran it with Sun Java 1.3 and received basically the same error.

              So is there anything in the debug output that would explain why it fails with a 1.3 client, but not with a 1.4 client? BTW, when I run the server on the 1.3 side and the client on the 1.4+ side, it works fine.

              Regards,
              Bill
              • 4. Re: Exception during client auth handshake
                855200
                After much playing, I've narrowed down the problem. I've eliminated j9 from the picture and reverted to an install of jdk13 and jdk16. Both use the bcprov_jdk13_146.jar. The examples are straight out of chapter 10 of Beginning Crypto with Java book with only a few mods:

                1) Switched to BKS keystores for server, client and trust keystores. (Necessary when running with j9)
                2) Created my own X500PrivateCredential class since it didn't exist in 1.3.
                3) Used com.sun.net.ssl classes instead of javax.net.ssl classes where necessary to satisfy compilation.
                4) Used BC helper classes like PrincipalUtil where necessary.

                I narrowed it down to 4 basic scenarios:

                1) 1.6 client to 1.6 server
                2) 1.3 client to 1.6 server
                3) 1.6 client to 1.3 server
                4) 1.3 client to 1.3 server

                The only condition that fails in the 1.3 client to 1.6 server. Unfortunately with our hardware this will be fairly common. Looking at the javax.net.debug=all output for all the cases, when the client receives the certificate request from the server, in the successful cases, it looks something like:

                *** CertificateRequest
                Cert Types: DSS, RSA
                Cert Authorities:
                <CN=Test CA Certificate>
                [read] MD5 and SHA1 hashes: len = 43
                0000: 0D 00 00 27 02 02 01 00 22 00 20 30 1E 31 1C 30 ...'....". 0.1.0
                0010: 1A 06 03 55 04 03 13 13 54 65 73 74 20 43 41 20 ...U....Test CA
                0020: 43 65 72 74 69 66 69 63 61 74 65 Certificate
                *** ServerHelloDone
                or

                *** CertificateRequest
                Cert Types: RSA, DSS, ECDSA
                Cert Authorities:
                <CN=Test CA Certificate>
                [read] MD5 and SHA1 hashes: len = 44
                0000: 0D 00 00 28 03 01 02 40 00 22 00 20 30 1E 31 1C ...(...@.". 0.1.
                0010: 30 1A 06 03 55 04 03 0C 13 54 65 73 74 20 43 41 0...U....Test CA
                0020: 20 43 65 72 74 69 66 69 63 61 74 65 Certificate
                *** ServerHelloDone

                The client then responds by sending the cert.

                In the failing case, the request sees the request like:

                *** CertificateRequest
                Cert Types: RSA, DSS, Type-64,
                Cert Authorities:
                <CN=#0C1354657374204341204365727469666963617465>
                [read] MD5 and SHA1 hashes: len = 44
                0000: 0D 00 00 28 03 01 02 40 00 22 00 20 30 1E 31 1C ...(...@.". 0.1.
                0010: 30 1A 06 03 55 04 03 0C 13 54 65 73 74 20 43 41 0...U....Test CA
                0020: 20 43 65 72 74 69 66 69 63 61 74 65 Certificate
                *** ServerHelloDone

                then doesn't respond with anything.

                My guess is it has something to do with the Cert Types (ECDSA/Type-64) and the CN=#xxxx and that it can't find a match.

                Am I on the right track? Is there some way to restrict to RSA, DSS?

                Best Regards,
                Bill
                • 5. Re: Exception during client auth handshake
                  EJP
                  Very well done. It is indeed to do with the certificate types. If the client can't find a certificate in its keystore that matches the specified cert types and issuers it doesn't respond with any certificate to that request: if then the server is set for needClientAuth rather than wantClientAuth it will close the SSL connection.

                  The certificate types in the CertificateRequest are defined by the server based I think in the Java case on what crypto algorithms it thinks it has access to, which in turn depends on the installed providers. The issuers in the CertificateRequest message correspond to the contents of the server's truststore.

                  In the JDK 1.3 case you should be using the separate JSSE download, if you can find it, and the com.sun.ssl imports. From JDK 1.4 JSSE was bundled into the JDK and you should use the javax.net.ssl imports.

                  I think I would try to get by without the Bouncy Castle provider at all. I've never had to use it since JSSE 1.0.0 in about 1999.

                  Hope this helps.