ws-soap-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kim Altintop <...@deepfx.com>
Subject Another post concerning SSL client cert auth
Date Tue, 29 Jan 2002 14:06:17 GMT
Hi all,

I'm another poor poster stuck with the problem of setting up SSL client
cert auth with SOAP :-(
I'm using (almost literally) the example code previously posted on this
list by Nathan Wray to set up a custom SSLSocketFactory (see below). When I
run my client app with "-Djavax.net.debug=all" I can see that my
SocketFactory seems to be unable to send it's cert upon request of the
server:

[...]

*** ServerHelloDone
[read] MD5 and SHA1 hashes:  len = 4
0000: 0E 00 00 00                                        ....
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, v3.1

[...]


although I can see from debugging output, that the Certificate chain on the
client side is set up correctly. If I use the same
SSLSocketFactory-initialization-code with the
"SSLSocketWithClientAuth"-example that comes with JSSE, output looks like
the following:

[...]

*** ServerHelloDone
[read] MD5 and SHA1 hashes:  len = 4
0000: 0E 00 00 00                                        ....
matching client alias : kim
*** Certificate chain
chain [0] = [
[
  Version: V1
  Subject: CN=Kim Altintop, OU=SD, O=mbfp, C=DE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@5ee671
  Validity: [From: Fri Jan 25 14:55:44 CET 2002,
               To: Thu Apr 25 15:55:44 CEST 2002]
  Issuer: CN=Kim Altintop, OU=SD, O=mbfp, C=DE
  SerialNumber: [    3c5163e0 ]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: 63 9C 18 51 74 A3 24 0C   27 41 E4 D4 66 6A 97 A2  c..Qt.$.'A..fj..
0010: 95 89 FA A2 14 24 B3 8C   F5 7B D2 A4 DC 64 7E 88  .....$.......d..
0020: 47 3F EF A9 EF 7C 5B E0   AC 7B D1 45 C3 7A AF 1E  G?....[....E.z..
0030: 8A 18 31 B7 9C D9 23 B0   23 B6 79 C0 1F F8 AB 7E  ..1...#.#.y.....
0040: 22 35 81 19 66 E6 71 3A   A3 D2 15 CD D2 60 DF EA  "5..f.q:.....`..
0050: 86 99 85 B1 15 C6 5F 85   B7 C9 E5 CA 48 80 86 D4  ......_.....H...
0060: 80 8E 44 08 C3 BC 0D 30   52 28 5D B0 A1 A6 05 EB  ..D....0R(].....
0070: 27 DE C5 34 68 C1 79 6E   20 1F 98 21 14 00 9C 76  '..4h.yn ..!...v

]
***
*** ClientKeyExchange, RSA PreMasterSecret, v3.1

[...]




So, what's going wrong? As far as I can see, the only difference between
the apps is that I have to use
"HttpsURLConnection.setDefaultSSLSocketFactory()" with the SOAP-client
whereas the JSSE-example is creating the socket directly.

Has anyone run into this before? I would greatly appreciate any hints...

[ for now, as I _CAN_ establish a SSL connection with only server-side cert
auth, I can work with BASIC AUTH as the credentials are encrypted while
travelling over network - but this requires username/password to be
hardcoded or at least stored somewhere on the machine I'm running the
client. And I don't like that... ;-( ]



Best regards,

Kim


-- Here's the code I use in my SOAP client --

[ ... ]

 try {
	System.setProperty("java.protocol.handler.pkgs",  
                        "com.sun.net.ssl.internal.www.protocol");

	Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
	SSLContext           ctx;
	KeyManagerFactory    kmf;
	TrustManagerFactory  tmf;
	KeyStore             ks;
	char[]               passphrase  = "dirkdiggler".toCharArray();

	ctx = SSLContext.getInstance("TLS");
	kmf = KeyManagerFactory.getInstance("SunX509");
	ks = KeyStore.getInstance("JKS");
	tmf = TrustManagerFactory.getInstance("SunX509");

	ks.load(new FileInputStream("mykeystore"), passphrase);
	kmf.init(ks, passphrase);
	tmf.init(ks);
	ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

	HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
 } catch (Exception e) {
		System.out.println("SSLSocketFactory initialization failed");
		e.printStackTrace();
 }

[ ... ]

Mime
View raw message