|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
|
Hi, I'm looking for help with implementing RMI over SSL on Mac OS X - specifically how to specify the keystore for SSL. We have successfully deployed an applet and web start application which use RMI with SSL to connect to the server. So far this works only for Windows (XP, 2000, 98). When we disable SSL the applet/application runs fine on Mac OS X 10.4. When SSL is enabled the socket factory fails (see error output below). This is the error I typically get when the keystore is not found, does not have the desired key or is unreadable. Here is the code which we are running to active SSL: private static void activateSSL(){ // If application is running with Java Web Start or as an Applet then this // deployment property will point to the location of the file containing the // user's trusted certificates. // This property DOES NOT appear to be set under MAC OS X String keyStoreName = System.getProperty("deployment.user.security.trusted.certs",""); // else we have to guess at the location of the trusted,certs file. // - ONLY WORKS on Windows under Java 1.5 if (keyStoreName.length() == 0) { String userHome = System.getProperty("user.home",""); StringBuffer buf = new StringBuffer(100); buf.append(userHome); buf.append("/Application Data/Sun/Java/Deployment/security/trusted.certs"); // use local file name separator int slashPos; String fileSep = System.getProperty("file.separator","\\"); while ((slashPos = buf.indexOf("/")) > -1) { buf.replace(slashPos,slashPos+1,fileSep); } keyStoreName = buf.toString(); } // for debugging only System.out.println("Key Store: " + keyStoreName + (new File(keyStoreName).exists() ? " exists.":" does NOT exist")); System.setProperty("javax.net.ssl.trustStore", keyStoreName); SchedulingClient.printMessage("Trusted Cert file location set to: " + keyStoreName); // Works in Java Web Start (any browser) and with IE 6.0 under Windows XP, 2000 and 98. // setSocketFactory throws an exception in Mozilla Firefox: "factory already defined". try { SchedulingClient.printMessage("Setting RMI Factory"); java.rmi.server.RMISocketFactory.setSocketFactory(new SecureRMISocketFactory()); SchedulingClient.printMessage("SSL initiated"); } catch(Exception e) { SchedulingClient.printMessage("Unable to set socket factory: " + e.getClass().getName() + " " + e.getMessage()); e.printStackTrace(); } } /** * Provides SSL level security for client-server communication. * */ public class SecureRMISocketFactory extends RMISocketFactory { public SecureRMISocketFactory() { } /** * Creates a client socket connected to the specified host and port. */ public Socket createSocket(String host, int port) throws IOException { SSLSocketFactory socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); return socketFactory.createSocket(host, port); } /** * Create a server socket on the specified port (port 0 indicates * an anonymous port). */ public ServerSocket createServerSocket(int port) throws IOException { SSLServerSocketFactory serverSocketFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); return serverSocketFactory.createServerSocket(port); } } Here is the output from this code: Key Store: /Users/tom/Library/Caches/Java/security/ trusted.certs does NOT exist Nov 2, 2005 9:38:51 AM Trusted Cert file location set to: /Users/ tom/Library/Caches/Java/security/trusted.certs Nov 2, 2005 9:38:51 AM Setting RMI Factory Nov 2, 2005 9:38:51 AM SSL initiated java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.rmi.transport.tcp.TCPChannel.createConnection (TCPChannel.java:274) at sun.rmi.transport.tcp.TCPChannel.newConnection (TCPChannel.java:171) at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:306) at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source) at com.theraped.client.SchedulingClient.if(Unknown Source) at com.theraped.client.SchedulingClient.a(Unknown Source) at com.theraped.client.SchedulingClient.logonRMI(Unknown Source) at com.theraped.client.f.do(Unknown Source) at com.theraped.client.a.bn.actionPerformed(Unknown Source) at com.theraped.client.a.bn$1.actionPerformed(Unknown Source) at javax.swing.SwingUtilities.notifyAction(SwingUtilities.java: 1576) at javax.swing.JComponent.processKeyBinding(JComponent.java:2730) at javax.swing.JComponent.processKeyBindings(JComponent.java:2776) at javax.swing.JComponent.processKeyEvent(JComponent.java:2693) at java.awt.Component.processEvent(Component.java:5339) at java.awt.Container.processEvent(Container.java:2010) at java.awt.Component.dispatchEventImpl(Component.java:4029) at java.awt.Container.dispatchEventImpl(Container.java:2068) at java.awt.Component.dispatchEvent(Component.java:3877) at java.awt.KeyboardFocusManager.redispatchEvent (KeyboardFocusManager.java:1810) at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent (DefaultKeyboardFocusManager.java:668) at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent (DefaultKeyboardFocusManager.java:916) at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions (DefaultKeyboardFocusManager.java:794) at java.awt.DefaultKeyboardFocusManager.dispatchEvent (DefaultKeyboardFocusManager.java:632) at java.awt.Component.dispatchEventImpl(Component.java:3915) at java.awt.Container.dispatchEventImpl(Container.java:2068) at java.awt.Window.dispatchEventImpl(Window.java:1766) at java.awt.Component.dispatchEvent(Component.java:3877) at java.awt.EventQueue.dispatchEvent(EventQueue.java:463) at java.awt.EventDispatchThread.pumpOneEventForHierarchy (EventDispatchThread.java:267) at java.awt.EventDispatchThread.pumpEventsForHierarchy (EventDispatchThread.java:196) at java.awt.EventDispatchThread.pumpEvents (EventDispatchThread.java:190) at java.awt.EventDispatchThread.pumpEvents (EventDispatchThread.java:182) at java.awt.EventDispatchThread.run(EventDispatchThread.java:110) Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at com.sun.net.ssl.internal.ssl.Alerts.getSSLException (Alerts.java:166) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal (SSLSocketImpl.java:1476) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal (SSLSocketImpl.java:1443) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException (SSLSocketImpl.java:1426) at com.sun.net.ssl.internal.ssl.AppOutputStream.write (AppOutputStream.java:64) at java.io.BufferedOutputStream.flushBuffer (BufferedOutputStream.java:65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java: 123) at java.io.DataOutputStream.flush(DataOutputStream.java:106) at sun.rmi.transport.tcp.TCPChannel.createConnection (TCPChannel.java:198) ... 33 more Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.validator.PKIXValidator.<init> (PKIXValidator.java:56) at sun.security.validator.Validator.getInstance(Validator.java:146) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator (X509TrustManagerImpl.java:105) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted (X509TrustManagerImpl.java:167) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted (SSLContextImpl.java:320) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate (ClientHandshaker.java:840) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage (ClientHandshaker.java:106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop (Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record (Handshaker.java:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord (SSLSocketImpl.java:815) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake (SSLSocketImpl.java:1025) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord (SSLSocketImpl.java:619) at com.sun.net.ssl.internal.ssl.AppOutputStream.write (AppOutputStream.java:59) ... 37 more Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors (PKIXParameters.java:183) at java.security.cert.PKIXParameters.<init>(PKIXParameters.java: 103) at java.security.cert.PKIXBuilderParameters.<init> (PKIXBuilderParameters.java:87) at sun.security.validator.PKIXValidator.<init> (PKIXValidator.java:54) ... 49 more Hardcoding the name of the login.keychain file (which appears to be where certificates are inserted) does not fix the problem as then an exception is thrown complaining about an "invalid format". I have submitted a bug report to Apple indicating the missing property and missing or invalid keystore (maybe there is some other keystore I have not yet found?). Any suggestions for a work-around? Thanks alot. Tom |
_______________________________________________ Do not post admin requests to the list. They will be ignored. Java-dev mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
| Home | Archives | Terms/Conditions | Contact | RSS | Lists | About |
Visit the Apple Store online or at retail locations.
1-800-MY-APPLE
Contact Apple | Terms of Use | Privacy Policy
Copyright © 2011 Apple Inc. All rights reserved.
