tylerdurden83
22-03-2010, 10:54
Ragazzi ho un problema a mettere in piedi una comunicazione client-server via socket cifrate.
Questi sono i passi che ho seguito (seguendo questo pdf (http://marvin.fri.uni-lj.si/j-jsse-a4.pdf)):
1) Creazione delle chiavi private per il client e il server:
keytool -genkey -alias clientprivate -keystore client.private -storetype JKS -keyalg rsa -dname "CN=Your Name, OU=Your Organizational Unit, O=Your Organization, L=Your City, S=Your State,C=Your Country" -storepass clientpw -keypass clientpw
keytool -genkey -alias serverprivate -keystore server.private -storetype JKS -keyalg rsa -dname "CN=Your Name, OU=YourOrganizational Unit,O=Your Organization, L=Your City, S=Your State,C=Your Country" -storepass serverpw -keypass serverpw
2) Estrazione delle chiavi pubbliche:
keytool -export -alias clientprivate -keystore client.private -file temp.key -storepass clientpw
keytool -import -noprompt -alias clientpublic -keystore client.public -file temp.key -storepass public
keytool -export -alias serverprivate -keystore server.private –file temp.key -storepass serverpw
keytool -import -noprompt -alias serverpublic -keystore server.public -file temp.key -storepass public
3) Lato server gli step che ho seguito sono stati:
// 1.Creazione SecureRandom
SecureRandom secureRandom = new SecureRandom();
secureRandom.nextInt();
// 2. Create a KeyStore object containing the remote client's public key.
// This is read from client.public.
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
clientKeyStore.load(new FileInputStream("/home/rob/Sslserver/client.public"), "public".toCharArray());
// 3. Create a KeyStore object containing the server's public/private
//key pair, including its public key certificate.
//This is read from server.private.
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
serverKeyStore.load(new FileInputStream("/home/rob/Sslserver/server.private"), "serverpw".toCharArray());
// 4. Create a TrustManagerFactory from the remote client's
//KeyStore. This is used to authenticate the remote client.
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(clientKeyStore);
//5. Create a KeyManagerFactory from the server's KeyStore.
//This is used for encrypting and decrypting data
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(serverKeyStore, "serverpw".toCharArray());
//6. Create an SSLContext object, using the KeyManagerFactory,
//the TrustManagerFactory, and the SecureRandom.
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),secureRandom);
//7. Use the SSLContext to create an SSLServerSocketFactory.
SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
//8. Use the SSLServerSocketFactory to create an SSLServerSocket,
// which acts just like a regular ServerSocket, except that it is secure.
ss = (SSLServerSocket)sf.createServerSocket(9567);
//9. Call the accept() method of the SSLServerSocket to wait for an incoming connection.
ss.setNeedClientAuth( true );
client = (SSLSocket)ss.accept();
3) Lato client gli step che ho seguito sono stati:
//1. Create a SecureRandom, a source of secure random numbers.
//Secure random numbers are numbers that are random enough that
//they will not make the encryption vulnerable to attack.
SecureRandom secureRandom = new SecureRandom();
secureRandom.nextInt();
// 2. Create a KeyStore object containing the remote server's
//public key. This is read from server.public.
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
serverKeyStore.load(new FileInputStream("E:/SSL/server.public"), "public".toCharArray());
// 3. Create a KeyStore object containing the client's public/private
// key pair, including its public key certificate. This is read from client.private
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
clientKeyStore.load(new FileInputStream("E:/SSL/client.private"), "clientpw".toCharArray());
// 4. Create a TrustManagerFactory from the remote server's KeyStore.
// This is used to authenticate the remote server
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(serverKeyStore);
//5. Create a KeyManagerFactory from the client's KeyStore.
//This is used for encrypting and decrypting data
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(clientKeyStore, "clientpw".toCharArray());
//6. Create an SSLContext object, using the KeyManagerFactory,
//the TrustManagerFactory, and the SecureRandom.
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),secureRandom);
//7. Use the SSLContext to create an SSLSocketFactory.
SSLSocketFactory sf = sslContext.getSocketFactory();
//8. Use the SSLSocketFactory to create an SSLSocket, which acts
//just like a regular Socket, except that it is secure.
socket =(SSLSocket)sf.createSocket("10.170.31.34",9567);
out = new PrintWriter(socket.getOutputStream(), true);
L'eccezione che prendo è la seguente:
main, RECV TLSv1 ALERT: fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1657)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:744)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:264)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:158)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at sslserver.Main.main(Main.java:55)
Questi sono i passi che ho seguito (seguendo questo pdf (http://marvin.fri.uni-lj.si/j-jsse-a4.pdf)):
1) Creazione delle chiavi private per il client e il server:
keytool -genkey -alias clientprivate -keystore client.private -storetype JKS -keyalg rsa -dname "CN=Your Name, OU=Your Organizational Unit, O=Your Organization, L=Your City, S=Your State,C=Your Country" -storepass clientpw -keypass clientpw
keytool -genkey -alias serverprivate -keystore server.private -storetype JKS -keyalg rsa -dname "CN=Your Name, OU=YourOrganizational Unit,O=Your Organization, L=Your City, S=Your State,C=Your Country" -storepass serverpw -keypass serverpw
2) Estrazione delle chiavi pubbliche:
keytool -export -alias clientprivate -keystore client.private -file temp.key -storepass clientpw
keytool -import -noprompt -alias clientpublic -keystore client.public -file temp.key -storepass public
keytool -export -alias serverprivate -keystore server.private –file temp.key -storepass serverpw
keytool -import -noprompt -alias serverpublic -keystore server.public -file temp.key -storepass public
3) Lato server gli step che ho seguito sono stati:
// 1.Creazione SecureRandom
SecureRandom secureRandom = new SecureRandom();
secureRandom.nextInt();
// 2. Create a KeyStore object containing the remote client's public key.
// This is read from client.public.
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
clientKeyStore.load(new FileInputStream("/home/rob/Sslserver/client.public"), "public".toCharArray());
// 3. Create a KeyStore object containing the server's public/private
//key pair, including its public key certificate.
//This is read from server.private.
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
serverKeyStore.load(new FileInputStream("/home/rob/Sslserver/server.private"), "serverpw".toCharArray());
// 4. Create a TrustManagerFactory from the remote client's
//KeyStore. This is used to authenticate the remote client.
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(clientKeyStore);
//5. Create a KeyManagerFactory from the server's KeyStore.
//This is used for encrypting and decrypting data
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(serverKeyStore, "serverpw".toCharArray());
//6. Create an SSLContext object, using the KeyManagerFactory,
//the TrustManagerFactory, and the SecureRandom.
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),secureRandom);
//7. Use the SSLContext to create an SSLServerSocketFactory.
SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
//8. Use the SSLServerSocketFactory to create an SSLServerSocket,
// which acts just like a regular ServerSocket, except that it is secure.
ss = (SSLServerSocket)sf.createServerSocket(9567);
//9. Call the accept() method of the SSLServerSocket to wait for an incoming connection.
ss.setNeedClientAuth( true );
client = (SSLSocket)ss.accept();
3) Lato client gli step che ho seguito sono stati:
//1. Create a SecureRandom, a source of secure random numbers.
//Secure random numbers are numbers that are random enough that
//they will not make the encryption vulnerable to attack.
SecureRandom secureRandom = new SecureRandom();
secureRandom.nextInt();
// 2. Create a KeyStore object containing the remote server's
//public key. This is read from server.public.
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
serverKeyStore.load(new FileInputStream("E:/SSL/server.public"), "public".toCharArray());
// 3. Create a KeyStore object containing the client's public/private
// key pair, including its public key certificate. This is read from client.private
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
clientKeyStore.load(new FileInputStream("E:/SSL/client.private"), "clientpw".toCharArray());
// 4. Create a TrustManagerFactory from the remote server's KeyStore.
// This is used to authenticate the remote server
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(serverKeyStore);
//5. Create a KeyManagerFactory from the client's KeyStore.
//This is used for encrypting and decrypting data
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(clientKeyStore, "clientpw".toCharArray());
//6. Create an SSLContext object, using the KeyManagerFactory,
//the TrustManagerFactory, and the SecureRandom.
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),secureRandom);
//7. Use the SSLContext to create an SSLSocketFactory.
SSLSocketFactory sf = sslContext.getSocketFactory();
//8. Use the SSLSocketFactory to create an SSLSocket, which acts
//just like a regular Socket, except that it is secure.
socket =(SSLSocket)sf.createSocket("10.170.31.34",9567);
out = new PrintWriter(socket.getOutputStream(), true);
L'eccezione che prendo è la seguente:
main, RECV TLSv1 ALERT: fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1657)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:744)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:264)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:158)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at sslserver.Main.main(Main.java:55)