[JAVA] JSSE e problema certificati

tylerdurden83 · 22-03-2010, 10:54

Ragazzi ho un problema a mettere in piedi una comunicazione client-server via socket cifrate.

Questi sono i passi che ho seguito (seguendo questo pdf):

1) Creazione delle chiavi private per il client e il server:
keytool -genkey -alias clientprivate -keystore client.private -storetype JKS -keyalg rsa -dname "CN=Your Name, OU=Your Organizational Unit, O=Your Organization, L=Your City, S=Your State,C=Your Country" -storepass clientpw -keypass clientpw

keytool -genkey -alias serverprivate -keystore server.private -storetype JKS -keyalg rsa -dname "CN=Your Name, OU=YourOrganizational Unit,O=Your Organization, L=Your City, S=Your State,C=Your Country" -storepass serverpw -keypass serverpw

2) Estrazione delle chiavi pubbliche:
keytool -export -alias clientprivate -keystore client.private -file temp.key -storepass clientpw
keytool -import -noprompt -alias clientpublic -keystore client.public -file temp.key -storepass public

keytool -export -alias serverprivate -keystore server.private –file temp.key -storepass serverpw
keytool -import -noprompt -alias serverpublic -keystore server.public -file temp.key -storepass public

3) Lato server gli step che ho seguito sono stati:

Codice:

// 1.Creazione SecureRandom
SecureRandom secureRandom = new SecureRandom();
secureRandom.nextInt();

// 2. Create a KeyStore object containing the remote client's public key.
// This is read from client.public.
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
clientKeyStore.load(new FileInputStream("/home/rob/Sslserver/client.public"), "public".toCharArray());

// 3. Create a KeyStore object containing the server's public/private
//key pair, including its public key certificate. 
//This is read from server.private.
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
serverKeyStore.load(new FileInputStream("/home/rob/Sslserver/server.private"), "serverpw".toCharArray());

// 4. Create a TrustManagerFactory from the remote client's 
//KeyStore. This is used to authenticate the remote client.
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(clientKeyStore);

//5. Create a KeyManagerFactory from the server's KeyStore. 
//This is used for encrypting and decrypting data      
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(serverKeyStore, "serverpw".toCharArray());

//6. Create an SSLContext object, using the KeyManagerFactory, 
//the TrustManagerFactory, and the SecureRandom.
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),secureRandom);

//7. Use the SSLContext to create an SSLServerSocketFactory.
SSLServerSocketFactory sf = sslContext.getServerSocketFactory();

//8. Use the SSLServerSocketFactory to create an SSLServerSocket, 
// which acts just like a regular ServerSocket, except that it is secure.
ss = (SSLServerSocket)sf.createServerSocket(9567);

//9. Call the accept() method of the SSLServerSocket to wait for an incoming connection.
ss.setNeedClientAuth( true );
client = (SSLSocket)ss.accept();

3) Lato client gli step che ho seguito sono stati:

Codice:

//1. Create a SecureRandom, a source of secure random numbers. 
//Secure random numbers are numbers that are random enough that 
//they will not make the encryption vulnerable to attack.
SecureRandom secureRandom = new SecureRandom();
secureRandom.nextInt();

// 2. Create a KeyStore object containing the remote server's 
//public key. This is read from server.public.
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
serverKeyStore.load(new FileInputStream("E:/SSL/server.public"), "public".toCharArray());

// 3. Create a KeyStore object containing the client's public/private 
// key pair, including its public key certificate. This is read from client.private
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
clientKeyStore.load(new FileInputStream("E:/SSL/client.private"), "clientpw".toCharArray());

// 4. Create a TrustManagerFactory from the remote server's KeyStore. 
// This is used to authenticate the remote server
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(serverKeyStore);

//5. Create a KeyManagerFactory from the client's KeyStore. 
//This is used for encrypting and decrypting data
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(clientKeyStore, "clientpw".toCharArray());

//6. Create an SSLContext object, using the KeyManagerFactory, 
//the TrustManagerFactory, and the SecureRandom.
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),secureRandom);

//7. Use the SSLContext to create an SSLSocketFactory.
SSLSocketFactory sf = sslContext.getSocketFactory();

//8. Use the SSLSocketFactory to create an SSLSocket, which acts 
//just like a regular Socket, except that it is secure.
socket =(SSLSocket)sf.createSocket("10.170.31.34",9567);
out = new PrintWriter(socket.getOutputStream(), true);

L'eccezione che prendo è la seguente:

Quote:

main, RECV TLSv1 ALERT: fatal, certificate_unknown
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1657)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:744)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:264)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:158)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at sslserver.Main.main(Main.java:55)

tylerdurden83 · 23-03-2010, 12:57

Uppino e aggiunta. Il server e client hanno le seguenti properties impostate:

-Djavax.net.debug=all
-Djavax.net.ssl.keyStore=E:/SSL/server.private
-Djavax.net.ssl.keyStorePassword=serverpw
-Djavax.net.ssl.trustStore=E:/SSL/client.public
-Djavax.net.ssl.trustStorePassword=public

-Djavax.net.debug=all
-Djavax.net.ssl.keyStore=E:/SSL/client.private
-Djavax.net.ssl.keyStorePassword=clientpw
-Djavax.net.ssl.trustStore=E:/SSL/server.public
-Djavax.net.ssl.trustStorePassword=public

23-03-2010, 12:57	#2
tylerdurden83 Senior Member Iscritto dal: Nov 2004 Messaggi: 691	Uppino e aggiunta. Il server e client hanno le seguenti properties impostate: -Djavax.net.debug=all -Djavax.net.ssl.keyStore=E:/SSL/server.private -Djavax.net.ssl.keyStorePassword=serverpw -Djavax.net.ssl.trustStore=E:/SSL/client.public -Djavax.net.ssl.trustStorePassword=public -Djavax.net.debug=all -Djavax.net.ssl.keyStore=E:/SSL/client.private -Djavax.net.ssl.keyStorePassword=clientpw -Djavax.net.ssl.trustStore=E:/SSL/server.public -Djavax.net.ssl.trustStorePassword=public

Strumenti
Mostra una versione stampabile Invia questa pagina per email