rmi over ssl ...
vinod eligeti via JavaKB.com
RMISocketfactory which creates SSLSockets and SSLServerSockets. I have
created the certs using keytool. I coulf able to bind the remote server
object and my client program also looked up the remote object.
But when i tried to invoke the remote method it is throughing the following
exception
---------------------------------------
java.rmi.ConnectIOException: error during JRMP connection establishment;
nested
exception is:
javax.net.ssl.SSLHandshakeException: Remote host closed connection
durin
g handshake
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at
com.eligetiv.endpoint.rmiendpoint.RmiProcessorImpl_Stub.processMessag
e(Unknown Source)
at com.eligetiv.endpoint.rmiendpoint.RmiXacmlRequester.sendRequest
(RmiXa
cmlRequester.java:77)
at com.eligetiv.endpoint.rmiendpoint.RmiXacmlRequester.main
(RmiXacmlRequ
ester.java:97)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed
connection du
ring handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown
Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at java.io.DataOutputStream.flush(Unknown Source)
... 6 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
----------------------------
processMethod() is my remote method. and the server program is exiting due
to this..
i made the -Djava.net.ssl=debug and here is the info:
---------------------------
Server address : localhost
Port number : 7123
Server binding name : rmi_pdp_server
keyStore is : pep.keystore
keyStore type is : jks
init keystore
init keymanager of type SunX509
***
found key for : mykey
chain [0] = [
[
Version: V1
Subject: CN=PEP, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
c9798a94 8b5a3ae0 c7729bbc 34e20d79 7be43c4c d5bd13b2 3eae74c6 91cee992
45d7dae9 05137af3 e543b64d a4d54794 6b86bd4a bdd1021a 54ad4747 d1a6b34b
f593f1d4 3f589855 2115052a 573b3bf1 e3b1cb6c e40ebfdd 1dafe4d2 62573b83
6110e77b 5b99d1fc 25a4cb9f ec43703d db853829 87324c82 e2c66f23 11538a6b
Validity: [From: Mon Feb 28 11:42:12 EST 2005,
To: Sun May 29 12:42:12 EDT 2005]
Issuer: CN=PEP, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
SerialNumber: [ 422349e4]
]
Algorithm: [MD5withRSA]
Signature:
0000: 66 54 01 C7 1D E0 C6 59 20 08 E3 DF 0B 93 37 9A fT.....Y .....7.
0010: DC 40 D7 3A 7B 5F D5 DD 3F 5C 78 24 11 F5 1F FF .@.:._..?\x$....
0020: AB 9B 41 40 87 3A E8 D4 19 47 CF F3 D6 FE 95 CF ..A@.:...G......
0030: 2D E4 95 7D A0 CD 60 98 6A 32 70 20 DE 82 C4 37 -.....`.j2p ...7
0040: AA A4 51 9B E8 77 5A FD 54 D7 8B 7C 97 63 4C E7 ..Q..wZ.T....cL.
0050: CC FE 22 F5 F7 9D 37 95 5D 31 F7 3E D8 28 1A 62 .."...7.]1.>.(.b
0060: 82 D5 79 A0 87 1C 1C 88 DC EA 4A 55 D2 30 D4 54 ..y.......JU.0.T
0070: CB CC 38 E2 8D 59 B2 A4 38 81 F0 9B 27 31 80 18 ..8..Y..8...'1..
]
***
trustStore is: pep.keystore
trustStore type is : jks
init truststore
adding as trusted cert:
Subject: CN=PEP, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
Issuer: CN=PEP, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
Algorithm: RSA; Serial number: 0x422349e4
Valid from Mon Feb 28 11:42:12 EST 2005 until Sun May 29 12:42:12 EDT 2005
adding as trusted cert:
Subject: CN=PDP, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
Issuer: CN=PDP, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
Algorithm: RSA; Serial number: 0x422349e2
Valid from Mon Feb 28 11:42:10 EST 2005 until Sun May 29 12:42:10 EDT 2005
init context
trigger seeding of SecureRandom
done seeding SecureRandom
*******************looked up the rmi stub*********************
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1109611409 bytes = { 75, 102, 142, 134, 89, 118, 201,
167, 89, 173, 5, 169, 227, 68, 141, 102, 243, 90, 230, 21, 236, 215, 242,
130, 40, 180, 234, 85 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 634
*** ServerHello, TLSv1
RandomCookie: GMT: 1109611409 bytes = { 41, 3, 88, 115, 85, 102, 239, 131,
64, 19, 41, 110, 232, 91, 14, 68, 133, 171, 127, 149, 231, 109, 91, 219,
73, 23, 38, 64 }
Session ID: {66, 35, 84, 145, 221, 223, 134, 151, 172, 136, 175, 36, 197,
242, 17, 155, 39, 94, 31, 7, 81, 218, 232, 30, 23, 32, 16, 3, 42, 151, 23,
76}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=PDP, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
c2256ae2 6575761f 84937e11 84f21117 447deb51 6af3c5e1 9f6bfc5c ced63667
c4b1296b d424b8dd a45125d8 ef56d666 a4842b81 7570a143 7f01a179 116966b1
ca7b5102 a4d772a0 9aefc7a3 f273e1f7 44555bd5 c52a93ec d9ee8c8d 7fef75d8
cf86bfa1 c5c35fa9 bda88772 c4814c9b be3ae9ec b79c5bed d3b4d4c1 a11a32d9
Validity: [From: Mon Feb 28 11:42:10 EST 2005,
To: Sun May 29 12:42:10 EDT 2005]
Issuer: CN=PDP, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
SerialNumber: [ 422349e2]
]
Algorithm: [MD5withRSA]
Signature:
0000: 97 E5 00 C2 27 C4 23 B6 4B B4 B0 83 A1 B9 AC 6D ....'.#.K......m
0010: FA C1 61 2C 1B 35 E5 FA 77 B2 41 B0 78 2F 0D 24 ..a,.5..w.A.x/.$
0020: FB 6C F7 D2 67 0A FB 03 77 2A F9 FC F7 A9 4A 22 .l..g...w*....J"
0030: D3 EF 1E F1 62 39 23 11 AA EF 6A 5D 80 B1 EA E7 ....b9#...j]....
0040: 98 32 8A C7 33 35 0F F4 86 8C 26 F7 F4 21 1E 20 .2..35....&..!.
0050: 26 64 77 1E D6 A2 BE 3E 80 55 96 E7 D3 3E F8 99 &dw....>.U...>..
0060: 39 43 1B D0 0A 63 02 F9 4E 34 29 39 44 39 C1 DC 9C...c..N4)9D9..
0070: 5B A8 15 89 0F CF 0A 2E B8 98 48 A1 46 8E CF E5 [.........H.F...
]
***
Found trusted certificate:
[
[
Version: V1
Subject: CN=PDP, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
c2256ae2 6575761f 84937e11 84f21117 447deb51 6af3c5e1 9f6bfc5c ced63667
c4b1296b d424b8dd a45125d8 ef56d666 a4842b81 7570a143 7f01a179 116966b1
ca7b5102 a4d772a0 9aefc7a3 f273e1f7 44555bd5 c52a93ec d9ee8c8d 7fef75d8
cf86bfa1 c5c35fa9 bda88772 c4814c9b be3ae9ec b79c5bed d3b4d4c1 a11a32d9
Validity: [From: Mon Feb 28 11:42:10 EST 2005,
To: Sun May 29 12:42:10 EDT 2005]
Issuer: CN=PDP, OU=Bar, O=Foo, L=Some, ST=Where, C=UN
SerialNumber: [ 422349e2]
]
Algorithm: [MD5withRSA]
Signature:
0000: 97 E5 00 C2 27 C4 23 B6 4B B4 B0 83 A1 B9 AC 6D ....'.#.K......m
0010: FA C1 61 2C 1B 35 E5 FA 77 B2 41 B0 78 2F 0D 24 ..a,.5..w.A.x/.$
0020: FB 6C F7 D2 67 0A FB 03 77 2A F9 FC F7 A9 4A 22 .l..g...w*....J"
0030: D3 EF 1E F1 62 39 23 11 AA EF 6A 5D 80 B1 EA E7 ....b9#...j]....
0040: 98 32 8A C7 33 35 0F F4 86 8C 26 F7 F4 21 1E 20 .2..35....&..!.
0050: 26 64 77 1E D6 A2 BE 3E 80 55 96 E7 D3 3E F8 99 &dw....>.U...>..
0060: 39 43 1B D0 0A 63 02 F9 4E 34 29 39 44 39 C1 DC 9C...c..N4)9D9..
0070: 5B A8 15 89 0F CF 0A 2E B8 98 48 A1 46 8E CF E5 [.........H.F...
]
*** ServerHelloDone
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 36, 59, 132, 126, 44, 39, 224, 44, 236, 141, 43,
130, 2, 212, 186, 55, 105, 47, 178, 53, 217, 153, 144, 123, 221, 43, 124,
65, 72, 178, 121, 225, 17, 27, 76, 213, 16, 25, 2, 2, 142, 21, 134, 210,
224, 82 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 24 3B 84 7E 2C 27 E0 2C EC 8D 2B 82 02 D4 ..$;..,'.,..+...
0010: BA 37 69 2F B2 35 D9 99 90 7B DD 2B 7C 41 48 B2 .7i/.5.....+.AH.
0020: 79 E1 11 1B 4C D5 10 19 02 02 8E 15 86 D2 E0 52 y...L..........R
CONNECTION KEYGEN:
Client Nonce:
0000: 42 23 54 91 4B 66 8E 86 59 76 C9 A7 59 AD 05 A9 B#T.Kf..Yv..Y...
0010: E3 44 8D 66 F3 5A E6 15 EC D7 F2 82 28 B4 EA 55 .D.f.Z......(..U
Server Nonce:
0000: 42 23 54 91 29 03 58 73 55 66 EF 83 40 13 29 6E B#T.).XsUf..@.)n
0010: E8 5B 0E 44 85 AB 7F 95 E7 6D 5B DB 49 17 26 40 .[.D.....m[.I.&@
Master Secret:
0000: 92 F4 7D 62 05 CA 15 E6 A6 6F B6 81 E2 DF AD FC ...b.....o......
0010: F5 D1 07 BC 8F 40 E0 92 27 64 E5 9C 47 78 EA 22 .....@..'d..Gx."
0020: 35 D3 D4 4D 33 3C 56 40 3B 11 2A 63 66 93 8F 3A 5..M3<V@;.*cf..:
Client MAC write Secret:
0000: D9 FA E5 AB 07 28 18 8E 53 C2 A0 69 7D 50 93 38 .....(..S..i.P.8
Server MAC write Secret:
0000: FA D6 6A 73 67 F2 74 DA C1 29 6B 93 1E 48 C9 DB ..jsg.t..)k..H..
Client write key:
0000: 4E 59 22 1B 80 93 FF 95 66 48 94 AC 55 D3 F4 4A NY".....fH..U..J
Server write key:
0000: 4D 43 9E 38 AA 19 9B 44 CE 7A DC F4 8F 32 F3 8F MC.8...D.z...2..
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data: { 123, 41, 122, 212, 129, 246, 207, 206, 159, 79, 145, 246 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 106, 34, 198, 107, 27, 250, 124, 66, 1, 137, 250, 172 }
***
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, WRITE: TLSv1 Application Data, length = 23
setSoTimeout(60000) called
main, READ: TLSv1 Application Data, length = 32
setSoTimeout(0) called
main, WRITE: TLSv1 Application Data, length = 37
main, WRITE: TLSv1 Application Data, length = 74
main, READ: TLSv1 Application Data, length = 256
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1109611409 bytes = { 151, 2, 56, 174, 18, 216, 64, 243,
13, 54, 223, 223, 205, 116, 202, 146, 135, 114, 59, 26, 94, 203, 183, 161,
35, 103, 19, 35 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host
closed connection during handshake
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, WRITE: TLSv1 Application Data, length = 17
main, READ: TLSv1 Application Data, length = 17
main, WRITE: TLSv1 Application Data, length = 31
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1109611409 bytes = { 50, 190, 138, 115, 49, 189, 56,
83, 149, 209, 169, 183, 244, 238, 12, 188, 55, 25, 91, 140, 141, 180, 105,
130, 24, 68, 143, 10 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host
closed connection during handshake
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1109611409 bytes = { 144, 33, 172, 165, 84, 228, 118,
75, 132, 39, 67, 228, 222, 156, 50, 192, 204, 218, 177, 22, 56, 84, 5, 234,
203, 94, 207, 105 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
RMI RenewClean-[128.173.146.149:1319], WRITE: TLSv1 Handshake, length = 73
RMI RenewClean-[128.173.146.149:1319], WRITE: SSLv2 client hello message,
length = 98
RMI RenewClean-[128.173.146.149:1319], received EOFException: error
RMI RenewClean-[128.173.146.149:1319], handling exception:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
RMI RenewClean-[128.173.146.149:1319], SEND TLSv1 ALERT: fatal,
description = handshake_failure
RMI RenewClean-[128.173.146.149:1319], WRITE: TLSv1 Alert, length = 2
RMI RenewClean-[128.173.146.149:1319], called closeSocket()
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1109611409 bytes = { 3, 135, 232, 73, 131, 250, 193,
180, 254, 167, 204, 43, 152, 124, 87, 79, 133, 203, 110, 36, 180, 191, 151,
75, 61, 149, 35, 245 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
RMI RenewClean-[128.173.146.149:1319], WRITE: TLSv1 Handshake, length = 73
RMI RenewClean-[128.173.146.149:1319], WRITE: SSLv2 client hello message,
length = 98
RMI RenewClean-[128.173.146.149:1319], received EOFException: error
RMI RenewClean-[128.173.146.149:1319], handling exception:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
RMI RenewClean-[128.173.146.149:1319], SEND TLSv1 ALERT: fatal,
description = handshake_failure
RMI RenewClean-[128.173.146.149:1319], WRITE: TLSv1 Alert, length = 2
RMI RenewClean-[128.173.146.149:1319], called closeSocket()
--------------------------
do u guys know what is causing the problem.
vinod
--
Message posted via http://www.javakb.com