jPOS and SSL

1,473 views
Skip to first unread message

badre...@gmail.com

unread,
Jan 30, 2009, 12:15:36 PM1/30/09
to jPOS Users
Hi everybody,
In my case I want to activate SSL for communications between jPOS
server and jPOS client, to do I used the SunJSSESocketFactory class
and th following server xml configuration :
<?xml version="1.0" ?>
<server class="org.jpos.q2.iso.QServer" logger="Q2"
name="simulator_10000">
<attr name="port" type="java.lang.Integer">10000</attr>
<attr name="socketFactory">org.jpos.iso.SunJSSESocketFactory</attr>
<property name="keystore" value="C:\Documents and Settings
\Administrateur.88A71D1CFED64CC\servertest.private"/>
<property name="clientauth" value="true"/>
<property name="storepassword" value="ashuashu"/>
<property name="keypassword" value="ashuashu"/>
<channel class="org.jpos.iso.channel.XMLChannel"
logger="Q2" packager="org.jpos.iso.packager.XMLPackager">
</channel>
<request-listener class="org.jpos.bsh.BSHRequestListener"
logger="Q2">
<property name="source" value="cfg/serversimulator.bsh" />
</request-listener>
</server>

with keytool generated certificates using the following script :

" keytool -genkey -alias serverprivate -keystore servertest.private -
storetype JKS -keyalg rsa -storepass ashuashu -keypass ashuashu "

but when tring to connect to the server using a securised telnet
client it generates the following errors message and there's no
handshake between the two communication parts :

<log realm="simulator_10000.server.session/127.0.0.1" at="Fri Jan 30
17:58:38 CE
T 2009.203">
<session-error>
<exception name="handshake alert: no_certificate">
javax.net.ssl.SSLProtocolException: handshake alert:
no_certificate
at com.sun.net.ssl.internal.ssl.ServerHandshaker.handshakeAlert
(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert
(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord
(Unknown Source)

at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Un
known Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord
(Unknown Sou
rce)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown
Source)
at java.io.BufferedInputStream.read1(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at java.io.DataInputStream.read(Unknown Source)
at sun.nio.cs.StreamDecoder.readBytes(Unknown Source)
at sun.nio.cs.StreamDecoder.implRead(Unknown Source)
at sun.nio.cs.StreamDecoder.read(Unknown Source)
at java.io.InputStreamReader.read(Unknown Source)
at java.io.BufferedReader.fill(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)
at org.jpos.iso.channel.XMLChannel.streamReceive
(XMLChannel.java:92)
at org.jpos.iso.BaseChannel.receive(BaseChannel.java:595)
at org.jpos.iso.ISOServer$Session.run(ISOServer.java:144)
at org.jpos.util.ThreadPool$PooledThread.run(ThreadPool.java:
72)
</exception>
</session-error>
</log>


So please can you tell me if there's the right way to securise my
jPOS server and what can I do to correct those connection errors.
Your response will be a great help for me.

Mark Salter

unread,
Jan 30, 2009, 4:50:20 PM1/30/09
to jpos-...@googlegroups.com
badre...@gmail.com wrote:

> In my case I want to activate SSL for communications between jPOS
> server and jPOS client, to do I used the SunJSSESocketFactory class
> and th following server xml configuration :
> <?xml version="1.0" ?>
> <server class="org.jpos.q2.iso.QServer" logger="Q2"
> name="simulator_10000">
> <attr name="port" type="java.lang.Integer">10000</attr>
> <attr name="socketFactory">org.jpos.iso.SunJSSESocketFactory</attr>
> <property name="keystore" value="C:\Documents and Settings
> \Administrateur.88A71D1CFED64CC\servertest.private"/>
> <property name="clientauth" value="true"/>

With clientauth=true, a client connecting to this server will be asked
to supply it's certificate? I think this might be the stage which is
failing for you.

> <property name="storepassword" value="ashuashu"/>
> <property name="keypassword" value="ashuashu"/>
> <channel class="org.jpos.iso.channel.XMLChannel"
> logger="Q2" packager="org.jpos.iso.packager.XMLPackager">
> </channel>
> <request-listener class="org.jpos.bsh.BSHRequestListener"
> logger="Q2">
> <property name="source" value="cfg/serversimulator.bsh" />
> </request-listener>
> </server>

[snip]


> but when tring to connect to the server using a securised telnet
> client it generates the following errors message and there's no
> handshake between the two communication parts :

Can I ask what you are using for your 'securised telnet client'?

Have you added a certificate to this client software?

Can you try (just for now) setting clientauth=false?

In connecting a jPos SSL client to a jPos SSL server with
clientauth=true, I think both ends need certificates.

I do recall reading a step by step guide, but I can't remember where it
was and neither can I find it as I write.


--
Mark

badre...@gmail.com

unread,
Feb 2, 2009, 6:00:40 PM2/2/09
to jPOS Users
I want before to thank you for your interest, I found a solution for
the server problem by changing the SunJSSESocketFactory class to make
it accept .key configuration especially the file temp.key containing
information concerning the client .private key so my server perfectly
interract with a securised telent client , now my problem is how to
configure the jpos client( client simulator) to make it connect to my
server so I will list below the configuration I used :

<channel-adaptor name='clientsimulator-adaptor'
class="org.jpos.q2.iso.ChannelAdaptor" logger="Q2">
<attr name="socketFactory">org.jpos.iso.SunJSSESocketFactory</attr>
<property name="keystore" value="C:\Documents and Settings
\Administrateur.88A71D1CFED64CC\client.private"/>
<property name="serverauth" value="true"/>
<property name="storepassword" value="ashuashu"/>
<property name="keypassword" value="ashuashu"/>

and this is the client log when trying to connect to the server :

<warn>
channel-receiver-clientsimulator-receive
<exception name="null">
java.io.EOFException
at org.jpos.iso.channel.XMLChannel.streamReceive
(XMLChannel.java:94)
at org.jpos.iso.BaseChannel.receive(BaseChannel.java:595)
at org.jpos.q2.iso.ChannelAdaptor$Receiver.run
(ChannelAdaptor.java:303)
at java.lang.Thread.run(Unknown Source)
</exception>
</warn>
</log>

the server log :

<log realm="simulator_10000.server.session/127.0.0.1" at="Mon Feb 02
23:11:13 CE
T 2009.937">
<session-error>
<exception name="Unrecognized SSL message, plaintext connection?">
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?
at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord
(Unknown
Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown
I hope it's not a so long post but it's the minimal that I can put to
make undersatnd the problem.
Thanks for your help and excuse my very bad english but I'm trying to
improve it :)
Best regards,
Meherzi Badreddine K&K partner Paris


On Jan 30, 10:50 pm, Mark Salter <marksal...@talktalk.net> wrote:

David Bergert

unread,
Feb 2, 2009, 10:00:30 PM2/2/09
to jpos-...@googlegroups.com
This Thread would be worth reviewing:

http://tech.groups.yahoo.com/group/jpos-dev/message/4189?gi=-102

Shows how to configure the server and a client using SSL.
You may need to read through all of the messages.


David Bergert, CISSP, CISA, CPISM/A
www.paymentsystemsblog.com

Gufran Nazir

unread,
Feb 16, 2015, 5:52:10 AM2/16/15
to jpos-...@googlegroups.com
Hi All,

Can you please let me know how to configure the jpos channel (client) to make it connect to SSL enabled ISO server.
Kindly shared one channel configuration example.

Regards,
Gufran Nazir

Alejandro Revilla

unread,
Feb 16, 2015, 6:33:23 AM2/16/15
to jPOS Users
Please take a look at section 5.2 nicely titled "SSL Channels" on page 50 of http://jpos.org/doc/proguide-draft.pdf

You'll see there what you're asking for.

--

Gufran Nazir

unread,
Feb 16, 2015, 6:50:58 AM2/16/15
to jpos-...@googlegroups.com
Hi Alejandro,

There its mention for ISO server, I am looking for ISO Client Channel configuration. Is it the same for client as well?

Regards,
Gufran Nazir

Alejandro Revilla

unread,
Feb 16, 2015, 6:57:04 AM2/16/15
to jPOS Users
Yes, it's the same thing.


Gufran Nazir

unread,
Feb 16, 2015, 7:39:45 AM2/16/15
to jpos-...@googlegroups.com
Hi Alejandro,

Thanks for your help.
One more clarification, should I have to add below property as well.

<property name="keystore" value="/path/to/keystore"/> 
<property name="clientauth" value="true"/> 
<property name="storepassword" value="abcccccc"/> 

Regards,
Gufran Nazir

Alejandro Revilla

unread,
Feb 16, 2015, 4:18:50 PM2/16/15
to jPOS Users
Correct.


--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
 
Join us in IRC at http://webchat.freenode.net/?channels=jpos
 
You received this message because you are subscribed to the "jPOS Users" group.
Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first
To post to this group, send email to jpos-...@googlegroups.com
To unsubscribe, send email to jpos-users+...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/jpos-users
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/8b6b0427-f825-4539-9555-9b745e479d30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages