Hello,
I have problems on establishing SSL connection between server and android
using Apache Mina (both on server and client);
First of all I generated self signed keys. Bouncy Castle for Android and
JKS for server:
SERVER:
keytool -genkey -dname "cn=sslkey, o=test, c=RU" -alias serverkey -keyalg
RSA -keypass pass -storepass pass -keystore serverkey.jks -validity 1000
keytool -export -alias serverkey -storepass pass -file server.cer -keystore
serverkey.jks
keytool -import -alias serverkey -file server.cer -keypass pass -keystore
trustclient.bks -storetype BKS -storepass pass -providerClass
org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath
bcprov-jdk15on-148.jar
CLIENT:
keytool -genkey -dname "cn=sslkey, o=test, c=RU" -alias clientkey -keyalg
RSA -keypass pass -storepass pass -keystore clientkey.jks -validity 1000
keytool -export -alias clientkey -storepass pass -file client.cer -keystore
clientkey.jks
keytool -import -alias clientkey -file client.cer -keypass pass -keystore
clientkey.bks -storetype BKS -storepass pass -providerClass
org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath
/Users/tabtrader/Workspace/tools/bcprov-jdk15on-148.jar
keytool -import -v -trustcacerts -alias clientkey -file client.cer
-keystore trustserver.jks -keypass pass -storepass pass
Then modified SSLContext:
SERVER:
KeyStore keyStore = KeyStore.getInstance("JKS");
InputStream in = null;
try {
in = FileUtil.open(SSLContextFactory.class, "res/serverkey.jks");
keyStore.load(in, keyStorePassword);
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keyStore, "pass".toCharArray());
KeyStore trustStore = KeyStore.getInstance("JKS");
InputStream in = null;
try {
in = FileUtil.open(SSLContextFactory.class, "res/trustserver.jks");
trustStore.load(in, keyStorePassword);
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(trustStore);
SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
sslContext.init(kmf.getKeyManagers(), null, new SecureRandom());
SSLFilter sslFilter = new SSLFilter(sslContext);
sslFilter.setUseClientMode(false);
sslFilter.setNeedClientAuth(false);
CLIENT:
KeyStore keyStore = KeyStore.getInstance("BKS");
InputStream in = null;
try {
in = getResources().openRawResource(R.raw.clientkey); // clientkey.bks
keyStore.load(in, keyStorePassword);
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(keyStore, "pass".toCharArray());
KeyStore trustStore = KeyStore.getInstance("BKS");
in = null;
try {
in = getResources().openRawResource(R.raw.trustclient); //
trustclient.bks
trustStore.load(in, keyStorePassword);
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(trustStore);
SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
sslContext.init(kmf.getKeyManagers(), null, new SecureRandom());
SSLFilter sslFilter = new SSLFilter(sslContext);
sslFilter.setUseClientMode(true);
sslFilter.setNeedClientAuth(false);
Using this code SLL Handshake finished without errors:
DEBUG mina.acceptor.AcceptorIoHandler *handshakeStatus=FINISHED*
DEBUG mina.acceptor.AcceptorIoHandler sslSession CipherSuite used *
SSL_RSA_WITH_RC4_128_MD5*
And get established Mina Session. But then nothing happened. Next messages
from client are ignored without any logs. It is very strange.
If set sslFilter.setNeedClientAuth(true) for server I got exception:
SSLHandshakeException: null cert chain
Haw can I create this SSL connection? Where is the problem?
I found the same issue on stackoverflow, but there are no answers and I
cant write to question's author:
http://stackoverflow.com/questions/12527884/using-apache-mina-with-sslfilter-on-android/15222099
--
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups
"Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
