Hi, i'm developing a simple app that is an android client that
communicates with a server on a ssl socket. Everything works fine,
but when i add to the ServerSocket running on my server pc the option
setNeedClientAuth the client can't authenticate...in particular i get
this exception on the server...
[CODE]
javax.net.ssl.SSLHandshakeException: null cert chain
[/CODE]
The same code executed in a normal app in Java on a pc works fine!
Here i post the code of the server:
[CODE]
* SslReverseEchoerRevised.java
* Copyright (c) 2005 by Dr. Herong Yang
*/
import java.io.*;
import java.net.*;
import java.security.*;
import javax.net.ssl.*;
//import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class SslReverseEchoer {
public static void main(String[] args) {
//if (args.length<3) {
// System.out.println("Usage:");
//System.out.println(
// " java SslReverseEchoerRevised ksName ksPass ctPass");
//return;
//}
//String ksName = args[0];
//char[] ksPass = args[1].toCharArray();
//char[] ctPass = args[2].toCharArray();
//System.setProperty("javax.net.ssl.trustStore", "servertrust");
//System.setProperty("javax.net.ssl.trustStorePassword",
"password");
try {
System.out.println("-----
>"+KeyManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("BKS");
ks.load(new FileInputStream("serverkeys2.bks"),
"password".toCharArray());
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("sunX509");
kmf.init(ks, "password".toCharArray());
//KeyStore ts = KeyStore.getInstance("BKS");
//ts.load(new FileInputStream("servertrust.bks"),
"password".toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("X509");
tmf.init(ks);
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLServerSocketFactory ssf = sc.getServerSocketFactory();
SSLServerSocket s
= (SSLServerSocket) ssf.createServerSocket(8888);
s.setNeedClientAuth(true);
printServerSocketInfo(s);
SSLSocket c = (SSLSocket) s.accept();
//c.setNeedClientAuth(true);
printSocketInfo(c);
BufferedWriter w = new BufferedWriter(new OutputStreamWriter(
c.getOutputStream()));
BufferedReader r = new BufferedReader(new InputStreamReader(
c.getInputStream()));
String m = "Welcome to SSL Reverse Echo Server."+
" Please type in some words.";
w.write(m,0,m.length());
w.newLine();
w.flush();
while ((m=r.readLine())!= null) {
if (m.equals(".")) break;
char[] a = m.toCharArray();
int n = a.length;
for (int i=0; i<n/2; i++) {
char t = a[i];
a[i] = a[n-1-i];
a[n-i-1] = t;
}
w.write(a,0,n);
w.newLine();
w.flush();
}
w.close();
r.close();
c.close();
s.close();
} catch (Exception e) {
System.err.println(e.toString());
}
}
private static void printSocketInfo(SSLSocket s) {
System.out.println("Socket class: "+s.getClass());
System.out.println(" Remote address = "
+s.getInetAddress().toString());
System.out.println(" Remote port = "+s.getPort());
System.out.println(" Local socket address = "
+s.getLocalSocketAddress().toString());
System.out.println(" Local address = "
+s.getLocalAddress().toString());
System.out.println(" Local port = "+s.getLocalPort());
System.out.println(" Need client authentication = "
+s.getNeedClientAuth());
SSLSession ss = s.getSession();
try {
System.out.println("Session class: "+ss.getClass());
System.out.println(" Cipher suite = "
+ss.getCipherSuite());
System.out.println(" Protocol = "+ss.getProtocol());
System.out.println(" PeerPrincipal = "
+ss.getPeerPrincipal().getName());
System.out.println(" LocalPrincipal = "
+ss.getLocalPrincipal().getName());
} catch (Exception e) {
System.err.println(e.toString());
}
}
private static void printServerSocketInfo(SSLServerSocket s) {
System.out.println("Server socket class: "+s.getClass());
System.out.println(" Socker address = "
+s.getInetAddress().toString());
System.out.println(" Socker port = "
+s.getLocalPort());
System.out.println(" Need client authentication = "
+s.getNeedClientAuth());
System.out.println(" Want client authentication = "
+s.getWantClientAuth());
System.out.println(" Use client mode = "
+s.getUseClientMode());
}
}
[/CODE]
And this is the code of the client:
[CODE]
package com.android.examples.androidclientprova2;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import android.app.Activity;
import android.os.AsyncTask;
import android.os.Bundle;
import android.text.method.ScrollingMovementMethod;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TextView;
public class AndroidClientProva2 extends Activity {
private EditText enter;
private TextView display;
BufferedWriter w;
BufferedReader r;
/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
Button send = (Button) findViewById(R.id.send);
enter = (EditText) findViewById(R.id.enter);
display = (TextView) findViewById(R.id.display);
display.setMovementMethod(ScrollingMovementMethod.getInstance());
send.setOnClickListener(new View.OnClickListener() {
public void onClick(View view) {
sendData(enter.getText().toString());
}
});
MsgPrintTask task = new MsgPrintTask();
task.execute("");
}
private void sendData(String s){
try{
w.write(s,0,s.length());
display.append(s);
}
catch(IOException io){
display.append("\nError Writing Object");
}
}
public class MsgPrintTask extends AsyncTask<String, String,
String>{
SSLSocket c;
InputStream keyStore =
getResources().openRawResource(R.raw.clientkeys_bks_2);
//String keyStorePassword = "password";
InputStream trustStore =
getResources().openRawResource(R.raw.clienttrust_bks);
String trustStorePassword = "password";
@Override
protected void onPreExecute(){
try{
KeyStore ts = KeyStore.getInstance("BKS");
ts.load(trustStore, "password".toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
tmf.init(ts);
KeyStore ks = KeyStore.getInstance("BKS");
ks.load(keyStore, "password".toCharArray());
display.append("\n-->"+KeyManagerFactory.getDefaultAlgorithm()
+"\n");
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, "password".toCharArray());
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(),
new
SecureRandom());
SSLSocketFactory f = sc.getSocketFactory();
c = (SSLSocket) f.createSocket("192.168.1.5", 8888);
printSocketInfo(c);
c.startHandshake();
w = new BufferedWriter(new
OutputStreamWriter(c.getOutputStream()));
r = new BufferedReader(new
InputStreamReader(c.getInputStream()));
}
catch(Exception e) {
display.append(e.toString());
}
}
@Override
protected String doInBackground(String... params) {
try{
String m =null;
while ((m=r.readLine())!= null) {
publishProgress("\n"+m+"\n");
}
} catch (Exception e) {
display.append(e.toString());
}
return null;
}
@Override
protected void onProgressUpdate(String... progress){
display.append(progress[0]);
}
@Override
protected void onPostExecute(String cacca){
try{
w.close();
r.close();
c.close();}
catch(Exception e){
display.append(e.toString());
}
}
}
}
[/CODE]
It's two days that i break my head on this thing...i hope that someone
could help me...Thank you!
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
