Hi all,I have a strange behavior with the SUN ldap certStore provider when trying to find pkiCA entry...
With openSSL: I created a self signed certificate for a CA. (PEM format and RSA key)I created another certificate for two users A and B (PEM format and RSA key). I have requested signature from the previous created CA for each one. I revoke certificate for A and generate a crl whith openssl. Then I transform this crl in a pkcs7 crl for java SUN provider understanding.
Those two certificates have an issuer for OU=MyOrganization,DC=example,DC=com So I create a pkiCa and organizationlUnit entry at OU=MyOrganization,DC=example,DC=com on the server. In this entry, i put the caCertificate, the certificateRevocationLists(CRL in PKCS7) and the authorityRevocationList(Same CRL in PKCS7) values.
I enable Anonymous access on my apacheds server...When executing the following code, I generate a unexpected exception which closes server connexion...
LDAPCertStoreParameter lParams = new LDAPCertStoreParameter("localhost", 10389);
lCertStore = CertStore.getInstance("LDAP", lParams, "SUN");
X509CRLSelector = new X509CRLSelector();
lCRLSelector.setCertificateChecking(pCertificate);
lCrlCollection = certStore.getCRLs(lCRLSelector); // lCRLCoolection is
returned empty even if it should contain a crl for A and the logging
file apacheds-rolling.log shows that a server connection closed... There
is no exception shown from SUN CertStore provider. It is very silent.
Extract of apacheds-rolling.log:[12:12:10] WARN [org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler] - [/127.0.0.1:1235] Unexpected exception forcing session to close: sending disconnect notice to client. java.io.IOException: Une connexion existante a dû être fermée par l'hôte distant
at sun.nio.ch.SocketDispatcher.read0(Native Method) at sun.nio.ch.SocketDispatcher.read(Unknown Source) at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source) at sun.nio.ch.IOUtil.read(Unknown Source) at sun.nio.ch.SocketChannelImpl.read(Unknown Source)at org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:271) at org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245) at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:42) at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566) [12:12:10] WARN [org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler] - [/127.0.0.1:1236] Unexpected exception forcing session to close: sending disconnect notice to client. java.io.IOException: Une connexion existante a dû être fermée par l'hôte distant
at sun.nio.ch.SocketDispatcher.read0(Native Method) at sun.nio.ch.SocketDispatcher.read(Unknown Source) at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source) at sun.nio.ch.IOUtil.read(Unknown Source) at sun.nio.ch.SocketChannelImpl.read(Unknown Source)at org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:271) at org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245) at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:42) at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566)
Does anyone has a clue on what happens. Is it a bug from apacheds or SUN CertStore provider?
Thanks for help, Tony
