I tested my SSL Server(Server Auth only), Client program (Server Auth only) with Harmony JDK version 1.5. This program uses HarmonyJSSE provider. I tried this program with Server certificate with Critical KeyUsage extension with (digital signature and key encipherment). But SSL Client throws exception at the Cipher.init function. I have attached the stack trace below.
Cipher.init(int, Certificate, SecureRandom) line: 818
Cipher.init(int, Certificate) line: 751
ClientHandshakeImpl.processServerHelloDone() line: 411 [local variables
unavailable]
ClientHandshakeImpl.unwrap(byte[]) line: 289
SSLRecordProtocol.unwrap() line: 413
SSLSocketImpl.doHandshake() line: 742
SSLSocketImpl.startHandshake() line: 451 [local variables unavailable]
SSLSocketImpl.writeAppData(byte[], int, int) line: 674
SSLSocketOutputStream.write(byte[]) line: 47
SslClient.main(String[]) line: 79
The following code in the Cipher.init(int, Certificate, SecureRandom) function
throws the exception.
if (opmode == ENCRYPT_MODE && (!keyUsage[7])) {
throw new InvalidKeyException(
Messages.getString("crypto.1A"));
//$NON-NLS-1$
} else
I have given the SSL Server code below.
================
import java.io.*;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import javax.net.ssl.*;
/**
* Java SSL Server Program using Application ID.
*/
public class JavaSslServer {
public static void main(String args[]) {
/*
* Set up to catch any exceptions thrown.
*/
try {
/*
* Allocate and initialize a KeyStore object.
*/
Security.removeProvider("DRLCertFactory");
char[] password = "password".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
FileInputStream fis = new
FileInputStream("kamalcriticalkeyusage.p12");
ks.load(fis, password);
/*
* Allocate and initialize a KeyManagerFactory.
*/
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("X509","HarmonyJSSE");
kmf.init(ks, password);
ks = KeyStore.getInstance("PKCS12");
fis = new FileInputStream("kamalcriticalkeyusage.p12");
ks.load(fis, password);
/*
* Allocate and initialize a TrustManagerFactory.
*/
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("X509","HarmonyJSSE");
tmf.init(ks);
/*
* Allocate and initialize an SSLContext.
*/
SSLContext c =
SSLContext.getInstance("TLS", "HarmonyJSSE");
c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
/*
* Get the an SSLServerSocketFactory from the SSLContext.
*/
SSLServerSocketFactory sf = c.getServerSocketFactory();
/*
* Create an SSLServerSocket.
*/
SSLServerSocket ss =
(SSLServerSocket) sf.createServerSocket(13333);
/*
* Perform an accept() to create an SSLSocket.
*/
SSLSocket s = (SSLSocket) ss.accept();
/*
* Receive a message from the client using the secure session.
*/
InputStream is = s.getInputStream();
byte[] buffer = new byte[1024];
int bytesRead = is.read(buffer);
if (bytesRead == -1)
throw new IOException("Unexpected End-of-file Received");
String received = new String(buffer, 0, bytesRead);
/*
* Write results to screen.
*/
System.out.println("Read " + received.length() + " bytes...");
System.out.println(received);
/*
* Echo the message back to the client using the secure session.
*/
OutputStream os = s.getOutputStream();
os.write(received.getBytes());
/*
* Write results to screen.
*/
System.out.println("Wrote " + received.length() + " bytes...");
System.out.println(received);
} catch (Exception e) {
System.out.println("Unexpected exception caught: " +
e.getMessage());
e.printStackTrace();
}
}
}
==========================================
SSL Client code is given below.
==========================================
import java.io.*;
import java.security.KeyStore;
import java.security.Security;
import javax.net.ssl.*;
/**
* SSL Client Program.
*/
public class SslClient {
/**
* SslClient main method.
*
* @param args the command line arguments (not used)
*/
public static void main(String args[]) {
/*
* Set up to catch any exceptions thrown.
*/
try {
/*
* Initialize an SSLConfiguration object to specify an application
* ID. "MY_CLIENT_APP" must be registered and configured
* correctly with the Digital Certificate Manager (DCM).
*/
/*
* Get a KeyStore object from the SSLConfiguration object.
*/
Security.removeProvider("DRLCertFactory");
char[] password = "password".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
FileInputStream fis = new
FileInputStream("kamalcriticalkeyusage.p12");
ks.load(fis, password);
/*
* Allocate and initialize a KeyManagerFactory.
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("X509");
kmf.init(ks, password);*/
/*
* Allocate and initialize a TrustManagerFactory.
*/
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("X509");
tmf.init(ks);
/*
* Allocate and initialize a KeyManagerFactory.
*/
/*
* Allocate and initialize a TrustManagerFactory.
*/
/*
* Allocate and initialize an SSLContext.
*/
SSLContext c =
SSLContext.getInstance("TLS", "HarmonyJSSE");
c.init(null, tmf.getTrustManagers(), null);
/*
* Get the an SSLSocketFactory from the SSLContext.
*/
SSLSocketFactory sf = c.getSocketFactory();
/*
* Create an SSLSocket.
*
* Change the hard-coded IP address to the IP address or host name
* of the server.
*/
SSLSocket s = (SSLSocket) sf.createSocket("172.16.145.156", 13333);
/*
* Send a message to the server using the secure session.
*/
String sent = "Test of java SSL write";
OutputStream os = s.getOutputStream();
os.write(sent.getBytes());
/*
* Write results to screen.
*/
System.out.println("Wrote " + sent.length() + " bytes...");
System.out.println(sent);
/*
* Receive a message from the server using the secure session.
*/
InputStream is = s.getInputStream();
byte[] buffer = new byte[1024];
int bytesRead = is.read(buffer);
if (bytesRead == -1)
throw new IOException("Unexpected End-of-file Received");
String received = new String(buffer, 0, bytesRead);
/*
* Write results to screen.
*/
System.out.println("Read " + received.length() + " bytes...");
System.out.println(received);
} catch (Exception e) {
System.out.println("Unexpected exception caught: " +
e.getMessage());
e.printStackTrace();
}
}
}
===========================================================
I have attached the p12 file I used with this program.
==========================================
Can you please give your opinion on this issue.
Regards,
Kamal.
kamalcriticalkeyusage.p12
Description: application/pkcs12
