I have problems on establishing SSL connection between server and android
using Apache Mina (both on server and client);
First of all I generated self signed keys. Bouncy Castle for Android and JKS
for server:
SERVER:
keytool -genkey -dname "cn=sslkey, o=test, c=RU" -alias serverkey -keyalg
RSA -keypass pass -storepass pass -keystore serverkey.jks -validity 1000
keytool -export -alias serverkey -storepass pass -file server.cer -keystore
serverkey.jks
keytool -import -alias serverkey -file server.cer -keypass pass -keystore
trustclient.bks -storetype BKS -storepass pass -providerClass
org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath
bcprov-jdk15on-148.jar
CLIENT:
keytool -genkey -dname "cn=sslkey, o=test, c=RU" -alias clientkey -keyalg
RSA -keypass pass -storepass pass -keystore clientkey.jks -validity 1000
keytool -export -alias clientkey -storepass pass -file client.cer -keystore
clientkey.jks
keytool -import -alias clientkey -file client.cer -keypass pass -keystore
clientkey.bks -storetype BKS -storepass pass -providerClass
org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath
/Users/tabtrader/Workspace/tools/bcprov-jdk15on-148.jar
keytool -import -v -trustcacerts -alias clientkey -file client.cer -keystore
trustserver.jks -keypass pass -storepass pass
Then modified SSLContext:
SERVER:
KeyStore keyStore = KeyStore.getInstance("JKS");
InputStream in = null;
try {
in = FileUtil.open(SSLContextFactory.class, "res/serverkey.jks");
keyStore.load(in, keyStorePassword);
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keyStore, "pass".toCharArray());
KeyStore trustStore = KeyStore.getInstance("JKS");
InputStream in = null;
try {
in = FileUtil.open(SSLContextFactory.class, "res/trustserver.jks");
trustStore.load(in, keyStorePassword);
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), null, new SecureRandom());
SSLFilter sslFilter = new SSLFilter(sslContext);
sslFilter.setUseClientMode(false);
sslFilter.setNeedClientAuth(false);
CLIENT:
KeyStore keyStore = KeyStore.getInstance("BKS");
InputStream in = null;
try {
in = getResources().openRawResource(R.raw.clientkey); // clientkey.bks
keyStore.load(in, keyStorePassword);
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(keyStore, "pass".toCharArray());
KeyStore trustStore = KeyStore.getInstance("BKS");
in = null;
try {
in = getResources().openRawResource(R.raw.trustclient); //
trustclient.bks
trustStore.load(in, keyStorePassword);
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), null, new SecureRandom());
SSLFilter sslFilter = new SSLFilter(sslContext);
sslFilter.setUseClientMode(true);
sslFilter.setNeedClientAuth(false);
Using this code SLL Handshake finished without errors:
DEBUG mina.acceptor.AcceptorIoHandler handshakeStatus=FINISHED
DEBUG mina.acceptor.AcceptorIoHandler sslSession CipherSuite used
SSL_RSA_WITH_RC4_128_MD5
And get established Mina Session. But then nothing happened. Next messages
from client are ignored without any logs. It is very strange.
If set sslFilter.setNeedClientAuth(true) for server I got exception:
SSLHandshakeException: null cert chain
Haw can I create this SSL connection? Where is the problem?
--
View this message in context:
http://apache-mina.10907.n7.nabble.com/SSL-connection-Android-Server-using-Apache-Mina-tp37009.html
Sent from the Apache MINA Developer Forum mailing list archive at Nabble.com.
