Well, I've spent countless hours trying to get this to work. I've
managed to connect a client application with my server using
SSLFilter, there doesn't seem to be any errors with connecting or
sending data from the client to the server. However, I ran into a
strange problem that I think may have to do with filters. It seems
that my client application can send messages to the server without any
problem, but as soon as the server sends messages back to the client,
the server locks up (usually on the second message sent). Here is the
stack trace:
Thread [AnonymousIoService-6-4] (Suspended)
ProtocolCodecFilter$ProtocolEncoderOutputImpl(SimpleProtocolEncoderOutput).write(ByteBuffer)
line: 32
MyPacketEncoder.encode(IoSession, Object, ProtocolEncoderOutput) line:
104
ProtocolCodecFilter.filterWrite(IoFilter$NextFilter, IoSession,
IoFilter$WriteRequest) line: 226
SocketFilterChain(AbstractIoFilterChain).callPreviousFilterWrite(IoFilterChain$Entry,
IoSession, IoFilter$WriteRequest) line: 583
AbstractIoFilterChain.access$7(AbstractIoFilterChain,
IoFilterChain$Entry, IoSession, IoFilter$WriteRequest) line: 577
AbstractIoFilterChain$1.filterWrite(IoSession, IoFilter$WriteRequest)
line: 799
AbstractIoFilterChain$3.filterWrite(IoFilter$NextFilter, IoSession,
IoFilter$WriteRequest) line: 212
SocketFilterChain(AbstractIoFilterChain).callPreviousFilterWrite(IoFilterChain$Entry,
IoSession, IoFilter$WriteRequest) line: 583
SocketFilterChain(AbstractIoFilterChain).filterWrite(IoSession,
IoFilter$WriteRequest) line: 574
SocketSessionImpl.write0(IoFilter$WriteRequest) line: 176
SocketSessionImpl(BaseIoSession).write(Object) line: 136
MyClient.write(String) line: 68
MyPacketHandler.sendAccountInfo(MyClient) line: 1081
MyPacketHandler.processPacket(MyClient, GenuFXPacket) line: 153
MyIoHandler.messageReceived(IoSession, Object) line: 79
AbstractIoFilterChain$3.messageReceived(IoFilter$NextFilter,
IoSession, Object) line: 188
SocketFilterChain(AbstractIoFilterChain).callNextMessageReceived(IoFilterChain$Entry,
IoSession, Object) line: 501
AbstractIoFilterChain.access$5(AbstractIoFilterChain,
IoFilterChain$Entry, IoSession, Object) line: 495
AbstractIoFilterChain$1.messageReceived(IoSession, Object) line: 787
ProtocolCodecFilter.messageReceived(IoFilter$NextFilter, IoSession,
Object) line: 187
SocketFilterChain(AbstractIoFilterChain).callNextMessageReceived(IoFilterChain$Entry,
IoSession, Object) line: 501
AbstractIoFilterChain.access$5(AbstractIoFilterChain,
IoFilterChain$Entry, IoSession, Object) line: 495
AbstractIoFilterChain$1.messageReceived(IoSession, Object) line: 787
SSLFilter.handleAppDataRead(IoFilter$NextFilter, SSLHandler) line: 623
SSLFilter.handleSSLData(IoFilter$NextFilter, SSLHandler) line: 601
SSLFilter.messageReceived(IoFilter$NextFilter, IoSession, Object) line:
392
SocketFilterChain(AbstractIoFilterChain).callNextMessageReceived(IoFilterChain$Entry,
IoSession, Object) line: 501
AbstractIoFilterChain.access$5(AbstractIoFilterChain,
IoFilterChain$Entry, IoSession, Object) line: 495
AbstractIoFilterChain$1.messageReceived(IoSession, Object) line: 787
ThreadPoolFilter.processEvent(IoFilter$NextFilter, IoSession,
ThreadPoolFilter$EventType, Object) line: 718
ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter$SessionBuffer)
line: 475
ThreadPoolFilter$Worker.run() line: 429
So it seems that it's getting stuck on the Queue.push(Object) call.
Afaik, there is no thread dead-locking, it's just sitting there. The
first message always goes out without any problem, but the second call
to IoSession.write() fails. The exact same code without the SSLFilter
added, works 100% of the time without any problem.
Also, to see if the same thing occurs in the example program
EchoServer, I tried to write an EchoClient program that can connect to
it. I created the bogus.cert just like in the comments in the
BogusSSLContextFactory class, I run the EchoServer but I get this
stack trace in the server when the client connects:
javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:421)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
at
org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
at
org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:718)
at
org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:475)
at
org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:429)
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)
at javax.net.ssl.SSLEngine.wrap(Unknown Source)
at
org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:518)
at
org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:389)
... 6 more
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at
com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(Unknown
Source)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(Unknown
Source)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown
Source)
at
org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:745)
at
org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:483)
... 8 more
I've attached the client code:
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import ssl.BogusSSLContextFactory;
import java.io.*;
public class MinaEchoClient {
public static void main(String[] arstring) {
try {
SSLContext sc = BogusSSLContextFactory.getInstance(
false );
SSLSocket sslsocket = (SSLSocket) sc.getSocketFactory()
.createSocket("127.0.0.1", 8080);
InputStream inputstream = System.in;
InputStreamReader inputstreamreader = new
InputStreamReader(
inputstream);
BufferedReader bufferedreader = new BufferedReader(
inputstreamreader);
OutputStream outputstream = sslsocket.getOutputStream();
OutputStreamWriter outputstreamwriter = new
OutputStreamWriter(
outputstream);
BufferedWriter bufferedwriter = new BufferedWriter(
outputstreamwriter);
String string = null;
while ((string = bufferedreader.readLine()) != null) {
bufferedwriter.write(string + '\n');
bufferedwriter.flush();
}
} catch (Exception exception) {
exception.printStackTrace();
}
}
}
If anyone can get this to work, then I'm sure I can use the code as a
guideline for making my server application work.
Any ideas is greatly appreciated!
Thank you!
On 6/21/06, class acts <[EMAIL PROTECTED]> wrote:
Hi Rob,
Thanks for your reply. That book sounds interesting, I'm going to
check it out for sure. I'm still playing around with it, but you're
right, it's not the certificate.. I guess I'm a little bit misguided
as most of the examples on the Internet don't involve SSLContext's. I
can get it working just by using:
SSLServerSocketFactory sslserversocketfactory =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket sslserversocket =
(SSLServerSocket)sslserversocketfactory.createServerSocket(9999);
I would basically like to use either SSL or TLS using RSA with 2048bit
key-handshake key length and 128bit payload keylength in my
communications. I suppose you aren't aware of any examples doing
something like this with MINA or other projects that have achieved
this? I tried looking around but didn't find anything or any mention
of anyone using SSL with MINA. Anyway, I'll play around with it some
more, it's just a little frustrating when it takes longer to encrypt
the communications on the server end compared to implementing it!
haha, but it's all thanks to MINA anyway.
So far, it looks like I'll have to bundle the certificate with the
client application after all, but I'll figure that out when I reach
that point.
Thanks,
Joe
On 6/21/06, Rob Butler <[EMAIL PROTECTED]> wrote:
> The error you display below is not because of keystore
> or certificate issues. SSL requires the use of
> several different cryptographic algorithms. The API
> for getting these various algorithms is shipped with
> the JDK as part of the javax.security package. The
> actual implementation of these algorithms are "plugged
> in" through a Service Provider Interface (SPI).
>
> JVM's before Java 1.4 were not shipped with any crypto
> algorithms because of the legal & political
> implications at the time. Java 1.4 and up have Sun
> provided crypto providers packaged with them but you
> can still plug in additional or third party crypto
> providers.
>
> The problem is the code cannot find a crypto provider
> that supplies the RC4 algorithm.
>
> > Caused by: java.security.NoSuchAlgorithmException:
> > Cannot find any provider
> > supporting RC4
> > at javax.crypto.Cipher.getInstance(DashoA12275)
>
> If your trying to do this on a JVM before 1.4 you need
> to install and configure a crypto provider that has
> the RC4 algorithm. If you doing this on 1.4 it might
> work but I don't know if Sun's crypto provider
> supplies that algorithm. If not, you still need to
> plugin an additional provider. Google around there
> are several good free or open source ones on the net
> _if_ you need one.
>
> A really great book on Java cryptography that explains
> things in simple terms is: Java Cryptography
> Extensions : Practical Guide for Programmers
>
http://www.amazon.com/gp/product/0127427511/sr=8-3/qid=1150835043/ref=pd_bbs_3/103-6541991-0431868?%5Fencoding=UTF8
>
> This book is well worth the money at even four times
> the price!
>
> Hope this helps,
> Rob
>
> --- class acts <[EMAIL PROTECTED]> wrote:
>
> > Hello all,
> >
> > I'm having some trouble connecting a client
> > socket to MINA configured to
> > use SSL. I have tried everything from creating my
> > own keystore to using the
> > BogusSSLContextFactory in MINA. The furthest I got
> > was getting:
> >
> > javax.net.ssl.SSLHandshakeException: Initial SSL
> > handshake failed.
> > at
> >
> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:421)
> > at
> >
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived
> > (AbstractIoFilterChain.java:501)
> > at
> >
> org.apache.mina.common.support.AbstractIoFilterChain.access$1000(
> > AbstractIoFilterChain.java:51)
> > at
> >
>
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived
> > (AbstractIoFilterChain.java:787)
> > at
> >
> org.apache.mina.filter.ThreadPoolFilter.processEvent(
> > ThreadPoolFilter.java:718)
> > at
> >
> org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(
> > ThreadPoolFilter.java:474)
> > at
> > org.apache.mina.filter.ThreadPoolFilter$Worker.run(
> > ThreadPoolFilter.java:429)
> > Caused by: javax.net.ssl.SSLException: Algorithm
> > missing:
> > at
> >
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.changeReadCiphers(Unknown
> > Source)
> > at
> >
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(Unknown
> > Source)
> > at
> >
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(Unknown
> > Source)
> > at
> >
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(Unknown
> > Source)
> > at javax.net.ssl.SSLEngine.unwrap(Unknown
> > Source)
> > at
> >
> org.apache.mina.filter.support.SSLHandler.unwrapHandshake(
> > SSLHandler.java:675)
> > at
> >
> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java
> > :492)
> > at
> >
> org.apache.mina.filter.support.SSLHandler.messageReceived(
> > SSLHandler.java:291)
> > at
> >
> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:389)
> > ... 6 more
> > Caused by: java.security.NoSuchAlgorithmException:
> > Cannot find any provider
> > supporting RC4
> > at javax.crypto.Cipher.getInstance(DashoA12275)
> > at
> >
> com.sun.net.ssl.internal.ssl.JsseJce.getCipher(Unknown
> > Source)
> > at
> >
> com.sun.net.ssl.internal.ssl.CipherBox.<init>(Unknown
> > Source)
> > at
> >
> com.sun.net.ssl.internal.ssl.CipherBox.newCipherBox(Unknown
> > Source)
> > at
> >
> com.sun.net.ssl.internal.ssl.CipherSuite$BulkCipher.newCipher(Unknown
> > Source)
> > at
> >
> com.sun.net.ssl.internal.ssl.Handshaker.newReadCipher(Unknown
> > Source)
> >
> >
> >
> >
> > I tried passing the KeyStore flags to the server and
> > client applications but
> > still to no avail. I suppose even any sample code
> > that can connect to the
> > EchoServer's SSL would be greatly appreciated.
> > Also, if using Java Web
> > Start in the client application connecting to the
> > server backend, has anyone
> > tried doing this? If the client needs to install
> > the server's cert, I'm not
> > sure how that can be accomplished with JWS. Any
> > thoughts is greatly
> > appreciated.
> >
> > Thanks,
> >
> > Joe
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
