Java key store is not found when default SSL context is redefined -

-

suppose, want connections via ssl in java application ask user permission, when untrusted or expired server certificate encountered (like of web browsers do).

it seemed, natural way substitute default ssl context on application startup.

here minimal working example:

public class clientauthentication {     public static final string server_url = "https://my.test.server";      public static void main(string[] args) throws exception {         sslcontext defaultcontext = sslcontext.getinstance("tls");         defaultcontext.init(null, new trustmanager[]{new myx509trustmanager()}, null);         // defaultcontext.init(null, null, null);         sslcontext.setdefault(defaultcontext);         httpurlconnection connection = (httpurlconnection) new url(server_url).openconnection();         system.out.println(connection.getresponsecode());     }      private static class myx509trustmanager implements x509trustmanager {         @override         public void checkclienttrusted(x509certificate[] x509certificates, string s) throws certificateexception {             throw new unsupportedoperationexception("won't called client");         }          @override         public void checkservertrusted(x509certificate[] chain, string s) throws certificateexception {             if (useracceptscertificate(chain)) {                 system.out.format("certificate '%s' accepted%n", chain[0].getissuerx500principal().getname());             }         }          @override         public x509certificate[] getacceptedissuers() {             return new x509certificate[0];         }          private boolean useracceptscertificate(x509certificate[] x509certificates) {             // ...             return true;         }     } }

unfortunately, doesn't work, when server requires client authentication. even, when key store containing client certificate specified via -djavax.net.ssl.keystore vm option, connection fails javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure, because client certificate wasn't sent @ (traced in wireshark).

such behavior bit surprising, because javadoc sslcontext#init(keymanager[], trustmanager[], securerandom) states, passing null instead of either of key managers or trust managers means, default lookup procedure performed.

Сontradictorily, if pass null instead of array custom trust manager second argument init , specify jks trust store, containing server certificate, using
-djavax.net.ssl.truststore vm parameters, server certificate found there , accepted successfully.

so, can advise way redefine default ssl context, substituting trust manager , leaving default behavior regarding search of key managers? or may robust way find key manager specified via vm options.

notes

  1. if don't customize default ssl context @ all, connection successful, i.e. paths, password , store types correct in vm options.

  2. i can't in way call sslcontext.getdefault() or sslcontext.getinstance("default"), because default context can initialized once.

you've initialized context null key manager. means there no key manager. doesn't mean there default key manager. so, when functions of key manager requested, nothing happens. functions include supplying client certificate.

the javadoc wrong. ibm jsse behaves described there, sun/oracle jsse doesn't, , never has.


Comments

Post a Comment

Popular posts from this blog

c++ - How to add Crypto++ library to Qt project -

-
Image
i downloaded crypto++ source , compiled cryptlib project in visual studio 2013, , added generated .lib file qt project, made .pro file this: qt += core gui qt += sql greaterthan(qt_major_version, 4):qt += widgets target = untitled template = app sources += main.cpp\ mainwindow.cpp headers += mainwindow.h \ databasecontrol.h \ test.h forms += mainwindow.ui win32:config(release, debug|release): libs += -l$$pwd/ -lcryptlib else:win32:config(debug, debug|release): libs += -l$$pwd/ -lcryptlibd else:unix: libs += -l$$pwd/ -lcryptlib includepath += $$pwd/ dependpath += $$pwd/ win32-g++:config(release, debug|release): pre_targetdeps += $$pwd/libcryptlib.a else:win32-g++:config(debug, debug|release): pre_targetdeps += $$pwd/libcryptlibd.a else:win32:!win32-g++:config(release, debug|release): pre_targetdeps += $$pwd/cryptlib.lib else:win32:!win32-g++:config(debug, debug|release): pre_targetdeps += $$pwd/cryptlibd.lib else:unix: pre_targetdeps += $$pw
Read more

jQuery Mobile app not scrolling in Firefox -

-
i have mobile app built in jquery mobile. scrolling fine in chrome & safari, fails scroll in firefox on desktop. have other instances of same app, different features, , works across browsers. life of me, cannot figure this, please help! located here: http://re-brand.us/dsus/index.html seems bug in firefox: bug log . able scroll using keyboard not trackpad on mac. are using mac? i'll keep looking see if can find way around it.
Read more

How to use vim as editor in Matlab GUI -

-
i using matlab r2013b. using gui, command windows , editor in split screen. in matlab preferences > editor/debugger > editor. there option set custom editor instead of matlab editor. set local editor /usr/bin/vim , not able open files @ anymore. there possibility use vim editor in split screen mode? i aware of !vim file.m , not solution looking for, works satisfactory in -nodisplay mode. rather want keep split screen mode. i did not find solution 100% satisfying, using tmux intermediate solution. allows 2 use split screen 2 terminals. in 1 of can open matlab -nodesktop in terminal mode, , in other 1 vim . possible switch between both split screens. you can use functionality of gui matlab typing things commandhistory , who et cetera.
Read more