I am working on a Cajo implementation and need to make it run over SSL. For whatever reason a javax.net.ssl.SSLHandshakeException is thrown. Can anyone please provide some help on how to get Cajo to work via SSL? I am using Cajo v1.175.
I am certain this is a simple issue with a simple fix, but I am a noob when it comes to RMI...
Full code, certs and error messages are at http://www.mikebryant.com/misc/cajo/cajossl.zip
Any help is greatly appreciated!
As requested, here is some code examples and the error messages.... The server socket code I got from http://www.cs.columbia.edu/~akonstan/rmi-ssl/
Server.java
private static int port = 61354;
@SuppressWarnings("javadoc")
public static void main(String args[]) throws Exception {
String ip = InetAddress.getLocalHost().getHostAddress();
Remote.config(ip, Constants.PORT, null, 0);
java.rmi.server.RMISocketFactory.setSocketFactory(new cajotest.rmi.SecureRMISocketFactory());
Cajo cajo = new Cajo();
cajo.export(new ServiceImpl());
System.out.println("Server running on " + InetAddress.getLocalHost() + ":" + Constants.PORT);
}
Client.java
private static String host = "192.168.56.1";
public static void main(String args[]) throws Exception {
System.out.println("Client using " + host + ":" + Constants.PORT);
java.rmi.server.RMISocketFactory.setSocketFactory(new cajotest.rmi.SecureRMISocketFactory());
Cajo cajo = new Cajo();
cajo.register(host, Constants.PORT);
Object refs[] = cajo.lookup(Service.class);
if (refs.length > 0) {
Service svc = (Service) cajo.proxy(refs[0], Service.class);
String helloResponse = svc.sayHello("Mike");
System.out.println(helloResponse);
} else {
System.out.println("No server objects found");
}
System.exit(0);
}
Server Output
keyStore is : E:/tmp/keys/server.keystore keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509
found key for : mykey chain [0] = [ [ Version: V3 Subject: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits modulus: 31434775225176154525188450095928359730439773654569875739006529498753775941836879335170711581345181627002505013136641662171665561909368111128992563200107296330496960757120954961536110026266883151124825419006377272595234135200675051213302816914418337984097764612958767550798419182794412912305446103091606209963556959114853256386233481900800240210577795238128981652820232312019642106408583884850663783871435028385309369039684834482184818872915700300803897953631336567205645337828655696590723579859939321644377438059078563879623268616615009655624038507147063801873971704632278047739002847454047756775144357906262202283709 public exponent: 65537 Validity: [From: Wed Apr 16 08:53:44 EDT 2014, To: Tue Jul 15 08:53:44 EDT 2014] Issuer: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN SerialNumber: [ 4f991afd]
Certificate Extensions: 1 [1]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: FA 7D 37 D8 66 14 CC 5B A6 BF EA 53 74 63 91 8F ..7.f..[...Stc.. 0010: EA 55 82 8F .U.. ] ]
] Algorithm: [SHA256withRSA] Signature: 0000: 54 67 10 1F 22 79 9F C1 39 02 B3 99 31 4E 4F B7 Tg.."y..9...1NO. 0010: 86 5B 6C B6 35 95 97 77 A0 49 80 EC 53 A4 7E C1 .[l.5..w.I..S... 0020: 3F B0 0F 20 7B 80 D3 6B 32 C2 4B E4 E2 53 C0 59 ?.. ...k2.K..S.Y 0030: 53 98 C3 4D 93 5E F7 10 E5 51 19 DF A5 B8 27 90 S..M.^...Q....'. 0040: 58 AC 91 FA 5A 9A A0 73 CA C1 A0 08 A2 96 8E E2 X...Z..s........ 0050: DE C6 0D 63 9A 66 52 BD F4 22 3C 29 21 15 36 6F ...c.fR.."<)!.6o 0060: 87 E5 EE 49 86 28 E4 67 30 11 BD CB B5 70 AD D0 ...I.(.g0....p.. 0070: 22 AD 03 78 3D 9B 7D 65 DE 28 44 3E 4F BB 80 72 "..x=..e.(D>O..r 0080: 0E 3C 29 7D C2 18 4E DB D5 F7 C3 A0 32 D9 E9 07 .<)...N.....2... 0090: 7D 84 A6 23 38 8E 63 F6 F2 A1 9B 1E AC DF BD 1A ...#8.c......... 00A0: 9F 5A CA 9F 49 32 01 94 B3 F5 F6 64 6F 43 6D 35 .Z..I2.....doCm5 00B0: B5 71 E1 2E 6C FC C3 99 23 DE F9 EB A9 E8 FB 02 .q..l...#....... 00C0: 4F 7D 77 DE 9A F2 FF C2 2E F3 B3 A0 CF 5C 6F 23 O.w..........\o# 00D0: D1 B1 93 7B 55 BC C6 A6 2F 07 C2 0D E5 55 8D DD ....U.../....U.. 00E0: 54 74 2C 85 12 6C E6 7A B0 63 6A 10 72 F9 39 38 Tt,..l.z.cj.r.98 00F0: 99 7C F4 C4 95 2E 79 48 C0 70 A9 B7 57 A9 55 46 ......yH.p..W.UF
]
trustStore is: E:\tmp\keys\server.keystore trustStore type is : jks trustStore provider is : init truststore adding as trusted cert: Subject: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN Issuer: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN Algorithm: RSA; Serial number: 0x4f991afd Valid from Wed Apr 16 08:53:44 EDT 2014 until Tue Jul 15 08:53:44 EDT 2014
adding as trusted cert: Subject: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN Issuer: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN Algorithm: RSA; Serial number: 0x34f4b1a1 Valid from Wed Apr 16 08:54:40 EDT 2014 until Tue Jul 15 08:54:40 EDT 2014
trigger seeding of SecureRandom done seeding SecureRandom Server running on Coruscant/192.168.56.1:61354
Client Output
Client using 192.168.56.1:61354 keyStore is : E:/tmp/keys/client.keystore keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509
found key for : mykey chain [0] = [ [ Version: V3 Subject: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits modulus: 17138097295393612277035352117769395039898411523084254468636172064694291643785627714254568170929877396708304047390061148924969763142078656182412595021000020409534532998798795520686728121819932399147428088113942915656945012724682101815391741129215424540207649843144893952660981710728604065430397993949203653373697078227603166902329372420465918295279504255056173129004094269357111536832825597754454857829397305965490792521265512567191812885625114031306416897590287126686684695535655220394890619907763314629130717883370421294661388162541292858875691164575058279131977342304495210869976587846586803189943875996789637083793 public exponent: 65537 Validity: [From: Wed Apr 16 08:54:40 EDT 2014, To: Tue Jul 15 08:54:40 EDT 2014] Issuer: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN SerialNumber: [ 34f4b1a1]
Certificate Extensions: 1 [1]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 76 5E 19 97 98 E4 33 E9 9B B9 31 E9 B6 D0 F0 F2 v^....3...1..... 0010: 56 37 CE 18 V7.. ] ]
] Algorithm: [SHA256withRSA] Signature: 0000: 7D 63 DA B3 ED 5A 32 DB 48 66 80 89 5B 05 1C 36 .c...Z2.Hf..[..6 0010: 93 7D 47 75 D6 F1 74 82 7F 12 04 8C CB 20 AB E5 ..Gu..t...... .. 0020: 90 4A 5D B7 90 1E 98 5D CF 7E 86 EA DC 3B 64 4A .J]....].....;dJ 0030: 5D B3 DB 76 DE C0 65 1F AB 07 22 08 D9 F3 F1 CF ]..v..e..."..... 0040: 4D 73 A8 E6 BC 94 44 02 39 0D 32 84 78 1E 32 DD Ms....D.9.2.x.2. 0050: 42 4D 6C 53 B7 00 EE 3C CE 3C 68 DA FA AA 28 A0 BMlS...<.
]
trustStore is: E:\tmp\keys\client.keystore trustStore type is : jks trustStore provider is : init truststore adding as trusted cert: Subject: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN Issuer: CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN Algorithm: RSA; Serial number: 0x4f991afd Valid from Wed Apr 16 08:53:44 EDT 2014 until Tue Jul 15 08:53:44 EDT 2014
adding as trusted cert: Subject: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN Issuer: CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN Algorithm: RSA; Serial number: 0x34f4b1a1 Valid from Wed Apr 16 08:54:40 EDT 2014 until Tue Jul 15 08:54:40 EDT 2014
trigger seeding of SecureRandom done seeding SecureRandom Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false %% No cached client session * ClientHello, TLSv1 RandomCookie: GMT: 1397762666 bytes = { 92, 155, 95, 199, 227, 200, 183, 73, 110, 151, 210, 240, 190, 70, 181, 238, 2, 129, 136, 117, 166, 211, 25, 2, 235, 239, 76, 228 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed]
main, WRITE: TLSv1 Handshake, length = 149 main, received EOFException: error main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake main, SEND TLSv1 ALERT: fatal, description = handshake_failure main, WRITE: TLSv1 Alert, length = 2 main, called closeSocket() Exception in thread "main" java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:304) at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202) at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:341) at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source) at java.rmi.Naming.lookup(Naming.java:101) at gnu.cajo.invoke.Remote.getItem(Unknown Source) at gnu.cajo.Cajo.register(Unknown Source) at cajotest.client.Client.main(Client.java:22) Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) at java.io.DataOutputStream.flush(DataOutputStream.java:123) at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:229) ... 7 more Caused by: java.io.EOFException: SSL peer shut down incorrectly at sun.security.ssl.InputRecord.read(InputRecord.java:482) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927) ... 14 more
javax.net.debug
on the client tossl,handshake,record
and analyze the debug output. – Marcel Stör