Java SSL code throwing NoSuchAlgorithException -
Java SSL code throwing NoSuchAlgorithException -
i'm working on project want add together ssl to, created simple client/server test implementation see if worked , nosuchalgorithmexception. next server code throwing exception:
import java.io.*; import java.net.*; import java.security.keymanagementexception; import java.security.keystore; import java.security.keystoreexception; import java.security.nosuchalgorithmexception; import java.security.securerandom; import java.security.unrecoverablekeyexception; import java.security.cert.certificateexception; import javax.net.ssl.*; public class sslserver { private static final int port = 5555; public static void main(string[] args) { securerandom sr = new securerandom(); sr.nextint(); seek { //client.public keystore file holds client's public key (created keytool) keystore clientkeystore = keystore.getinstance("jks"); clientkeystore.load(new fileinputstream("client.public"), "clientpublicpw".tochararray()); //server.private key pair server (created keytool) keystore serverkeystore = keystore.getinstance("jks"); clientkeystore.load(new fileinputstream("server.private"), "serverprivatepw".tochararray()); trustmanagerfactory tmf = trustmanagerfactory.getinstance("sunx509"); tmf.init(clientkeystore); //this next line exception occurs keymanagerfactory kmf = keymanagerfactory.getinstance("tls"); kmf.init(serverkeystore, "serverprivatepw".tochararray()); sslcontext sslcontext = sslcontext.getinstance("tls"); sslcontext.init(kmf.getkeymanagers(), tmf.gettrustmanagers(), sr); sslserversocketfactory sf = sslcontext.getserversocketfactory(); sslserversocket ss = (sslserversocket)sf.createserversocket(sslserver.port); ss.setneedclientauth(true); bufferedreader in = new bufferedreader(new inputstreamreader(ss.accept().getinputstream())); string line = null; while((line = in.readline()) != null) { system.out.println(line); } in.close(); ss.close(); } grab (ioexception e) { e.printstacktrace(); } grab (nosuchalgorithmexception e) { e.printstacktrace(); } grab (certificateexception e) { e.printstacktrace(); } grab (keystoreexception e) { e.printstacktrace(); } grab (unrecoverablekeyexception e) { e.printstacktrace(); } grab (keymanagementexception e) { e.printstacktrace(); } } } the stacktrace is:
java.security.nosuchalgorithmexception: tls keymanagerfactory not available @ sun.security.jca.getinstance.getinstance(unknown source) @ javax.net.ssl.keymanagerfactory.getinstance(unknown source) @ sslserver.main(sslserver.java:32) i tried replacing "tls" "ssl" , still got same exception. didn't create sense me. how can tls , ssl not supported? first time trying implement ssl , seems hard find resources code examples explained. can tell me why getting exception or point out wrong code?
there number of problems:
it's calledtls (transport layer security), not tsl (for sslcontext). i'd suggest using default here: trustmanagerfactory tmf = trustmanagerfactory.getinstance(trustmanagerfactory.getdefaultalgorithm()) (the default pkix on oracle jre`) (edit:) default keymanagerfactory sunx509 (tls doesn't exist here). again, utilize getdefaultalgorithm(). you should close fileinputstream 1 time you've read them. it's not clear why have both client , server keystore @ same place. these should 2 programs: 1 client , server (and setneedclientauth(true) useful on server side). clearer phone call else "client store" if it's keystore. (in addition, since seem learning how create work, i'd suggest trying without client-certificate authentication first, in case, server won't need truststore: utilize null sec parameter of sslcontext.init(...) utilize default value.) do not give server keystore client. export certificate new keystore utilize trust store. each entity (client , server) should maintain own private keys private. it's not much public key (only) of remote party want in trust-store: it's going certificate. create sure haven't imported public key, entire certificate. for clarify, maintain appropriate extensions files: utilize .jks jks keystore, save headaches later. you can utilize null securerandom in sslcontext.init(...): utilize default value according security provider. something should work better:
keystore truststore = keystore.getinstance("jks"); inputstream tsis = new fileinputstream("trustedcerts.jks"); truststore.load(tsis, "clientpublicpw".tochararray()); tsis.close(); keystore serverkeystore = keystore.getinstance("jks"); inputstream ksis = new fileinputstream("server.jks"); clientkeystore.load(ksis.close(), "serverprivatepw".tochararray()); ksis.close(); trustmanagerfactory tmf = trustmanagerfactory.getinstance(trustmanagerfactory.getdefaultalgorithm()); tmf.init(truststore); keymanagerfactory kmf = keymanagerfactory.getinstance(keymanagerfactory.getdefaultalgorithm()); kmf.init(serverkeystore, "serverprivatepw".tochararray()); sslcontext sslcontext = sslcontext.getinstance("tls"); sslcontext.init(kmf.getkeymanagers(), tmf.gettrustmanagers(), null); sslserversocketfactory sf = sslcontext.getserversocketfactory(); sslserversocket ss = (sslserversocket)sf.createserversocket(sslserver.port); ss.setneedclientauth(true); java ssl
Comments
Post a Comment