I'm writing a Client Server application with RMI and I want to secure the traffic between Client and Server. I want to use the SslRMIClientSocketFactory
and SslRMIServerSocketFactory
for this.
I've created a keypair for the Client and for the Server (client.private
and server.private
) and also a certificate for the Client and for the Server (client.public
and server.public
).
I think I'm correctly adding the keypair to the keystore and the certificate to the truststore. I only use the custom Socket Factory's when exporting my objects, not when I'm creating the RMI Registry. Here's my code:
Server:
public class Server implements ServerProtocol {
public Server() {
super();
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.public");
String passphrase = //
clientKeyStore.load(client, passphrase.toCharArray());
client.close();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.private");
String password = //
serverKeyStore.load(server, password.toCharArray());
server.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(clientKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(serverKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(null, null, true);
LocateRegistry.createRegistry(2020).rebind("server", this);
UnicastRemoteObject.exportObject(this, 2020, csf, ssf);
}
public void sayHello() {
System.out.println("Hello");
}
}
Client:
public class Client implements ClientProtocol {
public Client() {
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.public");
String passphrase = //
serverKeyStore.load(server, passphrase.toCharArray());
server.close();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.private");
String password = //
clientKeyStore.load(client, password.toCharArray());
client.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(serverKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(clientKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(null, null, true);
Registry reg = LocateRegistry.getRegistry("localhost", 2020);
serverStub = (ServerService) reg.lookup("server");
stub = (ClientService) UnicastRemoteObject.exportObject(this, 2020, csf, ssf);
serverStub.sayHello();
}
}
When I run this, I get the following error message:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.DataOutputStream.flush(DataOutputStream.java:106)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:211)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:110)
at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:178)
at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:132)
at com.sun.proxy.$Proxy0.sayHello(Unknown Source)
at project.Client.<init>(Client.java:100)
at project.Client.main(Client.java:785)
I used the following commands to create the keys, export and import them:
keytool -genkey -alias clientprivate -keystore client.private -storetype JKS -keyalg rsa -storepass * -keypass * -validity 360
keytool -genkey -alias serverprivate -keystore server.private -storetype JKS -keyalg rsa -storepass * -keypass * -validity 360
keytool -export -alias clientprivate -keystore client.private -file temp.key -storepass *
keytool -import -noprompt -alias clientpublic -keystore client.public -file temp.key -storepass *
keytool -export -alias serverprivate -keystore server.private -file temp.key -storepass *
keytool -import -noprompt -alias serverpublic -keystore server.public -file temp.key -storepass *
Do I need to configure something else to make this work? Something in Eclipse?
I was able to solve this by avoiding the build-in Java classes SslRMIClientSocketFactory
and SslRMIServerSocketFactory
and creating my own classes which implement the RMIClientSocketFactory
and RMIServerSocketFactory
interfaces.
RMIClientSocketFactory
public class MyClientSocketFactory implements RMIClientSocketFactory, Serializable {
public MyClientSocketFactory() {}
public Socket createSocket(String host, int port) {
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.public");
String passphrase = //
serverKeyStore.load(server, passphrase.toCharArray());
server.close();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.private");
String password = //
clientKeyStore.load(client, password.toCharArray());
client.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(serverKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(clientKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SSLSocketFactory sf = SSLC.getSocketFactory();
SSLSocket socket = (SSLSocket) sf.createSocket(host, port);
return socket;
}
public int hashCode() {
return getClass().hashCode();
}
public boolean equals(Object obj) {
if (obj == this) {
return true;
} else if (obj == null || getClass() != obj.getClass()) {
return false;
}
return true;
}
}
RMIServerSocketFactory
public class MyServerSocketFactory implements RMIClientSocketFactory, Serializable {
public MyServerSocketFactory() {}
public Socket createSocket(String host, int port) {
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.public");
String passphrase = //
clientKeyStore.load(client, passphrase.toCharArray());
client.close();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.private");
String password = //
serverKeyStore.load(server, password.toCharArray());
server.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(serverKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(clientKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SSLServerSocketFactory sf = SSLC.getServerSocketFactory();
SSLServerSocket socket = (SSLServerSocket) sf.createServerSocket(host, port);
return socket;
}
public int hashCode() {
return getClass().hashCode();
}
public boolean equals(Object obj) {
if (obj == this) {
return true;
} else if (obj == null || getClass() != obj.getClass()) {
return false;
}
return true;
}
}
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments