Search
Search

RMI with SSL: Failed handshake

JNevens Published at Dev
43
JNevens

I'm writing a Client Server application with RMI and I want to secure the traffic between Client and Server. I want to use the SslRMIClientSocketFactory and SslRMIServerSocketFactory for this.

I've created a keypair for the Client and for the Server (client.private and server.private) and also a certificate for the Client and for the Server (client.public and server.public).

I think I'm correctly adding the keypair to the keystore and the certificate to the truststore. I only use the custom Socket Factory's when exporting my objects, not when I'm creating the RMI Registry. Here's my code:

Server:

public class Server implements ServerProtocol {
    public Server() {
        super();
        SecureRandom sr = new SecureRandom();
        sr.nextInt();

        KeyStore clientKeyStore = KeyStore.getInstance("JKS");
        FileInputStream client = new FileInputStream("src/client.public");
        String passphrase = //
        clientKeyStore.load(client, passphrase.toCharArray());
        client.close();

        KeyStore serverKeyStore = KeyStore.getInstance("JKS");
        FileInputStream server = new FileInputStream("src/server.private");
        String password = //
        serverKeyStore.load(server, password.toCharArray());
        server.close();

        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(clientKeyStore);

        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(serverKeyStore, password.toCharArray());

        SSLContext SSLC = SSLContext.getInstance("TLS");
        SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);

        SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
        SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(null, null, true);

        LocateRegistry.createRegistry(2020).rebind("server", this);
        UnicastRemoteObject.exportObject(this, 2020, csf, ssf);
    }

    public void sayHello() {
        System.out.println("Hello");
    }
}

Client:

public class Client implements ClientProtocol {

    public Client() {
        SecureRandom sr = new SecureRandom();
        sr.nextInt();

        KeyStore serverKeyStore = KeyStore.getInstance("JKS");
        FileInputStream server = new FileInputStream("src/server.public");
        String passphrase = //
        serverKeyStore.load(server, passphrase.toCharArray());
        server.close();

        KeyStore clientKeyStore = KeyStore.getInstance("JKS");
        FileInputStream client = new FileInputStream("src/client.private");
        String password = //
        clientKeyStore.load(client, password.toCharArray());
        client.close();

        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(serverKeyStore);

        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(clientKeyStore, password.toCharArray());

        SSLContext SSLC = SSLContext.getInstance("TLS");
        SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);

        SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
        SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(null, null, true);

        Registry reg = LocateRegistry.getRegistry("localhost", 2020);
        serverStub = (ServerService) reg.lookup("server");
        stub = (ClientService) UnicastRemoteObject.exportObject(this, 2020, csf, ssf);

        serverStub.sayHello();
    }
}

When I run this, I get the following error message:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.DataOutputStream.flush(DataOutputStream.java:106)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:211)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:110)
at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:178)
at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:132)
at com.sun.proxy.$Proxy0.sayHello(Unknown Source)
at project.Client.<init>(Client.java:100)
at project.Client.main(Client.java:785)

I used the following commands to create the keys, export and import them:

keytool -genkey -alias clientprivate -keystore client.private -storetype JKS -keyalg rsa -storepass * -keypass * -validity 360
keytool -genkey -alias serverprivate -keystore server.private -storetype JKS -keyalg rsa -storepass * -keypass * -validity 360

keytool -export -alias clientprivate -keystore client.private -file temp.key -storepass *
keytool -import -noprompt -alias clientpublic -keystore client.public -file temp.key -storepass *

keytool -export -alias serverprivate -keystore server.private -file temp.key -storepass *
keytool -import -noprompt -alias serverpublic -keystore server.public -file temp.key -storepass *

Do I need to configure something else to make this work? Something in Eclipse?

JNevens

I was able to solve this by avoiding the build-in Java classes SslRMIClientSocketFactory and SslRMIServerSocketFactory and creating my own classes which implement the RMIClientSocketFactory and RMIServerSocketFactory interfaces.

RMIClientSocketFactory

public class MyClientSocketFactory implements RMIClientSocketFactory, Serializable {

    public MyClientSocketFactory() {}

    public Socket createSocket(String host, int port) {

        SecureRandom sr = new SecureRandom();
        sr.nextInt();

        KeyStore serverKeyStore = KeyStore.getInstance("JKS");
        FileInputStream server = new FileInputStream("src/server.public");
        String passphrase = //
        serverKeyStore.load(server, passphrase.toCharArray());
        server.close();

        KeyStore clientKeyStore = KeyStore.getInstance("JKS");
        FileInputStream client = new FileInputStream("src/client.private");
        String password = //
        clientKeyStore.load(client, password.toCharArray());
        client.close();

        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(serverKeyStore);

        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(clientKeyStore, password.toCharArray());

        SSLContext SSLC = SSLContext.getInstance("TLS");
        SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);

        SSLSocketFactory sf = SSLC.getSocketFactory();
        SSLSocket socket = (SSLSocket) sf.createSocket(host, port);

        return socket;
    }

    public int hashCode() {
        return getClass().hashCode();
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        } else if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return true;
    }

}

RMIServerSocketFactory

public class MyServerSocketFactory implements RMIClientSocketFactory, Serializable {

    public MyServerSocketFactory() {}

    public Socket createSocket(String host, int port) {

        SecureRandom sr = new SecureRandom();
        sr.nextInt();

        KeyStore clientKeyStore = KeyStore.getInstance("JKS");
        FileInputStream client = new FileInputStream("src/client.public");
        String passphrase = //
        clientKeyStore.load(client, passphrase.toCharArray());
        client.close();

        KeyStore serverKeyStore = KeyStore.getInstance("JKS");
        FileInputStream server = new FileInputStream("src/server.private");
        String password = //
        serverKeyStore.load(server, password.toCharArray());
        server.close();

        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(serverKeyStore);

        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(clientKeyStore, password.toCharArray());

        SSLContext SSLC = SSLContext.getInstance("TLS");
        SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);

        SSLServerSocketFactory sf = SSLC.getServerSocketFactory();
        SSLServerSocket socket = (SSLServerSocket) sf.createServerSocket(host, port);

        return socket;
    }

    public int hashCode() {
        return getClass().hashCode();
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        } else if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return true;
    }

}

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

SAP SSL handshake failed

Cannot add APT repository: SSL handshake failed

OpenLiteSpeed Poor Performance and SSL handshake failed(5)

Cloudflare SSL handshake failed with socket.io

Kafka SSL handshake failed in custom Java producer

Error installing Crashlytics - SSL peer handshake failed

Nginx with Cloudflare: Error 525 SSL Handshake failed

javafx 16 WebEngine Exception "SSL Handshake failed"

SSL handshake failed when calling WebService

MongoDB Atlas ServerSelectionTimeoutError: SSL handshake failed

DefaultHttpClient Android SSL No peer certificate and Handshake failed

Handshake failed with fatal error SSL_ERROR_SSL

curl error 35 : failed to receive handshake, SSL/TLS connection failed

davfs - SSL handshake failed: SSL error: sslv3 alert handshake failure

Simple two way RMI SSL Connection, PKIX path building failed

Apache SSL error: Re-negotiation handshake failed: Not accepted by client?

SSL handshake failed using Ingress way for Kafka created by Strimzi

Mailx SSL/TLS handshake failed: Unknown error -5938

MongoDB: SSL/TLS handshake failed and No suitable servers found

SSL handshake failed with host when using Cloudfare with Railway.app

ftp_nlist(): data_accept: SSL/TLS handshake failed

Attach the SSL client cert okhttp3 . Handshake failed

Django admin login SSL_do_handshake() failed

Android Webview getting ERROR_FAILED_SSL_HANDSHAKE with Paypal

android asynchttpclient javax.net.ssl.SSLHandshakeException: Handshake failed

Selenium ssl_client_socket_impl.cc handshake failed

"SSL handshake failed: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]")>]>

SSL ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)

Best solution for the handshake failed SSL error in android web view without ignoring SSL errors

TOP Ranking

  1. 1

    Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

  2. 2

    pump.io port in URL

  3. 3

    Failed to listen on localhost:8000 (reason: Cannot assign requested address)

  4. 4

    Unable to use switch toggle for dark mode in material-ui

  5. 5

    grouping by column variables and appending a new variable based on condition

  6. 6

    BigQuery - concatenate ignoring NULL

  7. 7

    Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

  8. 8

    ngClass error (Can't bind ngClass since it isn't a known property of div) in Angular 11.0.3

  9. 9

    Python Read Directory And Output to CSV

  10. 10

    Remove adjacent duplicates in linked list in C

  11. 11

    Angular 8. Unknown amount of http.get requests in array to call, must be sequential, what to use

  12. 12

    How to keep curl session alive between two php processes?

  13. 13

    Limit number of characters in uitextview

  14. 14

    JMeter: Why get error when try to save test plan

  15. 15

    Always setting the text cursor on Textbox

  16. 16

    MTKView Displaying Wide Gamut P3 Colorspace

  17. 17

    Vector input in shiny R and then use it

  18. 18

    How to implement an authentication method using Spring Boot and JPA?

  19. 19

    Laravel getting value from another table using eloquent

  20. 20

    org.springframework.web.client.HttpClientErrorException: 401 null

  21. 21

    When I click any button in my view page the form is submitted

HotTag

Archive