For Programmers: Free Programming Magazines  


Home > Archive > Java Security > March 2006 > using keystores and trustmanagers









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author using keystores and trustmanagers
AndrewTK

2006-03-23, 10:05 pm

I am working on a project in which we must implement servers and
clients that must communicate data back and forth. The setup is that
there are 5 teams each with their own server and client. Each client
communicates with their own or another team's server

Until recently, we have been using plain sockets, but the recent
decision was made to implement secure communication.

I duly updated my code:

Socket s = new Socket(host, port);

to

SSLSocketFactory facto =
(SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket s = (SSLSocket)facto.createSocket(host,port);
s.startHandshake();

This generates exception

/-!!!
Exception in thread "main" javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
!!!-/

Mails back and forth have suggested that .cer files are in play. I have
not been able to make head or tail of the documentation I find online,
and most docs are related to HTTPS servers, which is not what I want -
I am coding the client side, for raw TCP use (our server is being coded
by someone else, in Python, so I can't get much advice from them...)

My questions, more specifically:
-I have been given a number of .cer files. How am I supposed to load
them to the key store? Preferably I would like to be able to have these
in a folder and be able to load them on client startup, dynamically
speaking.

-Does the handshaking deal with authenticating a server once the
certificates are loaded or will I need to "manually" (=hard-code) the
authentication? Where do I do that?

***

For now the concerened code is

{
// (...)
// I am expecting I might have to do something here...

SSLSocketFactory facto =
(SSLSocketFactory)SSLSocketFactory.getDefault();
s = (SSLSocket)facto.createSocket( host , port );
s.startHandshake();

// or here otherwise

OutputStreamWriter osw = new OutputStreamWriter(s.getOutputStream()
);
osw.write( the_data );
osw.flush();

// read response data
// (...)
}

Thanks in advance for any advice!

Andrew

Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com