0

I am trying to do client server based ssl,

here is my server code:

 public static void main(String arg[]){

 try {
 KeyStore keyStore = KeyStore.getInstance("jks");

 InputStream inputStream;
 try {
 inputStream = new FileInputStream(ITestEncryptionConstants.SSLKEYSTORE);
 keyStore.load(inputStream,
 ITestEncryptionConstants.SSLPASSWORD.toCharArray());
 TrustManagerFactory trustManagerFactory =
 TrustManagerFactory.getInstance("PKIX", "SunJSSE");
 trustManagerFactory.init(keyStore);

 X509TrustManager x509TrustManager = null;
 for (TrustManager trustManager : trustManagerFactory.getTrustManagers())
 {
 if (trustManager instanceof X509TrustManager) {
 x509TrustManager = (X509TrustManager) trustManager;
 break;
 }
 }

 KeyManagerFactory keyManagerFactory =
 KeyManagerFactory.getInstance("SunX509", "SunJSSE");
 keyManagerFactory.init(keyStore,
 ITestEncryptionConstants.SSLPASSWORD.toCharArray());

 X509KeyManager x509KeyManager = null;
 for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
 if (keyManager instanceof X509KeyManager) {
 x509KeyManager = (X509KeyManager) keyManager;
 break;
 }
 }

 SSLContext sslContext = SSLContext.getInstance("TLS");

 sslContext.init(new KeyManager[]{x509KeyManager},
 new TrustManager[]{x509TrustManager}, null);

 SSLServerSocketFactory factory =
 sslContext.getServerSocketFactory();//(SSLServerSocketFactory )
 SSLServerSocketFactory .getDefault();

 SSLServerSocket sslSock =
 (SSLServerSocket)factory.createServerSocket(8096);
 SSLSocket c = (SSLSocket)sslSock.accept();
 PrintWriter out =new PrintWriter(c.getOutputStream(),true);
 InputStream in = c.getInputStream();
in.close();
 out.close();


 } catch (FileNotFoundException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 } catch (NoSuchAlgorithmException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 } catch (CertificateException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 } catch (IOException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 } catch (NoSuchProviderException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 } catch (UnrecoverableKeyException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 } catch (KeyManagementException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 }

 } catch (KeyStoreException e1) {
 // TODO Auto-generated catch block
 e1.printStackTrace();
 }



 }

And this is my client code:

 public static void main(String[] args) {

 try{
 // // register a https protocol handler - this may be required for previous JDK versions
 //
 System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");



 System.out.println("Ok passed.");
 //connect to google
 SSLSocketFactory factory = (SSLSocketFactory)
 SSLSocketFactory.getDefault();
 SSLSocket sslSock = (SSLSocket) factory.createSocket("localhost",8096);

 //send HTTP get request
 PrintWriter out = new PrintWriter(sslSock.getOutputStream(), true);
 BufferedReader in = new BufferedReader(new
 InputStreamReader(sslSock.getInputStream()));

 out.println("--------------------------> It works!!!");
 System.out.println("Written to server.");

 // read response
 StringBuffer buf = new StringBuffer();
 String line = "";
 while ((line = in.readLine()) != null) {
 System.out.println("Received : " + line);
 buf.append(line);
 }
 System.out.println("Read from server: " + buf.toString());

 in.close();
 out.close();
 // Close connection.
 sslSock.close();

 }catch(Exception ex){
 ex.printStackTrace();
 }
 }

But I am getting the following error in client side:

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset

Can someone help what's going wrong in my code?

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
    at sun.security.ssl.SSLSocketImpl.checkEOF(Unknown Source)
    at sun.security.ssl.AppInputStream.read(Unknown Source)
    at sun.nio.cs.StreamDecoder.readBytes(Unknown Source)
    at sun.nio.cs.StreamDecoder.implRead(Unknown Source)
    at sun.nio.cs.StreamDecoder.read(Unknown Source)
    at java.io.InputStreamReader.read(Unknown Source)
    at java.io.BufferedReader.fill(Unknown Source)
    at java.io.BufferedReader.readLine(Unknown Source)
    at java.io.BufferedReader.readLine(Unknown Source)
    at ripl.jing.security.encryptor.tlsservice.TestJingClient.main(TestJingClient.java:85)
Caused by: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
user207421
  • 305,947
  • 44
  • 307
  • 483
Phalguni Mukherjee
  • 623
  • 3
  • 11
  • 29
  • There is no such thing to my knowledge as JSSL. There is JSSE, and there is also OpenSSL. They are mutually exclusive. Which of the three are you actually talking about? – user207421 May 07 '14 at 11:49
  • @EJP I am sorry,actually I am using JSSE, and now I am able to connect properly after restarting the system, but still have a question how certificate gets changed as in out.println I am able to see my message – Phalguni Mukherjee May 07 '14 at 11:54

2 Answers2

1

(Sorry, I was just going to comment on EJP's now-deleted answer.)

The server code says:

SSLSocket c = (SSLSocket)sslSock.accept();
PrintWriter out =new PrintWriter(c.getOutputStream(),true);
InputStream in = c.getInputStream();
in.close();
out.close();

That is, the I/O streams (and thus the socket) are closed immediately after the socket is accepted. Hence, an error message appearing on the client saying that the connection has been closed by the remote party shouldn't really come as a surprise.

This more or less the same problem as in this question: just getting the I/O streams, without trying to read/write from them, and without trying any other action that triggers the handshake implicitly (reading from the streams or trying to get the SSLSession) or explicitly (calling startHandshake) means that the handshake won't have started on the server. Therefore, the client throws this exception because the connection is interrupted in the middle of the handshake it has started.

Community
  • 1
  • 1
Bruno
  • 119,590
  • 31
  • 270
  • 376
0

I don't know what certificate you're talking about, or what change, but the only issue here is that you're sending a line from the client that is never read, and you're reading a line in the client that is never sent. Sending data that is never read when the peer has already closed the connection causes a connection reset.

NB You haven't need to set java.protocol.handler.pkgs since Java 1.4 which is over ten years ago. You could accomplish all that setup in the server code via

System.setProperty("javax.net.ssl.keyStore", ITestEncryptionConstants.SSLKEYSTORE);
System.setProperty("javax.net.ssl.keyStorePassword", ITestEncryptionConstants.SSLPASSWORD);
SSLContext sslContext = SSLContext.getDefault();
SSLServerSocketFactory factory =
    sslContext.getServerSocketFactory();//(SSLServerSocketFactory )

The line:

SSLServerSocketFactory .getDefault();

does nothing.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • @PrashantKumar The answer to the question was in the last sentence, but I've clarified it. – user207421 May 08 '14 at 02:09
  • @mikeTheLiar See edit, and note that the accepted answer says exactly the same thing that my original answer said. – user207421 May 08 '14 at 02:28
  • DV retracted, but unless you were FGitW-ing this, the first version still should've been a comment. – Mike G May 08 '14 at 10:40
  • @mikeTheLiar I have no idea what FGitW means but the first version contained the same answer as the accepted version and as this version, which I have merely expanded slightly. It is therefore not correct to say it should have been a comment. – user207421 May 08 '14 at 10:46