0

Note: Our Host application which invokes this JAR file (actually the class) supports only JVM 1.5. Since the trigger for the code is from the application, we don't have any other go but to restrict our Java code to JDK 1.5 compatibility.

Below is the code I've tried:

        String webPage = "https://api.twilio.com/2010-04-01/Accounts";
        URL url = new URL(webPage);
        URLConnection urlConnection = url.openConnection();
        urlConnection.setRequestProperty("Authorization", "Basic BASE64ECONDED_STRING_OF_LENGTH_93_CHARACTERS_WITHOUT_ANY_WHITESPACE");
        //((HttpURLConnection) urlConnection).setRequestMethod("GET");//I get same error with or without this
        InputStream is = urlConnection.getInputStream();
        InputStreamReader isr = new InputStreamReader(is);

        int numCharsRead;
        char[] charArray = new char[1024];
        StringBuffer sb = new StringBuffer();
        while ((numCharsRead = isr.read(charArray)) > 0) {
            sb.append(charArray, 0, numCharsRead);
        }
        String result = sb.toString();

        System.out.println("*** BEGIN ***");
        System.out.println(result);
        System.out.println("*** END ***");

The error I keep receiving is this:

javax.net.ssl.SSLKeyException: RSA premaster secret error
    at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:86)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:514)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:160)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
    at test.SmsSender.TwilSend(SmsSender.java:117)
    at test.SmsSender.main(SmsSender.java:26)
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
    at javax.crypto.Cipher.a(DashoA12275)
    at javax.crypto.Cipher.a(DashoA12275)
    at javax.crypto.Cipher.a(DashoA12275)
    at javax.crypto.Cipher.init(DashoA12275)
    at com.sun.net.ssl.internal.ssl.RSACipher.encryptInit(RSACipher.java:40)
    at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:83)
    ... 13 more

Looks like Basic Authorization isn't supported in Java 1.5. The very same code works in Java 1.7. I got the success response too. Is there a way I can get it working in Java 1.5?

Enthusiastic
  • 549
  • 4
  • 8
  • 23
  • 1
    Is there any strong reason it needs to work in Java 1.5? This version is end-of-life since a very long time, and I would rather invest in upgrading the application to use Java7 or even better Java8 – Andreas Fester Nov 04 '15 at 10:13
  • Yes. Our Host application which invokes this JAR file supports only JVM 1.5. It's indeed a lagging. But we don't have a choice. – Enthusiastic Nov 04 '15 at 10:15
  • Do you work for NextLabs? – Tim Biegeleisen Nov 04 '15 at 10:18
  • Does URL handle http vs https on the fly? – Florian Barth Nov 04 '15 at 10:19
  • 2
    I don't think that error is because you're using Basic auth. It has something to do with the cryptography on your SSL connection.. – aroth Nov 04 '15 at 10:21
  • @FlorianBarth, Yest it does, I tried using "http" as well as "https" from SoapUI tool – Enthusiastic Nov 04 '15 at 10:23
  • @TimBiegeleisen, No, the host application is Siebel (7.7) – Enthusiastic Nov 04 '15 at 10:24
  • @aroth, I don't actually get it. The documentation on Twilio says it's Basic Auth. And btw, can you please suggest if there's any way I can play around with 1.5 Java? Or should we give up? – Enthusiastic Nov 04 '15 at 10:25
  • Have you had a look at [this](http://stackoverflow.com/questions/5002130/java-https-networking-issue/10279780#10279780)? Also, please, please, _please_ do not use Basic auth over plain HTTP. – aroth Nov 04 '15 at 10:26
  • _"please, please, **please** do not use Basic auth over plain HTTP"_ - Completely agreed. --- OP, auth is one of those things you are better off _doing right_ or _not doing at all_. – CosmicGiant Nov 04 '15 at 10:28
  • @aroth, I'm checking it. But is there an explanation why it works with JVM 1.7 but not with 1.5? Does JVM automatically take care of Proxy stuffs? – Enthusiastic Nov 04 '15 at 10:30
  • @GeekWorking - If I had to take a guess about _why_, I'd say that maybe the proxy/SSL endpoint is using a modern cipher-suite or other cryptography settings that Java 5 doesn't support or doesn't enably by default. You may find this page helpful: https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html – aroth Nov 04 '15 at 10:35
  • @aroth, Thanks for the great help mate :) I get a clearer picture now :) – Enthusiastic Nov 04 '15 at 10:42

0 Answers0