Hello,
I have problems on establishing SSL connection between server and android using Apache Mina (both on server and client);
First of all I generated self signed keys. Bouncy Castle for Android and JKS for server:
SERVER:
keytool -genkey -dname "cn=sslkey, o=test, c=RU" -alias serverkey -keyalg RSA -keypass pass -storepass pass -keystore serverkey.jks -validity 1000
keytool -export -alias serverkey -storepass pass -file server.cer -keystore serverkey.jks
keytool -import -alias serverkey -file server.cer -keypass pass -keystore trustclient.bks -storetype BKS -storepass pass -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk15on-148.jar
CLIENT:
keytool -genkey -dname "cn=sslkey, o=test, c=RU" -alias clientkey -keyalg RSA -keypass pass -storepass pass -keystore clientkey.jks -validity 1000
keytool -export -alias clientkey -storepass pass -file client.cer -keystore clientkey.jks
keytool -import -alias clientkey -file client.cer -keypass pass -keystore clientkey.bks -storetype BKS -storepass pass -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath /Users/tabtrader/Workspace/tools/bcprov-jdk15on-148.jar
keytool -import -v -trustcacerts -alias clientkey -file client.cer -keystore trustserver.jks -keypass pass -storepass pass
Then modified SSLContext:
SERVER:
KeyStore keyStore = KeyStore.getInstance("JKS");
InputStream in = null;
try {
in = FileUtil.open(SSLContextFactory.class, "res/serverkey.jks");
keyStore.load(in, keyStorePassword);
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keyStore, "pass".toCharArray());
KeyStore trustStore = KeyStore.getInstance("JKS");
InputStream in = null;
try {
in = FileUtil.open(SSLContextFactory.class, "res/trustserver.jks");
trustStore.load(in, keyStorePassword);
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(trustStore);
SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
sslContext.init(kmf.getKeyManagers(), null, new SecureRandom());
SSLFilter sslFilter = new SSLFilter(sslContext);
sslFilter.setUseClientMode(false);
sslFilter.setNeedClientAuth(false);
CLIENT:
KeyStore keyStore = KeyStore.getInstance("BKS");
InputStream in = null;
try {
in = getResources().openRawResource(R.raw.clientkey); // clientkey.bks
keyStore.load(in, keyStorePassword);
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(keyStore, "pass".toCharArray());
KeyStore trustStore = KeyStore.getInstance("BKS");
in = null;
try {
in = getResources().openRawResource(R.raw.trustclient); // trustclient.bks
trustStore.load(in, keyStorePassword);
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(trustStore);
SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
sslContext.init(kmf.getKeyManagers(), null, new SecureRandom());
SSLFilter sslFilter = new SSLFilter(sslContext);
sslFilter.setUseClientMode(true);
sslFilter.setNeedClientAuth(false);
Using this code SLL Handshake finished without errors:
DEBUG mina.acceptor.AcceptorIoHandler handshakeStatus=FINISHED
DEBUG mina.acceptor.AcceptorIoHandler sslSession CipherSuite used SSL_RSA_WITH_RC4_128_MD5
And get established Mina Session. But then nothing happened. Next messages from client are ignored without any logs. It is very strange.
If set sslFilter.setNeedClientAuth(true) for server I got exception:
SSLHandshakeException: null cert chain
Haw can I create this SSL connection? Where is the problem?
I found the same issue on stackoverflow, but there are no answers and I cant write to question's author:
http://stackoverflow.com/questions/12527884/using-apache-mina-with-sslfilter-on-android/15222099
--
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups "Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
nice share bro..
ReplyDelete