ShutdownOutput() for SSLSockets
Finally, I've found the right forum...
Hi,
I've been trying to move an application to jdk1.4, but I get this exception:
java.lang.UnsupportedOperationException: The method shutdownOutput() is not supported in SSLSocket
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.shutdownOutput(DashoA6275)
With the jsse jars in jdk1.3, the same method worked just fine, so, where am I wrong?
Or, would I achieve the same effect by simply flushing the SocketOutputStream then closing the socket?
Thanks in advance,
Bogdan
I already replied to this, but it seems to have got lost.
The previous JSSE behaviour of supporting SSLSocket.shutdownOutput would no doubt be considered a bug, as it triggers the premature-close exception path when the SSLSocket is finally closed: this should be considered a possible security breach (truncation attack) by the application (see RFC 2246 #7.2.1). SSL doesn't support half-open connections, so there is no SSL-ish way to support shutdownOutput without security problems.
EJP
Similar Messages
-
ShutdownOutput() not supported for SSLSockets
Hi,
I first posted this on another forum, and I've been directed to this one.
I've been trying to move an application to jdk1.4, but I get this exception:
java.lang.UnsupportedOperationException: The method shutdownOutput() is not supported in SSLSocket
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.shutdownOutput(DashoA6275)
With the jsse jars in jdk1.3, the same method worked just fine, so, where am I wrong?
Or, would I achieve the same effect by simply flushing the SocketOutputStream then closing the socket?
Thanks in advance,
BogdanIt seems I'm on the wrong forum again. I'll just post it once more, in the right place...
-
SSLSocketChannel (for Dean & anyone else interested in the topic)
In my SSLSocketChannel implementation I've come across the following problem situation that I'm not sure how to handle.
Assume we have an SSLSocketChannel which provides a write(ByteBuffer) method which both wraps and writes to the channel, much as for SSLSocket.
If data (plaintext) is wrapped into the SSLEngine's netSendBuffer (as ciphertext) and then written to the channel and a short write occurs, part of the ciphertext has been sent, and you must complete this write before any other wraps & writes, otherwise the peer will fail to decrypt the partial ciphertext received.
But, what should be returned to the application by the write which came up short?
You can't return the actual write count because that's measured in ciphertext not plaintext. You can't return zero because part of the ciphertext has been written and you don't want the application to retry the entire write, otherwise the plaintext will be repeated when recovered at the peer. You can't return a value representing the amount of plaintext that has been ciphered and written because you don't know that value, and in fact it generally doesn't really exist because the partially-written ciphertext is generally a function of the entire plaintext buffer, not just the leading piece of it.
So, I conclude that you can't really tell the application about the short write. So you have now gotten a phase behind the application - you have data left to write which it thinks you have already written. You can retry the write before the next wrap operation, and if it succeeds OK, or if it comes up short again now you can return zero (i.e. before you do the next wrap), and so on, and this actually goes on quite well - until it comes time to close the channel.
At the point of closing, you may still have unwritten ciphertext which you must write. You may be in non-blocking mode, so you really shouldn't block until it is written, and if you get a short write again what do you do now? Fail to close (throw an exception)?Well, you could have close throw the exception, have isBufferEmpty() and flushBuffer() methods, and document that you should always wait until you can select for a OP_WRITE before closing unless you want to check the buffer.
Alternatively you could have a background thread that sends all the stuff in the buffers of closed SSLSocketChannels, but that doesn't seem like that good an idea. -
hello,
I have uncounter a identification problem when trying to send mail using SMTP with SSL under Glassfish (v3-Prelude).
The program works perfectly under a normal desktop application.
I believe there is something different in the securityManager or something like that but I can't figure a solution
Here is the code I use :
public class MailSendingUtilities {
static{
final Properties props = new Properties();
try {
props.load(new FileInputStream(Neptune.CONFIGURATION_PATH + "mailing.properties"));
} catch (IOException ex) {
Logger.getLogger(MailSendingUtilities.class.getName()).log(Level.SEVERE, null, ex);
from = props.getProperty("from");
mailhost = props.getProperty("mailhost");
mailer = props.getProperty("mailer");
user = props.getProperty("user");
password = props.getProperty("password");
auth = props.getProperty("auth");
protocole = props.getProperty("protocole");
port = Integer.valueOf(props.getProperty("port"));
public static void mail(final String[] emails, final String title,
final String content, final File ... files)
throws MessagingException, IOException, NamingException {
if(title == null || content == null) throw new NullPointerException("Title and content can not be null.");
if(emails == null || emails.length == 0) throw new IllegalArgumentException("Mails adresses can not be null or empty");
final Properties props = System.getProperties();
props.put("mail." + protocole + ".auth", auth);
props.put("mail." + protocole + ".port", port);
props.put("mail." + protocole + ".user", user);
props.put("mail." + protocole + ".host", mailhost);
final Session session = Session.getInstance( props, null);
session.setDebug(true);
//make the message content
final MimeMultipart mp = new MimeMultipart();
final MimeBodyPart mbp1 = new MimeBodyPart();
mbp1.setText(content);
mp.addBodyPart(mbp1);
//attach the files
for(final File file : files){
final MimeBodyPart mbp = new MimeBodyPart();
mbp.attachFile(file);
mp.addBodyPart(mbp);
InternetAddress[] adresses = new InternetAddress[emails.length];
for(int i=0;i<emails.length;i++){
adresses[i] = InternetAddress.parse(emails, false)[0];
// construct the message
final Message msg = new MimeMessage(session);
msg.setFrom(new InternetAddress(from));
msg.setRecipients(Message.RecipientType.TO, adresses);
msg.setSubject(title);
msg.setHeader("X-Mailer", mailer);
msg.setSentDate(new Date());
msg.setContent(mp);
//send the message
final SMTPTransport transport = (SMTPTransport) session.getTransport(protocole);
System.out.println(mailhost +" " + user+" " + password);
if (Boolean.valueOf(auth) == true) { transport.connect(mailhost, port, user, password); }
else { transport.connect(); }
transport.sendMessage(msg, msg.getAllRecipients());
Here is the error message I have :javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465;
nested exception is:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1391)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179)
... 57 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Provider.java:1245)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
... 60 more
Caused by: java.security.UnrecoverableKeyException: Password must not be null
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:107)
... 65 moreI think it's something like this yes.
but how do I add this password in the keystore ?
I've already made a few tryes but without luck.
public static void mail(final String[] emails, final String title,
final String content, final File ... files)
throws MessagingException, IOException, NamingException {
if(title == null || content == null) throw new NullPointerException("Title and content can not be null.");
if(emails == null || emails.length == 0) throw new IllegalArgumentException("Mails adresses can not be null or empty");
final Properties props = System.getProperties();
props.put("mail." + protocole + ".auth", auth);
props.put("mail." + protocole + ".port", port);
props.put("mail." + protocole + ".user", user);
props.put("mail." + protocole + ".host", mailhost);
// FOR tests--------------------------------------------------------------------
// props.put("mail." + protocole + ".starttls.enable","true");
// props.put("mail." + protocole + ".debug", "true");
// props.put("mail." + protocole + ".socketFactory.port", port);
// props.put("mail." + protocole + ".socketFactory.class", "javax.net.ssl.SSLSocketFactory");
// props.put("mail." + protocole + ".socketFactory.fallback", "false");
// props.put("javax.net.ssl.keyStorePassword", password);
// // Make sure that JSSE is available
// java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// String keystore = "keystore";
// String keypass = "vigimedis";
// // for SSLServerSocket
// props.setProperty("javax.net.ssl.keyStore",keystore);
// props.setProperty("javax.net.ssl.keyStorePassword",keypass);
// /// for SSLSocket to communicate with other SSLServerSockets
// props.setProperty("javax.net.ssl.trustStore",keystore);Edited by: Eclesia on Feb 6, 2009 8:49 AM
Edited by: Eclesia on Feb 6, 2009 8:50 AM -
Hey guys, I've been searching my brains and these forums for ages trying to get my app to work, and now that it does work...I have no idea why.
Here's a rundown of the situation.
I have a server, TLS enabled. I have a client, TLS enabled. I have an application, that will create an instance of the client to connect to the server.
This is what I wanted to happen.
1) Server running
2) Application, upon start, creates a client instance and connects to the server
3) I wanted to server to start a handshake and wanted both the server to ouput "finished handshake" to system.out once the handshake was completed. (Same with client side, wanted it to say finished too).
4) App sends login msg to server (via client.send(msg) method.
5) Server reads msg and prints it to screen.
For some reason, my app/client connected to the server fine; the server spat out this:
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
But then no handshake! the handshake only occurred after I sent some data to the server. AND!! the server wasn't printing anything to screen. It was definitely getting something as it spat this out:
Thread-0, READ: TLSv1 Application Data, length = 32
But the string I sent it wasn't printed to screen (usually comes underneath it).
Anyway, a day later, I think, hold on a minute...I haven't setUseClientMode(boolean) on either the client or server. So I add this to the code(s) and walla....now I get:
Thread-0, READ: TLSv1 Application Data, length = 32
String sent to server
However, the server still doesn't initiate the handshake until I sent this string. Not that it matters, but why????? Code is below!
public class Server{
private ServerSocket getServerSocket() throws Exception{}
private void run(){
try {
System.out.println("Listening on port " + serverPort);
ServerSocket sslServerSocket = getServerSocket();
do {
SSLSocket client = (SSLSocket)sslServerSocket.accept();
(new ServerSocketThread(client)).start();
while (true);
catch (Exception exception)
System.out.println("Error listening on port " + serverPort);
exception.printStackTrace();
class ServerSocketThread extends Thread {
SSLSocket socket;
public ServerSocketThread(SSLSocket s){
this.socket = s;
public void run(){
try {
socket.setUseClientMode(false);
/*socket.startHandshake();
socket.addHandshakeCompletedListener( new HandshakeCompletedListener() {
public void handshakeCompleted(HandshakeCompletedEvent event) {
System.out.println("Handshake finished!");
System.out.println("\t CipherSuite:" + event.getCipherSuite());
System.out.println("\t SessionId " + event.getSession());
System.out.println("\t PeerHost " + event.getSession().getPeerHost());
// read from client
InputStream inputstream = socket.getInputStream();
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
// write to client
OutputStream outputstream = socket.getOutputStream();
OutputStreamWriter outputstreamwriter = new OutputStreamWriter(outputstream);
BufferedWriter bufferedwriter = new BufferedWriter(outputstreamwriter);
String string = null;
String command = "";
while ((string = bufferedreader.readLine()) != null){
System.out.println(string);
System.out.flush();
catch (Exception e){
System.out.println("Error writing / reading");
e.printStackTrace();
}The commented out code is the handshake. I got rid of it since it wasn't doing what I thought it would.
public class client{
protected void connect(){
SSLSocketFactory sslsocketfactory = sslc.getSocketFactory();
clientSocket = (SSLSocket)sslsocketfactory.createSocket(HOSTNAME, PORT);
clientSocket.setUseClientMode(true);
protected void send(String msg){
String reply = "";
String cmd = "";
try {
bufferedwriter.write(msg + '\n');
bufferedwriter.flush();
catch (Exception e){
e.printStackTrace();
Obviously there are some parts of the code missing. I did that so there wouldn't be too much to read. Tried to put the important stuff here. If you need more, let me know.
Thanks.
Regards,
DJVege...This should work assuming you are creating the SSLServerSocket correctly. You don't need the setUseClientMode settings as the ones you have are the default for SSLSockets created by connecting or accepting respectively. You are aware that the handshake doesn't happen by default until you do some I/O, but you can provoke it with startHandshake() at the client. The server doesn't initiate the handshake, the client does.
-
ShutdownOutput() is not supported in SSLSocket
Greetings,
I'm currently working on a project where I'm connecting to a webpage that is protected using SSL. For the sake of testing, I'm having Java accept whatever certificates there are. Now, when I run my program, it prints out what's on my page, however, I get the following error in the command prompt(I'm using Jetty as my webserver)
The error is:
Exception in thread "btpool0-8" java.lang.UnsupportedOperationException: The method shutdownOutPut is not supported in SSLSocket
at com.sun.net.ssl.internal.ssl.BaseSSlSocketImpl.shutdownOutput(UnknownSource)
[...]Here is my code:
try {
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: " + urlHostName
+ " vs. " + session.getPeerHost());
return true;
trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier(hv);
} catch (Exception e) {
System.out.println("Verifying Error: " + e);
try {
URL url = new URL("https://localhost:8443");
URLConnection uc = url.openConnection();
BufferedReader rd = new BufferedReader(new InputStreamReader(uc
.getInputStream())); //I believe the error is caused here
String a = rd.readLine();
while (a != null) {
System.out.println(a);
a = rd.readLine();
} catch (MalformedURLException e) {
System.out.println("URL Error: " + e);
} catch (UnsupportedOperationException e){
System.out.println(e);
}Any advice would be greatly appreciated. I'm also new to this kind of programming, so, if I used any words in correctly or anything, please correct me :)Exception in thread "btpool0-6" java.lang.UnsupportedOperationException: The method shutdownOutput is not supported in SSLSocket
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.shutdownOutput(Unknown Source)
at org.mortbay.io.bio.SocketEndPoint.close(SocketEndPoint.java:61)
at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:234)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:620)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488) -
Begging for help. SSLSocket client/server
Hello Everyone,
At my wits end and behind my project plan. I need to secure my server.
I have generated a keystore
Exported certificate into CER file
Imported this certicate into the JAVA_HOME/lib/security/cacerts file.
I have my JBoss secured on port 8443.
Here is m client code
import java.io.InputStream;
import java.io.OutputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public
class EchoClient
public
static
void
main(String [] arstring)
try
SSLSocketFactory sslsocketfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket)sslsocketfactory.createSocket("172.16.220.178:8443", 9999);
InputStream inputstream = System.in;
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
OutputStream outputstream = sslsocket.getOutputStream();
OutputStreamWriter outputstreamwriter = new OutputStreamWriter(outputstream);
BufferedWriter bufferedwriter = new BufferedWriter(outputstreamwriter);
String string = null;
while ((string = bufferedreader.readLine()) != null)
bufferedwriter.write(string + '\n');
bufferedwriter.flush();
catch (Exception exception)
exception.printStackTrace();
and here is my server code
import java.io.InputStream;
import java.io.OutputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public
class EchoClient
public
static
void
main(String [] arstring)
try
SSLSocketFactory sslsocketfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket)sslsocketfactory.createSocket("172.16.220.178:8443", 9999);
InputStream inputstream = System.in;
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
OutputStream outputstream = sslsocket.getOutputStream();
OutputStreamWriter outputstreamwriter = new OutputStreamWriter(outputstream);
BufferedWriter bufferedwriter = new BufferedWriter(outputstreamwriter);
String string = null;
while ((string = bufferedreader.readLine()) != null)
bufferedwriter.write(string + '\n');
bufferedwriter.flush();
catch (Exception exception)
exception.printStackTrace();
How can I get this client/server talking using my own keystore. ????
I only need my server to be secured. I dont need any client authentication or anything. I just need my client to connect using Sockets to a secure server.
Thanks.
Desperate JoyceOk, you can't secure a server, you can only sercure the connection between them. That means either the client needs who it is talking to or the server needs to know who it is talking to. You can have a ssl connection where nobody knows who they are talking to as well if you want. I'll go through it for server authentication by client. If you need it the other way around the same principle holds. Give me an hour and I'll put up the code for a connection without auth.
Ok, if you need to authenticate the server.
In the client you will need to have a keystore for trusted certificates (i.e. cacerts)
You will need a trustmanager to decide whether or not to trust the server.
And using both of these you need to create as ssl context.
On the server, you will need a keystore containing its X509 certificates
A keymanager to manage these certificate and again an SSL context.
Then start the handshake. The client will connect to the server using an SSL Socket.
On the starthandshake() method, the server will sent the client its X509 certificates from its
keystore. The clients trust manager will then try to create a certificate chain from these certificates
back to one of its trusted certificates (stored in its trusted keystore).
Client should look a little like this:
SSLContext ctx;
TrustManagerFactory tmf;
KeyStore ks;
char[] passphrase = "passphrase".toCharArray();
System.out.println("set up context, keystore and trustManagerFactory");
ctx = SSLContext.getInstance("SSL");
tmf = TrustManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
System.out.println("set context to ssl, tmf to X509 and keystore to JKS");
ks.load(new FileInputStream("testkeys"), passphrase);
System.out.println("loading testkeys using passphrase");
tmf.init(ks);
System.out.println("initialise keystore using passphrase");
ctx.init(null, tmf.getTrustManagers(), null);
System.out.println("initialise the key manager");
SSLSocketFactory factory = ctx.getSocketFactory();
System.out.println("got socket factory, now trying to create socket");
SSLSocket socket = (SSLSocket)factory.createSocket(serverAddress, port);
System.out.println("starting handshake");
socket.addHandshakeCompletedListener(new HandshakeCompletedListener()
public void handshakeCompleted(HandshakeCompletedEvent event)
System.out.println("Handshake finished!");
System.out.println("\t CipherSuite:" +
event.getCipherSuite());
System.out.println("\t SessionId " +
event.getSession());
System.out.println("\t PeerHost " +
event.getSession().getPeerHost());
socket.startHandshake();
System.out.println("SSL Socket Connected");
catch (Exception e)
System.out.println("error along the way somewhere :" + e.getMessage());
e.printStackTrace();
}The Server will look a little like this:
//=================================================================================
SSLServerSocketFactory ssf = null;
try
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
char[] passphrase = "passphrase".toCharArray();
System.out.println("set up context, keystore and keymanagerfactory");
ctx = SSLContext.getInstance("SSL");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
System.out.println("set context to ssl, kmf to X509 and keystore to JKS");
ks.load(new FileInputStream("testkeys"), passphrase);
System.out.println("loading testkeys using passphrase");
kmf.init(ks, passphrase);
System.out.println("initialise keystore using passphrase");
ctx.init(kmf.getKeyManagers(), null, null);
System.out.println("initialise the key manager");
ssf = ctx.getServerSocketFactory();
System.out.println("got the server socket factory for that context");
catch (Exception ex)
System.out.println("Error along the way somewhere : " + ex.getMessage());
ex.printStackTrace();
try
SSLServerSocket ss = (SSLServerSocket) ssf.createServerSocket(port);
System.out.println("created ssl server socket for port " + port);
myServer serve = new myServer(ss);
catch(IOException e)
System.out.println(e.getMessage());
e.printStackTrace();
System.exit(1);
}where myServer is this:
import java.net.*;
import javax.net.*;
import javax.net.ssl.*;
public class myServer implements Runnable {
private ServerSocket server = null;
public myServer(SSLServerSocket ss)
System.out.println("Created myServer instance with server socket");
server = ss;
newListener();
private void newListener()
System.out.println("Created new listener");
(new Thread(this)).start();
public void run()
System.out.println("Listening for connections");
Socket socket;
try
System.out.println("Trying to accept connection");
socket = server.accept();
System.out.println("Accepted Connection, starting handshake");
((SSLSocket)socket).addHandshakeCompletedListener(new HandshakeCompletedListener()
public void handshakeCompleted(HandshakeCompletedEvent event)
System.out.println("Handshake finished!");
System.out.println("\t CipherSuite:" +
event.getCipherSuite());
System.out.println("\t SessionId " +
event.getSession());
System.out.println("\t PeerHost " +
event.getSession().getPeerHost());
((SSLSocket)socket).startHandshake();
catch (IOException e)
System.out.println("Class Server died: " + e.getMessage());
e.printStackTrace();
return;
newListener();
}Most of this code came from the sun website, just a couple of tweaks for it to do what I wanted it to. -
Create additional SSLSocket for List of a tls-ftp-connection
Hi.
I�ve created a secure connection to a ftp-server and already logged in. I try now to retrieve the list and want this also encrypted. Do i have to take some arguments from the initiating socket or just create a completely independent ssl-socket for the data-socket? The server i�m connecting to is glftpd.
Greetings
AzraelHi,
you must set this parameters, when run the server:
-Djavax.net.ssl.keyStore="G:\key\keystore.jks"
-Djavax.net.ssl.keyStorePassword=sec_password
es:
java -classpath ...
-Djavax.net.ssl.keyStore="G:\key\keystore.jks"
-Djavax.net.ssl.keyStorePassword=sec_password it.sec.test.MySSLServer
you must create the keystore.
http://java.sun.com/docs/books/tutorial/security1.2/toolsign/step3.html
Gianna
P.S: sorry for my english ;-) -
Need help in using DemoIdentity for SSL testing
Hi everybody,
What I want to achieve:
I want to test a web service over HTTPS using DemoIdentity.
What I've done:
1- From Server->AdmingServer->Keystores, I configured AdminServer to use DemoIdentity and DemoTrust Keystores.
2- From Server->AdmingServer->SSL, I configured it to Use Server Certs so that I don't have to define a Service Key Provider.
3- I created the Business Service with HTTPS endpoint.
What I got:
1- the backend system is showing an error that peer (OSB) did not send certificate.
2- in AmdinServer log, I see that OSB has successfully loaded DemoIdentity and DemoTrust. But after backend sends a certificate request, I see this line:
Returning no identity certificates, because certificate request message contains no CA names
My questions:
What does this mean? what am I doing wrong?
I've been trying to do this test for the past two weeks with lots of failed attempts. I've read almost all of the manuals regarding security and WLS and OSB.
Please respond with something from your experience, don't refer me to manuals :)
Thanks in advanceHi Faisal, thanks for the response.. here is what you asked for..
1- Webservice client is a Proxy Service in OSB server. And the Webservice is accessed through another system (IBM Datapower).
2- It's one way. Only my server needs to send it's certificate to them.
3- SSL debug is enabled. and here is the log: (I'll post config.xml in the following reply)
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <RuntimeRouterCache> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1288516674015> <BEA-000000> <1 hits received: 1 hits to main cache, 0 hits to soft cache, 0 misses.>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Info> <OSB Kernel> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1288516674078> <BEA-398202> <
[OSB Tracing] Outbound request was sent.
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Info> <Security> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1288516674078> <BEA-090888> <SSL client running within the server does not have a certificate; it will use the servers certificate.>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674078> <BEA-000000> <SSLContextManager: reusing SSL context of channel DefaultSecure>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674078> <BEA-000000> <SSLContextManager: loading server SSL identity>
Loading DemoIdentity successfully I suppose..####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674078> <BEA-000000> <Reusing cached identity certs for keystore C:\ORACLE~1\WLSERV~1.3\server\lib\DemoIdentity.jks, and alias DemoIdentity>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674078> <BEA-000000> <SSLSetup: loading trusted CA certificates>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674140> <BEA-000000> <clientInfo has new style certificate and key>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674171> <BEA-000000> <Filtering JSSE SSLSocket>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674171> <BEA-000000> <SSLIOContextTable.addContext(ctx): 3535296>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674171> <BEA-000000> <SSLSocket will be Muxing>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674171> <BEA-000000> <write SSL_20_RECORD>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674171> <BEA-000000> <isMuxerActivated: false>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <27491827 SSL3/TLS MAC>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <27491827 received HANDSHAKE>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <isMuxerActivated: false>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <27491827 SSL3/TLS MAC>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <27491827 received HANDSHAKE>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 721604240
Issuer:C=SA, O=MCIT, OU=Yesser, CN=gsb-s-dpr
Subject:C=SA, O=MCIT, OU=Yesser, CN=gsb-s-dpr
Not Valid Before:Sun Aug 10 14:23:33 GMT+03:00 2008
Not Valid After:Wed Aug 10 14:23:33 GMT+03:00 2011
Signature Algorithm:SHA1withRSA
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <validationCallback: validateErr = 0>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> < cert[0] = Serial number: 721604240
Issuer:C=SA, O=MCIT, OU=Yesser, CN=gsb-s-dpr
Subject:C=SA, O=MCIT, OU=Yesser, CN=gsb-s-dpr
Not Valid Before:Sun Aug 10 14:23:33 GMT+03:00 2008
Not Valid After:Wed Aug 10 14:23:33 GMT+03:00 2011
Signature Algorithm:SHA1withRSA
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <weblogic user specified trustmanager validation status 0>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <SSLTrustValidator returns: 0>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Trust status (0): NONE>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Performing hostname validation checks: XXXXXXXXXXX>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <isMuxerActivated: false>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <27491827 SSL3/TLS MAC>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <27491827 received HANDSHAKE>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <HANDSHAKEMESSAGE: CertificateRequest>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
The following line shows the message I was talking about!####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Returning no identity certificates, because certificate request message contains no CA names.>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <write HANDSHAKE, offset = 0, length = 7>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <........... Eating Exception ..........
java.security.NoSuchAlgorithmException: Algorithm MD5 not available
at javax.crypto.Mac.getInstance(DashoA13*..)
at com.certicom.tls.provider.Mac.getInstance(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.makeKeys(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.deriveKeys(Unknown Source)
at com.certicom.tls.ciphersuite.SecurityParameters.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.generateSecurityParameters(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.doRSAKE(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:249)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.setRequestPayload(HttpOutboundMessageContext.java:266)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.send(HttpOutboundMessageContext.java:302)
at com.bea.wli.sb.transports.http.HttpTransportProvider.sendMessageAsync(HttpTransportProvider.java:564)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.wli.sb.transports.Util﷼ 3.76 (﷼ 3.76 ($1.))invoke(Util.java:82)
at $P﷼ 3.76 ($1.)roxy49.sendMes﷼ 3.76 ()﷼ 3.76 ($1.)sageAsync(Unknown Source)
at com.bea.wli﷼ 3.76 ().sb.transports.﷼ 0 ($000)LoadBalanceFailoverLi﷼ 3.76 ($1.)stener.sendMessageAsync﷼ 0 ()(LoadBalanceFailoverListener.jav﷼ 3.76 ($1.)a:148)
at com.bea.w﷼ ﷼ 755.86 ($201)3.76 ()li.sb.transports.LoadBalanceFailoverList﷼ 7.52 ($2.)ener.sendMes﷼ 3.76 ()sageToServiceAsync(Loa﷼ 3.76 ($1.)dBalanceFailover﷼ 3.76 ($1.)Listener.java:543)
at com.bea.﷼ 755.86 ()wli.sb.t﷼ 3.76 ($1.)ransports.﷼ 0 ($000)LoadBalanceFailoverL﷼ 7.52 ()istener.sendMessageToService(Loa﷼ 3.76 ($1.)dB﷼ 3.76 ()alanceF﷼ 3.76 ($1.)ailoverListener.java:478)
at com.﷼ 3.76 ()bea.wli.sb.transports.TransportManage﷼ 755.86 ($201)rImp﷼ 3.76 ()l.sendMessageToService(﷼ 7.52 ($2.)TransportManagerImpl.java:544)
at c﷼ 0 ()om.bea.wli.sb.transports.TransportManagerImpl.sendMe﷼ 3.76 ()ssageAsync(TransportManagerImpl.java:422)
at com.be﷼ 3.76 ()a.wli.sb.pipeline.PipelineContextImpl.doDispatch(PipelineContextImpl.﷼ 755.86 ()java:583)
at com.bea.wli.sb.pipeline.﷼ 7.52 ()PipelineContextImpl.dispatch(PipelineContextImpl.java:498)
at stages.routing.runtime.RouteRuntimeStep.processMessage(RouteRuntimeStep.java:128)
at com.bea.wli.sb.pipeline.debug.DebuggerRuntimeStep.processMessage(DebuggerRuntimeStep.java:74)
at com.bea.wli.sb.stages.StageMetadataImpl$WrapperRuntimeStep.processMessage(StageMetadataImpl.java:346)
at com.bea.wli.sb.pipeline.RouteNode.doRequest(RouteNode.java:106)
at com.bea.wli.sb.pipeline.Node.processMessage(Node.java:67)
at com.bea.wli.sb.pipeline.PipelineContextImpl.execute(PipelineContextImpl.java:866)
at com.bea.wli.sb.pipeline.Router.processMessage(Router.java:191)
at com.bea.wli.sb.pipeline.MessageProcessor.processRequest(MessageProcessor.java:75)
at com.bea.wli.sb.pipeline.RouterManagerrun(RouterManager.java:508)
at com.bea.wli.sb.pipeline.RouterManagerrun(RouterManager.java:506)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:505)
at com.bea.wli.sb.test.service.ServiceMessageSender.send0(ServiceMessageSender.java:263)
at com.bea.wli.sb.test.service.ServiceMessageSender.access(ServiceMessageSender.java:68)
at com.bea.wli.sb.test.service.ServiceMessageSenderrun(ServiceMessageSender.java:125)
at com.bea.wli.sb.test.service.ServiceMessageSenderrun(ServiceMessageSender.java:123)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
at com.bea.wli.sb.test.service.ServiceMessageSender.send(ServiceMessageSender.java:128)
at com.bea.wli.sb.test.service.ServiceProcessor.invoke(ServiceProcessor.java:441)
at com.bea.wli.sb.test.TestServiceImpl.invoke(TestServiceImpl.java:169)
at com.bea.wli.sb.test.client.ejb.TestServiceEJBBean.invoke(TestServiceEJBBean.java:136)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.invoke(TestService_sqr59p_EOImpl.java:572)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:345)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_1030_WLStub.invoke(Unknown Source)
at com.bea.alsb.console.test.TestServiceClient.invoke(TestServiceClient.java:179)
at com.bea.alsb.console.test.actions.DefaultRequestAction.invoke(DefaultRequestAction.java:117)
at com.bea.alsb.console.test.actions.DefaultRequestAction.execute(DefaultRequestAction.java:70)
at com.bea.alsb.console.test.actions.ServiceRequestAction.execute(ServiceRequestAction.java:80)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
at com.bea.alsb.console.common.base.SBConsoleRequestProcessor.processActionPerform(SBConsoleRequestProcessor.java:91)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
at com.bea.alsb.console.common.base.SBConsoleRequestProcessor.process(SBConsoleRequestProcessor.java:191)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133)
at com.bea.alsb.console.common.base.SBConsoleActionServlet.doGet(SBConsoleActionServlet.java:49)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1129)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:687)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.processActionInternal(ScopedContentCommonSupport.java:142)
at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.processAction(StrutsStubImpl.java:76)
at com.bea.portlet.adapter.NetuiActionHandler.raiseScopedAction(NetuiActionHandler.java:111)
at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:181)
at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:167)
at com.bea.netuix.servlets.controls.content.NetuiContent.handlePostbackData(NetuiContent.java:225)
at com.bea.netuix.nf.ControlLifecyclevisit(ControlLifecycle.java:180)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:324)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:130)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:352)
at com.bea.netuix.nf.Lifecycle.runInbound(Lifecycle.java:184)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:159)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:199)
at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Will use default Mac for algorithm MD5>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674218> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674250> <BEA-000000> <Alert received from peer, notifying peer we received it: com.certicom.tls.record.alert.Alert@509382>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Warning> <Security> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1288516674250> <BEA-090497> <HANDSHAKE_FAILURE alert received from XXXXXXXXXXX. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674250> <BEA-000000> <close(): 13890207>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674250> <BEA-000000> <close(): 13890207>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Debug> <SecuritySSL> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288516674250> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 3535296>
####<Oct 31, 2010 12:17:54 PM GMT+03:00> <Info> <OSB Kernel> <rb1-esbtest-01> <AdminServer> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1288516674250> <BEA-398205> <
[OSB Tracing] Outbound request caused an exception
Service Ref = Yesser_MCI_CRService/BusinessService/YesserCR_Business
URI = https://XXXXXXXXXXX
Error Message = [Security:090497]HANDSHAKE_FAILURE alert received from XXXXXXXXXXX. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.
Payload = -
Using JSSE : "Invalid Netscape CertType extension for SSL client" Error
Hi all,
Im using the sample code given sun site for JSSE with Client Authentication. The sample as such it worked with the testkeys provided in that. But it didn't workout when I tried using other certificates.
Both client and server certificates I generated from our internal Netscape Certificate Manager.
Function of the server :
The server will read a private key from the given keystore and starts listening on a port. This server will server only GET request.
Function of the client :
The Client sends a GET request to the server and gets the response back.
I simply changed the key store name alone in the working sample code.
It is not working.
The Exception thrown on client side :
D:\users\Jp\java\jssesamples\sockets\client\class>java SSLSocketClientWithClientAuth1 localhost 1089 /urls
localhost
1089
/urls
java.net.SocketException: Software caused connection abort: socket write error
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at com.sun.net.ssl.internal.ssl.OutputRecord.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at SSLSocketClientWithClientAuth1.main(SSLSocketClientWithClientAuth1.java:119)
Exception thrown on server side :
D:\users\Jp\java\jssesamples\sockets\server\class>java ClassFileServer 1089 . TLS true
USAGE: java ClassFileServer port docroot [TLS [true]]
If the third argument is TLS, it will start as
a TLS/SSL file server, otherwise, it will be
an ordinary file server.
If the fourth argument is true,it will require
client authentication as well.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at ClassServer.getPath(ClassServer.java:162)
at ClassServer.run(ClassServer.java:109)
at java.lang.Thread.run(Thread.java:536)
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
... 17 more
error writing response: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExce
ption: Invalid Netscape CertType extension for SSL client
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.Certificate
Exception: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.e(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.DataOutputStream.writeBytes(DataOutputStream.java:256)
at ClassServer.run(ClassServer.java:128)
at java.lang.Thread.run(Thread.java:536)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension
for SSL client
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at ClassServer.getPath(ClassServer.java:162)
at ClassServer.run(ClassServer.java:109)
... 1 more
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
... 17 more
The Client code :
* @(#)SSLSocketClientWithClientAuth.java 1.5 01/05/10
* Copyright 1995-2002 Sun Microsystems, Inc. All Rights Reserved.
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
* -Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* Neither the name of Sun Microsystems, Inc. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import javax.security.cert.X509Certificate;
import java.security.KeyStore;
* This example shows how to set up a key manager to do client
* authentication if required by server.
* This program assumes that the client is not inside a firewall.
* The application can be modified to connect to a server outside
* the firewall by following SSLSocketClientWithTunneling.java.
public class SSLSocketClientWithClientAuth1 {
public static void main(String[] args) throws Exception {
String host = null;
int port = -1;
String path = null;
for (int i = 0; i < args.length; i++)
System.out.println(args);
if (args.length < 3) {
System.out.println(
"USAGE: java SSLSocketClientWithClientAuth " +
"host port requestedfilepath");
System.exit(-1);
try {
host = args[0];
port = Integer.parseInt(args[1]);
path = args[2];
} catch (IllegalArgumentException e) {
System.out.println("USAGE: java SSLSocketClientWithClientAuth " +
"host port requestedfilepath");
System.exit(-1);
try {
* Set up a key manager for client authentication
* if asked by the server. Use the implementation's
* default TrustStore and secureRandom routines.
SSLSocketFactory factory = null;
try {
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
char[] passphrase = "passphrase".toCharArray();
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
// ks.load(new FileInputStream("testkeys"), passphrase);
ks.load(new FileInputStream("clientkey"), passphrase);
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);
factory = ctx.getSocketFactory();
} catch (Exception e) {
throw new IOException(e.getMessage());
SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
* send http request
* See SSLSocketClient.java for more information about why
* there is a forced handshake here when using PrintWriters.
socket.startHandshake();
PrintWriter out = new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(
socket.getOutputStream())));
out.println("GET " + path + " HTTP/1.1");
/* Some internet sites throw bad request error for HTTP/1.1 req if hostname is not specified so the foll line */
out.println("Host: " + host);
out.println();
out.flush();
* Make sure there were no surprises
if (out.checkError())
System.out.println(
"SSLSocketClient: java.io.PrintWriter error");
/* read response */
BufferedReader in = new BufferedReader(
new InputStreamReader(
socket.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
out.close();
socket.close();
} catch (Exception e) {
e.printStackTrace();
The Server code :
* @(#)ClassFileServer.java 1.5 01/05/10
* Copyright 1995-2002 Sun Microsystems, Inc. All Rights Reserved.
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
* -Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* Neither the name of Sun Microsystems, Inc. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
import java.io.*;
import java.net.*;
import java.security.KeyStore;
import javax.net.*;
import javax.net.ssl.*;
import javax.security.cert.X509Certificate;
/* ClassFileServer.java -- a simple file server that can server
* Http get request in both clear and secure channel
* The ClassFileServer implements a ClassServer that
* reads files from the file system. See the
* doc for the "Main" method for how to run this
* server.
public class ClassFileServer extends ClassServer {
private String docroot;
private static int DefaultServerPort = 2001;
* Constructs a ClassFileServer.
* @param path the path where the server locates files
public ClassFileServer(ServerSocket ss, String docroot) throws IOException
super(ss);
this.docroot = docroot;
* Returns an array of bytes containing the bytes for
* the file represented by the argument <b>path</b>.
* @return the bytes for the file
* @exception FileNotFoundException if the file corresponding
* to <b>path</b> could not be loaded.
public byte[] getBytes(String path)
throws IOException
System.out.println("reading: " + path);
File f = new File(docroot + File.separator + path);
int length = (int)(f.length());
if (length == 0) {
throw new IOException("File length is zero: " + path);
} else {
FileInputStream fin = new FileInputStream(f);
DataInputStream in = new DataInputStream(fin);
byte[] bytecodes = new byte[length];
in.readFully(bytecodes);
return bytecodes;
* Main method to create the class server that reads
* files. This takes two command line arguments, the
* port on which the server accepts requests and the
* root of the path. To start up the server: <br><br>
* <code> java ClassFileServer <port> <path>
* </code><br><br>
* <code> new ClassFileServer(port, docroot);
* </code>
public static void main(String args[])
System.out.println(
"USAGE: java ClassFileServer port docroot [TLS [true]]");
System.out.println("");
System.out.println(
"If the third argument is TLS, it will start as\n" +
"a TLS/SSL file server, otherwise, it will be\n" +
"an ordinary file server. \n" +
"If the fourth argument is true,it will require\n" +
"client authentication as well.");
int port = DefaultServerPort;
String docroot = "";
if (args.length >= 1) {
port = Integer.parseInt(args[0]);
if (args.length >= 2) {
docroot = args[1];
String type = "PlainSocket";
if (args.length >= 3) {
type = args[2];
try {
ServerSocketFactory ssf =
ClassFileServer.getServerSocketFactory(type);
ServerSocket ss = ssf.createServerSocket(port);
if (args.length >= 4 && args[3].equals("true")) {
((SSLServerSocket)ss).setNeedClientAuth(true);
new ClassFileServer(ss, docroot);
} catch (IOException e) {
System.out.println("Unable to start ClassServer: " +
e.getMessage());
e.printStackTrace();
private static ServerSocketFactory getServerSocketFactory(String type) {
if (type.equals("TLS")) {
SSLServerSocketFactory ssf = null;
try {
// set up key manager to do server authentication
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
char[] passphrase = "passphrase".toCharArray();
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
// ks.load(new FileInputStream("testkeys"), passphrase);
ks.load(new FileInputStream("serverkey"), passphrase);
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);
ssf = ctx.getServerSocketFactory();
return ssf;
} catch (Exception e) {
e.printStackTrace();
} else {
return ServerSocketFactory.getDefault();
return null;
Could anyone help ?
thanks in advance
JayaprakashThe same thing.
I have found the place where the exception throws.
It is com.sun.net.ssl.internal.ssl.AVA class.
It has a constructor AVA(StringReader)
There is a check in this constructor of different certificate extensions
(if-else). If it sees no familiar extension it throws exception and handshake fails.
It is not difficult to fix this problem: just ignore unknown extension.
Everything works fine with this "improved" class (under VA 3.5).
But the problem is - the using of this class in applets.
How can I say the browser to use my "improved" class and not the one it downloaded with java plug-in? -
Working code snippet for JSSE 1.0.2
This code works only with JSSE 1.0.2. JSSE 1.0.1 has a bug I believe which give null cert chain
error when using client authorization.
Below is a java code snippet to create a SSL server and client sockets.
SocketsFactory.java
This class is an utility class which gets you the Secure Socket for server and the client.
It reads from the properties file.
public class SocketsFactory{
/** Creates a SSL client socket. It uses the properties obtained from the
* sslPropsFile to create the client socket.
* @param sslPropsFile The ssl properties file that contains information about the provider etc.
* @param host The host to connect to.
* @param port The port on which this socket should attempt to connect
* @throws IOException if there was any exceptions in creating the sockets or if the properties file
* was not found or corrupted.
* @return returns the socket that was created.
public static Socket createSecureSocket(final String sslPropsFile, String host,int port)throws IOException{
Properties props = readPropertiesFile(sslPropsFile);
SSLSocketFactory factory = null;
System.setProperty("javax.net.ssl.trustStore",(String)props.get("com.ibm.idmg.ssl.keyStore"));
//Getting a secure client socket using sun..
try {
addProvider(props);
// Set up a key manager for client authentication
// if asked by the server. Use the implementation's
// default TrustStore and secureRandom routines.
SSLContext ctx = getSSLContext(props);
factory = ctx.getSocketFactory();
catch (Exception e) {
e.printStackTrace();
throw new IOException(e.getMessage());
SSLSocket client =(SSLSocket)factory.createSocket(host, port);
client.startHandshake();
return client;
/** Creates a SSL server socket based on sun's implementation using JSSE. Uses the
* sslPropsFile to get the keystore used for validating certificates and their
* passwords.
* @param sslPropsFile The properties file containing SSL provider, key passwords etc.,
* @param port The port to which this socket should listen at.
* @throws IOException If the properties file was not found or it was corrupted or if there was any
* other errors while socket creation.
* @return the serversocket object.
public static ServerSocket createSecureServerSocket(final String sslPropsFile,int port) throws IOException{
Properties props = readPropertiesFile(sslPropsFile);
String trustStore = (String)props.get("com.ibm.idmg.ssl.keyStore");
System.setProperty("javax.net.ssl.trustStore",trustStore);
// Getting a sun secure server socket
SSLServerSocketFactory ssf = null;
try {
addProvider(props);
// set up key manager to do server authentication
SSLContext ctx = getSSLContext(props);
ssf = ctx.getServerSocketFactory();
} catch (Exception e) {
e.printStackTrace();
throw new IOException(e.getMessage());
SSLServerSocket socket = (SSLServerSocket)ssf.createServerSocket(port);
socket.setNeedClientAuth(true);
return socket;
* Internally used function to read a provider from the properties and
* add it as the current ssl provider. The properties should have the
* property <i>com.ibm.idmg.ssl.sslProvider</i> defined. Otherwise
* throws NullPointerException.
private static void addProvider(Properties props) throws Exception{
String provider = (String)props.get("com.ibm.idmg.ssl.sslProvider");
if (provider == null)
throw new NullPointerException("com.ibm.idmg.ssl.sslProvider is not specified!");
java.security.Security.addProvider((java.security.Provider)Class.forName(provider).newInstance());
* Internally used function to read a file and return it as java properties.
* It uses java.util.Properties. Throws FileNotFoundException if the file
* was not found. Otherwise returns the properties.
private static Properties readPropertiesFile(final String file) throws IOException{
if (file == null)
throw new IOException("SSL Context File name not specified!");
FileInputStream in = new FileInputStream(file);
Properties properties = new Properties();
properties.load(in);
in.close();
in = null;
return properties;
* Internal function used to retrieve a SSLContext object. It is used primarily
* for creating SSL sockets that can authenticate each other based on the
* keystores specified using the properties.
private static SSLContext getSSLContext(Properties props) throws Exception{
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
String password = (String)props.get("com.ibm.idmg.ssl.keyStorePassword");
if (password == null)
password = System.getProperty("javax.net.ssl.keyStorePassword");
char[] passphrase = password.toCharArray();
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
String keyStoreFile = (String)props.get("com.ibm.idmg.ssl.keyStore");
if (keyStoreFile == null)
keyStoreFile = System.getProperty("javax.net.ssl.keyStore");
FileInputStream in = new FileInputStream(keyStoreFile);
ks.load(in, passphrase);
in.close();
in = null;
// All keys in the KeyStore must be protected by the same password.
String keyPassword = (String)props.get("com.ibm.idmg.ssl.keyPassword");
if (keyPassword != null)
passphrase = keyPassword.toCharArray();
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);
return ctx;
The Server properties file looks like this.
# Specify the SSL provider here.
# Using sun's reference implementation for testing..
com.ibm.idmg.ssl.sslProvider=com.sun.net.ssl.internal.ssl.Provider
# Specify the keystore file that this ssl socket should use
com.ibm.idmg.ssl.keyStore=server.ks
# Specify the password for this keystore file
com.ibm.idmg.ssl.keyStorePassword=servercanpass
# Specify the password used to protect the keys in the keystore
# Note: all the keys should have the same password
com.ibm.idmg.ssl.keyPassword=icanpass
The client properties file
# Specify the SSL provider here.
# Using sun's reference implementation for testing..
com.ibm.idmg.ssl.sslProvider=com.sun.net.ssl.internal.ssl.Provider
# Specify the keystore file that this ssl socket should use
com.ibm.idmg.ssl.keyStore=client.ks
# Specify the password for this keystore file
com.ibm.idmg.ssl.keyStorePassword=clientshouldpass
# Specify the password used to protect the keys in the keystore
# Note: all the keys should have the same password
com.ibm.idmg.ssl.keyPassword=canipass
Now to create the certificates..
Its a 5 step process
1) Create the keystore file.
keytool -genkey -alias mohan -dname "CN=Mohan Tera OU=IS O=IM L=sanjose S=NY C=US" -keystore server.ks -storepass servercanpass -validity 180 -keypass icanpass
2) Create a self signed certificate. If you need to get it signed from
verisign then you have to create a certificate request. For testing purposes,
you can create a self signed certificate.
keytool -selfcert -alias mohan -dname "CN=Mohan Tera OU=IS O=IM L=sanjose S=NY C=US" -keystore server.ks -storepass servercanpass -validity 180 -keypass icanpass
3) Export the public key from the keystore to a certificate file that is to be imported to the client keystore.
keytool -export -alias mohan -file fromserver.cer -keystore server.ks -storepass servercanpass
4) Repeat the above steps for the client also..
a)
keytool -genkey -alias moks -dname "CN=Jennifer Poda OU=Javasoft O=Sun L=Edison S=NJ C=US" -keystore client.ks -storepass clientshouldpass -validity 180 -keypass canipass
b)
keytool -selfcert -alias moks -dname "CN=Jennifer Poda OU=Javasoft O=Sun L=Edison S=NJ C=US" -keystore client.ks -storepass clientshouldpass -validity 180 -keypass canipass
c)
keytool -export -alias moks -file fromclient.cer -keystore client.ks -storepass clientshouldpass
5) Import the certificates that were exported in steps 3 and 4c in client and server keystore respectively.
keytool -import -trustcacerts -alias new -file fromserver.cer -keypass keypass -storepass clientshouldpass -keystore client.ks
keytool -import -trustcacerts -alias new -file fromclient.cer -keypass keypass -storepass servercanpass -keystore server.ks
And voila you are all set to go..
Hope this explains to all the people who are struggling with JSSE..
Regards,
Mokswhen i using your method in my code i get the following exception
pl. help me.
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:301)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:103
at java.security.KeyStore.getKey(KeyStore.java:289)
at com.sun.net.ssl.internal.ssl.X509KeyManagerImpl.<init>(DashoA6275)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl.engineInit(DashoA6
275)
at javax.net.ssl.KeyManagerFactory.init(DashoA6275)
at ClassFileServer.getServerSocketFactory(ClassFileServer.java:145)
at ClassFileServer.main(ClassFileServer.java:115)
Exception in thread "main" java.lang.NullPointerException
at ClassFileServer.main(ClassFileServer.java:117) -
SSLSocket to support NIO - feature request voting
Hello All,
I know there were many discussions here regarding this subject.
I've seen the SSLEngine solution for the problem... But I didn't like it since it is too complicated.
For my understanding SSLSocket inherits Socket so an application that can handle Sockets should be able to handle SSLSocket without writing a specific code besides the factory.
NIO allows Socket to be none blocking... So why SSLSocket which is a Socket does not?
If I write a Web server in Java, why should I deal with none SSL and SSL connections in a different way?
I recently wrote one threaded NIO server and was amazed that I could not use SSL with the same implementation.
I've opened a feature request for Java, but they told me to gain support for this subject here before they will consider it...
As I understand I can re-implement SSLSocket to use SSLEngine and support NIO with blocking and none blocking support... But I think Sun should do it.
One caveat is to make sure that the SSLSocket HandshakeCompletedListener should be called by a daemon thread, so that it will not block other sockets while certificate verification occur.
Of course when I refer to SSLSocket I also refer to SSLServerSocket.
Can you please comment regarding this issue... Every comment will be welcomed!
Best Regards,
Alon Bar-Levnah, I am very glad they released an engine separate from transport allowing encryption on any transport.
I am also working on an abstraction of nio that you may be interested in if you don't want to do the security yourself......it is here...
http://sourceforge.net/projects/channelmanager
Right now, it only contains the api, but there are 3 implementations behind it right now with 3 to be added.
1. Basic implementation that does just nio
2. Secure implementation that implements same api and uses implementation 1
3. Packettizer implementation which puts things in payloads with headers and footers
4. (to be added) Threadpool implementation allowing a threadpool to be inserted in the stack somewhere
5. (to be added) TestProxy implementation allowing exxceptions to be thrown on purpopse to test a system on a bad network....can test failure on bind, connect, read, write, etc....everything.
6. denial of service layer.
7. Exception catch layer to protect #1 and #4 mainly from bad clients that throw exceptions back to the channelmanager.
Each one of these layers (2 - 4) implements the same api and uses the same api so 2 -4 are all proxies. You can reorganize the proxies as you want.
The secure one is almost done. Any comments on the api will be welcome.
thanks,
dean -
I've built somekind of advanced ftp server, and i would now like to add SSL or TLS on the server.
Implementing implicit SSL is easy. I used some SSL sockets, and everything was working fine.
But if i want to use TLS or explicit SSL, i have a problem.
With an SSL socket, any attemps to read/write with the streams initiate an handshake.
But an explicit SSL connection is done that way:
-> Connecting to myftpserver.com port 21
-> Connected to myftpserver.com
Server: Welcome to this nice ftp
Server: Enjoy this nice server
-> AUTH SSL
Server: 234 AUTH SSL successful
-> Now negociating SSL session...
So, as u can see, some data(welcome msg, AUTH SSL command, etc) are exchanged BEFORE the SSL negociation.
I dont know how to do that since "any attemps to read/write with the streams initiate an handshake"
I hope someone will be able to help me :)
DundeeWhat's wrong with my code then?You must make sure, before trying to send the first encrypted text, that both side are ready to negociate SSL.
I'm pretty sure your problem is about that.
Did you write both side (client and server) or only the client side?
Because if you are the author of the server side, you must also make sure the server will act as the server during the SSL negociation ( ((SSLSocket)s).setUseClientMode(false)).
So far, my understanding - based on my experimentation:
The client must ask to the server to start SSL communication, but MUST wait for the server to say it is ready before creating the SSL layer. This mean the client send - over the unencrypted communication - a command saying to the server: "i want to start to talk to you over SSL". Then the server answer "Ok, ,i'm ready". Then, and only then, the client create the SSL socket (over the already connected socket - as you seem to have done) and start the SSL negociation. By the way, it is not necessary to call SSLSocket.startNegotiate() explicitly, it will be called when sending the first block of data for the new SSL session.
I'm not sure if I made it clear. But I think the problem - the reason why you get the HandshakeException - is because the client try to negotiate SSL before the server is ready to accept SSL negotiation - maybe this should have been the only sentence of my answer ;-).
About the use of SSLContext; I feel that it only have value if you want to use your own customized X509TrustManager or X509KeyManager. For me, I found it very useful because my server certificate may not be valid as per the default validation algorithm. But basicly we can use the SSLContext the following way:
/* The creation of a KeyManager is a story in itself.
* The way I used it is to specify in my program the KeyStore to be used.
* I think it can be specified in other ways (-D java argument, for exemple).
* For now I not sure how useful it can be for the client side. (sorry)
KeyManager[] myKeyManagers= ....
/* The TrustManager give you the opportunity to do your own validation
* of the server / client - depending on the situation - certificate.
* For now, I don't know how to use TrustManager and KeyManager
* together.
TrustManager[] myTrustManager= new TrustManager[] {new MyX509TrustManager()};
/* The Key and Trust managers created above, can be used to initialize
* the SSL context below.
SSLContext context= SSLContext.getInstance("SSL");
/* Initialize the context with your customized managers.
* Note that all parameters are optional - they can be "null".
* You only specify those you have customized.
context.init( myKeyManager, myTrustManager, null);
/* Then later I can get my SSL socket factory, which will use my
* own customized key and trust manager and secure random.
SSLServerSocketFactory sslSSF= context.getServerSocketFactory();
SSLSocketFactory sslSF= context.getSocketFactory();I found an article in this forum about TrustManager.... seem very promising.
Hope this will help.
Hugues -
How to use SSLSocket on midlet ???
I am writting a midlet that need a SSLSocket to connect to a server. I am looking for a method or a framework that provide the SSLSocket connection in J2me. Anyone can help me, please.
Thank you in advance.I am writting a midlet that need a SSLSocket to connect to a server. I am looking for a method or a framework that provide the SSLSocket connection in J2me. Anyone can help me, please.
Thank you in advance. -
Hi everyone,
Scenario :
I want to securise a web service with SSL.
I want to call this web service with Java standalone class (not servlet, JSP,...).
Here is what I've done :
1) I created a web service with "Secure SOAP" option.
2) I created a <u>Standalone Proxy</u>.
3) I created a Java Standalone client and tried to call the web service.
Here is the code :
public static void main(String[] args) {
try {
Hello1WebServiceImpl service = new Hello1WebServiceImpl();
Hello1WebServiceViDocument port = (Hello1WebServiceViDocument)service.getLogicalPort();
System.out.println(port.sayHello1());
} catch (Exception e) {
e.printStackTrace();
Here is the exception :
java.rmi.RemoteException: Service call exception; nested exception is:
java.net.ConnectException: Connection timed out: connect
at com.proxy.Config1BindingStub.sayHello1(Config1BindingStub.java:80)
at com.proxy.Config1BindingStub.sayHello1(Config1BindingStub.java:88)
at SampleComponent.main(SampleComponent.java:23)
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
at java.net.Socket.connect(Socket.java:452)
at java.net.Socket.connect(Socket.java:402)
at java.net.Socket.<init>(Socket.java:309)
at java.net.Socket.<init>(Socket.java:124)
at iaik.security.ssl.SSLSocket.<init>(Unknown Source)
at com.sap.engine.services.webservices.jaxm.soap.SSLUtilImpl.createSSLSocket(SSLUtilImpl.java:43)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initStreamsFromSocket(HTTPSocket.java:500)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initializeStreams(HTTPSocket.java:422)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getOutputStream(HTTPSocket.java:384)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.getRequestStream(HTTPTransport.java:337)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.outputMessage(MimeHttpBinding.java:433)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1117)
at com.proxy.Config1BindingStub.sayHello1(Config1BindingStub.java:73)
... 2 more
Can someone please tell me the steps I must follow ?
Thanks in advance.
Message was edited by: David FrydaIve ran into similar proples using normal ssl over http and the issues were with my environmet configuration ... yours may be with somthing totally different... but i fixed my probs by adding the folling code before creating the connection.
java.security.Provider provider[] =
java.security.Security.getProviders();
for (int i = 0; i < provider.length; i++) {
java.security.Security.removeProvider(
provider<i>.getName());
java.security.Security.insertProviderAt(
new com.sun.net.ssl.internal.ssl.Provider(), 2);
java.security.Security.insertProviderAt(
new sun.security.provider.Sun(), 1);
System.setProperty(
"java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
you can also accomplish this by modifying the java.security file found in \jre\lib\security directory.
Also because this is a stand alone app be sure to have all the necessary jar files in you classpath ... you can accomplish this by using the -classpath option when calling your program or by moving the files into you \bin\lib\ext directory;
Maybe you are looking for
-
Connecting to a data projector
I am going to be traveling and using a data projector to display things from my new macbook pro. I want to know if there is an additional cable I need to connect to a standard data projector that is typically connected to a computer by a cord with a
-
Availability check with storage location
Hi experts, I have one problem in availability check.I will explain in steps. There are two storage locations RMMU: main storage location where GR will happen from vendor. WPMU:WIP storage location from where material will be issued to production ord
-
What is the shortcut to activate the tab list drop-down?
I seem to remember I used to use a keyboard shortcut to activate the tab list drop-down, instead of clicking on the downward arrow. Can someone tell me if it still exists and what it is?
-
Everything is fine with the iPad but can't send mail on cellular.
I bought a new iPad with the Three 3G sim. I have broadband in the office through Orange and have synced the 2 all seems o.k. When in the office I can send and receive on wi-if, when in the middle of nowhere I can still receive, browse the web but ca
-
IPhoto not synching all photos to iPhone 4S
When I try to sync iPhoto to my iPhone 4S it will not sync all the photos it says see iTunes for more information, but on my iPad 4th Gen it syncs all photos no problem any help will be appreciated