security - What do I need to get SSL sockets (SslRMIServerSocketFactory/SslRMIClientSocketFactory)? -

hy, want sslrmiserversocketfactory/sslrmiclientsocketfactory secure rmi calls. mutual way these when client authentication necessary (keystores, certificates, ..)? need generate/ship?

edit: secured communication rmi server , client authentication , self-signed certificates. works on machine. submitted certificates, truststores , keystores repository, won't work on other machines. suggested migration broke keystore, can't figure out why? have idea? edit: here finish stacktrace

java.rmi.connectioexception: exception creating connection to: localhost; nested exception is:  java.net.socketexception: java.security.nosuchalgorithmexception: error constructing implementation (algorithm: default, provider: sunjsse, class: com.sun.net.ssl.internal.ssl.defaultsslcontextimpl)  java.rmi.connectioexception: exception creating connection to: localhost; nested exception is: java.net.socketexception: java.security.nosuchalgorithmexception: error constructing implementation (algorithm: default, provider: sunjsse, class: com.sun.net.ssl.internal.ssl.defaultsslcontextimpl)  @ sun.rmi.transport.tcp.tcpendpoint.newsocket(tcpendpoint.java:614)  @ sun.rmi.transport.tcp.tcpchannel.createconnection(tcpchannel.java:198) @ sun.rmi.transport.tcp.tcpchannel.newconnection(tcpchannel.java:184) @  sun.rmi.server.unicastref.newcall(unicastref.java:322)  @  sun.rmi.registry.registryimpl_stub.lookup(unknown source)  @  com.uc4.webui.sla.monitoring.slamonitoringaccessservice.<init>(slamonitoringaccessservice.java:40) @  sun.reflect.nativeconstructoraccessorimpl.newinstance0(native method)  @  sun.reflect.nativeconstructoraccessorimpl.newinstance(nativeconstructoraccessorimpl.java:39) @  sun.reflect.delegatingconstructoraccessorimpl.newinstance(delegatingconstructoraccessorimpl.java:27) @  java.lang.reflect.constructor.newinstance(constructor.java:513)  @  java.lang.class.newinstance0(class.java:355)  @ java.lang.class.newinstance(class.java:308)  @  org.eclipse.equinox.internal.ds.model.servicecomponent.createinstance(servicecomponent.java:457) @      org.eclipse.equinox.internal.ds.model.servicecomponentprop.createinstance(servicecomponentprop.java:264) @  org.eclipse.equinox.internal.ds.model.servicecomponentprop.build(servicecomponentprop.java:325) @  org.eclipse.equinox.internal.ds.instanceprocess.buildcomponent(instanceprocess.java:588) @  org.eclipse.equinox.internal.ds.instanceprocess.buildcomponents(instanceprocess.java:196) @  org.eclipse.equinox.internal.ds.resolver.buildnewlysatisfied(resolver.java:441) @  org.eclipse.equinox.internal.ds.resolver.enablecomponents(resolver.java:213) @  org.eclipse.equinox.internal.ds.scrmanager.performwork(scrmanager.java:800) @  org.eclipse.equinox.internal.ds.scrmanager$queuedjob.dispatch(scrmanager.java:767) @  org.eclipse.equinox.internal.ds.workthread.run(workthread.java:89)  @  java.lang.thread.run(thread.java:662) caused by:  java.net.socketexception: java.security.nosuchalgorithmexception: error constructing implementation (algorithm: default, provider: sunjsse, class: com.sun.net.ssl.internal.ssl.defaultsslcontextimpl)  @  javax.net.ssl.defaultsslsocketfactory.throwexception(sslsocketfactory.java:179) @  javax.net.ssl.defaultsslsocketfactory.createsocket(sslsocketfactory.java:192) @  javax.rmi.ssl.sslrmiclientsocketfactory.createsocket(sslrmiclientsocketfactory.java:105) @  sun.rmi.transport.tcp.tcpendpoint.newsocket(tcpendpoint.java:595 )  ... 22 more caused by:  java.security.nosuchalgorithmexception: error constructing implementation (algorithm: default, provider: sunjsse, class: com.sun.net.ssl.internal.ssl.defaultsslcontextimpl)  @  java.security.provider$service.newinstance(provider.java:1245)  @  sun.security.jca.getinstance.getinstance(getinstance.java:220)  @  sun.security.jca.getinstance.getinstance(getinstance.java:147)  @  javax.net.ssl.sslcontext.getinstance(sslcontext.java:125)  @  javax.net.ssl.sslcontext.getdefault(sslcontext.java:68)  @  javax.net.ssl.sslsocketfactory.getdefault(sslsocketfactory.java:102)  @  javax.rmi.ssl.sslrmiclientsocketfactory.getdefaultclientsocketfactory(sslrmiclientsocketfactory.java:192) @  javax.rmi.ssl.sslrmiclientsocketfactory.createsocket(sslrmiclientsocketfactory.java:102) ... 23 more caused by:  java.io.ioexception: invalid keystore format  @  sun.security.provider.javakeystore.engineload(javakeystore.java:633)  @  sun.security.provider.javakeystore$jks.engineload(javakeystore.java:38) @  java.security.keystore.load(keystore.java:1185)  @  com.sun.net.ssl.internal.ssl.defaultsslcontextimpl.getdefaultkeymanager(defaultsslcontextimpl.java:150) @  com.sun.net.ssl.internal.ssl.defaultsslcontextimpl.<init>(defaultsslcontextimpl.java:40) @  sun.reflect.nativeconstructoraccessorimpl.newinstance0(native method)  @  sun.reflect.nativeconstructoraccessorimpl.newinstance(nativeconstructoraccessorimpl.java:39) @  sun.reflect.delegatingconstructoraccessorimpl.newinstance(delegatingconstructoraccessorimpl.java:27) @  java.lang.reflect.constructor.newinstance(constructor.java:513)  @  java.lang.class.newinstance0(class.java:355)  @ java.lang.class.newinstance(class.java:308)  @  java.security.provider$service.newinstance(provider.java:1221)  ... 30 more

my platform windows 7 and

java version "1.6.0_22" java(tm) se runtime environment (build 1.6.0_22-b04) java hotspot(tm) 64-bit server vm (build 17.1-b03, mixed mode)

here keytool command used generation:

keytool -genkeypair -keyalg rsa -validity 3650 -keystore bundlekeystore.jks keytool -export -keystore bundlekeystore.jks -rfc -file bundlecertificate.cer keytool -import -file standalonecertificate.cer -keystore truststore.jks

your need export remote objects using instances of each of classes, configured appropriately according special requirements enabled protocols , cipher suites if any. your server needs private key , signed certificate in keystore. if it's self-signed certificate, needs exported there , imported client's truststore. your client needs private key , signed certificate in keystore. if it's self-signed certificate, needs exported there , imported servers's truststore. if certificates signed recognized ca can omit parts involving truststores. if client has special requirements protocols or cipher suites needs set scheme properties described sslrmiclientsocketfactory. if want secure registry have take several additional steps post here if ask, obvious if have @ locateregistry.createregistry()/getregistry() overloads take socket mill parameters.

security authentication ssl rmi

Search This Blog

JC

security - What do I need to get SSL sockets (SslRMIServerSocketFactory/SslRMIClientSocketFactory)? -

Comments

Post a Comment

Popular posts from this blog

iphone - Dismissing a UIAlertView -

intellij idea - Update external libraries with intelij and java -

javascript - send data from a new window to previous window in php -