When using a custom X509KeyManager Java is not able to determine a matching cipher suite for the SSL handshake

后端未结

关注

 2  1038

爱一瞬间的悲伤

I\'m working with Java7 and JAX-WS 2.2.

For a SOAP web service I need to create a custom X509KeyManager in order to find the correct certificate for eac

相关标签:

2条回答

误落风尘

2021-01-03 19:42
After a few days of trial & error I finally found my mistake!

In Java 7 a custom key manager should extend the X509ExtendedKeyManager which forces you to implement five methods of the interface X509KeyManager. However, there are two additional methods in the class X509ExtendedKeyManager which are not declared as abstract but must be overwritten for proper usage:
- chooseEngineClientAlias(String[], Principal[], SSLEngine)
- chooseEngineServerAlias(String, Principal[], SSLEngine)
After overwriting and implementing the methods by delegating the call to my originalKeyManager (which became of type X509ExtendedKeyManager as well) the SSL handshake finally succeeded.
0 讨论(0)
发布评论:

提交评论
- 加载中...

迷失自我

2021-01-03 19:43

It appears that you don't read keyfile anywhere in the code snippet. This is the reason of SSL_NULL_WITH_NULL_NULL. I suggest you implement X509KeyManager and read the file in constructor, so it can be used letter to select appropriate key. Something down this line (not all required methods depicted for the sake of short answer):

public class CustomX509KeyManager implements X509KeyManager
{
   private final KeyStore keyStore;
   private final String alias;
   private final char[] password;

   public CustomX509KeyManager(final String keyStoreFile, final char[] password, final String alias)
    throws IOException, GeneralSecurityException
   {
       this.alias = alias;
       this.password = password;
       synchronized(keyStoreFile)
       {
          InputStream stream = new FileInputStream(keyStoreFile);
          keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
          keyStore.load(stream, password);
          stream.close();
       }
   }

   @Override
   public PrivateKey getPrivateKey(String alias)
   {
       try {
           return (PrivateKey) keyStore.getKey(alias, password);
       } catch (Exception e) {
            e.printStackTrace();
            return null;
       }
    }

    @Override
    public X509Certificate[] getCertificateChain(String alias)
    {
        try {
            java.security.cert.Certificate[] certs = keyStore.getCertificateChain(alias);
            if (certs == null || certs.length == 0)
                return null;
            X509Certificate[] x509 = new X509Certificate[certs.length];
            for (int i = 0; i < certs.length; i++)
                x509[i] = (X509Certificate)certs[i];
            return x509;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }          
    }

}

and then use it like

sslContext.init(new X509KeyManager[] { 
                    new CustomX509KeyManager(keyStoreFile, 
                        keyStorePass.toCharArray(), alias) }, null, null);

0 讨论(0)