I am trying to implement a SSL socket between an Android App and a Python API.
The code below...
SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
Socket s = ssf.createSocket("10.0.2.2", 5001);
DataOutputStream myDataOut = new DataOutputStream(s.getOutputStream());
myDataOut.writeUTF("Hello Server");
myDataOut.flush();
myDataOut.close();
s.close();
doesn't work as you can see:
590.0750 - Establishing connection to ('127.0.0.1', 50888)
590.0970 - Error while connecting
590.0970 - Error information: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:590)
I believe it doesn't because I am not specifying the certificate.
See a Python working example of client:
import socket, ssl, pprint
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(s,
ca_certs="server.crt",
cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect(('localhost', 5001))
print repr(ssl_sock.getpeername())
print ssl_sock.cipher()
print pprint.pformat(ssl_sock.getpeercert())
ssl_sock.write("Hello from the client...")
How can I specify the certificate in Java like I did in Python?
Taken that I understood you right, this answer to a related question might be interesting for you. It describes the ways of specififying the certifications.
Related
I have a site certificate ('tls_connection_cert') for TSL connection and a private certificate ('private_cert.p12') for authentication. Whenever I want to make connection in dart I get an error SSLV3_ALERT_HANDSHAKE_FAILURE(tls_record.cc:586) with no extra information.
Dart code:
SecurityContext context = new SecurityContext(withTrustedRoots: true)
..setTrustedCertificates('tls_connection_cert')
..usePrivateKey('private_cert.p12', password: 'password');
await SecureSocket.connect(
"service_host", 9002, context: context, onBadCertificate: _onSelfSignedCertificate).then((socket) {
print('Connected to: '
'${socket.remoteAddress.address}:${socket.remotePort}');
socket.destroy();
});
I already uses his service with a JAVA code which work perfectly, with no errors. The service in question is already used by the java code for 3 years now.
Java code:
KeyManager[] privateCert; // private_cert.p12
TrustManager[] publicCert; // tls_connection_cert
SSLContext ssl = SSLContext.getInstance("TLS");
ssl.init(privateCert.getKeyManagers(), publicCert.getTrustManagers(), null);
SSLSocket socket = (SSLSocket)ssl.getSocketFactory().createSocket("service_host", 9002);
socket.startHandshake();
socket.close();
Online service only allow TLSv1.2. Project is a Flutter project build in Android Studio on Windows 10 machine.
How can I found what’s wrong with dart code?
I'm trying to use firebase to authenticate my users via Google. On my Java server I'm verifying the validity of the idToken and every time I get this error:
com.google.firebase.auth.FirebaseAuthException: Error while verifying token signature.
I identified the problem as being the proxy of my server that avoid the http requests made by the sdk. I tested my code on my computer and it works so I'm pretty sure the problem is the proxy.
Here is my code:
InputStream serviceAccount = getClass().getClassLoader().getResourceAsStream(<fileName>);
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(<address>, <port>));
HttpTransport httpTransport = new NetHttpTransport.Builder().setProxy(proxy).build();
HttpTransportFactory httpTransportFactory = () -> httpTransport;
FirebaseOptions options = new FirebaseOptions.Builder()
.setCredentials(GoogleCredentials.fromStream(serviceAccount, httpTransportFactory))
.setDatabaseUrl(<adress>)
.setHttpTransport(httpTransport)
.build();
FirebaseApp.initializeApp(options);
FirebaseToken decodedToken = FirebaseAuth.getInstance().verifyIdTokenAsync(<token>).get();
What am I doing wrong ?
I believe this is a bug. As you can see here, the token verifier does not use the HTTP transport injected through options. I'd appreciate if you can create an issue for this on GitHub.
In the meantime, you might be able to get around this limitation by configuring the HTTP/S proxy for the JVM. Try setting the https.proxyHost and https.proxyPort system properties when starting the JVM (more details here).
I've faced the same problem, and still waiting for a greater solution.
In the meantime, I've decompiled the WebSocket class (com.google.firebase.database.tubesock.WebSocket), and created an underlying socket by myself, then droped this decompiled class in a new package in my project: com.google.firebase.database.tubesock.
The creation of the SSLSocket is around the line 295 of this class.
I've created the socket this way:
SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
InetSocketAddress proxyAddr = new InetSocketAddress("200.5.92.169", 8080);
Socket underlying = new Socket(new Proxy(Proxy.Type.HTTP, proxyAddr));
underlying.connect(new InetSocketAddress(host, port));
SSLSocket sslSocket = (SSLSocket) factory.createSocket(underlying, host, port, true);
Can anybody tell how we interact with security enables Riak KV Cluster using java client.
I tried with following java code to interact with security enabled riak cluster, but getting SSLEngine Problem, Below is the java code ......
InputStream inputStream = null;
KeyStore ks = null;
try {
inputStream = new FileInputStream("/etc/ssl/certs/rootCA.pem");
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate caCert = (X509Certificate) certFactory.generateCertificate(inputStream);
inputStream.close();
ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, "password".toCharArray());
ks.setCertificateEntry("cacert", caCert);
} catch (Exception e) {
e.printStackTrace();
}
synchronized (RiakConfig.class) {
List<RiakNode> riakNodeList = new ArrayList<RiakNode>();
for (final String riakServer : riakServerArray) {
RiakNode node = new RiakNode.Builder()
.withMinConnections(10)
.withMinConnections(50)
.withRemoteAddress(riakServer.split(":")[0])
.withRemotePort(Integer.parseInt(riakServer.split(":")[1]))
.withAuth("riakuser", "riakuser", ks)
.build();
riakNodeList.add(node);
}
cluster = new RiakCluster.Builder(riakNodeList).build();
cluster.start();
}
suggenst anyone how we do that???
getting SSLEngine Problem
Please, always provide the specific problem you are getting. "getting SSLEngine Problem" is a useless bit of information.
Based on this document it appears you are using the correct steps. Without more information about the security issue you are getting, further help is impossible. Most likely you do not have your certificates set up correctly. The RabbitMQ documentation includes a comprehensive TLS/SSL troubleshooting guide that can help you determine if your certificates were created correctly.
Additionally, I suggest that you review how the Riak Java Client sets up certificates and then uses them.
This part of the Makefile is where certs are imported with keytool:
https://github.com/basho/riak-java-client/blob/develop/Makefile#L43-L62
This is a class that uses the key store to create connections for use in tests:
https://github.com/basho/riak-java-client/blob/develop/src/test/java/com/basho/riak/client/core/operations/itest/RiakJKSConnection.java
Achually this is working fine for single node, in cluster i am facing SSL Engine Problem.
I am using Apache Commons Net's POP3 support to retrieve emails from my Gmail inbox. I use the following code to open a connecting with Gmail's POP3 server:
String server = "pop.gmail.com";
String username = "<my gmail>";
String password = "<my password>";
POP3Client pop3 = new POP3Client();
pop3.setDefaultTimeout(15000);
pop3.addProtocolCommandListener(new PrintCommandListener(new PrintWriter(System.out), true));
System.out.println("Connecting...");
try {
pop3.connect(server, 995);
} catch (IOException e) {
e.printStackTrace();
System.exit(1);
}
But this causes the following error:
java.io.EOFException: Connection closed without indication.
at org.apache.commons.net.pop3.POP3.__getReply(POP3.java:117)
at org.apache.commons.net.pop3.POP3._connectAction_(POP3.java:153)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:189)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:209)
at com.sms.POP3Mail.main(POP3Mail.java:66)
Why is this happening, and how can I fix it?
You need to set the implicit flag in the constuctor to connect to Gmail and use the POP3SClient:
POP3SClient pop3 = new POP3SClient(true);
I found the problem. Google requires SSL when using POP3. I added SSL authentication and it's all good now.
Hi do any one having idea about setting setEnabledProtocols other than java code
SSLSocket.setEnabledProtocols(newProtocol);
Because in our web service code we couldn't find any socket connection.
Thanks in advance. Appreciate your help if you guide me in setting dynamic UNIX java command.
Like that:
SSLContext context = SSLUtils.createSSLContext();
// Connect to the tracer
SSLSocketFactory factory = context.getSocketFactory();
SSLSocket sslSocket = (SSLSocket)factory.createSocket(endpointId.getHostName(),
endpointId.getPort());
// Enable TLS protocols
SSLParameters params = new SSLParameters();
params.setProtocols(new String[] {"TLSv1", "TLSv1.1","TLSv1.2"});
sslSocket.setSSLParameters(params);
// Initialize the SSL handshake
sslSocket.startHandshake();
I have used System.setproperty("https.protocol","SSLv3"); and now its working fine.