All geek questions in one place

NoSuchAlgorithException SSL metadata Java code

I'm working on a project that I want to add SSL to, so I created a simple test client / server implementation to see if it works, and I get a NoSuchAlgorithmException. The following is the server code that throws the exception:

import java.io.*; import java.net.*; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import javax.net.ssl.*; public class SslServer { private static final int PORT = 5555; public static void main(String[] args) { SecureRandom sr = new SecureRandom(); sr.nextInt(); try { //client.public is the keystore file that holds the client public key (created with keytool) KeyStore clientKeyStore = KeyStore.getInstance("JKS"); clientKeyStore.load(new FileInputStream("client.public"), "clientpublicpw".toCharArray()); //server.private is the key pair for the server (created with keytool) KeyStore serverKeyStore = KeyStore.getInstance("JKS"); clientKeyStore.load(new FileInputStream("server.private"), "serverprivatepw".toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(clientKeyStore); //This next line is where the exception occurs KeyManagerFactory kmf = KeyManagerFactory.getInstance("TLS"); kmf.init(serverKeyStore, "serverprivatepw".toCharArray()); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr); SSLServerSocketFactory sf = sslContext.getServerSocketFactory(); SSLServerSocket ss = (SSLServerSocket)sf.createServerSocket(SslServer.PORT); ss.setNeedClientAuth(true); BufferedReader in = new BufferedReader(new InputStreamReader(ss.accept().getInputStream())); String line = null; while((line = in.readLine()) != null) { System.out.println(line); } in.close(); ss.close(); } catch (IOException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (UnrecoverableKeyException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } } }

I get a stack:

 java.security.NoSuchAlgorithmException: TLS KeyManagerFactory not available at sun.security.jca.GetInstance.getInstance(Unknown Source) at javax.net.ssl.KeyManagerFactory.getInstance(Unknown Source) at SslServer.main(SslServer.java:32)

I tried replacing β€œTLS” with β€œSSL” and I still have the same exception. It didn't make sense to me. How are TLS and SSL not supported? This is my first time trying to implement SSL, and it seems hard to find good resources about this with code examples that are well explained. Can someone tell me why I get this exception or point out something wrong with my code?

+6
source share
3 answers

There are a number of problems:

  • It is called TLS (Transport Layer Security), not TSL (for SSLContext ).
  • I would suggest using the default value here: TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) (default will be PKIX in Oracle JRE`)
  • ( EDIT:) The default value of KeyManagerFactory is SunX509 ( TLS does not exist here). Again, use getDefaultAlgorithm() .
  • You must close your FileInputStream after FileInputStream them.
  • It is not clear why you have both the client and the server keystore in one place. These should be two programs: one for the client and the server (and setNeedClientAuth(true) is only useful on the server side). It would be clearer to call it something other than a β€œclient store” if this is your keystore. (Also, since you seem to be learning how to do this work, I will first try without authentication on the client certificate, in which case the server does not need to be trusted: use null as the second parameter of SSLContext.init(...) so that use the default value.)
  • DO NOT give the server keystore to the client. Just export your certificate to a new keystore, which you will use as a trust store. Each object (client and server) should store private private keys.
  • This is not so much the public key of the (only) remote side that you want in your trust store: it will be its certificate. Make sure that you not only import your public key, but the entire certificate.
  • To clarify, save the appropriate extensions in your files: use .jks for your JKS repository, this will save you from headaches later.
  • You can use null for SecureRandom in SSLContext.init(...) : this will use the default value according to the security provider.

Something like this should work better:

 KeyStore trustStore = KeyStore.getInstance("JKS"); InputStream tsis = new FileInputStream("trustedcerts.jks"); trustStore.load(tsis, "clientpublicpw".toCharArray()); tsis.close(); KeyStore serverKeyStore = KeyStore.getInstance("JKS"); InputStream ksis = new FileInputStream("server.jks"); clientKeyStore.load(ksis.close(), "serverprivatepw".toCharArray()); ksis.close(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(serverKeyStore, "serverprivatepw".toCharArray()); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); SSLServerSocketFactory sf = sslContext.getServerSocketFactory(); SSLServerSocket ss = (SSLServerSocket)sf.createServerSocket(SslServer.PORT); ss.setNeedClientAuth(true);
+15
source

See http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SupportClasses for examples and for the names of the supported algorithm. It seems that "SunX509" and "NewSunX509" are the algorithms supported by KeyManagerFactory. And the protocol is called TLS, not TSL.

+2
source

The correct SSLContext name is "TLS". A list of standard algorithm names can be found here.

+1
source

Source: https://habr.com/ru/post/906504/

More articles:


All Articles