-
Bug
-
Resolution: Fixed
-
P2
-
1.4.0
-
hopper
-
x86
-
generic
We are currently running our Java applet using JSSE 1.0.2 with JDK 1.3.1_01 plugin in our production systems. I am in the process of qualifying the application to be running with JDK 1.4 plugin , I am seeing the following issues.
1. Having built in 1.3.1_01, when I am running in JDK 1.4 , I am getting
java.lang.ClassCastException: [Ljava.lang.Object;
at com.sun.net.ssl.KeyManagerFactorySpiWrapper.engineGetKeyManagers(DashoA6275)
at com.sun.net.ssl.KeyManagerFactory.getKeyManagers(DashoA6275)
When I deleted the jsse.jar file in JDK 1.4 , it works fine as it loads the jars from the previous version of JSSE libraries in my CLASSPATH.
This is a compatibility issue as the applet works with 1.4 plugin when compiled with JDK 1.4. (When I built with JDK 1.4, I removed the JSSE 1.0.2 libraries as they are built in to JDK 1.4)
Here is the code:
private static SSLSocket _createSSLSocket (String host, int port)
throws Exception{
SSLSocket socket = null;
try {
//Dynamically loading SUN JSSE Provider..
com.sun.net.ssl.internal.ssl.Provider p = new
com.sun.net.ssl.internal.ssl.Provider();
Security.addProvider(p);
_providerName = p.getName();
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
//Loading Server Certificate... ( public key certificate )
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream stream;
String certPath = "/com/emc/navisphere/commapi/cert/clar_ssl.cert";
URL certURL = JNfxHTTPConnectionPool.class.getResource(certPath);
if (certURL.getProtocol().equalsIgnoreCase("file")) {
stream = new FileInputStream(certURL.getPath());
}
else { // http protocol
JarURLConnection c = (JarURLConnection) certURL.openConnection();
c.connect();
stream = c.getInputStream();
}
//KeyStore instance
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
//TrustManagerFactory
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SUNX509");
java.security.cert.X509Certificate the_cert =
(java.security.cert.X509Certificate)
cf.generateCertificate(stream);
ks.setCertificateEntry("server", the_cert);
tmf.init(ks);
//SSLContext initialization
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
KeyManager[] km = kmf.getKeyManagers(); // this is the line that fails
TrustManager[] tm = tmf.getTrustManagers();
ctx.init(null, tm, null);
// connection part
SSLSocketFactory factory = ctx.getSocketFactory();
socket = (SSLSocket)factory.createSocket(host, port);
//to see what cipherSuites are supported. ( for debug )
//String cipherSuitesArr[] = socket.getEnabledCipherSuites();
socket.setSoTimeout(30000);
socket.startHandshake();
}
catch(Exception e)
{
e.printStackTrace();
JNfxLog.ERROR(e.getMessage(),
"JNfxHTTPConnectionPool._createSSLSocket()");
throw e;
}
return socket;
}
1. Having built in 1.3.1_01, when I am running in JDK 1.4 , I am getting
java.lang.ClassCastException: [Ljava.lang.Object;
at com.sun.net.ssl.KeyManagerFactorySpiWrapper.engineGetKeyManagers(DashoA6275)
at com.sun.net.ssl.KeyManagerFactory.getKeyManagers(DashoA6275)
When I deleted the jsse.jar file in JDK 1.4 , it works fine as it loads the jars from the previous version of JSSE libraries in my CLASSPATH.
This is a compatibility issue as the applet works with 1.4 plugin when compiled with JDK 1.4. (When I built with JDK 1.4, I removed the JSSE 1.0.2 libraries as they are built in to JDK 1.4)
Here is the code:
private static SSLSocket _createSSLSocket (String host, int port)
throws Exception{
SSLSocket socket = null;
try {
//Dynamically loading SUN JSSE Provider..
com.sun.net.ssl.internal.ssl.Provider p = new
com.sun.net.ssl.internal.ssl.Provider();
Security.addProvider(p);
_providerName = p.getName();
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
//Loading Server Certificate... ( public key certificate )
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream stream;
String certPath = "/com/emc/navisphere/commapi/cert/clar_ssl.cert";
URL certURL = JNfxHTTPConnectionPool.class.getResource(certPath);
if (certURL.getProtocol().equalsIgnoreCase("file")) {
stream = new FileInputStream(certURL.getPath());
}
else { // http protocol
JarURLConnection c = (JarURLConnection) certURL.openConnection();
c.connect();
stream = c.getInputStream();
}
//KeyStore instance
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
//TrustManagerFactory
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SUNX509");
java.security.cert.X509Certificate the_cert =
(java.security.cert.X509Certificate)
cf.generateCertificate(stream);
ks.setCertificateEntry("server", the_cert);
tmf.init(ks);
//SSLContext initialization
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
KeyManager[] km = kmf.getKeyManagers(); // this is the line that fails
TrustManager[] tm = tmf.getTrustManagers();
ctx.init(null, tm, null);
// connection part
SSLSocketFactory factory = ctx.getSocketFactory();
socket = (SSLSocket)factory.createSocket(host, port);
//to see what cipherSuites are supported. ( for debug )
//String cipherSuitesArr[] = socket.getEnabledCipherSuites();
socket.setSoTimeout(30000);
socket.startHandshake();
}
catch(Exception e)
{
e.printStackTrace();
JNfxLog.ERROR(e.getMessage(),
"JNfxHTTPConnectionPool._createSSLSocket()");
throw e;
}
return socket;
}