Skip to Main Content
Forums

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Cannot create outgoing SSL Socket from within SunWebServer7

807567Feb 13 2008 — edited Feb 19 2008
Hi. I'm trying to use an SSL socket to communicate with a remote service from within a web application running on WebServer 7. I've tried several approaches all of which fail.

What I want to do is obtain an instance of SSLSocketFactory that is backed by the NSS truststore (i've imported my CA root cert into the NSS truststore using the admin web-pages and can see it in the list of root-ca's). How do I obtain an SSLSocketFactory that uses this truststore?

Failed Approach 1) Use the Default SSL Socket factory to create the SSL Socket:

SSLSocketFactory factory = SSLSocketFactory.getDefault();
SSLSocket sslSock = (SSLSocket)factory.createSocket( "hostname", port );
sslSock.setUseClientMode(true); sslSock.setNeedClientAuth(false); sslSock.setWantClientAuth(false);

// this fails with various exceptions
sslSock.startHandshake();

At first I was getting PKIX validation errors even with my CA in the NSS truststore, then I realized that the default socket factory does NOT use the NSS truststore. So I added the JVM config options:
-Djavax.net.ssl.trustStore=myCustomTrust.jks
-Djavax.net.ssl.trustStorePassword=mytrustpassword

Now i'm getting a very different error:

java.lang.ArrayIndexOutOfBoundsException: javax.crypto.ShortBufferException: 24 needed, 278 supplied
at com.sun.net.ssl.internal.ssl.CipherBox.encrypt(CipherBox.java:192)
at com.sun.net.ssl.internal.ssl.OutputRecord.encrypt(OutputRecord.java:185)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:665)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.sendAlert(SSLSocketImpl.java:1622)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1514)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1485)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1468)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1064)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
<my application code>

I suspect this has to do with the JCE unrestricted policy files, which I am installing.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 18 2008
Added on Feb 13 2008
#application-servers, #java-system-web-server
13 comments
1,396 views