Hi
I have a client/server connection using a SSLSocket. The SSL stuff is using a certificate inside a keystore with a public key which is stored in a signed .jar file, as part of the set of jars obtained by the client using Java Web Start (jars are signed, of course).
In the server side I have estabished the javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword properties with the right values, and are pointing to the keystore where I have the private key wired to the public key inside the certificate stored in the client's keystore. This way I can use the default SSLServerSocketFactory to get a SSLServerSocket (and then SSLSockets from the ssocket.accept() method).
In the client side I do this:
char[] passwordKeystore = "keyForTheKeystore".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(CommManager.class.getResourceAsStream("/path/to/the/keystore/inside/the/jar/file"), passwordKeystore);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
trustManagerFactory.init(ks);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(ks, passwordKeystore);
SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
SSLContext.setDefault(sslContext);
sslSocketFactory = sslContext.getSocketFactory();
I'm exchanging data exchanging serialized Objects through this SSLSocket. I've tried to "startHandshake()" in the client right after "connect()" (also in the server with the SSLSocket I get from "ssocket.accept()"), before getting the reference to the streams, but I've also tried to skip this step. Then I get first the ObjectOutputStream and then the ObjectInputStream in both sides.
Here is the problem:
This code works fine in a computer, but in another (both Linux, only different versions of Ubuntu, and always using the oracle JVM; this happens with both java6 and java7) there is a strange delay when I try to get the ObjectOutputStream, and I tried to exchange the order (first OOS in one side and OIS in the other, just to test) but the problem is still there. After 25/30 seconds the connection is finally established and everything works.
By enabling debug in the java.net stack (I don't remember the exact name of the property) I've seen both VM's loading the known certificates, but everything is paused when it's going to obtain the reference to the streams, and finally works after this 25/30 seconds delay (I can see the helloClient and helloServer steps, and the algorithm negotiation).
What might be going on here? Is it really using the certificate I created (self-signed), or this delay is related with some timeout because of not being using the proper key pair, which finally forces the connection to use a default key pair provided by the server, as long as client autenthication is not required?
Regards
Edited by: 847698 on 08-oct-2012 13:33