Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SSLHandshakeException: could not find trusted certificate

843811Sep 2 2002 — edited Feb 26 2008
Hello everyone

hai... my name is Gowd and i been working as a programmer/analyst.

i got a new problem, though it is seen at so many forums, but i didn't get the solution.

Here i been developing a java client for credit card payment processing. the gateway server is Payware eHOST. I got trusted certificates from Thawte. I installed certificates at server so that SSL connections exist. I took public key(client_cert.pem file) and signed key(ca_cert.pem file) and had in my own directory, where i am running client. i am dynamically loading these keys and creating the certificates and setting to the keystore. Now i am creating the context object, with which i am opening the ssl socket connection. everything fine and certificates are loading dynamically. But still i am getting the exception( could not find trusted certificate), if i access at 443.
If i access the server at configured port 3443, the client going on hang. And not been known, whether the hand shake is completed or not. Control is ending at the line of handshake..... why???????????

here i been giving some piece of code i tried...... And i tried in so many ways... Appreciated for great help regarding this.....

**********************************************************************

import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.cert.X509Certificate;
import java.security.cert.*;
import java.security.KeyStore;

public class SSLSocketClientWithClientAuth {

public static void main(String[] args) throws Exception {
String host = null;
int port = -1;
String path = null;
for (int i = 0; i < args.length; i++)
System.out.println(args);

if (args.length < 2) {
System.out.println(
"USAGE: java SSLSocketClientWithClientAuth " +
"host port requestedfilepath");
System.exit(-1);
}

try {
host = args[0];
port = Integer.parseInt(args[1]);
// path = args[2];
} catch (IllegalArgumentException e) {
System.out.println("USAGE: java SSLSocketClientWithClientAuth " +
"host port requestedfilepath");
System.exit(-1);
}

try {


SSLSocketFactory factory = null;
System.out.println(" the sslsocket factory is null ");
try
{

SSLContext ctx = SSLContext.getInstance("TLS");

//*****************************************************************

//Trial code: written by Reddappa Gowd for checking server's certificate

String serverCertificateFile = "client_cert.pem";
String signedCertificateFile ="ca_cert.pem";

System.out.println("The file to be loaded is: "+serverCertificateFile);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
KeyStore ks = KeyStore.getInstance("JKS");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SUNX509");
ks.load(null,null);
System.out.println("Key store is loaded.");
java.security.cert.X509Certificate the_cert = (java.security.cert.X509Certificate)cf.generateCertificate(new BufferedInputStream(new FileInputStream(serverCertificateFile)));
System.out.println("The public key file loaded");

System.out.println("The algorithm name of key is: "+the_cert.getSigAlgName());
//System.out.println("The DER format of certificate is: "+the_cert.getSigAlgParams());
System.out.println("The serial number of certificate is: "+the_cert.getSerialNumber());
//System.out.println(the_cert.toString());
System.out.println("The DER format of certificate is: "+the_cert.getTBSCertificate());

//************* DER FORMAT OF CERTIFICATE *******************************
byte[] b = the_cert.getTBSCertificate();
for(int i=0;i<b.length;i++)
{
System.out.print((char)b[i]);
}
//**************** END OF DER FORMAT OF CERTIFICATE**********************


java.security.cert.X509Certificate the_signcert = (java.security.cert.X509Certificate)cf.generateCertificate(new BufferedInputStream(new FileInputStream(signedCertificateFile)));
System.out.println("The certificate signed file loaded");

System.out.println("The DER format of certificate is: "+the_signcert.getSigAlgParams());


ks.setCertificateEntry("server",the_cert);
System.out.println("Is certificate is Entried: "+ks.isCertificateEntry("server"));
System.out.println("The date of creation of certificate is :"+ks.getCreationDate("server"));
System.out.println("certificate is entried.");

ks.setCertificateEntry("trustedserver",the_signcert);
System.out.println("The date of creation of certificate is :"+ks.getCreationDate("trustedserver"));
System.out.println("signedcertificate is entried.");

System.out.println("entry identified by alias is: " +ks.isCertificateEntry("trustedserver"));
System.out.println("The size of key entry is :"+ks.size());

tmf.init(ks);
TrustManager[] tm = tmf.getTrustManagers();
System.out.println("The size of trust manager array: "+tm.length);


//************************************************************
ctx.init(null,tm,null);
System.out.println("ssl context is been initialised."+ctx);

factory = ctx.getSocketFactory();
System.out.println("factory with respect to context initialised");

} catch (Exception e) {

System.out.println("This is in the first catch block");
throw new IOException(e.getMessage());

}


SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
System.out.println("socket is created");
String[] ciphers = socket.getEnabledCipherSuites();
String[] ciphers_supported = socket.getSupportedCipherSuites();
String[] protocols = socket.getEnabledProtocols();

for(int i=0;i<ciphers.length;i++)
{
System.out.println("Ciphers are enabled."+ciphers[i]);
}

for(int k=0;k<ciphers_supported.length;k++)
{
System.out.println("Ciphers supported."+ciphers_supported[k]);
}

for(int j=0;j<protocols.length;j++)
{
System.out.println("Protocols are enabled."+protocols[j]);
}

/*
HandshakeCompletedListener()
{
public void handShakeCompleted(HandShakeCompletedEvent event)
{
String ciph_suite = event.getCipherSuite();
System.out.println("cipher suite is: "+ciph_suite);
}
});
*/

try
{


/*
* send http request
*
* See SSLSocketClient.java for more information about why
* there is a forced handshake here when using PrintWriters.
*/
System.out.println("This is in the handshake try block");
socket.startHandshake();

//System.out.println("handshake is started");
}
catch(Exception e)
{
System.out.println("This is in second catch block.");
System.out.println("The exception is in handshake: "+e);
}

/*socket.addHandshakeCompletedListener(new HandshakeCompletedListener()
{
public void handShakeCompleted(HandShakeCompletedEvent event)
{
String ciph_suite = event.getCipherSuite();
System.out.println("cipher suite is: "+ciph_suite);
}
});
*/
System.out.println("before print writer");
PrintWriter out = new PrintWriter(
new OutputStreamWriter(
socket.getOutputStream()));
String s=" FF000064Hai How are you... this is Gowd";
byte msg[]=s.getBytes("ISO-8859-1");
out.println("Hello");
//out.println();
out.flush();

/*
* Make sure there were no surprises
*/
if (out.checkError())
System.out.println(
"SSLSocketClient: java.io.PrintWriter error");

/* read response */
/* BufferedReader in = new BufferedReader(
new InputStreamReader(
socket.getInputStream()));

String inputLine;
*/

System.out.println("Input starts here.");
BufferedInputStream br2 = new BufferedInputStream(socket.getInputStream());
System.out.println(" the buffered stream from ModAPI is " +br2);
int c22;

while ((c22 = br2.read()) != -1) {
System.out.print((char) c22);
}
/* in.close();
out.close();
socket.close();
*/

} catch (Exception e) {
e.printStackTrace();
}
}
}
***********************************************************************
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 25 2008
Added on Sep 2 2002
#java-secure-socket-extension-jsse
14 comments
2,555 views