[kaffe] does kaffe support sun jsse officially?

차준혁 jhcha at web.dwe.co.kr
Wed May 28 22:59:01 PDT 2003 

Hi Dalibor Topic.

Thaaaaaaaank you for your detailed reply. :)
I'm happy to read your helpful information.
I'll check out what you mentioned.

Have a nice day.
Joon Hyuk Cha.


-----Original Message-----
From: Dalibor Topic [mailto:robilad at yahoo.com]
Sent: Wednesday, May 28, 2003 11:52 PM
$)CTo: BwAXGu; 'kaffe at kaffe.org'
Subject: Re: [kaffe] does kaffe support sun jsse officially?


Hi Joon,

--- BwAXGu <jhcha at web.dwe.co.kr> wrote:
> Hi there.
> I'm still trying to run jsse with kaffe.
> But it's not easy to me.....-.-;
> 
> When I run a sample program with debuging mode, the following error is
> printed.
> 
> --------------------------------------------------------------------------
--
> --------------
> keyStore is : 
> keyStore type is : JKS
> init keystore
> default context init failed: java.security.PrivilegedActionException
> java.net.SocketException: SSL implementation not available
>         at java.lang.Throwable.fillInStackTrace(Throwable.java:native)
>         at java.lang.Throwable.<init>(Throwable.java:38)
>         at java.lang.Exception.<init>(Exception.java:24)
>         at java.io.IOException.<init>(IOException.java:24)
>         at java.net.SocketException.<init>(SocketException.java:21)
>         at
> javax.net.ssl.DefaultSSLSocketFactory.createSocket(DashoA6275:line
unknown,
> pc 0x819f3c5)
>         at SSLSocketClient.main(SSLSocketClient.java:41)
> --------------------------------------------------------------------------
--
> --------------

I've got that far as well.
 
> I think that the error is occured when the program initializes keystore.
> From sun java site, the error, "SSL implementation not available", can be
> occured when "there was a problem with SSLContext initialization,
> for example due to a corrupted keystore. (Note: One vendor has shipped
> a keystore in an unknown format, and that may cause this type of error.)"
> And the solusion is "Check initialization parameters. Ensure any keystores
> specified are valid (e.g., by trying to use the keytool to examine them)."

Sun's JSSE documentation is not very helpful in that respect. But then,
their
JSSE has never been supposed to be run on other VMs anyway, I assume.

One needs Sun's own provider in order to be able to provide an algorithm to
read keystores in the default, proprietary format, JKS. The algorithm is in
Sun's JDK's rt.jar.

I've tried adding sun's rt.jar from jdk 1.3 to kaffe's bootclasspath, as
well
as  setting security providers to sun's providers only, and added the j*.jar
files from the jsse distribution to kaffe's bootclasspath. Then I got much
further:

bash-2.05a$ kaffe
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -cp
../../lib/jnet.jar:../../lib/jsse.jar:../../lib/jcert.jar 
-Djavax.net.debug=all URLReader
[snip]
verify exception was: java.lang.ClassCastException: can't cast
`com/sun/net/ssl/internal/ssl/JSA_SHA1RSASignature' to
`java/security/Signature'
main, SEND SSL v3.0 ALERT:  fatal, description = certificate_unknown
main, WRITE:  SSL v3.0 Alert, length = 2
javax.net.ssl.SSLException: untrusted server cert chain
        at java.lang.Throwable.fillInStackTrace(Throwable.java:native)
        at java.lang.Throwable.<init>(Throwable.java:44)
        at java.lang.Exception.<init>(Exception.java:24)
        at java.io.IOException.<init>(IOException.java:24)
        at javax.net.ssl.SSLException.<init>(DashoA6275:line unknown, pc
0x86d8ba6)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275:line
unknown, pc 0x868c1ad)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275:line
unknown, pc 0x86c9c17)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275:line
unknown, pc 0x84844ef)
        at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275:line
unknown,
pc 0x82fd5ca)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275:line
unknown, pc 0x84a1855)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275:line
unknown, pc 0x845c394)
        at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275:line
unknown, pc 0x845eef8)
        at java.io.OutputStream.write(OutputStream.java:24)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275:line
unknown, pc 0x832bcf3)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect(DashoA6275
:line
unknown, pc 0x84195de)
        at
com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer(DashoA6
275:line
unknown, pc 0x83b1468)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpClient.l(DashoA6275:line
unknown, pc 0x83eba76)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>(DashoA6275:lin
e
unknown, pc 0x8402427)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>(DashoA6275:li
ne
unknown, pc 0x839ec02)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275:line
unknown, pc 0x83f18bd)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275:line
unknown, pc 0x8380463)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect(Dasho
A6275:line
unknown, pc 0x838682e)
        at java.net.URL.openConnection(URL.java:247)
        at java.net.URL.openStream(URL.java:255)
        at URLReader.main(URLReader.java:39)

I think trying to debug Sun's obfuscated (that's where the DashO-s come
from)
code is a waste of time.

If you want to check out other SSL and Java implementations, you could try
out 

http://www.mozilla.org/projects/security/pki/jss/ but it doesn't have a JSSE
provider. I don't know how well (or if at all) it works under kaffe. 

I believe that the best course of action is to get in touch with the GNU
Crypto
( http://www.gnu.org/software/gnu-crypto/ ) developers and the JSS
developers
to help in creating a good, free implementation that works instead of
wasting
time with Sun's proprietary solutions ;)

> But I have no idea what I have to do more.
> Anybody knows the way to solve it?
> And does kaffe support jsse officially? Thesedays, I'm doubtful of it.....
-.

Not officially. There *may* be ways to get it to work, so you're doing some
pioneering work here ;)

cheers,
dalibor topic

__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com

More information about the kaffe mailing list