[kaffe] does kaffe support sun jsse officially?

Dalibor Topic robilad@yahoo.com
Wed May 28 07:49:01 2003


Hi Joon,

--- Â÷ÁØÇõ <jhcha@web.dwe.co.kr> wrote:
> Hi there.
> I'm still trying to run jsse with kaffe.
> But it's not easy to me.....-.-;
> 
> When I run a sample program with debuging mode, the following error is
> printed.
> 
> ----------------------------------------------------------------------------
> --------------
> keyStore is : 
> keyStore type is : JKS
> init keystore
> default context init failed: java.security.PrivilegedActionException
> java.net.SocketException: SSL implementation not available
>         at java.lang.Throwable.fillInStackTrace(Throwable.java:native)
>         at java.lang.Throwable.<init>(Throwable.java:38)
>         at java.lang.Exception.<init>(Exception.java:24)
>         at java.io.IOException.<init>(IOException.java:24)
>         at java.net.SocketException.<init>(SocketException.java:21)
>         at
> javax.net.ssl.DefaultSSLSocketFactory.createSocket(DashoA6275:line unknown,
> pc 0x819f3c5)
>         at SSLSocketClient.main(SSLSocketClient.java:41)
> ----------------------------------------------------------------------------
> --------------

I've got that far as well.
 
> I think that the error is occured when the program initializes keystore.
> From sun java site, the error, "SSL implementation not available", can be
> occured when "there was a problem with SSLContext initialization,
> for example due to a corrupted keystore. (Note: One vendor has shipped
> a keystore in an unknown format, and that may cause this type of error.)"
> And the solusion is "Check initialization parameters. Ensure any keystores
> specified are valid (e.g., by trying to use the keytool to examine them)."

Sun's JSSE documentation is not very helpful in that respect. But then, their
JSSE has never been supposed to be run on other VMs anyway, I assume.

One needs Sun's own provider in order to be able to provide an algorithm to
read keystores in the default, proprietary format, JKS. The algorithm is in
Sun's JDK's rt.jar.

I've tried adding sun's rt.jar from jdk 1.3 to kaffe's bootclasspath, as well
as  setting security providers to sun's providers only, and added the j*.jar
files from the jsse distribution to kaffe's bootclasspath. Then I got much
further:

bash-2.05a$ kaffe
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -cp
../../lib/jnet.jar:../../lib/jsse.jar:../../lib/jcert.jar 
-Djavax.net.debug=all URLReader
[snip]
verify exception was: java.lang.ClassCastException: can't cast
`com/sun/net/ssl/internal/ssl/JSA_SHA1RSASignature' to
`java/security/Signature'
main, SEND SSL v3.0 ALERT:  fatal, description = certificate_unknown
main, WRITE:  SSL v3.0 Alert, length = 2
javax.net.ssl.SSLException: untrusted server cert chain
        at java.lang.Throwable.fillInStackTrace(Throwable.java:native)
        at java.lang.Throwable.<init>(Throwable.java:44)
        at java.lang.Exception.<init>(Exception.java:24)
        at java.io.IOException.<init>(IOException.java:24)
        at javax.net.ssl.SSLException.<init>(DashoA6275:line unknown, pc
0x86d8ba6)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275:line
unknown, pc 0x868c1ad)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275:line
unknown, pc 0x86c9c17)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275:line
unknown, pc 0x84844ef)
        at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275:line unknown,
pc 0x82fd5ca)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275:line
unknown, pc 0x84a1855)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275:line
unknown, pc 0x845c394)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275:line
unknown, pc 0x845eef8)
        at java.io.OutputStream.write(OutputStream.java:24)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275:line
unknown, pc 0x832bcf3)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect(DashoA6275:line
unknown, pc 0x84195de)
        at
com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer(DashoA6275:line
unknown, pc 0x83b1468)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpClient.l(DashoA6275:line
unknown, pc 0x83eba76)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>(DashoA6275:line
unknown, pc 0x8402427)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>(DashoA6275:line
unknown, pc 0x839ec02)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275:line
unknown, pc 0x83f18bd)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275:line
unknown, pc 0x8380463)
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect(DashoA6275:line
unknown, pc 0x838682e)
        at java.net.URL.openConnection(URL.java:247)
        at java.net.URL.openStream(URL.java:255)
        at URLReader.main(URLReader.java:39)

I think trying to debug Sun's obfuscated (that's where the DashO-s come from)
code is a waste of time.

If you want to check out other SSL and Java implementations, you could try out 

http://www.mozilla.org/projects/security/pki/jss/ but it doesn't have a JSSE
provider. I don't know how well (or if at all) it works under kaffe. 

I believe that the best course of action is to get in touch with the GNU Crypto
( http://www.gnu.org/software/gnu-crypto/ ) developers and the JSS developers
to help in creating a good, free implementation that works instead of wasting
time with Sun's proprietary solutions ;)

> But I have no idea what I have to do more.
> Anybody knows the way to solve it?
> And does kaffe support jsse officially? Thesedays, I'm doubtful of it.....-.

Not officially. There *may* be ways to get it to work, so you're doing some
pioneering work here ;)

cheers,
dalibor topic

__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com