[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] SSL Handshake error with ClassCastException


 it may be necessary to override method

 getEncodedPrincipal(Principal principal)

of the SecurityProvider class to get the DER encoding of a Principal object.

Note that method getEncodedPrincipal of class
iaik.security.ssl.SecurityProvider by default returns null since it cannot
be handled in Provider independet way. Class iaik.security.ssl.IaikProvider
overrides method getEncodedPrincipal assuming that the supplied principal is
an instance of iaik.asn1.structures.Name.

When using a ChainVerifier with certificates from the SUN provider
(instances of sun.security.x509.X509CertImpl) not overriding method
getEncodedPrincipal would be problematical, for insatnce, when requesting
client authentication by setting:


When querying the ChainVerifier for accepted authorities, each principal
returned would be an instance of sun.security.x509.X500Name which cannot be
handled by the default implementation of the getEncodedPrincipal method of

The most simple way is to subclass the IaikProvider and override method
getEncodedPrincipal for accepting instances of sun.security.x509.X500Name;
and using the corresponding encoding mechanism. Subsequently do not forget
to set your new provider as described by

You also may prefer to override methods getPrincipal and getX509Certificate.

Dieter Bratko

----- Original Message -----
From: Gerald Brose <brose@inf.fu-berlin.de>
To: <iaik-jce@iaik.tu-graz.ac.at>
Sent: Tuesday, February 29, 2000 4:19 PM
Subject: [iaik-jce] SSL Handshake error with ClassCastException

> Hello.
> I am using the Sun KeyStore to store keys and certificates. When
> opening an SSL connection with a chain verifier that uses trusted
> certs. from the key store, I get the following exception
> (iSaSiLk 3.0, JCE 2.61, JDK 1.2 on Solaris 2.7):
> java.io.IOException: Fatal SSL handshake error:
> java.lang.ClassCastException: sun.security.x509.X500Name
>         at iaik.security.ssl.SSLTransport.a(Unknown Source)
>         at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
>         at iaik.security.ssl.SSLTransport.getInputStream(Unknown Source)
>         at iaik.security.ssl.SSLSocket.getInputStream(Unknown Source)
>         at jacorb.orb.Connection.<init>(Connection.java:279)
>         at
> jacorb.orb.BasicAdapter$RequestReceptor.run(BasicAdapter.java:432)
> This does not happen if either no trusted certs. exist in the key
> store or if I don't register a chain verifier (my own brand, but it
> is never called before the exception occurs).
> Am I missing something, is this some known problem? Do I have to
> use the IAIK key store? Any help would be appreciated.
> Thanks, Gerald Brose.
> --
> Gerald Brose,                       Mail:       brose@inf.fu-berlin.de
> FU Berlin        (for PGP key see:) http://www.inf.fu-berlin.de/~brose
> Institut f. Informatik              Ph-one:        (++49-30) 838-75112
> Berlin, Germany                     Ph-ax:         (++49-30) 838-75109
> --
> Mailinglist-archive at
> To unsubscribe send an email to listserv@iaik.at with the folowing
content: UNSUBSCRIBE iaik-jce