[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] getOutputStream in httpsURLConnection problem



Hi all.

I have problem with getOutputStream in httpsURLConnection with iSaSiLk3.0.
If I run the above code it work, in it verify server after output/input data, but I want to verify server before.
If I put verifyServer() just after get ObjectOutputStream I have the exception:

**********************
java.io.IOException: Not yet connected or connection failed!
        at iaik.protocol.https.HttpsURLConnection.getSSLSocket(Unknown Source)
        at piscis.pki.ra.SSLConnection.verifyServer(SSLConnection.java, Compiled

**********************
 

In iSaSiLk3.0 javadoc say that when getInputStream or getOutputStream are invoked the negotiation SSL run. With getInputStream it work, but with getOutputStream it don't work.

****************************************
     CipherSuite[] cs = {
     CipherSuite.SSL_RSA_WITH_RC4_128_MD5,
     CipherSuite.SSL_RSA_WITH_RC4_128_SHA,
     CipherSuite.SSL_RSA_WITH_IDEA_CBC_SHA,
     CipherSuite.SSL_RSA_WITH_DES_CBC_SHA,
     CipherSuite.SSL_RSA_WITH_3DES_EDE_CBC_SHA};

    iaik.x509.X509Certificate cert[] = new iaik.x509.X509Certificate[1];
    cert[0] = getX509CertificateFile(clientCert);

    // Carga el certificado de la CA
    iaik.x509.X509Certificate certCA = getX509CertificateFile(caCert);
    // Cadena de certificados
    chain = new ChainVerifier();
    // Carga los certificados de las autoridades en las que se confia
    chain.addTrustedCertificate(certCA);
   servletConnectionS = (HttpsURLConnection)servlet.openConnection();
 
    context = new SSLClientContext();
    context.setEnabledCipherSuites(cs);  //Suites a negociar
    context.addClientCredentials(cert,getPrivateKeyFile());
 
   servletConnectionS.setSSLContext(context);
  servletConnectionS.setRequestMethod("POST");
  servletConnectionS.setUseCaches (false);
  servletConnectionS.setDefaultUseCaches (false);
  // Specify the content type that we will send binary data
  servletConnectionS.setRequestProperty ("Content-Type", "application/octet-stream");

  servletConnectionS.setOutput(true);
  servletConnectionS.setInput(true);

   ObjectOutputStream oos = new ObjectOutputStream(servletConnectionS.getOutputStream());
  for (int i = 0; i < message.size(); i++)
   oos.writeObject(message.elementAt(i));
  oos.flush();
    oos.close();

    ObjectInputStream ois = new ObjectInputStream(servletConnectionS.getInputStream());
    Properties prop = (Properties)ois.readObject();
    ois.close();
 
  verifyServer();
 
  servletConnectionS.disconnect();

*********************************************

the verify code is:

********************   if(!chain.verifyChain(servletConnectionS.getSSLSocket().getPeerCertificateChain(),servletConnectionS.getSSLSocket().getTransport()))                        throw new Exception ("Server not verifier");
 
     X509Certificate cert =             (X509Certificate)servletConnectionS.getSSLSocket().getPeerCertificateChain()[0];
 
    byte [] new_fp = cert.getFingerprint();
     String fp = Util.toString(new_fp);
  if (fingerprint.compareTo(fp) != 0)
   throw new Exception ("Server not verifier");
****************************
 

-- 
Gabriel López Millán    
Facultad de Informática -Universidad de Murcia
30001 Murcia - España (Spain)
Telf: +34-968-364644 E-mail: gabilm@dif.um.es