[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl] org.w3c.www.http.HttpInvalidValueException: parseInt: No number available.



Hello,

have you put the new (re-issued) Verisign CA certificate into your
ChainVerifier (you may get it from your browser)? I believe it
is the one attached.

Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: Alberto de Vega Luna [mailto:advl03@tid.es]
Gesendet: Donnerstag, 22. November 2001 10:45
An: Dieter Bratko; iaik-ssl@iaik.at
Betreff: Re: [iaik-ssl] org.w3c.www.http.HttpInvalidValueException:
parseInt: No number available.


Well, I have tried subclassing the iaik.security.ssl.ChainVerifier, but with
no success. This is my source core (it's httpsdemo with the overriden
VerifyChain):

// Copyright (C) 1997-2000 IAIK
// email: jce-info@iaik.tu-graz.ac.at
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions
// are met:
// 1. Redistributions of source code must retain the above copyright
//    notice, this list of conditions and the following disclaimer.
// 2. Redistributions in binary form must reproduce the above copyright
//    notice, this list of conditions and the following disclaimer in the
//    documentation and/or other materials provided with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
// ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT
// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
// SUCH DAMAGE.
//

//package demo.https;

import java.io.*;
import java.net.*;
import iaik.x509.*;
import iaik.security.ssl.*;
import iaik.protocol.https.*;
import demo.*;





/**
 * Basic demo showing how to use <CODE>https</CODE> URLs with iSaSiLk.
 * For more information see the source and inline comments.
 * <P>
 * Note that there is a separate document describing the use of HTTPS
 * with iSaSiLk in more detail, it is called <CODE>https.html</CODE> and
 * provided in your iSaSiLk installation directory.
 *
 * @see java.net.URL
 */
public class HttpsDemo {

  private static void main0(String args[]) throws Exception {
    System.getProperties().put( "https.proxyHost", "1.0.12.37 " );
    System.getProperties().put( "https.proxyPort", "8080" );
    demo.DemoUtil.initDemos();
    SetupKeyStore pepe=new SetupKeyStore();
    System.out.println();
    System.out.println("*** Please make sure you have w3c_http.jar in your
CLASSPATH for this demo ***");
    System.out.println();

    // register the https URL handler
    System.getProperties().put("java.protocol.handler.pkgs",
"iaik.protocol");

    String urlString;
    boolean usePostMethod = false;
    switch( args.length ) {
    case 0:
      urlString = "https://jcewww.iaik.at/";
      break;
    case 2:
      if( args[0].equalsIgnoreCase("-post") ) {
        usePostMethod = true;
      }
      // fall through to default
    default:
      urlString = args[args.length-1];
      break;
    }
    if( urlString.startsWith("https") == false ) {
      urlString = "https://" + urlString;
    }

    // the connection is automatically established through proxies
    // if the properties have been set, see
iaik.security.ssl.Utils.proxyConnect()
    URL url = new URL(urlString);
   System.out.println("Connecting to " + url + "...");
   HttpsURLConnection con = (HttpsURLConnection)url.openConnection();

   SSLContext context = new SSLClientContext();
   // make whatever settings we want in the context
   // ...
   con.setSSLContext(context);

   if( usePostMethod ) {
      con.setRequestMethod("POST");
      con.setDoInput(true);
      con.setDoOutput(true);

      OutputStream out = con.getOutputStream();
      out.write("foobar".getBytes());
      out.flush();
    }

   // getInputStream()/getOutputStream() establishes the connection and
   // starts the SSL handshake
   InputStream in = con.getInputStream();
   BufferedReader reader = Utils.getASCIIReader(in);

   System.out.println("Secure connection established.");
   System.out.println();

   // read SSL properties from the socket
   System.out.println("Connected using: " +
con.getSSLSocket().getActiveCipherSuite());
   // everything else is standard HTTP URL stuff
   System.out.println("ResponseCode: "+con.getResponseCode());
   System.out.println("ResponseMessage: "+con.getResponseMessage());
   System.out.println("ContentEncoding: "+con.getContentEncoding());
   System.out.println("ContentLength: "+con.getContentLength());
   System.out.println("ContentType: "+con.getContentType());
   System.out.println("Date: "+con.getDate());
   System.out.println("Server: "+con.getHeaderField("Server"));
   System.out.println();

   while( true ) {
     String line = reader.readLine();
     if( line == null ) {
       break;
     }
     System.out.println(line);
   }
  }

  public static void main(String args[]) {
    try {
      main0(args);
    } catch( Exception e ) {
      System.err.println("An exception occured:");
      e.printStackTrace(System.err);
    }
    DemoUtil.waitKey();
  }

class Verificador extends iaik.security.ssl.ChainVerifier
{
 public boolean verifyChain(X509Certificate[] certs, SSLTransport transport)
 {
    if (certs == null) {
       return super.verifyChain(certs, transport);
    }
 // "cross certificate handling"
 if( trustedCerts.size() != 0 ) {
  for( int i=0; i<certs.length; i++ ) {
   X509Certificate newCert =
(X509Certificate)trustedCerts.get(certs[i].getSubjectDN());
   if( newCert != null ) {
    certs[i] = newCert;
   }
  }
 }
 return super.verifyChain(certs, transport);
}
}
}


And the result of the execution (same as with httpsdemo.java with no
modifications):

org.w3c.www.protocol.http.HttpException: iaik.security.ssl.SSLException:
Server
certificate rejected by ChainVerifier
iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
        at iaik.security.ssl.x.b(Unknown Source)
        at iaik.security.ssl.x.a(Unknown Source)
        at iaik.security.ssl.r.d(Unknown Source)
        at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
        at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source)
        at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)
        at org.w3c.www.protocol.http.f.markUsed(Unknown Source)
        at org.w3c.www.protocol.http.HttpBasicServer.getConnection(Unknown
Sourc
e)
        at org.w3c.www.protocol.http.HttpBasicServer.runRequest(Unknown
Source)
        at org.w3c.www.protocol.http.HttpManager.runRequest(Unknown Source)
        at org.w3c.www.protocol.http.HttpURLConnection.connect(Unknown
Source)
        at org.w3c.www.protocol.http.HttpURLConnection.a(Unknown Source)
        at
org.w3c.www.protocol.http.HttpURLConnection.getInputStream(Unknown So
urce)
        at HttpsDemo.main0(HttpsDemo.java:107)
        at HttpsDemo.main(HttpsDemo.java:136)
Hit the <RETURN> key.



----------------------------------------------------------------------------
---- Alberto de Vega Luna
----- Original Message -----
From: "Dieter Bratko" <Dieter.Bratko@iaik.at>
To: "Alberto de Vega Luna" <advl03@tid.es>; <iaik-ssl@iaik.at>
Sent: Wednesday, November 21, 2001 6:08 PM
Subject: AW: [iaik-ssl] org.w3c.www.http.HttpInvalidValueException:
parseInt: No number available.


Hello,

> org.w3c.www.http.HttpInvalidValueException: parseInt: No number available.
>        at org.w3c.www.http.HttpParser.error(Unknown Source)
>        at org.w3c.www.http.HttpParser.parseInt(Unknown Source)
>        at org.w3c.www.http.HttpParser.parseInt(Unknown Source)
>        at org.w3c.www.http.HttpReplyMessage.notifyBeginParsing(Unknown
Source)
>
> I'm using isasilk v3.03 evaluation version. This happens with one server
> (https://www.caixamanlleu.es).

This exception obviously is thrown inside the W3C library. However, since
I have tried now and connected to https://www.caixamanlleu.es without any
problems using our HttpsDemo it perhaps it may a problem dur to the JVM
you are using.



> Another exception is thrown when I try to connect to
> https://www.verisign.com:
>
> org.w3c.www.protocol.http.HttpException: iaik.security.ssl.SSLException:
> Server certificate rejected by ChainVerifier
iaik.security.ssl.SSLException:
> Server certificate rejected by ChainVerifier

This most likely again is the already known issue with reissued Verisign
certificates.
Please see
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/msg00577.html
or http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/msg00453.html
for a possible solution.


Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-ssl-owner@iaik.tu-graz.ac.at
[mailto:iaik-ssl-owner@iaik.tu-graz.ac.at]Im Auftrag von Alberto de Vega
Luna
Gesendet: Dienstag, 20. November 2001 15:18
An: iaik-ssl@iaik.at
Betreff: [iaik-ssl] org.w3c.www.http.HttpInvalidValueException:
parseInt: No number available.


Hello, I'm testing Isasilk v3.03 evaluation version with the HttpsDemo
class.
I have the following exception when trying to reach an https server:
org.w3c.www.http.HttpInvalidValueException: parseInt: No number available.
        at org.w3c.www.http.HttpParser.error(Unknown Source)
        at org.w3c.www.http.HttpParser.parseInt(Unknown Source)
        at org.w3c.www.http.HttpParser.parseInt(Unknown Source)
        at org.w3c.www.http.HttpReplyMessage.notifyBeginParsing(Unknown
Source)
        at org.w3c.www.mime.MimeParser.parse(Unknown Source)
        at org.w3c.www.protocol.http.HttpBasicServer.http_unknown(Unknown
Source
)
        at org.w3c.www.protocol.http.HttpBasicServer.doRequest(Unknown
Source)
        at org.w3c.www.protocol.http.HttpBasicServer.runRequest(Unknown
Source)
        at org.w3c.www.protocol.http.HttpManager.runRequest(Unknown Source)
        at org.w3c.www.protocol.http.HttpURLConnection.connect(Unknown
Source)
        at org.w3c.www.protocol.http.HttpURLConnection.a(Unknown Source)
        at
org.w3c.www.protocol.http.HttpURLConnection.getInputStream(Unknown So
urce)
        at demo.https.HttpsDemo.main0(HttpsDemo.java:103)
        at demo.https.HttpsDemo.main(HttpsDemo.java:132)
Hit the <RETURN> key.


I'm using isasilk v3.03 evaluation version. This happens with one server
(https://www.caixamanlleu.es).

Another exception is thrown when I try to connect to
https://www.verisign.com:

org.w3c.www.protocol.http.HttpException: iaik.security.ssl.SSLException:
Server
certificate rejected by ChainVerifier
iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
        at iaik.security.ssl.x.b(Unknown Source)
        at iaik.security.ssl.x.a(Unknown Source)
        at iaik.security.ssl.r.d(Unknown Source)
        at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
        at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source)
        at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)
        at org.w3c.www.protocol.http.f.markUsed(Unknown Source)
        at org.w3c.www.protocol.http.HttpBasicServer.getConnection(Unknown
Sourc
e)
        at org.w3c.www.protocol.http.HttpBasicServer.runRequest(Unknown
Source)
        at org.w3c.www.protocol.http.HttpManager.runRequest(Unknown Source)
        at org.w3c.www.protocol.http.HttpURLConnection.connect(Unknown
Source)
        at org.w3c.www.protocol.http.HttpURLConnection.a(Unknown Source)
        at
org.w3c.www.protocol.http.HttpURLConnection.getInputStream(Unknown So
urce)
        at demo.https.HttpsDemo.main0(HttpsDemo.java:103)
        at demo.https.HttpsDemo.main(HttpsDemo.java:132)
Hit the <RETURN> key.

I need to contact every https server that I find so I can test performance
against these servers. Can anybody help me? Thanks in advance.

 Alberto de Vega Luna


--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl





verisign.der