users@glassfish.java.net

Re: Webstart Application Client SSL

From: <glassfish_at_javadesktop.org>
Date: Thu, 22 Mar 2007 04:10:14 PST

Hi folks.

Replying to my own question.


I've created a simple session bean and added to the sun-ejb-jar.xml
[code]
    <enterprise-beans>
        <ejb>
            <ejb-name>BankAccountBean</ejb-name>
            <jndi-name>BankAccountBean</jndi-name>
            <ior-security-config>
                <transport-config>
                    <integrity>required</integrity>
                    <confidentiality>required</confidentiality>
                    <establish-trust-in-target>supported</establish-trust-in-target>
                    <establish-trust-in-client>supported</establish-trust-in-client>
                </transport-config>
                <sas-context>
                    <caller-propagation>supported</caller-propagation>
                </sas-context>
            </ior-security-config>
        </ejb>
    </enterprise-beans>
[/code]

This should cause all communication to the session bean to be encrypted with SSL

Next a client app

[code]
            System.setProperty("org.omg.CORBA.ORBInitialHost", "peter-laptop");
            System.setProperty("org.omg.CORBA.ORBInitialPort", "3820");
            
            //
            System.setProperty("javax.net.ssl.keyStore", "/home/peter/downloads/java/glassfish/gf2_b35/domains/domain1/config/keystore.jks");
            System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
            
            // Trust store is the list of root certificates.
            // From top level providers. (Thawrt, verisign etc)
            System.setProperty("javax.net.ssl.trustStore", "/home/peter/downloads/java/glassfish/gf2_b35/domains/domain1/config/cacerts.jks");
            System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

            // -Djavax.net.debug=all
            System.setProperty("javax.net.debug", "all");

                initial = new InitialContext();

                bankRemote = (BankAccountRemote)initial.lookup(
                        "BankAccountBean");

[/code]


Which fails with
[code]
22-Mar-2007 09:24:31 testglassfishsecurity.client.RemoteInterfaces getBankRemote
INFO: Loading BankAccountRemote main
22-Mar-2007 09:24:31 com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl readFully
SEVERE: "IOP00410226: (COMM_FAILURE) Unexpected exception when reading with a temporary selector: bytes read = 7, bytes requested = 12, time spent waiting = 0 ms, max time to wait = {4}."
org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 226 completed: No
        at com.sun.corba.ee.impl.logging.ORBUtilSystemException.exceptionWhenReadingWithTemporarySelector(ORBUtilSystemException.java:3037)
        at com.sun.corba.ee.impl.logging.ORBUtilSystemException.exceptionWhenReadingWithTemporarySelector(ORBUtilSystemException.java:3063)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readFully(SocketOrChannelConnectionImpl.java:684)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:550)
        at com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPHeader(MessageBase.java:110)
        at com.sun.corba.ee.impl.transport.CorbaContactInfoBase.createMessageMediator(CorbaContactInfoBase.java:153)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readBits(SocketOrChannelConnectionImpl.java:334)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.handleEvent(SocketOrChannelConnectionImpl.java:1273)
        at com.sun.corba.ee.impl.transport.SelectorImpl.run(SelectorImpl.java:280)
22-Mar-2007 09:24:31 testglassfishsecurity.client.RemoteInterfaces getBankRemote
SEVERE: failed to load remote interface
javax.naming.CommunicationException: Can't find SerialContextProvider [Root exception is org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 208 completed: Maybe]
        at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.java:174)
        at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:315)
        at javax.naming.InitialContext.lookup(InitialContext.java:392)
        at testglassfishsecurity.client.RemoteInterfaces.getBankRemote(RemoteInterfaces.java:48)
        at testglassfishsecurity.client.Main.main(Main.java:58)
Caused by: org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 208 completed: Maybe
        at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectionAbort(ORBUtilSystemException.java:2514)
        at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectionAbort(ORBUtilSystemException.java:2532)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readBits(SocketOrChannelConnectionImpl.java:380)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.handleEvent(SocketOrChannelConnectionImpl.java:1273)
        at com.sun.corba.ee.impl.transport.SelectorImpl.run(SelectorImpl.java:280)
Caused by: org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 226 completed: No
        at com.sun.corba.ee.impl.logging.ORBUtilSystemException.exceptionWhenReadingWithTemporarySelector(ORBUtilSystemException.java:3037)
        at com.sun.corba.ee.impl.logging.ORBUtilSystemException.exceptionWhenReadingWithTemporarySelector(ORBUtilSystemException.java:3063)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readFully(SocketOrChannelConnectionImpl.java:684)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:550)
        at com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPHeader(MessageBase.java:110)
        at com.sun.corba.ee.impl.transport.CorbaContactInfoBase.createMessageMediator(CorbaContactInfoBase.java:153)
        at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readBits(SocketOrChannelConnectionImpl.java:334)
        ... 2 more
Exception in thread "main" java.lang.NullPointerException
        at testglassfishsecurity.client.Main.main(Main.java:58)
[/code]

Note I did test the client without SSL (before adding the above) and it successfully called the session bean.

So what am i missing?


I've checked the servers keystore.jks
[code]
peter_at_peter-laptop:~/work/hg/thwart/selfsigned$ keytool --list -keystore ~/downloads/java/glassfish/gf2_b35/domains/domain1/config/keystore.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

s1as, 07-Mar-2007, PrivateKeyEntry,
Certificate fingerprint (MD5): 58:85:EB:1A:BC:6E:F1:79:5B:6B:FF:46:88:E3:07:A2

[/code]

And the server has this in its cacerts.jks

[code]
peter_at_peter-laptop:~/work/hg/thwart/selfsigned$ keytool --list -keystore ~/downloads/java/glassfish/gf2_b35/domains/domain1/config/cacerts.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 33 entries

equifaxsecureebusinessca1, 18-Jul-2003, trustedCertEntry,
Certificate fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
... snip ....
s1as, 07-Mar-2007, trustedCertEntry,
Certificate fingerprint (MD5): 58:85:EB:1A:BC:6E:F1:79:5B:6B:FF:46:88:E3:07:A2
... snip ...
equifaxsecureebusinessca2, 18-Jul-2003, trustedCertEntry,
Certificate fingerprint (MD5): AA:BF:BF:64:97:DA:98:1D:6F:C6:08:3A:95:70:33:CA

[/code]


I have also checked the SSL iiop listener in the admin gui. It is also using
s1as



So any suggestions? I must be missing something but at the moment I'm out of ideas.


Thanks

Peter Henderson
[Message sent by forum member 'phenderson' (phenderson)]

http://forums.java.net/jive/thread.jspa?messageID=209402
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.