Warum schlägt der TLS-Handshake in einer Java-Anwendung fehl?Java

Java-Forum
Post Reply Previous topicNext topic
Guest
 Warum schlägt der TLS-Handshake in einer Java-Anwendung fehl?

Post by Guest »

Ich erstelle eine Client-Server-Anwendung. Ich versuche, eine TLS-Kommunikation herzustellen, aber der TLS-Handshake schlägt fehl. Der Server und der Client befinden sich beide auf demselben Computer, derselben virtuellen Maschine. Ich habe es bereits überprüft, aber das von mir generierte Zertifikat verwendet nicht DSA, sondern sha256WithRSAEncryption. Es basiert auf einem von mir generierten Schlüssel mit einer Länge von 3072 Bit. Ich habe beide mit dem Befehl certtool generiert. Ich habe einen Keystore für den Server und einen Truststore für den Client basierend auf diesem Zertifikat und dem privaten Schlüssel mit dem Befehl keytool generiert.
Das ist der Fehler, den ich erhalte

Code: Select all

java -jar target/testNio-1.0-SNAPSHOT.jar

Server launched on port 8443

Boss capture thread launches

Server handler launches

Worker thread launches

Thread sending messages launches

Attempted connection detected

TCP connection established with /127.0.0.1:44448

Attempted tls connection detected

NEED_UNWRAP

flag 1

NEED_TASK

NEED_WRAP

flag 2

javax.net.ssl.SSLHandshakeException: No available authentication scheme

at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)

at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)

at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)

at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)

at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)

at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:975)

at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:964)

at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:437)

at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1245)

at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1181)

at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:839)

at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:800)

at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)

at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)

at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1274)

at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260)

at java.base/java.security.AccessController.doPrivileged(AccessController.java:714)

at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205)

at io.test2.Boss.handleTLSConnection2(Boss.java:169)

at io.test2.Boss.run(Boss.java:218)
Dies ist der Code der Klasse, die für den Aufbau von TLS-Verbindungen verantwortlich ist.

Code: Select all

package io.test2;

import java.io.IOException;
import java.nio.ByteBuffer;
//import java.net.InetSocketAddress;
//import java.nio.ByteBuffer;
import java.nio.channels.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import javax.net.ssl.*;

public class Boss extends Thread {
public Selector acceptor;
public Selector com;
public ServerSocketChannel serverChannel;
public boolean running;
public ArrayList sessions;
public ArrayList sessionsTemp;
public SSLContext sslContext;

public Boss (Selector acceptor, Selector com, ServerSocketChannel ssc,
ArrayList sessions, SSLContext sslc) throws Exception{
this.acceptor = acceptor;
this.com = com;
this.serverChannel = ssc;
this.sessions = sessions;
running = true;
this.sslContext = sslc;
sessionsTemp = new ArrayList();
}

public void shutdown() {
running = false;
acceptor.wakeup();
}

public void clientClose(TLSConnectionInformation info, SocketChannel client) throws IOException{
for (int i = 0; i < sessionsTemp.size();  i++) {
if (sessions.get(i).id.equals(info.id)) {
sessions.remove(i);
break;
}
}
try {
ByteBuffer dummy = ByteBuffer.allocate(0);
ByteBuffer outBuffer = ByteBuffer.allocate(info.engine.getSession().getPacketBufferSize());
info.engine.wrap(dummy, outBuffer);
info.engine.closeOutbound();
info.engine.closeInbound();
} catch(SSLException e) {
e.printStackTrace();}
client.close();
}

public void handleTCPConnection(ServerSocketChannel ssc, Selector slct) throws IOException {

SocketChannel clientChannel = serverChannel.accept();
System.out.println("TCP connection established with " + clientChannel.getRemoteAddress());
if (clientChannel != null) {
SSLEngine engine = sslContext.createSSLEngine();
//System.out.println(Arrays.toString(engine.getEnabledCipherSuites()));
engine.setUseClientMode(false); // Mode serveur
clientChannel.configureBlocking(false);
Session s = new Session(clientChannel, engine);
sessionsTemp.add(s);
clientChannel.register(acceptor, SelectionKey.OP_READ, new TLSConnectionInformation(engine, s.id));
engine.beginHandshake();
}
}

public void handleTLSConnection(SelectionKey key) throws IOException {
SocketChannel client = (SocketChannel) key.channel();
TLSConnectionInformation info = (TLSConnectionInformation) key.attachment();
SSLEngine engine = info.engine;
ByteBuffer appBuffer = ByteBuffer.allocate(engine.getSession().getApplicationBufferSize());
ByteBuffer netBuffer = ByteBuffer.allocate(engine.getSession().getPacketBufferSize());
int bytesRead = client.read(netBuffer);
if (bytesRead == -1) {
clientClose(info, client);
return;
}
netBuffer.flip();

SSLEngineResult res = engine.unwrap(netBuffer, appBuffer);
//appBuffer.compact();
if (!isTLSHandShake(netBuffer)) {
System.out.println("Non-TLS attempted connection.  Closing connection");
clientClose(info, client);
return;
}
/*
* If some tasks are required to end the establishment of the TLS connection
*/
if (res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
Runnable task;
while ((task = engine.getDelegatedTask()) != null)
task.run();
}
if (res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
for (int i = 0; i < sessionsTemp.size(); i++) {
if (sessionsTemp.get(i).sc.equals(client)) {
System.out.println("Connection accepted from " + sessionsTemp.get(i).id.toString());
sessions.add(sessionsTemp.get(i));
sessionsTemp.remove(i);
synchronized (com) {
com.wakeup();
client.register(com, SelectionKey.OP_READ, info);
}
break;
}
}
}
}

public boolean isTLSHandShake(ByteBuffer buffer) {

if (buffer.remaining() < 5)
return false;
if (buffer.get(0) == 22 && buffer.get(1) == 3)
return true;
return false;
}

public void handleTLSConnection2(SelectionKey key) throws IOException {
System.out.println("Attempted tls connection detected");
SocketChannel client = (SocketChannel) key.channel();
TLSConnectionInformation info = (TLSConnectionInformation) key.attachment();
SSLEngine engine = info.engine;
ByteBuffer appBuffer = ByteBuffer.allocate(engine.getSession().getApplicationBufferSize());
ByteBuffer netBuffer = ByteBuffer.allocate(engine.getSession().getPacketBufferSize());
while (true) {
SSLEngineResult.HandshakeStatus handshakeStatus = engine.getHandshakeStatus();
switch (handshakeStatus) {
case NEED_WRAP:
System.out.println("NEED_WRAP");
netBuffer.clear();
System.out.println("flag 2");
ByteBuffer buf = ByteBuffer.allocate(10);
SSLEngineResult wrapResult = engine.wrap(buf, netBuffer);        //HERE2
System.out.println("flag 3");
if (wrapResult.getStatus() == SSLEngineResult.Status.CLOSED) {
throw new IOException("Handshake failed: Engine closed during wrap");
}
System.out.println("flag 4");
netBuffer.flip();
if (netBuffer.hasRemaining()) {
client.write(netBuffer);
}
System.out.println("flag 5");
break;
case NEED_UNWRAP:
System.out.println("NEED_UNWRAP");
if (client.read(netBuffer)
Top
Post Reply Previous topicNext topic

Quick Reply

Change Text Case: 
   
  • Similar Topics
    Replies
    Views
    Last post

Return to “Java”