Warum schlägt der TLS-Handshake in einer Java-Anwendung fehl?
Posted: 14 Jan 2025, 13:58
Ich erstelle eine Client-Server-Anwendung. Ich versuche, eine TLS-Kommunikation herzustellen, aber der TLS-Handshake schlägt fehl. Der Server und der Client befinden sich beide auf demselben Computer, derselben virtuellen Maschine. Ich habe es bereits überprüft, aber das von mir generierte Zertifikat verwendet nicht DSA, sondern sha256WithRSAEncryption. Es basiert auf einem von mir generierten Schlüssel mit einer Länge von 3072 Bit. Ich habe beide mit dem Befehl certtool generiert. Ich habe einen Keystore für den Server und einen Truststore für den Client basierend auf diesem Zertifikat und dem privaten Schlüssel mit dem Befehl keytool generiert.
Das ist der Fehler, den ich erhalte
Dies ist der Code der Klasse, die für den Aufbau von TLS-Verbindungen verantwortlich ist.
Das ist der Fehler, den ich erhalte
Code: Select all
java -jar target/testNio-1.0-SNAPSHOT.jar
Server launched on port 8443
Boss capture thread launches
Server handler launches
Worker thread launches
Thread sending messages launches
Attempted connection detected
TCP connection established with /127.0.0.1:44448
Attempted tls connection detected
NEED_UNWRAP
flag 1
NEED_TASK
NEED_WRAP
flag 2
javax.net.ssl.SSLHandshakeException: No available authentication scheme
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:975)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:964)
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:437)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1245)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1181)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:839)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:800)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1274)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:714)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205)
at io.test2.Boss.handleTLSConnection2(Boss.java:169)
at io.test2.Boss.run(Boss.java:218)
Code: Select all
package io.test2;
import java.io.IOException;
import java.nio.ByteBuffer;
//import java.net.InetSocketAddress;
//import java.nio.ByteBuffer;
import java.nio.channels.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import javax.net.ssl.*;
public class Boss extends Thread {
public Selector acceptor;
public Selector com;
public ServerSocketChannel serverChannel;
public boolean running;
public ArrayList sessions;
public ArrayList sessionsTemp;
public SSLContext sslContext;
public Boss (Selector acceptor, Selector com, ServerSocketChannel ssc,
ArrayList sessions, SSLContext sslc) throws Exception{
this.acceptor = acceptor;
this.com = com;
this.serverChannel = ssc;
this.sessions = sessions;
running = true;
this.sslContext = sslc;
sessionsTemp = new ArrayList();
}
public void shutdown() {
running = false;
acceptor.wakeup();
}
public void clientClose(TLSConnectionInformation info, SocketChannel client) throws IOException{
for (int i = 0; i < sessionsTemp.size(); i++) {
if (sessions.get(i).id.equals(info.id)) {
sessions.remove(i);
break;
}
}
try {
ByteBuffer dummy = ByteBuffer.allocate(0);
ByteBuffer outBuffer = ByteBuffer.allocate(info.engine.getSession().getPacketBufferSize());
info.engine.wrap(dummy, outBuffer);
info.engine.closeOutbound();
info.engine.closeInbound();
} catch(SSLException e) {
e.printStackTrace();}
client.close();
}
public void handleTCPConnection(ServerSocketChannel ssc, Selector slct) throws IOException {
SocketChannel clientChannel = serverChannel.accept();
System.out.println("TCP connection established with " + clientChannel.getRemoteAddress());
if (clientChannel != null) {
SSLEngine engine = sslContext.createSSLEngine();
//System.out.println(Arrays.toString(engine.getEnabledCipherSuites()));
engine.setUseClientMode(false); // Mode serveur
clientChannel.configureBlocking(false);
Session s = new Session(clientChannel, engine);
sessionsTemp.add(s);
clientChannel.register(acceptor, SelectionKey.OP_READ, new TLSConnectionInformation(engine, s.id));
engine.beginHandshake();
}
}
public void handleTLSConnection(SelectionKey key) throws IOException {
SocketChannel client = (SocketChannel) key.channel();
TLSConnectionInformation info = (TLSConnectionInformation) key.attachment();
SSLEngine engine = info.engine;
ByteBuffer appBuffer = ByteBuffer.allocate(engine.getSession().getApplicationBufferSize());
ByteBuffer netBuffer = ByteBuffer.allocate(engine.getSession().getPacketBufferSize());
int bytesRead = client.read(netBuffer);
if (bytesRead == -1) {
clientClose(info, client);
return;
}
netBuffer.flip();
SSLEngineResult res = engine.unwrap(netBuffer, appBuffer);
//appBuffer.compact();
if (!isTLSHandShake(netBuffer)) {
System.out.println("Non-TLS attempted connection. Closing connection");
clientClose(info, client);
return;
}
/*
* If some tasks are required to end the establishment of the TLS connection
*/
if (res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
Runnable task;
while ((task = engine.getDelegatedTask()) != null)
task.run();
}
if (res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
for (int i = 0; i < sessionsTemp.size(); i++) {
if (sessionsTemp.get(i).sc.equals(client)) {
System.out.println("Connection accepted from " + sessionsTemp.get(i).id.toString());
sessions.add(sessionsTemp.get(i));
sessionsTemp.remove(i);
synchronized (com) {
com.wakeup();
client.register(com, SelectionKey.OP_READ, info);
}
break;
}
}
}
}
public boolean isTLSHandShake(ByteBuffer buffer) {
if (buffer.remaining() < 5)
return false;
if (buffer.get(0) == 22 && buffer.get(1) == 3)
return true;
return false;
}
public void handleTLSConnection2(SelectionKey key) throws IOException {
System.out.println("Attempted tls connection detected");
SocketChannel client = (SocketChannel) key.channel();
TLSConnectionInformation info = (TLSConnectionInformation) key.attachment();
SSLEngine engine = info.engine;
ByteBuffer appBuffer = ByteBuffer.allocate(engine.getSession().getApplicationBufferSize());
ByteBuffer netBuffer = ByteBuffer.allocate(engine.getSession().getPacketBufferSize());
while (true) {
SSLEngineResult.HandshakeStatus handshakeStatus = engine.getHandshakeStatus();
switch (handshakeStatus) {
case NEED_WRAP:
System.out.println("NEED_WRAP");
netBuffer.clear();
System.out.println("flag 2");
ByteBuffer buf = ByteBuffer.allocate(10);
SSLEngineResult wrapResult = engine.wrap(buf, netBuffer); //HERE2
System.out.println("flag 3");
if (wrapResult.getStatus() == SSLEngineResult.Status.CLOSED) {
throw new IOException("Handshake failed: Engine closed during wrap");
}
System.out.println("flag 4");
netBuffer.flip();
if (netBuffer.hasRemaining()) {
client.write(netBuffer);
}
System.out.println("flag 5");
break;
case NEED_UNWRAP:
System.out.println("NEED_UNWRAP");
if (client.read(netBuffer)