SSL client authentication

by telematics » Thu, 12 Mar 2009 05:40:52 GMT


Sponsored Links
  am new on SSL programming. The Android app I am developing needs to
open an SSL socket to a secure server which requires the client
authentication. When running on the Emulator and trying to talk to a
Server running on the host PC, the following Android code snippet
always gives me a SocketException at the line, SSLSocket c =
(SSLSocket) f.createSocket(hostName, 8888) :

private void openSslClient(String hostName)
{
try
{
KeyStore keyStore = KeyStore.getInstance
(KeyStore.getDefaultType());
InputStream fis = this.getAssets().open("client.bks");
keyStore.load(fis, "clientjks".toCharArray());

KeyManagerFactory kmf = KeyManagerFactory.getInstance
("X509");

kmf.init(keyStore, "clientkey".toCharArray());

TrustManagerFactory tmf = TrustManagerFactory.getInstance
("X509");

tmf.init(keyStore);

SSLContext sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(),
new SecureRandom());

SSLSocketFactory f = sc.getSocketFactory();
SSLSocket c = (SSLSocket) f.createSocket(hostName, 8888);
c.startHandshake();
w = new BufferedWriter(new OutputStreamWriter
(c.getOutputStream()));
r = new BufferedReader(new InputStreamReader
(c.getInputStream()));
} catch (Exception e)
{
Log.e(LOG_TAG, "openSslClient failed", e);
}
}

The stack trace looks like below:
03-11 21:24:00.585: ERROR/OSNetworkSystem(1093): unknown socket error
-1
03-11 21:24:07.156: ERROR/PatientDataUploader(1093): openSslClient
failed
03-11 21:24:07.156: ERROR/PatientDataUploader(1093):
java.net.SocketException: unknown error
03-11 21:24:07.156: ERROR/PatientDataUploader(1093): at
org.apache.harmony.luni.platform.OSNetworkSystem.createSocketImpl
(Native Method)
03-11 21:24:07.156: ERROR/PatientDataUploader(1093): at
org.apache.harmony.luni.platform.OSNetworkSystem.createSocket
(OSNetworkSystem.java:79)
03-11 21:24:07.156: ERROR/PatientDataUploader(1093): at
org.apache.harmony.luni.net.PlainSocketImpl2.create
(PlainSocketImpl2.java:59)
03-11 21:24:07.156: ERROR/PatientDataUploader(1093): at
java.net.Socket.startupSocket(Socket.java:668)
03-11 21:24:07.156: ERROR/PatientDataUploader(1093): at
java.net.Socket.<init>(Socket.java:142)
03-11 21:24:07.156: ERROR/PatientDataUploader(1093): at
javax.net.ssl.SSLSocket.<init>(SSLSocket.java:42)
03-11 21:24:07.156: ERROR/PatientDataUploader(1093): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.<init>
(OpenSSLSocketImpl.java:179)
03-11 21:24:07.156: ERROR/PatientDataUploader(1093): at
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketFactoryImpl.createSocket
(OpenSSLSocketFactoryImpl.java:65)


The server test program I am using is a modified version of
SslReverseEchoer available on Dr. Herong Yang's website. It looks like
below:

public static void main(String[] args) {
if (args.length < 3) {
System.out.println("Usage:");
System.out
.println(" java
SslReverseEchoerRevised ksName ksPass ctPass
ipAddr");



SSL client authentication

by telematics » Thu, 12 Mar 2009 13:59:14 GMT


 ever mind. I figured it out by my own - add the following to the
manifest.

<uses-permission android:name="android.permission.INTERNET" />

On Mar 11, 4:40pm, telematics <hai.huan...@gmail.com> wrote:
--~--~---------~--~----~------------~-------~--~----~


Sponsored Links


Other Threads

1. Killer app - Sync SMS to google on the pc

The G1 has made it a delight to have my google stuff fully available
on my mobile - fantastic.

But what about the other way round? How about a google sms account -
where all your sms messages appear inside your google account for when
you are with your PC. This could be merged with gmail preferably - or
even a separate app. This could have a facility to send sms from the
PC - and those sent messages will appear on the G1 too....
would be perfect!

any ideas?
james
--~--~---------~--~----~------------~-------~--~----~

2. feature/application idea

What I'd really like is to see the text of each entry in the week view
of the Calendar - ar possibly a new application just for this...

I don't ever use timed entries - preferring to use my own way of
entering appointments. (does anyone else hate the way google tries to
help us by reading and 'interpreting' the time of our entries?! I wish
this could be switched off . In fact i'd love an option to make
everything an 'all day event' by default)

The old Psion organiser had this feature from the early 90's. Its week
view emulated the look of a filofax just opened out. Was perfect! And
it was easy to fast forward while reading the text...No calendar
application that I have seen has look like that ever since...

anyone else think like me?

BTW, totally in LOVE with my G1 - even after a whole week!


cheers
maravedis

--~--~---------~--~----~------------~-------~--~----~

3. 2D over 3D

4. About porting of bionin libc

5. One Year Contract with T-Mobile?

6. Retrieve phone number for given contact

7. Problems with PPP on Android - Omapzoom