Applet: https refuses to server (with self issued certificate) in JRE while works with SDK

Hey,

I've been googling for a solution to this for countless hours in total but have not been able to solve the problem.

I have an applet that connects to our server with https connection to retrieve some data. Our server doesn't have a valid certificate so browsers for example give a warning message when connecting to it. In my development computer(s) (1.4.2_02) when I start the applet the first time it popups a Window "Warning - security" Do you want to accept the certificate.... and gives me options "Yes", "No", "Always". This is great. But when I try to open this same applet from another computer which only has the runtime environment of Java (1.4.2_01) no window appears whatsoever and that red cross thing appears on the applet. In the console it gives me the following error:

javax.net.ssl.SSLProtocolException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address

+ loads of other errors but that's the first.

I first used normal URLConnection and that worked fine with the SDK but not with JRE (I think the error was something like "Connection reset" and loads of other errors at that time). Then I tried to solve the problem by changing the URLConnection to HttpsURLConnection, here's some code:

    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[]{
        new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }
            public void checkClientTrusted(
                java.security.cert.X509Certificate[] certs, String authType) {
            }
            public void checkServerTrusted(
                java.security.cert.X509Certificate[] certs, String authType) {
            }
        }
    };
      
   // Install the all-trusting trust manager
    try {
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
    }
   
    try {
      URL dburl =
        new URL(serverURL + "data.asp");
               
      HttpsURLConnection connection = (HttpsURLConnection) dburl.openConnection();
      connection.setDoOutput(true);
      PrintStream out = ....

But it doesn't help, the problem remains.

As a normal Java program this seems to work though, without the trust manager it gives the "connection reset" or something but when putting the trustmanager in, it retrieves the data. But I can't get this to work with the applet.

I have also tried to import the CA certificate to the java plug-in with keytool and that gives me "not a valid X.509 certificate" or something but that's fine with me since this import thing with a commandline tool to every possible computer the program is supposed to be used on is not an feasible solution anyway.

Regards,

Sammakko
sammakkoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lExCommented:
first meke follow replacement in your TrustManager:

public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
      return new java.security.cert.X509Certificate[0];
}

and i don't know why but I think there is some kind of problem when you setting SocketFactory using setDefaultSSLSocketFactory.

try to do it this way:
afrer you create connestion call:
connection.setSSLSocketFactory(sc.getSocketFactory()); // so you set SecketFactory only for the Connection you use


Additionally you may need set HostnameVerifier for the Connection.

con.setHostnameVerifier(new HostnameVerifier()
{
      public boolean verify(String hostname, SSLSession session)
      {
            return true;
      }
});

Hope it helps..:)
0
sammakkoAuthor Commented:
Hey,

thanks for the suggestions, I tried them but unfortunately they didn't result any significant improvement, but something in the error messages made me to actually remove all the net related code from the applet and try it again and guess what? It still didn't load! I uploaded some calculator demo thing to the server and that refuses to load too in the runtime environment. So it seems that any applet refuses to load from our server (unless you have complete Java SDK installed). Bleh. Weird weird.

Here's some output (I've renamed the server):

Connecting https://myserver.com/test/Calc.class with no proxyjavax.net.ssl.SSLProtocolException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.<init>(Unknown Source)      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)      at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.setNewClient(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.superConnect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)      at java.net.HttpURLConnection.getResponseCode(Unknown Source)      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)      at sun.plugin.cache.CachedFileLoader.load(Unknown Source)      at sun.plugin.cache.FileCache.get(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connectWithCache(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)      at java.net.HttpURLConnection.getResponseCode(Unknown Source)      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)      at sun.applet.AppletClassLoader.getBytes(Unknown Source)      at sun.applet.AppletClassLoader.access$100(Unknown Source)      at sun.applet.AppletClassLoader$1.run(Unknown Source)      at java.security.AccessController.doPrivileged(Native Method)      at sun.applet.AppletClassLoader.findClass(Unknown Source)      at java.lang.ClassLoader.loadClass(Unknown Source)      at sun.applet.AppletClassLoader.loadClass(Unknown Source)      at java.lang.ClassLoader.loadClass(Unknown Source)      at sun.applet.AppletClassLoader.loadCode(Unknown Source)      at sun.applet.AppletPanel.createApplet(Unknown Source)      at sun.plugin.AppletViewer.createApplet(Unknown Source)      at sun.applet.AppletPanel.runLoader(Unknown Source)      at sun.applet.AppletPanel.run(Unknown Source)      at java.lang.Thread.run(Unknown Source)Caused by: java.security.cert.CertificateParsingException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.X509CertInfo.<init>(Unknown Source)      at sun.security.x509.X509CertImpl.parse(Unknown Source)      at sun.security.x509.X509CertImpl.<init>(Unknown Source)      at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)      at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)      ... 34 moreCaused by: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source)      at sun.security.x509.CertificateExtensions.init(Unknown Source)      at sun.security.x509.CertificateExtensions.<init>(Unknown Source)      at sun.security.x509.X509CertInfo.parse(Unknown Source)      ... 39 moreCaused by: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.URIName.parseName(Unknown Source)      at sun.security.x509.URIName.<init>(Unknown Source)      at sun.security.x509.GeneralName.<init>(Unknown Source)      at sun.security.x509.GeneralNames.<init>(Unknown Source)      at sun.security.x509.DistributionPoint.<init>(Unknown Source)      at sun.security.x509.CRLDistributionPointsExtension.<init>(Unknown Source)      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)      at java.lang.reflect.Constructor.newInstance(Unknown Source)      ... 43 moreConnecting https://myserver.com/test/Calc.class with no proxyConnecting https://myserver.com/test/Calc/class.class with no proxyjavax.net.ssl.SSLProtocolException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.<init>(Unknown Source)      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)      at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.setNewClient(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.superConnect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)      at java.net.HttpURLConnection.getResponseCode(Unknown Source)      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)      at sun.plugin.cache.CachedFileLoader.load(Unknown Source)      at sun.plugin.cache.FileCache.get(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connectWithCache(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)      at java.net.HttpURLConnection.getResponseCode(Unknown Source)      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)      at sun.applet.AppletClassLoader.getBytes(Unknown Source)      at sun.applet.AppletClassLoader.access$100(Unknown Source)      at sun.applet.AppletClassLoader$1.run(Unknown Source)      at java.security.AccessController.doPrivileged(Native Method)      at sun.applet.AppletClassLoader.findClass(Unknown Source)      at java.lang.ClassLoader.loadClass(Unknown Source)      at sun.applet.AppletClassLoader.loadClass(Unknown Source)      at java.lang.ClassLoader.loadClass(Unknown Source)      at sun.applet.AppletClassLoader.loadCode(Unknown Source)      at sun.applet.AppletPanel.createApplet(Unknown Source)      at sun.plugin.AppletViewer.createApplet(Unknown Source)      at sun.applet.AppletPanel.runLoader(Unknown Source)      at sun.applet.AppletPanel.run(Unknown Source)      at java.lang.Thread.run(Unknown Source)Caused by: java.security.cert.CertificateParsingException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.X509CertInfo.<init>(Unknown Source)      at sun.security.x509.X509CertImpl.parse(Unknown Source)      at sun.security.x509.X509CertImpl.<init>(Unknown Source)      at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)      at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)      ... 34 moreCaused by: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source)      at sun.security.x509.CertificateExtensions.init(Unknown Source)      at sun.security.x509.CertificateExtensions.<init>(Unknown Source)      at sun.security.x509.X509CertInfo.parse(Unknown Source)      ... 39 moreCaused by: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.URIName.parseName(Unknown Source)      at sun.security.x509.URIName.<init>(Unknown Source)      at sun.security.x509.GeneralName.<init>(Unknown Source)      at sun.security.x509.GeneralNames.<init>(Unknown Source)      at sun.security.x509.DistributionPoint.<init>(Unknown Source)      at sun.security.x509.CRLDistributionPointsExtension.<init>(Unknown Source)      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)      at java.lang.reflect.Constructor.newInstance(Unknown Source)      ... 43 moreConnecting https://myserver.com/test/Calc/class.class with no proxyload: class Calc.class not found.java.lang.ClassNotFoundException: Calc.class      at sun.applet.AppletClassLoader.findClass(Unknown Source)      at java.lang.ClassLoader.loadClass(Unknown Source)      at sun.applet.AppletClassLoader.loadClass(Unknown Source)      at java.lang.ClassLoader.loadClass(Unknown Source)      at sun.applet.AppletClassLoader.loadCode(Unknown Source)      at sun.applet.AppletPanel.createApplet(Unknown Source)      at sun.plugin.AppletViewer.createApplet(Unknown Source)      at sun.applet.AppletPanel.runLoader(Unknown Source)      at sun.applet.AppletPanel.run(Unknown Source)      at java.lang.Thread.run(Unknown Source)Caused by: javax.net.ssl.SSLProtocolException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.<init>(Unknown Source)      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)      at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.setNewClient(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.superConnect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)      at java.net.HttpURLConnection.getResponseCode(Unknown Source)      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)      at sun.applet.AppletClassLoader.getBytes(Unknown Source)      at sun.applet.AppletClassLoader.access$100(Unknown Source)      at sun.applet.AppletClassLoader$1.run(Unknown Source)      at java.security.AccessController.doPrivileged(Native Method)      ... 10 moreCaused by: java.security.cert.CertificateParsingException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.X509CertInfo.<init>(Unknown Source)      at sun.security.x509.X509CertImpl.parse(Unknown Source)      at sun.security.x509.X509CertImpl.<init>(Unknown Source)      at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)      at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)      ... 27 moreCaused by: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source)      at sun.security.x509.CertificateExtensions.init(Unknown Source)      at sun.security.x509.CertificateExtensions.<init>(Unknown Source)      at sun.security.x509.X509CertInfo.parse(Unknown Source)      ... 32 moreCaused by: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.URIName.parseName(Unknown Source)      at sun.security.x509.URIName.<init>(Unknown Source)      at sun.security.x509.GeneralName.<init>(Unknown Source)      at sun.security.x509.GeneralNames.<init>(Unknown Source)      at sun.security.x509.DistributionPoint.<init>(Unknown Source)      at sun.security.x509.CRLDistributionPointsExtension.<init>(Unknown Source)      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)      at java.lang.reflect.Constructor.newInstance(Unknown Source)      ... 36 moreException: java.lang.ClassNotFoundException: Calc.class

If that's any use...

0
girionisCommented:
> Host portion is not a valid DNS name, IPv4 address, or IPv6 address

  Indicates a problem on the host definition. Are you sure the host you are trying to connect to exist (or the host name is valid)?
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

sammakkoAuthor Commented:
hey, girionis,

the host name should be valid and note that the applets load normally on any computer that has the Java SDK installed.
0
lExCommented:
actually I have working example...:)

...and it was part of it....

I can attach whole code...but there is the same statement....

may be girionis is right and your problem is "resolving host name" ... try some other urls....
0
girionisCommented:
>I uploaded some calculator demo thing to the
>server and that refuses to load too in the
>runtime environment. So it seems that any
>applet refuses to load from our server (unless
>you have complete Java SDK installed).

  So does it actually fail even if there is a simple "hello world" message?

0
sammakkoAuthor Commented:
>> try some other urls....

Hey, somehow I'm assuming that if I would load the applet with http:// prefix instead of the https:// from the server (I can't very easily test it though since https is required by the server) it would load up just fine. But I need it to work with the https.

I also tried to load it with the ip address https://123.456.789.0/test/Calc.class but it doesn't make any difference.
0
sammakkoAuthor Commented:
I was right, I tested it now and the applet loads fine with http:// but gives these errors with https://.
0
sammakkoAuthor Commented:
My applet which tries to open the https connection loads up with http:// prefix but can't retrieve the data though (same error, Host portion is not a valid DNS name, IPv4 address, or IPv6 address) but I only get this error twice and nothing else, with https:// the whole applet refuses to load up and gives that endless list of errors.
0
lExCommented:
try to test running your applet as an application ...
0
girionisCommented:
 The clue here is that this applet works on a machine with 1.4.2_02 jdk installed and not with 1.4.2_01 so I'd say there is something to do with the settings of the JDK. Is it possible to check if there are any services packs for jdk 1.4.2._01 and install them? Also does it run in earlier versions (1.3 for example)?
0
sammakkoAuthor Commented:
girionis: sorry I missed your post at first. I don't have a pure hello world program but I have one which has helloworld, a textbox and a button ( :D ) and yes it fails.

lEx: I would assume that would happen is that the program would load up but it wouldn't receive any data (failing to same error).
0
girionisCommented:
> I would assume

  Better not make assumptions, especially when programming can't be deterministic :)

  I'd also suggest try and see what would happen if you run your applet as an application. It might give you clues as to why the applet is failing.
0
lExCommented:
girionis: if you use your own SocketFactory then JDK settings should not affect your program... and HttpsUrlConnection is available only for 1.4
0
girionisCommented:
 ...also which one is the line that fails?
0
sammakkoAuthor Commented:
girionis: I'm unsure of any servicepacks, I'll try to check it out. The 1.4.2_01 JRE is retrieved from http://www.java.com/en/download/windows_automatic.jsp and in the Java Plug-in settings there is some update button which says that the latest java is already installed. I have tried to compile the applet with 1.3 SDK (had to do some changes before it agreed to compile though) and it worked in the computer I compiled it in but not in the 1.4.2_01 JRE. I don't think I tried to open it in the 1.4.2_02 SDK though. I don't have any 1.3 JRE's installed but I would assume it won't work if it's compiled with 1.4 and also it would be desireable that it worked with the latest version.
0
girionisCommented:
> and also it would be desireable that it worked with the latest version.

  Ok understood, I just thought it would be good if we can isolate the problem on the VM level.

  Also you can use the "-target" switch to make a java programme available for different VMs.
0
lExCommented:
ok, here is my code, it works as standalone application....
i don't are there any restriction using HTTPS in Applets...if there are no... then this code will work as applet too...

class MyNameVerifier implements HostnameVerifier
{
      public boolean verify(String hostname, SSLSession session)
      {
            return true;
      }
}

class MyTrustManager implements X509TrustManager
{

      MyTrustManager()
      {}

      public void checkClientTrusted(java.security.cert.X509Certificate chain[], String authType) throws java.security.cert.CertificateException
      {
      }

      public void checkServerTrusted(java.security.cert.X509Certificate oaChain[], String sAuthType) throws java.security.cert.CertificateException
      {
      }

      
      public java.security.cert.X509Certificate[] getAcceptedIssuers()
      {
            return new java.security.cert.X509Certificate[0];
      }
}

Code for main:

try
{
      SSLContext ctx = SSLContext.getInstance("SSL");
      X509TrustManager oTrustMngr = new PassportTrustManager();
      TrustManager oEnlistaTrustManagers[] =
                        {
                        oTrustMngr};

      ctx.init(null, oEnlistaTrustManagers, null);

      String host = "your host"; //for ex. : nexus.passport.com
      String file = "your file"; //for ex. : /rdr/pprdr.asp

      HttpsURLConnection con = (HttpsURLConnection)new URL("https", host, 443, file).
      openConnection();
      con.setSSLSocketFactory(MSNSession.ctx.getSocketFactory());
      con.setHostnameVerifier(new PassportNameVerifier());

      //connection is ready to use
      //con.connection(); - to send request

}
catch(Exception e)
{
      Util.debug("error due creating SSLContext: " + e);
}
0
sammakkoAuthor Commented:
Hey,

I didn't try the applet, but the application I mentioned briefly in my first post, it works in my workstation, but what I didn't try before is the same application in the JRE machine and yes, it fails to the same error.

Here's the output:

Exception in thread "main" javax.net.ssl.SSLProtocolException: java.io.IOExcepti
on: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or
IPv6 address
        at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.<init>(U
nknown Source)
        at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Sou
rce)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown So
urce)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unkn
own Source)
        at ReadHttpsURL3.main(ReadHttpsURL3.java:45)
Caused by: java.security.cert.CertificateParsingException: java.io.IOException:
java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6
 address
        at sun.security.x509.X509CertInfo.<init>(Unknown Source)
        at sun.security.x509.X509CertImpl.parse(Unknown Source)
        at sun.security.x509.X509CertImpl.<init>(Unknown Source)
        at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown S
ource)
        at java.security.cert.CertificateFactory.generateCertificate(Unknown Sou
rce)
        ... 11 more
Caused by: java.io.IOException: java.io.IOException: Host portion is not a valid
 DNS name, IPv4 address, or IPv6 address
        at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source
)
        at sun.security.x509.CertificateExtensions.init(Unknown Source)
        at sun.security.x509.CertificateExtensions.<init>(Unknown Source)
        at sun.security.x509.X509CertInfo.parse(Unknown Source)
        ... 16 more
Caused by: java.io.IOException: Host portion is not a valid DNS name, IPv4 addre
ss, or IPv6 address
        at sun.security.x509.URIName.parseName(Unknown Source)
        at sun.security.x509.URIName.<init>(Unknown Source)
        at sun.security.x509.GeneralName.<init>(Unknown Source)
        at sun.security.x509.GeneralNames.<init>(Unknown Source)
        at sun.security.x509.DistributionPoint.<init>(Unknown Source)
        at sun.security.x509.CRLDistributionPointsExtension.<init>(Unknown Sourc
e)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

        at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)

        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Sou
rce)
        at java.lang.reflect.Constructor.newInstance(Unknown Source)
        ... 20 more



Line 45 is BufferedReader in = new BufferedReader(
                new InputStreamReader(connection.getInputStream()));
0
sammakkoAuthor Commented:
lEx,

I have some trouble compiling your code;

S:\java\paska\perse.java:14: cannot resolve symbol
symbol  : class PassportTrustManager
location: class perse
     X509TrustManager oTrustMngr = new PassportTrustManager();
                                       ^
S:\java\paska\perse.java:26: package MSNSession does not exist
     con.setSSLSocketFactory(MSNSession.ctx.getSocketFactory());
                                       ^
S:\java\paska\perse.java:27: cannot resolve symbol
symbol  : class PassportNameVerifier
location: class perse
     con.setHostnameVerifier(new PassportNameVerifier());
                                 ^
S:\java\paska\perse.java:35: cannot resolve symbol
symbol  : variable Util
location: class perse
     Util.debug("error due creating SSLContext: " + e);
     ^
4 errors

Process completed.
0
sammakkoAuthor Commented:
Would it help anything if I posted the url to our server with the applet so you could see if it loads/doesn't load? I'm assuming (although you said not to assume hehe) you guys have SDKs and it probably will load up though.

Something makes me a bit concerned about publishing the url though, dunno why really.
0
girionisCommented:
 Yes you can do it if you want to and we can try to load the applet and see what happens. I have jdk1.3 installed though.
0
lExCommented:
sorry i forget change all names:)

class MyNameVerifier implements HostnameVerifier
{
     public boolean verify(String hostname, SSLSession session)
     {
          return true;
     }
}

class MyTrustManager implements X509TrustManager
{

     MyTrustManager()
     {}

     public void checkClientTrusted(java.security.cert.X509Certificate chain[], String authType) throws java.security.cert.CertificateException
     {
     }

     public void checkServerTrusted(java.security.cert.X509Certificate oaChain[], String sAuthType) throws java.security.cert.CertificateException
     {
     }

     
     public java.security.cert.X509Certificate[] getAcceptedIssuers()
     {
          return new java.security.cert.X509Certificate[0];
     }
}

Code for main:

try
{
     SSLContext ctx = SSLContext.getInstance("SSL");
     X509TrustManager oTrustMngr = new MyTrustManager();
     TrustManager oEnlistaTrustManagers[] =
                    {
                    oTrustMngr};

     ctx.init(null, oEnlistaTrustManagers, null);

     String host = "your host"; //for ex. : nexus.passport.com
     String file = "your file"; //for ex. : /rdr/pprdr.asp

     HttpsURLConnection con = (HttpsURLConnection)new URL("https", host, 443, file).
     openConnection();
     con.setSSLSocketFactory(ctx.getSocketFactory());
     con.setHostnameVerifier(new MyNameVerifier());

     //connection is ready to use
     //con.connection(); - to send request

}
catch(Exception e)
{

}
0
lExCommented:
sorry i've forgot change all names:)

class MyNameVerifier implements HostnameVerifier
{
     public boolean verify(String hostname, SSLSession session)
     {
          return true;
     }
}

class MyTrustManager implements X509TrustManager
{

     MyTrustManager()
     {}

     public void checkClientTrusted(java.security.cert.X509Certificate chain[], String authType) throws java.security.cert.CertificateException
     {
     }

     public void checkServerTrusted(java.security.cert.X509Certificate oaChain[], String sAuthType) throws java.security.cert.CertificateException
     {
     }

     
     public java.security.cert.X509Certificate[] getAcceptedIssuers()
     {
          return new java.security.cert.X509Certificate[0];
     }
}

Code for main:

try
{
     SSLContext ctx = SSLContext.getInstance("SSL");
     X509TrustManager oTrustMngr = new MyTrustManager();
     TrustManager oEnlistaTrustManagers[] =
                    {
                    oTrustMngr};

     ctx.init(null, oEnlistaTrustManagers, null);

     String host = "your host"; //for ex. : nexus.passport.com
     String file = "your file"; //for ex. : /rdr/pprdr.asp

     HttpsURLConnection con = (HttpsURLConnection)new URL("https", host, 443, file).
     openConnection();
     con.setSSLSocketFactory(ctx.getSocketFactory());
     con.setHostnameVerifier(new MyNameVerifier());

     //connection is ready to use
     //con.connection(); - to send request

}
catch(Exception e)
{

}
0
sammakkoAuthor Commented:
Here's the calc applet:

https://netserver.kunnondata.fi/test/calc.html
http://netserver.kunnondata.fi/test/calc.html

The http one works (probably needs the 1.4 though) but the https refuses without the sdk. But it would be nice if you can try retrieving this page with your java application: https://netserver.kunnondata.fi/test/somedata.htm

Even nicer would be application that doesn't fail doing it with 1.4.2_01 JRE :)
0
girionisCommented:
 I can see all of the above links. The first two with the calculator and the last one with the: "hey hey this is some data bleh " message. I am using Opera 6.04 with JRE plugin 1.3.

  I really think the problem lies on the JRE you are using...
0
girionisCommented:
 My colleague tried IE also works fine.. and the JRE plugin he is using is 1.3.1_02
0
lExCommented:
so...as i see we spoke about different things

what actually you want??

1. create HTTPS connection from an applet ???
or
2. connect to the server using HTTPS and dowload Applet trough HTTPS ???
0
girionisCommented:
 More questions... What is the os you are using? Are both computers (the one with 1.4.2_02 and the one with 1.4.2_01) have the same os version? IF you are using Windows do they both have the same service pack installed (if any)?
0
girionisCommented:
 For what I understand is an HTTPS connection to the applet page... isn't it?
0
girionisCommented:
 Also sammakko what exactly do you mean here:

> but the https refuses without the sdk
0
lExCommented:
Yes, if you are trying to do 2.
then you have system environment problem....
0
girionisCommented:
 I never had any problems doing your second query...
0
girionisCommented:
> 2. connect to the server using HTTPS and dowload Applet trough HTTPS ???

  If you connect through HTTPS don't you also download the data (and therefore the applet) through HTTPS?
0
sammakkoAuthor Commented:
Ouch this is confusing.

What I want is the combination of 1 and 2: Load an applet from https://netserver.kunnondata.fi/secret_directory/secret_file_containing_very_secret_applet.asp which then connects to https://netserver.kunnondata.fi/another_secret_directory/secret_file_containing_some_very_secret_data.asp to retrieve some data. But the https connection refuses in both cases (loading the applet and retrieving the data). I have tried in three different workstations with the JRE 1.4.2_01 and it fails. They all have Windows2000 and some version if IE. Also an associate of mine at different location tried the applet and it didn't work. It works on my workstation (1.4.2_02 sdk), in my laptop (same sdk) and in my home computer (same sdk). In one computer which has like 7 different versions of java and is a complete mess it doesn't work.

But hey I'll try installing the 1.3 JRE to some machine tomorrow and see what happens, it might work (but that doesn't help very far really, it still refuses in 1.4).
0
girionisCommented:
 Why don;t you upgrade all the computers to 1.4.2_02?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sammakkoAuthor Commented:
Good guestion.

Very good guestion actually.

As I said before http://www.java.com/en/download/windows_automatic.jsp gives the 1.4.2_01 and the update button in the plug-in settings says that the latest java is installed but on the download page of java.sun.com 1.4.2_02 JRE is available. I'm downloading it now.
0
lExCommented:
YOU CAN NOT USE HttpsURLConnection with JDK 1.3!!!

it is only available since 1.4...
0
sammakkoAuthor Commented:
BLEH BLEH BLEH!

dfg#¤%#¤%#w%5

and other various cencored comments.

I don't know really how to say this so I'm just gonna say it:
Upgrading to 1.4.2_02 JRE fixed it.

Oh well, the problem is now solved. This is my second time posting to ee (at the first time I didn't get any replies though, my question was too far from outer space) so anyway I think I need to award the points now and I would like to split them since both of you have spent quite a lot of time with this so I hope that's ok.
0
sammakkoAuthor Commented:
Ummh, I would request, if possible, some administrator to remove all the links to our server since the files are not available anymore anyway and it seems that I'm not able to edit my posts. Thanks.

And thanks again for all the help lex and girionis.
0
girionisCommented:
 Glad problem is solved... Thank's for the points :)

  If you want to get in touch with an administrator then ask a question for zero points to COmmunity Support (http://www.experts-exchange.com/Community_Support/)
0
girionisCommented:
 I know this is a closed question but here is some more info.

  This is actually a bug in some version of jdk1.4.* and it is documented in the following URL: http://developer.java.sun.com/developer/bugParade/bugs/4874076.html

  The resolution suggested is to use another version of the JRE, specifically JRE 1.4.1_02
0
girionisCommented:
 .. obviously by the time of writing 1.4.2_02 JRE wasn't released. Upgrading in either of the two version (and probably any in between) will do :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.