Solved

Applet: https refuses to server (with self issued certificate) in JRE while works with SDK

Posted on 2003-11-20
43
1,764 Views
Last Modified: 2013-11-23
Hey,

I've been googling for a solution to this for countless hours in total but have not been able to solve the problem.

I have an applet that connects to our server with https connection to retrieve some data. Our server doesn't have a valid certificate so browsers for example give a warning message when connecting to it. In my development computer(s) (1.4.2_02) when I start the applet the first time it popups a Window "Warning - security" Do you want to accept the certificate.... and gives me options "Yes", "No", "Always". This is great. But when I try to open this same applet from another computer which only has the runtime environment of Java (1.4.2_01) no window appears whatsoever and that red cross thing appears on the applet. In the console it gives me the following error:

javax.net.ssl.SSLProtocolException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address

+ loads of other errors but that's the first.

I first used normal URLConnection and that worked fine with the SDK but not with JRE (I think the error was something like "Connection reset" and loads of other errors at that time). Then I tried to solve the problem by changing the URLConnection to HttpsURLConnection, here's some code:

    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[]{
        new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }
            public void checkClientTrusted(
                java.security.cert.X509Certificate[] certs, String authType) {
            }
            public void checkServerTrusted(
                java.security.cert.X509Certificate[] certs, String authType) {
            }
        }
    };
      
   // Install the all-trusting trust manager
    try {
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
    }
   
    try {
      URL dburl =
        new URL(serverURL + "data.asp");
               
      HttpsURLConnection connection = (HttpsURLConnection) dburl.openConnection();
      connection.setDoOutput(true);
      PrintStream out = ....

But it doesn't help, the problem remains.

As a normal Java program this seems to work though, without the trust manager it gives the "connection reset" or something but when putting the trustmanager in, it retrieves the data. But I can't get this to work with the applet.

I have also tried to import the CA certificate to the java plug-in with keytool and that gives me "not a valid X.509 certificate" or something but that's fine with me since this import thing with a commandline tool to every possible computer the program is supposed to be used on is not an feasible solution anyway.

Regards,

Sammakko
0
Comment
Question by:sammakko
  • 18
  • 15
  • 10
43 Comments
 

Expert Comment

by:lEx
ID: 9786092
first meke follow replacement in your TrustManager:

public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
      return new java.security.cert.X509Certificate[0];
}

and i don't know why but I think there is some kind of problem when you setting SocketFactory using setDefaultSSLSocketFactory.

try to do it this way:
afrer you create connestion call:
connection.setSSLSocketFactory(sc.getSocketFactory()); // so you set SecketFactory only for the Connection you use


Additionally you may need set HostnameVerifier for the Connection.

con.setHostnameVerifier(new HostnameVerifier()
{
      public boolean verify(String hostname, SSLSession session)
      {
            return true;
      }
});

Hope it helps..:)
0
 

Author Comment

by:sammakko
ID: 9786792
Hey,

thanks for the suggestions, I tried them but unfortunately they didn't result any significant improvement, but something in the error messages made me to actually remove all the net related code from the applet and try it again and guess what? It still didn't load! I uploaded some calculator demo thing to the server and that refuses to load too in the runtime environment. So it seems that any applet refuses to load from our server (unless you have complete Java SDK installed). Bleh. Weird weird.

Here's some output (I've renamed the server):

Connecting https://myserver.com/test/Calc.class with no proxyjavax.net.ssl.SSLProtocolException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.<init>(Unknown Source)      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)      at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.setNewClient(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.superConnect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)      at java.net.HttpURLConnection.getResponseCode(Unknown Source)      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)      at sun.plugin.cache.CachedFileLoader.load(Unknown Source)      at sun.plugin.cache.FileCache.get(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connectWithCache(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)      at java.net.HttpURLConnection.getResponseCode(Unknown Source)      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)      at sun.applet.AppletClassLoader.getBytes(Unknown Source)      at sun.applet.AppletClassLoader.access$100(Unknown Source)      at sun.applet.AppletClassLoader$1.run(Unknown Source)      at java.security.AccessController.doPrivileged(Native Method)      at sun.applet.AppletClassLoader.findClass(Unknown Source)      at java.lang.ClassLoader.loadClass(Unknown Source)      at sun.applet.AppletClassLoader.loadClass(Unknown Source)      at java.lang.ClassLoader.loadClass(Unknown Source)      at sun.applet.AppletClassLoader.loadCode(Unknown Source)      at sun.applet.AppletPanel.createApplet(Unknown Source)      at sun.plugin.AppletViewer.createApplet(Unknown Source)      at sun.applet.AppletPanel.runLoader(Unknown Source)      at sun.applet.AppletPanel.run(Unknown Source)      at java.lang.Thread.run(Unknown Source)Caused by: java.security.cert.CertificateParsingException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.X509CertInfo.<init>(Unknown Source)      at sun.security.x509.X509CertImpl.parse(Unknown Source)      at sun.security.x509.X509CertImpl.<init>(Unknown Source)      at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)      at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)      ... 34 moreCaused by: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source)      at sun.security.x509.CertificateExtensions.init(Unknown Source)      at sun.security.x509.CertificateExtensions.<init>(Unknown Source)      at sun.security.x509.X509CertInfo.parse(Unknown Source)      ... 39 moreCaused by: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.URIName.parseName(Unknown Source)      at sun.security.x509.URIName.<init>(Unknown Source)      at sun.security.x509.GeneralName.<init>(Unknown Source)      at sun.security.x509.GeneralNames.<init>(Unknown Source)      at sun.security.x509.DistributionPoint.<init>(Unknown Source)      at sun.security.x509.CRLDistributionPointsExtension.<init>(Unknown Source)      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)      at java.lang.reflect.Constructor.newInstance(Unknown Source)      ... 43 moreConnecting https://myserver.com/test/Calc.class with no proxyConnecting https://myserver.com/test/Calc/class.class with no proxyjavax.net.ssl.SSLProtocolException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.<init>(Unknown Source)      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)      at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.setNewClient(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.superConnect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)      at java.net.HttpURLConnection.getResponseCode(Unknown Source)      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)      at sun.plugin.cache.CachedFileLoader.load(Unknown Source)      at sun.plugin.cache.FileCache.get(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connectWithCache(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)      at java.net.HttpURLConnection.getResponseCode(Unknown Source)      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)      at sun.applet.AppletClassLoader.getBytes(Unknown Source)      at sun.applet.AppletClassLoader.access$100(Unknown Source)      at sun.applet.AppletClassLoader$1.run(Unknown Source)      at java.security.AccessController.doPrivileged(Native Method)      at sun.applet.AppletClassLoader.findClass(Unknown Source)      at java.lang.ClassLoader.loadClass(Unknown Source)      at sun.applet.AppletClassLoader.loadClass(Unknown Source)      at java.lang.ClassLoader.loadClass(Unknown Source)      at sun.applet.AppletClassLoader.loadCode(Unknown Source)      at sun.applet.AppletPanel.createApplet(Unknown Source)      at sun.plugin.AppletViewer.createApplet(Unknown Source)      at sun.applet.AppletPanel.runLoader(Unknown Source)      at sun.applet.AppletPanel.run(Unknown Source)      at java.lang.Thread.run(Unknown Source)Caused by: java.security.cert.CertificateParsingException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.X509CertInfo.<init>(Unknown Source)      at sun.security.x509.X509CertImpl.parse(Unknown Source)      at sun.security.x509.X509CertImpl.<init>(Unknown Source)      at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)      at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)      ... 34 moreCaused by: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source)      at sun.security.x509.CertificateExtensions.init(Unknown Source)      at sun.security.x509.CertificateExtensions.<init>(Unknown Source)      at sun.security.x509.X509CertInfo.parse(Unknown Source)      ... 39 moreCaused by: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.URIName.parseName(Unknown Source)      at sun.security.x509.URIName.<init>(Unknown Source)      at sun.security.x509.GeneralName.<init>(Unknown Source)      at sun.security.x509.GeneralNames.<init>(Unknown Source)      at sun.security.x509.DistributionPoint.<init>(Unknown Source)      at sun.security.x509.CRLDistributionPointsExtension.<init>(Unknown Source)      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)      at java.lang.reflect.Constructor.newInstance(Unknown Source)      ... 43 moreConnecting https://myserver.com/test/Calc/class.class with no proxyload: class Calc.class not found.java.lang.ClassNotFoundException: Calc.class      at sun.applet.AppletClassLoader.findClass(Unknown Source)      at java.lang.ClassLoader.loadClass(Unknown Source)      at sun.applet.AppletClassLoader.loadClass(Unknown Source)      at java.lang.ClassLoader.loadClass(Unknown Source)      at sun.applet.AppletClassLoader.loadCode(Unknown Source)      at sun.applet.AppletPanel.createApplet(Unknown Source)      at sun.plugin.AppletViewer.createApplet(Unknown Source)      at sun.applet.AppletPanel.runLoader(Unknown Source)      at sun.applet.AppletPanel.run(Unknown Source)      at java.lang.Thread.run(Unknown Source)Caused by: javax.net.ssl.SSLProtocolException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.<init>(Unknown Source)      at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)      at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.setNewClient(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.superConnect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)      at sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)      at java.net.HttpURLConnection.getResponseCode(Unknown Source)      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)      at sun.applet.AppletClassLoader.getBytes(Unknown Source)      at sun.applet.AppletClassLoader.access$100(Unknown Source)      at sun.applet.AppletClassLoader$1.run(Unknown Source)      at java.security.AccessController.doPrivileged(Native Method)      ... 10 moreCaused by: java.security.cert.CertificateParsingException: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.X509CertInfo.<init>(Unknown Source)      at sun.security.x509.X509CertImpl.parse(Unknown Source)      at sun.security.x509.X509CertImpl.<init>(Unknown Source)      at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)      at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)      ... 27 moreCaused by: java.io.IOException: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source)      at sun.security.x509.CertificateExtensions.init(Unknown Source)      at sun.security.x509.CertificateExtensions.<init>(Unknown Source)      at sun.security.x509.X509CertInfo.parse(Unknown Source)      ... 32 moreCaused by: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6 address      at sun.security.x509.URIName.parseName(Unknown Source)      at sun.security.x509.URIName.<init>(Unknown Source)      at sun.security.x509.GeneralName.<init>(Unknown Source)      at sun.security.x509.GeneralNames.<init>(Unknown Source)      at sun.security.x509.DistributionPoint.<init>(Unknown Source)      at sun.security.x509.CRLDistributionPointsExtension.<init>(Unknown Source)      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)      at java.lang.reflect.Constructor.newInstance(Unknown Source)      ... 36 moreException: java.lang.ClassNotFoundException: Calc.class

If that's any use...

0
 
LVL 35

Expert Comment

by:girionis
ID: 9786799
> Host portion is not a valid DNS name, IPv4 address, or IPv6 address

  Indicates a problem on the host definition. Are you sure the host you are trying to connect to exist (or the host name is valid)?
0
 

Author Comment

by:sammakko
ID: 9786839
hey, girionis,

the host name should be valid and note that the applets load normally on any computer that has the Java SDK installed.
0
 

Expert Comment

by:lEx
ID: 9786854
actually I have working example...:)

...and it was part of it....

I can attach whole code...but there is the same statement....

may be girionis is right and your problem is "resolving host name" ... try some other urls....
0
 
LVL 35

Expert Comment

by:girionis
ID: 9786861
>I uploaded some calculator demo thing to the
>server and that refuses to load too in the
>runtime environment. So it seems that any
>applet refuses to load from our server (unless
>you have complete Java SDK installed).

  So does it actually fail even if there is a simple "hello world" message?

0
 

Author Comment

by:sammakko
ID: 9786889
>> try some other urls....

Hey, somehow I'm assuming that if I would load the applet with http:// prefix instead of the https:// from the server (I can't very easily test it though since https is required by the server) it would load up just fine. But I need it to work with the https.

I also tried to load it with the ip address https://123.456.789.0/test/Calc.class but it doesn't make any difference.
0
 

Author Comment

by:sammakko
ID: 9786909
I was right, I tested it now and the applet loads fine with http:// but gives these errors with https://.
0
 

Author Comment

by:sammakko
ID: 9786941
My applet which tries to open the https connection loads up with http:// prefix but can't retrieve the data though (same error, Host portion is not a valid DNS name, IPv4 address, or IPv6 address) but I only get this error twice and nothing else, with https:// the whole applet refuses to load up and gives that endless list of errors.
0
 

Expert Comment

by:lEx
ID: 9786961
try to test running your applet as an application ...
0
 
LVL 35

Expert Comment

by:girionis
ID: 9786987
 The clue here is that this applet works on a machine with 1.4.2_02 jdk installed and not with 1.4.2_01 so I'd say there is something to do with the settings of the JDK. Is it possible to check if there are any services packs for jdk 1.4.2._01 and install them? Also does it run in earlier versions (1.3 for example)?
0
 

Author Comment

by:sammakko
ID: 9786994
girionis: sorry I missed your post at first. I don't have a pure hello world program but I have one which has helloworld, a textbox and a button ( :D ) and yes it fails.

lEx: I would assume that would happen is that the program would load up but it wouldn't receive any data (failing to same error).
0
 
LVL 35

Expert Comment

by:girionis
ID: 9787036
> I would assume

  Better not make assumptions, especially when programming can't be deterministic :)

  I'd also suggest try and see what would happen if you run your applet as an application. It might give you clues as to why the applet is failing.
0
 

Expert Comment

by:lEx
ID: 9787039
girionis: if you use your own SocketFactory then JDK settings should not affect your program... and HttpsUrlConnection is available only for 1.4
0
 
LVL 35

Expert Comment

by:girionis
ID: 9787049
 ...also which one is the line that fails?
0
 

Author Comment

by:sammakko
ID: 9787050
girionis: I'm unsure of any servicepacks, I'll try to check it out. The 1.4.2_01 JRE is retrieved from http://www.java.com/en/download/windows_automatic.jsp and in the Java Plug-in settings there is some update button which says that the latest java is already installed. I have tried to compile the applet with 1.3 SDK (had to do some changes before it agreed to compile though) and it worked in the computer I compiled it in but not in the 1.4.2_01 JRE. I don't think I tried to open it in the 1.4.2_02 SDK though. I don't have any 1.3 JRE's installed but I would assume it won't work if it's compiled with 1.4 and also it would be desireable that it worked with the latest version.
0
 
LVL 35

Expert Comment

by:girionis
ID: 9787066
> and also it would be desireable that it worked with the latest version.

  Ok understood, I just thought it would be good if we can isolate the problem on the VM level.

  Also you can use the "-target" switch to make a java programme available for different VMs.
0
 

Expert Comment

by:lEx
ID: 9787124
ok, here is my code, it works as standalone application....
i don't are there any restriction using HTTPS in Applets...if there are no... then this code will work as applet too...

class MyNameVerifier implements HostnameVerifier
{
      public boolean verify(String hostname, SSLSession session)
      {
            return true;
      }
}

class MyTrustManager implements X509TrustManager
{

      MyTrustManager()
      {}

      public void checkClientTrusted(java.security.cert.X509Certificate chain[], String authType) throws java.security.cert.CertificateException
      {
      }

      public void checkServerTrusted(java.security.cert.X509Certificate oaChain[], String sAuthType) throws java.security.cert.CertificateException
      {
      }

      
      public java.security.cert.X509Certificate[] getAcceptedIssuers()
      {
            return new java.security.cert.X509Certificate[0];
      }
}

Code for main:

try
{
      SSLContext ctx = SSLContext.getInstance("SSL");
      X509TrustManager oTrustMngr = new PassportTrustManager();
      TrustManager oEnlistaTrustManagers[] =
                        {
                        oTrustMngr};

      ctx.init(null, oEnlistaTrustManagers, null);

      String host = "your host"; //for ex. : nexus.passport.com
      String file = "your file"; //for ex. : /rdr/pprdr.asp

      HttpsURLConnection con = (HttpsURLConnection)new URL("https", host, 443, file).
      openConnection();
      con.setSSLSocketFactory(MSNSession.ctx.getSocketFactory());
      con.setHostnameVerifier(new PassportNameVerifier());

      //connection is ready to use
      //con.connection(); - to send request

}
catch(Exception e)
{
      Util.debug("error due creating SSLContext: " + e);
}
0
 

Author Comment

by:sammakko
ID: 9787263
Hey,

I didn't try the applet, but the application I mentioned briefly in my first post, it works in my workstation, but what I didn't try before is the same application in the JRE machine and yes, it fails to the same error.

Here's the output:

Exception in thread "main" javax.net.ssl.SSLProtocolException: java.io.IOExcepti
on: java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or
IPv6 address
        at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.<init>(U
nknown Source)
        at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Sou
rce)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown So
urce)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unkn
own Source)
        at ReadHttpsURL3.main(ReadHttpsURL3.java:45)
Caused by: java.security.cert.CertificateParsingException: java.io.IOException:
java.io.IOException: Host portion is not a valid DNS name, IPv4 address, or IPv6
 address
        at sun.security.x509.X509CertInfo.<init>(Unknown Source)
        at sun.security.x509.X509CertImpl.parse(Unknown Source)
        at sun.security.x509.X509CertImpl.<init>(Unknown Source)
        at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown S
ource)
        at java.security.cert.CertificateFactory.generateCertificate(Unknown Sou
rce)
        ... 11 more
Caused by: java.io.IOException: java.io.IOException: Host portion is not a valid
 DNS name, IPv4 address, or IPv6 address
        at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source
)
        at sun.security.x509.CertificateExtensions.init(Unknown Source)
        at sun.security.x509.CertificateExtensions.<init>(Unknown Source)
        at sun.security.x509.X509CertInfo.parse(Unknown Source)
        ... 16 more
Caused by: java.io.IOException: Host portion is not a valid DNS name, IPv4 addre
ss, or IPv6 address
        at sun.security.x509.URIName.parseName(Unknown Source)
        at sun.security.x509.URIName.<init>(Unknown Source)
        at sun.security.x509.GeneralName.<init>(Unknown Source)
        at sun.security.x509.GeneralNames.<init>(Unknown Source)
        at sun.security.x509.DistributionPoint.<init>(Unknown Source)
        at sun.security.x509.CRLDistributionPointsExtension.<init>(Unknown Sourc
e)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

        at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)

        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Sou
rce)
        at java.lang.reflect.Constructor.newInstance(Unknown Source)
        ... 20 more



Line 45 is BufferedReader in = new BufferedReader(
                new InputStreamReader(connection.getInputStream()));
0
 

Author Comment

by:sammakko
ID: 9787341
lEx,

I have some trouble compiling your code;

S:\java\paska\perse.java:14: cannot resolve symbol
symbol  : class PassportTrustManager
location: class perse
     X509TrustManager oTrustMngr = new PassportTrustManager();
                                       ^
S:\java\paska\perse.java:26: package MSNSession does not exist
     con.setSSLSocketFactory(MSNSession.ctx.getSocketFactory());
                                       ^
S:\java\paska\perse.java:27: cannot resolve symbol
symbol  : class PassportNameVerifier
location: class perse
     con.setHostnameVerifier(new PassportNameVerifier());
                                 ^
S:\java\paska\perse.java:35: cannot resolve symbol
symbol  : variable Util
location: class perse
     Util.debug("error due creating SSLContext: " + e);
     ^
4 errors

Process completed.
0
 

Author Comment

by:sammakko
ID: 9787439
Would it help anything if I posted the url to our server with the applet so you could see if it loads/doesn't load? I'm assuming (although you said not to assume hehe) you guys have SDKs and it probably will load up though.

Something makes me a bit concerned about publishing the url though, dunno why really.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 35

Expert Comment

by:girionis
ID: 9787476
 Yes you can do it if you want to and we can try to load the applet and see what happens. I have jdk1.3 installed though.
0
 

Expert Comment

by:lEx
ID: 9787520
sorry i forget change all names:)

class MyNameVerifier implements HostnameVerifier
{
     public boolean verify(String hostname, SSLSession session)
     {
          return true;
     }
}

class MyTrustManager implements X509TrustManager
{

     MyTrustManager()
     {}

     public void checkClientTrusted(java.security.cert.X509Certificate chain[], String authType) throws java.security.cert.CertificateException
     {
     }

     public void checkServerTrusted(java.security.cert.X509Certificate oaChain[], String sAuthType) throws java.security.cert.CertificateException
     {
     }

     
     public java.security.cert.X509Certificate[] getAcceptedIssuers()
     {
          return new java.security.cert.X509Certificate[0];
     }
}

Code for main:

try
{
     SSLContext ctx = SSLContext.getInstance("SSL");
     X509TrustManager oTrustMngr = new MyTrustManager();
     TrustManager oEnlistaTrustManagers[] =
                    {
                    oTrustMngr};

     ctx.init(null, oEnlistaTrustManagers, null);

     String host = "your host"; //for ex. : nexus.passport.com
     String file = "your file"; //for ex. : /rdr/pprdr.asp

     HttpsURLConnection con = (HttpsURLConnection)new URL("https", host, 443, file).
     openConnection();
     con.setSSLSocketFactory(ctx.getSocketFactory());
     con.setHostnameVerifier(new MyNameVerifier());

     //connection is ready to use
     //con.connection(); - to send request

}
catch(Exception e)
{

}
0
 

Expert Comment

by:lEx
ID: 9787523
sorry i've forgot change all names:)

class MyNameVerifier implements HostnameVerifier
{
     public boolean verify(String hostname, SSLSession session)
     {
          return true;
     }
}

class MyTrustManager implements X509TrustManager
{

     MyTrustManager()
     {}

     public void checkClientTrusted(java.security.cert.X509Certificate chain[], String authType) throws java.security.cert.CertificateException
     {
     }

     public void checkServerTrusted(java.security.cert.X509Certificate oaChain[], String sAuthType) throws java.security.cert.CertificateException
     {
     }

     
     public java.security.cert.X509Certificate[] getAcceptedIssuers()
     {
          return new java.security.cert.X509Certificate[0];
     }
}

Code for main:

try
{
     SSLContext ctx = SSLContext.getInstance("SSL");
     X509TrustManager oTrustMngr = new MyTrustManager();
     TrustManager oEnlistaTrustManagers[] =
                    {
                    oTrustMngr};

     ctx.init(null, oEnlistaTrustManagers, null);

     String host = "your host"; //for ex. : nexus.passport.com
     String file = "your file"; //for ex. : /rdr/pprdr.asp

     HttpsURLConnection con = (HttpsURLConnection)new URL("https", host, 443, file).
     openConnection();
     con.setSSLSocketFactory(ctx.getSocketFactory());
     con.setHostnameVerifier(new MyNameVerifier());

     //connection is ready to use
     //con.connection(); - to send request

}
catch(Exception e)
{

}
0
 

Author Comment

by:sammakko
ID: 9787596
Here's the calc applet:

https://netserver.kunnondata.fi/test/calc.html
http://netserver.kunnondata.fi/test/calc.html

The http one works (probably needs the 1.4 though) but the https refuses without the sdk. But it would be nice if you can try retrieving this page with your java application: https://netserver.kunnondata.fi/test/somedata.htm

Even nicer would be application that doesn't fail doing it with 1.4.2_01 JRE :)
0
 
LVL 35

Expert Comment

by:girionis
ID: 9787627
 I can see all of the above links. The first two with the calculator and the last one with the: "hey hey this is some data bleh " message. I am using Opera 6.04 with JRE plugin 1.3.

  I really think the problem lies on the JRE you are using...
0
 
LVL 35

Expert Comment

by:girionis
ID: 9787649
 My colleague tried IE also works fine.. and the JRE plugin he is using is 1.3.1_02
0
 

Expert Comment

by:lEx
ID: 9787664
so...as i see we spoke about different things

what actually you want??

1. create HTTPS connection from an applet ???
or
2. connect to the server using HTTPS and dowload Applet trough HTTPS ???
0
 
LVL 35

Expert Comment

by:girionis
ID: 9787683
 More questions... What is the os you are using? Are both computers (the one with 1.4.2_02 and the one with 1.4.2_01) have the same os version? IF you are using Windows do they both have the same service pack installed (if any)?
0
 
LVL 35

Expert Comment

by:girionis
ID: 9787701
 For what I understand is an HTTPS connection to the applet page... isn't it?
0
 
LVL 35

Expert Comment

by:girionis
ID: 9787705
 Also sammakko what exactly do you mean here:

> but the https refuses without the sdk
0
 

Expert Comment

by:lEx
ID: 9787712
Yes, if you are trying to do 2.
then you have system environment problem....
0
 
LVL 35

Expert Comment

by:girionis
ID: 9787737
 I never had any problems doing your second query...
0
 
LVL 35

Expert Comment

by:girionis
ID: 9787763
> 2. connect to the server using HTTPS and dowload Applet trough HTTPS ???

  If you connect through HTTPS don't you also download the data (and therefore the applet) through HTTPS?
0
 

Author Comment

by:sammakko
ID: 9787881
Ouch this is confusing.

What I want is the combination of 1 and 2: Load an applet from https://netserver.kunnondata.fi/secret_directory/secret_file_containing_very_secret_applet.asp which then connects to https://netserver.kunnondata.fi/another_secret_directory/secret_file_containing_some_very_secret_data.asp to retrieve some data. But the https connection refuses in both cases (loading the applet and retrieving the data). I have tried in three different workstations with the JRE 1.4.2_01 and it fails. They all have Windows2000 and some version if IE. Also an associate of mine at different location tried the applet and it didn't work. It works on my workstation (1.4.2_02 sdk), in my laptop (same sdk) and in my home computer (same sdk). In one computer which has like 7 different versions of java and is a complete mess it doesn't work.

But hey I'll try installing the 1.3 JRE to some machine tomorrow and see what happens, it might work (but that doesn't help very far really, it still refuses in 1.4).
0
 
LVL 35

Accepted Solution

by:
girionis earned 250 total points
ID: 9787903
 Why don;t you upgrade all the computers to 1.4.2_02?
0
 

Author Comment

by:sammakko
ID: 9788009
Good guestion.

Very good guestion actually.

As I said before http://www.java.com/en/download/windows_automatic.jsp gives the 1.4.2_01 and the update button in the plug-in settings says that the latest java is installed but on the download page of java.sun.com 1.4.2_02 JRE is available. I'm downloading it now.
0
 

Assisted Solution

by:lEx
lEx earned 250 total points
ID: 9788054
YOU CAN NOT USE HttpsURLConnection with JDK 1.3!!!

it is only available since 1.4...
0
 

Author Comment

by:sammakko
ID: 9788205
BLEH BLEH BLEH!

dfg#¤%#¤%#w%5

and other various cencored comments.

I don't know really how to say this so I'm just gonna say it:
Upgrading to 1.4.2_02 JRE fixed it.

Oh well, the problem is now solved. This is my second time posting to ee (at the first time I didn't get any replies though, my question was too far from outer space) so anyway I think I need to award the points now and I would like to split them since both of you have spent quite a lot of time with this so I hope that's ok.
0
 

Author Comment

by:sammakko
ID: 9788347
Ummh, I would request, if possible, some administrator to remove all the links to our server since the files are not available anymore anyway and it seems that I'm not able to edit my posts. Thanks.

And thanks again for all the help lex and girionis.
0
 
LVL 35

Expert Comment

by:girionis
ID: 9795317
 Glad problem is solved... Thank's for the points :)

  If you want to get in touch with an administrator then ask a question for zero points to COmmunity Support (http://www.experts-exchange.com/Community_Support/)
0
 
LVL 35

Expert Comment

by:girionis
ID: 9809931
 I know this is a closed question but here is some more info.

  This is actually a bug in some version of jdk1.4.* and it is documented in the following URL: http://developer.java.sun.com/developer/bugParade/bugs/4874076.html

  The resolution suggested is to use another version of the JRE, specifically JRE 1.4.1_02
0
 
LVL 35

Expert Comment

by:girionis
ID: 9809941
 .. obviously by the time of writing 1.4.2_02 JRE wasn't released. Upgrading in either of the two version (and probably any in between) will do :)
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

For customizing the look of your lightweight component and making it look opaque like it was made of plastic.  This tip assumes your component to be of rectangular shape and completely opaque.   (CODE)
For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now