[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2749
  • Last Modified:

Java RMI over SSL connection terminating with "no cipher suites in common" message

We have a system where a Java servlet on is connecting to an RMI service with no problem.  We need to upgrade the security of the RMI calls to use SSL.  Currently when the servlet attempts to contact the RMI service the handshaking fails with a "no cipher suites in common".  The problem is there is a common suite, SSL_RSA_WITH_NULL_SHA, so I am thinking this is a permission or security settings problem.  I don't know which file to edit and what value to set to get the handshaking to complete successfully.

The following is a listing from the RMI service side of the process.

STATUS | wrapper  | 2009/02/09 16:05:22 | --> Wrapper Started as Service
STATUS | wrapper  | 2009/02/09 16:05:22 | Launching a JVM...
INFO   | jvm 1    | 2009/02/09 16:05:24 | WrapperManager class initialized by thread: main  Using classloader: sun.misc.Launcher$AppClassLoader@11b86e7
INFO   | jvm 1    | 2009/02/09 16:05:24 | Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
INFO   | jvm 1    | 2009/02/09 16:05:24 |   Copyright 1999-2006 Tanuki Software, Inc.  All Rights Reserved.
INFO   | jvm 1    | 2009/02/09 16:05:24 |
INFO   | jvm 1    | 2009/02/09 16:05:24 | Wrapper Manager: JVM #1
INFO   | jvm 1    | 2009/02/09 16:05:24 | Running a 32-bit JVM.
INFO   | jvm 1    | 2009/02/09 16:05:24 | Wrapper Manager: Registering shutdown hook
INFO   | jvm 1    | 2009/02/09 16:05:24 | Wrapper Manager: Using wrapper
INFO   | jvm 1    | 2009/02/09 16:05:24 | Load native library.  One or more attempts may fail if platform specific libraries do not exist.
INFO   | jvm 1    | 2009/02/09 16:05:24 | Loading native library failed: wrapper-windows-x86-32.dll  Cause: java.lang.UnsatisfiedLinkError: no wrapper-windows-x86-32 in java.library.path
INFO   | jvm 1    | 2009/02/09 16:05:24 | Loaded native library: wrapper.dll
INFO   | jvm 1    | 2009/02/09 16:05:24 | Calling native initialization method.
INFO   | jvm 1    | 2009/02/09 16:05:24 | Initializing WrapperManager native library.
INFO   | jvm 1    | 2009/02/09 16:05:24 | Java Executable: D:\Program Files\Java\jre1.6.0_05\bin\java.exe
INFO   | jvm 1    | 2009/02/09 16:05:24 | Windows version: 5.2.3790
INFO   | jvm 1    | 2009/02/09 16:05:24 | Java Version   : 1.6.0_05-b13 Java HotSpot(TM) Client VM
INFO   | jvm 1    | 2009/02/09 16:05:24 | Java VM Vendor : Sun Microsystems Inc.
INFO   | jvm 1    | 2009/02/09 16:05:24 |
INFO   | jvm 1    | 2009/02/09 16:05:24 | Control event monitor thread started.
INFO   | jvm 1    | 2009/02/09 16:05:24 | Startup runner thread started.
INFO   | jvm 1    | 2009/02/09 16:05:24 | WrapperManager.start(org.tanukisoftware.wrapper.WrapperSimpleApp@1bf73fa, args["-inif", "D:\fsbdev\ini\start.ini", "-logr", "D:\fsbdev\ini\rmilog.properties", "-recv", "1099", "-send", "1152", "-name", "DevRequestProcessor"]) called by thread: main
INFO   | jvm 1    | 2009/02/09 16:05:24 | Communications runner thread started.
INFO   | jvm 1    | 2009/02/09 16:05:24 | Open socket to wrapper...Wrapper-Connection
INFO   | jvm 1    | 2009/02/09 16:05:24 | Failed attempt to bind using local port 31000
INFO   | jvm 1    | 2009/02/09 16:05:24 | Opened Socket from 31001 to 32000
INFO   | jvm 1    | 2009/02/09 16:05:24 | Send a packet KEY : YP65aPGNpcPP_Vve
INFO   | jvm 1    | 2009/02/09 16:05:24 | handleSocket(Socket[addr=/127.0.0.1,port=32000,localport=31001])
INFO   | jvm 1    | 2009/02/09 16:05:24 | Received a packet LOW_LOG_LEVEL : 1
INFO   | jvm 1    | 2009/02/09 16:05:24 | Wrapper Manager: LowLogLevel from Wrapper is 1
INFO   | jvm 1    | 2009/02/09 16:05:24 | Received a packet PING_TIMEOUT : 30
INFO   | jvm 1    | 2009/02/09 16:05:24 | PingTimeout from Wrapper is 30000
INFO   | jvm 1    | 2009/02/09 16:05:24 | Received a packet PROPERTIES : (Property Values)
INFO   | jvm 1    | 2009/02/09 16:05:24 | Received a packet START : start
INFO   | jvm 1    | 2009/02/09 16:05:24 | calling WrapperListener.start()
INFO   | jvm 1    | 2009/02/09 16:05:24 | Waiting for WrapperListener.start runner thread to complete.
INFO   | jvm 1    | 2009/02/09 16:05:24 | WrapperListener.start runner thread started.
INFO   | jvm 1    | 2009/02/09 16:05:24 | WrapperSimpleApp: start(args) Will wait up to 2 seconds for the main method to complete.
INFO   | jvm 1    | 2009/02/09 16:05:24 | WrapperSimpleApp: invoking main method
INFO   | jvm 1    | 2009/02/09 16:05:24 | Read INI: D:\fsbdev\ini\start.ini
INFO   | jvm 1    | 2009/02/09 16:05:25 | Send a packet START_PENDING : 5000
INFO   | jvm 1    | 2009/02/09 16:05:26 | Read: D:\fsbdev\ini\action.ini
INFO   | jvm 1    | 2009/02/09 16:05:26 | Read: D:\fsbdev\ini\communicator.ini
INFO   | jvm 1    | 2009/02/09 16:05:26 | Read: D:\fsbdev\ini\database.ini
INFO   | jvm 1    | 2009/02/09 16:05:26 | Send a packet START_PENDING : 5000
INFO   | jvm 1    | 2009/02/09 16:05:26 | WrapperSimpleApp: start(args) end.  Main Completed=false, exitCode=null
INFO   | jvm 1    | 2009/02/09 16:05:26 | WrapperListener.start runner thread stopped.
INFO   | jvm 1    | 2009/02/09 16:05:26 | returned from WrapperListener.start()
INFO   | jvm 1    | 2009/02/09 16:05:26 | Send a packet STARTED :
INFO   | jvm 1    | 2009/02/09 16:05:26 | Startup runner thread stopped.
INFO   | jvm 1    | 2009/02/09 16:05:26 | Read: D:\fsbdev\ini\mail.ini
INFO   | jvm 1    | 2009/02/09 16:05:26 | Read: D:\fsbdev\ini\messages.ini
INFO   | jvm 1    | 2009/02/09 16:05:26 | Store: D:\Program Files\Java\jre1.6.0_05\lib\security\cacerts
INFO   | jvm 1    | 2009/02/09 16:05:26 | Get Request Object with SSL
INFO   | jvm 1    | 2009/02/09 16:05:26 | keyStore is : D:\Program Files\Java\jre1.6.0_05\lib\security\cacerts
INFO   | jvm 1    | 2009/02/09 16:05:26 | keyStore type is : jks
INFO   | jvm 1    | 2009/02/09 16:05:26 | keyStore provider is :
INFO   | jvm 1    | 2009/02/09 16:05:26 | init keystore
INFO   | jvm 1    | 2009/02/09 16:05:27 | Received a packet PING : ping
INFO   | jvm 1    | 2009/02/09 16:05:27 | Send a packet PING : ok
INFO   | jvm 1    | 2009/02/09 16:05:27 | init keymanager of type SunX509
INFO   | jvm 1    | 2009/02/09 16:05:27 | trustStore is: D:\Program Files\Java\jre1.6.0_05\lib\security\cacerts
INFO   | jvm 1    | 2009/02/09 16:05:27 | trustStore type is : jks
INFO   | jvm 1    | 2009/02/09 16:05:27 | trustStore provider is :
INFO   | jvm 1    | 2009/02/09 16:05:27 | init truststore

<long list of trusted certs being added>

INFO   | jvm 1    | 2009/02/09 16:05:27 | trigger seeding of SecureRandom
INFO   | jvm 1    | 2009/02/09 16:05:27 | done seeding SecureRandom
INFO   | jvm 1    | 2009/02/09 16:05:27 | Feb 9, 2009 4:05:27 PM sun.rmi.transport.tcp.TCPEndpoint <clinit>
INFO   | jvm 1    | 2009/02/09 16:05:27 | FINE: WrapperSimpleAppMain: localHostKnown = true, localHost = 172.20.110.137
INFO   | jvm 1    | 2009/02/09 16:05:27 | Feb 9, 2009 4:05:27 PM sun.rmi.transport.tcp.TCPTransport <init>
INFO   | jvm 1    | 2009/02/09 16:05:27 | FINE: WrapperSimpleAppMain: Version = 2, ep = [172.20.110.137:1152,javax.rmi.ssl.SslRMIServerSocketFactory@62a9485b,javax.rmi.ssl.SslRMIClientSocketFactory@1bd2664]
INFO   | jvm 1    | 2009/02/09 16:05:27 | Feb 9, 2009 4:05:27 PM sun.rmi.transport.tcp.TCPEndpoint getLocalEndpoint
INFO   | jvm 1    | 2009/02/09 16:05:27 | FINE: WrapperSimpleAppMain: created local endpoint for socket factory javax.rmi.ssl.SslRMIServerSocketFactory@62a9485b on port 1152
INFO   | jvm 1    | 2009/02/09 16:05:27 | Feb 9, 2009 4:05:27 PM sun.rmi.transport.tcp.TCPTransport listen
INFO   | jvm 1    | 2009/02/09 16:05:27 | FINE: WrapperSimpleAppMain: (port 1152) create server socket
INFO   | jvm 1    | 2009/02/09 16:05:27 | Feb 9, 2009 4:05:27 PM sun.rmi.transport.tcp.TCPEndpoint newServerSocket
INFO   | jvm 1    | 2009/02/09 16:05:27 | FINER: WrapperSimpleAppMain: creating server socket on [172.20.110.137:1152,javax.rmi.ssl.SslRMIServerSocketFactory@62a9485b,javax.rmi.ssl.SslRMIClientSocketFactory@1bd2664]
INFO   | jvm 1    | 2009/02/09 16:05:27 | Feb 9, 2009 4:05:27 PM sun.rmi.transport.tcp.TCPTransport$AcceptLoop executeAcceptLoop
INFO   | jvm 1    | 2009/02/09 16:05:27 | FINE: RMI TCP Accept-1152: listening on port 1152
INFO   | jvm 1    | 2009/02/09 16:05:27 | Feb 9, 2009 4:05:27 PM sun.rmi.transport.tcp.TCPTransport <init>
INFO   | jvm 1    | 2009/02/09 16:05:27 | FINE: WrapperSimpleAppMain: Version = 2, ep = [172.20.110.137:0]
INFO   | jvm 1    | 2009/02/09 16:05:27 | Feb 9, 2009 4:05:27 PM sun.rmi.transport.tcp.TCPEndpoint getLocalEndpoint
INFO   | jvm 1    | 2009/02/09 16:05:27 | FINE: WrapperSimpleAppMain: created local endpoint for socket factory null on port 0
INFO   | jvm 1    | 2009/02/09 16:05:27 | Finalizer, called close()
INFO   | jvm 1    | 2009/02/09 16:05:27 | Finalizer, called closeInternal(true)
INFO   | jvm 1    | 2009/02/09 16:05:27 | *** 1 Suite: SSL_RSA_WITH_NULL_SHA
INFO   | jvm 1    | 2009/02/09 16:05:27 | *** 1 Proto: SSLv3
INFO   | jvm 1    | 2009/02/09 16:05:27 | *** Locate Registry ***
INFO   | jvm 1    | 2009/02/09 16:05:27 | *** Rebind: RegistryImpl_Stub[UnicastRef [liveRef: [endpoint:[172.20.110.137:1099](remote),objID:[0:0:0, 0]]]]
INFO   | jvm 1    | 2009/02/09 16:05:27 | Feb 9, 2009 4:05:27 PM sun.rmi.transport.tcp.TCPChannel createConnection
INFO   | jvm 1    | 2009/02/09 16:05:27 | FINE: WrapperSimpleAppMain: create connection
INFO   | jvm 1    | 2009/02/09 16:05:27 | Feb 9, 2009 4:05:27 PM sun.rmi.transport.tcp.TCPEndpoint newSocket
INFO   | jvm 1    | 2009/02/09 16:05:27 | FINER: WrapperSimpleAppMain: opening socket to [172.20.110.137:1099]
INFO   | jvm 1    | 2009/02/09 16:05:27 | Feb 9, 2009 4:05:27 PM sun.rmi.transport.proxy.RMIMasterSocketFactory createSocket
INFO   | jvm 1    | 2009/02/09 16:05:27 | FINE: WrapperSimpleAppMain: host: 172.20.110.137, port: 1099
INFO   | jvm 1    | 2009/02/09 16:05:28 | *** Connection refused to host: 172.20.110.137; nested exception is:
INFO   | jvm 1    | 2009/02/09 16:05:28 |       java.net.ConnectException: Connection refused: connect ***
INFO   | jvm 1    | 2009/02/09 16:05:28 | *** Create ***
INFO   | jvm 1    | 2009/02/09 16:05:28 | Feb 9, 2009 4:05:28 PM sun.rmi.transport.tcp.TCPTransport <init>
INFO   | jvm 1    | 2009/02/09 16:05:28 | FINE: WrapperSimpleAppMain: Version = 2, ep = [172.20.110.137:1099,javax.rmi.ssl.SslRMIServerSocketFactory@62a9485b,javax.rmi.ssl.SslRMIClientSocketFactory@1bd2664]
INFO   | jvm 1    | 2009/02/09 16:05:28 | Feb 9, 2009 4:05:28 PM sun.rmi.transport.tcp.TCPEndpoint getLocalEndpoint
INFO   | jvm 1    | 2009/02/09 16:05:28 | FINE: WrapperSimpleAppMain: created local endpoint for socket factory javax.rmi.ssl.SslRMIServerSocketFactory@62a9485b on port 1099
INFO   | jvm 1    | 2009/02/09 16:05:28 | Feb 9, 2009 4:05:28 PM sun.rmi.transport.tcp.TCPTransport listen
INFO   | jvm 1    | 2009/02/09 16:05:28 | FINE: WrapperSimpleAppMain: (port 1099) create server socket
INFO   | jvm 1    | 2009/02/09 16:05:28 | Feb 9, 2009 4:05:28 PM sun.rmi.transport.tcp.TCPEndpoint newServerSocket
INFO   | jvm 1    | 2009/02/09 16:05:28 | FINER: WrapperSimpleAppMain: creating server socket on [172.20.110.137:1099,javax.rmi.ssl.SslRMIServerSocketFactory@62a9485b,javax.rmi.ssl.SslRMIClientSocketFactory@1bd2664]
INFO   | jvm 1    | 2009/02/09 16:05:28 | Feb 9, 2009 4:05:28 PM sun.rmi.transport.tcp.TCPTransport$AcceptLoop executeAcceptLoop
INFO   | jvm 1    | 2009/02/09 16:05:28 | FINE: RMI TCP Accept-1099: listening on port 1099
INFO   | jvm 1    | 2009/02/09 16:05:28 | *** Bind ***
INFO   | jvm 1    | 2009/02/09 16:05:28 | *** 2 Suite: SSL_RSA_WITH_NULL_SHA
INFO   | jvm 1    | 2009/02/09 16:05:28 | *** 2 Proto: SSLv3
INFO   | jvm 1    | 2009/02/09 16:05:28 | Bound DevRequestProcessor on 172.20.110.137 to 1099
INFO   | jvm 1    | 2009/02/09 16:05:28 | WrapperSimpleApp: main method completed

<servlet makes RMI over SSL Call>

INFO   | jvm 1    | 2009/02/09 16:06:46 | RMI TCP Connection(1)-172.20.195.56, setSoTimeout(7200000) called
INFO   | jvm 1    | 2009/02/09 16:06:46 | RMI TCP Connection(1)-172.20.195.56, READ: SSLv3 Handshake, length = 45
INFO   | jvm 1    | 2009/02/09 16:06:46 | *** ClientHello, SSLv3
INFO   | jvm 1    | 2009/02/09 16:06:46 | RandomCookie:  GMT: 1217370608 bytes = { 228, 170, 154, 51, 122, 60, 106, 28, 153, 102, 67, 220, 50, 137, 209, 143, 7, 242, 36, 110, 142, 7, 94, 142, 167, 123, 23, 206 }
INFO   | jvm 1    | 2009/02/09 16:06:46 | Session ID:  {}
INFO   | jvm 1    | 2009/02/09 16:06:46 | Cipher Suites: [SSL_RSA_WITH_NULL_SHA]
INFO   | jvm 1    | 2009/02/09 16:06:46 | Compression Methods:  { 0 }
INFO   | jvm 1    | 2009/02/09 16:06:46 | ***
INFO   | jvm 1    | 2009/02/09 16:06:46 | RMI TCP Connection(1)-172.20.195.56, SEND SSLv3 ALERT:  fatal, description = handshake_failure
INFO   | jvm 1    | 2009/02/09 16:06:46 | RMI TCP Connection(1)-172.20.195.56, WRITE: SSLv3 Alert, length = 2
INFO   | jvm 1    | 2009/02/09 16:06:46 | RMI TCP Connection(1)-172.20.195.56, called closeSocket()
INFO   | jvm 1    | 2009/02/09 16:06:46 | RMI TCP Connection(1)-172.20.195.56, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
INFO   | jvm 1    | 2009/02/09 16:06:46 | Feb 9, 2009 4:06:46 PM sun.rmi.transport.tcp.TCPTransport$ConnectionHandler run0
INFO   | jvm 1    | 2009/02/09 16:06:46 | FINE: RMI TCP Connection(1)-172.20.195.56: terminated with exception:
INFO   | jvm 1    | 2009/02/09 16:06:46 | javax.net.ssl.SSLHandshakeException: no cipher suites in common
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at java.io.BufferedInputStream.fill(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at java.io.BufferedInputStream.read(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at java.io.DataInputStream.readInt(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 |       at java.lang.Thread.run(Unknown Source)
INFO   | jvm 1    | 2009/02/09 16:06:46 | RMI TCP Connection(1)-172.20.195.56, called close()
INFO   | jvm 1    | 2009/02/09 16:06:46 | RMI TCP Connection(1)-172.20.195.56, called closeInternal(true)


Note also, we are using Tanukisoft's Javawrapper to run the rmi service as a windows service.
0
kcmurphy1
Asked:
kcmurphy1
  • 9
  • 9
2 Solutions
 
objectsCommented:
do get the same problem without Javawrapper involved?
what version of java is the client running?

0
 
kcmurphy1Author Commented:
The problem is constant, whether the JavaWrapper is in user or not.
The Java Version the client is running on is 1.6.0_03.
0
 
objectsCommented:
can you post the code that starts server, and makes connection

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
kcmurphy1Author Commented:
The following code is the Request Server that sets up the RMI service over an SSL socket connection.  The Second part are the functions that set up and make the call to the rmi service from within our servlet running on JRun4.


package fsb.lib.process;

import javax.rmi.ssl.*;

import java.security.*;

import java.util.*;
import java.rmi.registry.*;
import java.rmi.server.*;
import java.rmi.*;
import java.io.IOException;
import java.io.File;

import org.apache.log4j.PropertyConfigurator;
import org.apache.log4j.Logger;

import fsb.lib.*;

public class RequestServer extends Object implements FsbConstants {

      private static final String[] SSL_PROTOCOLS = {"SSLv3"};
      private static final String[] SSL_SUITES = {"SSL_RSA_WITH_NULL_SHA"};

      private static final String DFLT_LOGJ = <filtered>;
      private static final String DFLT_C3P0 = <filtered>;
      private static final String DFLT_INIF =<filtered>;

      private static final String FLAG_HOST = <filtered>;
      private static final String FLAG_RECV = <filtered>;
      private static final String FLAG_SEND = <filtered>;
      private static final String FLAG_NAME = <filtered>;
      private static final String FLAG_INIF = <filtered>;
      private static final String FLAG_C3P0 = <filtered>;
      private static final String FLAG_LOGJ = <filtered>;
      private static final String FLAG_TIME = <filtered>;

      private static final String DFLT_NAME = <filtered>;
      private static final String DFLT_HOST = <filtered>;

      private static final int    DFLT_RECV = <filtered>;
      private static final int    DFLT_SEND = <filtered>;

      private static final int    NO_INDEX  = <filtered>;
      private static final int    LOG_TIMES = <filtered>;
      private static final int    OTHR_SIZE = <filtered>;

/*************************************************************************************/

      private static Logger logger;

      private SslRMIServerSocketFactory      ssf = null;
      private SslRMIClientSocketFactory      csf = null;

/*************************************************************************************/

/**
 * Checks to see if the index is within the proper range for the
 * command line argument
 *
 * @param  ndx   the index to be checked
 * @param  args  the command line arguments
 *
 * @return true if the index is withing the range, false otherwise
 */
      protected static boolean inRange(int ndx, String[] args) {
            //an argument index is in the valid range if its greater then 0 and less then the length of the argument list
            return ((FIRST < ndx) && (ndx < args.length));
            }

/**
 * Locates and returns a the index of the item following the flag value
 *
 * @param  flag  the value to be located in the array of String
 * @param  args  the command line arguments
 *
 * @return the index of the value following the flag
 */
      protected static int getIndex(String flag, String[] args) {
            //locate the flag in the arry, return the index of the next element in the array
            for(int x=FIRST; x<args.length; x++) if (args[x].equals(flag)) return (x + NEXT_INDEX);
            //if the flag is not found return a nonexistant index
            return NO_INDEX;
            }

/**
 * Locate and return the RMI Registry Port in the command line
 * argumnts, if it is not there return the default RMI Registry
 * Port
 *
 * @param  arguments  the command line arguments
 *
 * @return the port for the RMI Registry to listen on
 */
      protected static String getHostName(String[] arguments) {
            int index = getIndex(FLAG_HOST, arguments);
            if (inRange(index, arguments)) return arguments[index];
            return DFLT_HOST;
            }

/**
 * Locate and return the RMI Registry Port in the command line
 * argumnts, if it is not there return the default RMI Registry
 * Port
 *
 * @param  arguments  the command line arguments
 *
 * @return the port for the RMI Registry to listen on
 */
      protected static int getReceivePort(String[] arguments) {
            int index = getIndex(FLAG_RECV, arguments);
            if (inRange(index, arguments)) return Lib.getIntFor(arguments[index], NO_INDEX);
            return DFLT_RECV;
            }

/**
 * Locate and return the Request Handler Port in the command line
 * argumnts, if it is not there return the default Request Handler
 * Port
 *
 * @param  arguments  the command line arguments
 *
 * @return the port for the Request Handler to listen on
 */
      protected static int getSendPort(String[] arguments) {
            int index = getIndex(FLAG_SEND, arguments);
            if (inRange(index, arguments)) return Lib.getIntFor(arguments[index], NO_INDEX);
            return DFLT_SEND;
            }

/**
 * Locate and return type of service that is to be run on the RMI Registry
 *
 * @param  arguments  the command line arguments
 *
 * @return the type string for the rmi service
 */
      protected static String getServiceName(String[] arguments) {
            int index = getIndex(FLAG_NAME, arguments);
            if (inRange(index, arguments)) return arguments[index];
            return DFLT_NAME;
            }

/**
 * Locate and return the INI file in the command line argumnts, if
 * it is not there return the default INI file
 *
 * @param  arguments  the command line arguments
 *
 * @return the absolute path for the INI File
 */
      protected static String getIniFilePath(String[] arguments) {
            int index = getIndex(FLAG_INIF, arguments);
            if (inRange(index, arguments)) return arguments[index];
            return DFLT_INIF;
            }

/**
 * Locate and return the Log4J properties file in the command line
 * argumnts, if it is not there return the default file
 *
 * @param  arguments  the command line arguments
 *
 * @return the absolute path for the Log File
 */
      protected static String getLogFile(String[] arguments) {
            int index = getIndex(FLAG_LOGJ, arguments);
            if (inRange(index, arguments)) return arguments[index];
            return DFLT_LOGJ;
            }

/**
 * Locate and return the C3P0 properties file from the command
 * line argumnts, if it is not there return the default file
 *
 * @param  arguments  the command line arguments
 *
 * @return the absolute path for the C3P0 File
 */
      protected static String getC3P0File(String[] arguments) {
            int index = getIndex(FLAG_C3P0, arguments);
            if (inRange(index, arguments)) return arguments[index];
            return DFLT_C3P0;
            }

/**
 * prepare the current System object to create an SSL Connection
 */
      protected static void initSSLConnection(String keyStore, String keyPassword) {
            //Assert what needs to be bebuggedd
            System.setProperty("javax.net.debug","ssl,handshake,record");
            //Assert the location of the Keystore for the SSL Connections
            System.setProperty(KEY_STORE, keyStore);
            //Assert the Password for the SSL keystore
            System.setProperty(KEY_PSWRD, keyPassword);
            }

/**
 * Create and Return an SSL RMI Client Socket Factory
 *
 * @return a fully instantiated SSL RMI Client Socket
 */
      protected RMIClientSocketFactory getClientSocket() {
            if (csf == null) csf = new SslRMIClientSocketFactory();
            return csf;
            }

/**
 * Create and Return an SSL RMI Server Socket Factory
 *
 * @return a fully instantiated SSL RMI Server Socket
 */
      protected RMIServerSocketFactory getServerSocket() {
            if (ssf == null) ssf = new SslRMIServerSocketFactory(SSL_SUITES, SSL_PROTOCOLS, false);
            return ssf;
            }

/**
 * Create and Return a Request Handler
 *
 * @return  a Request Handler
 */
      protected Request getRequestHandler() throws RemoteException {
            //Create the Request Handler that will be handling the RMI Service Calls
            return (Request)new RequestHandler();
            }

/**
 * Return a link to the RMI Registry that is running on the supplied host and listening on the supplied port
 *
 * @param  host  the host the RMI service is running on
 * @param  recv  the socket the RMI Service is listening on
 *
 * @return  an RMI Stub as a Request Object
 */
      protected Registry getRMIRegistry() throws RemoteException { return getRMIRegistry(DFLT_RECV); }
      protected Registry getRMIRegistry(int recv) throws RemoteException {
            //Start the RMI Registry running and return a link to it
            return LocateRegistry.createRegistry(recv, getClientSocket(), getServerSocket());
            }

/**
 * Create and Return an RMI Stub Object Using a Secure Socket Language Connection
 *
 * @param  send  the socket part the RMI Communication will pass through
 *
 * @return  an RMI Stub as a Request Object
 */
      protected Request getRequestStub() throws RemoteException { return getRequestStub(DFLT_SEND); }
      protected Request getRequestStub(int send) throws RemoteException {
            //Export the Service
            return (Request) UnicastRemoteObject.exportObject(getRequestHandler(), send, getClientSocket(), getServerSocket());
            }

/**
 * Bind the Request Handler to the local registry
 *
 * @param  host  the system that the registy is to be located on
 * @param  recv  the socket the registry will be listening on
 * @param  send  the socket the registry will be forwarding too
 * @param  srvc  the name of the service the registry will bind to
 *
 * @return  True if the registry can be successfully bound to
 *
 * @throws  RemoteException if cannot get a handle to nor create a registry object
 * @throws  AccessException the registry is local and deies the system access to it
 * @throws  AlreadyBoundException if srvc is already bound
 *
 */
      protected boolean bindToRegistry(int recv, int send, String srvc) throws RemoteException, AccessException, AlreadyBoundException {
            Registry      registry = null;
            Request            request = null;

            try {
                  //get a stub link to the request processor
                  request = getRequestStub(send);
                  //get a handle to any existing registry
                  registry = LocateRegistry.getRegistry(recv);
                  //rebind to the request service to the registry
                  registry.rebind(srvc, request);
                  }
            //if the locate failed then there is no registry to bind to
            catch(RemoteException re) {
                  //if there is no request handler throw the exception
                  if (request == null) throw re;
                  //otherwise no registry exist so have the system create & return one
                  registry = getRMIRegistry(recv);
                  //bind the request service to the new registry
                  registry.bind(srvc, request);
                  }
            return true;
            }

/**
 * Report the successful start of the RMI Service
 *
 * @param  mesage  the message that the serviced succeeded in starting
 */
      protected void reportSuccess(String message) {
            //inform the system of a successful start
            System.out.println(message);
            //Log the successful starting of the service
            logger.info(message);
            }

/**
 * Report the unsuccessful start of the RMI Service in the logs
 *
 * @param  message  The error message for the failed survice
 */
      protected void reportFailure(String message) { logger.error(message); }
/**
 * Report the unsuccessful start of the RMI Service in the logs
 *
 * @param  message  The error message for the failed survice
 * @param  excp     the exception thrown that caused the service failure
 */
      protected void reportFailure(String message, Exception excp) {
            //Build the complete error message
            String report = message.concat(" due too ").concat(excp.getLocalizedMessage());
            //inform the system of the failed start
            System.err.println(report);
            //Log the message of the failed start
            logger.error(report);
            //also print the execution stack trace
            excp.printStackTrace();
            }

/*************************************************************************************/

/**
 * Constructor for a Request Server object.  This object sets up the
 * links between the RMI Registry listening on the rcv port and the
 * RequestHandler listening on the snd port
 *
 * @param  host  The address of the hosting system
 * @param  recv  The port the RMI Registry is listening on
 * @param  send  The port the Request Service will be listening on
 * @param  service  The name the service will be bound too
 *
 */
      public RequestServer(String host, int recv, int send, String service) {
            //build the base line message for the server that is to be set up
            String message = service.concat(" on ").concat(host).concat(" to ").concat(Integer.toString(recv));

            //Start the log4J service with the Request server
            logger = Logger.getLogger(INIData.get(LOGGER));
            try {
                  //try to bind the service to the registry and report the results
                  if (bindToRegistry(recv, send, service)) reportSuccess("Bound ".concat(message));
                  else reportFailure("Could not bind ".concat(message));
                  }
            catch (Exception excp) {
                  //Report the exception that caused the failure
                  excp.printStackTrace();
                  //report that the service failed to start
                  reportFailure("Could not bind ".concat(message), excp);
                  }
            }

/**
 * The overall start point for the entire RMI Service for processing the web
 * page data and directing the user to the next page.  There should be 4
 * command line arguments supplied to the program.  The -p arg is the port
 * the service is listening on and the the -r arg is the rmi port that the
 * requests are sent to.  The -i arg is the applications cascading INI file.
 * The -l arg is the logging properties file.
 *
 * @param  argv  the argument vector from the operating system's command line
 */
      public static void main(String[] argv) {
            //Configure the log4j logging system with its appropriate properties file
            PropertyConfigurator.configureAndWatch(getLogFile(argv),300);
            //Load the System wide INI File data using the cascading INI file object
            INIData.load(new File(getIniFilePath(argv)));
            //Tell the system where to find the keystore and its password
            initSSLConnection(INIData.get(KEY_LOCTN), INIData.get(VAL_PSWRD));
            //Start the RMI service running and listening on the given port
            new RequestServer(getHostName(argv), getReceivePort(argv), getSendPort(argv), getServiceName(argv));
            }
      }


/*************************************************************************************/
/*************************************************************************************/
/*************************************************************************************/


/*
 * Set up the logging from the logging properties file
 */
      private void initLogging() {
            PropertyConfigurator.configure(getInitParameter(PROP_CONFIG));
            logInfo = Logger.getLogger(getInitParameter(SRVC_LOGGER));
            }

/*
 * Set up the SSL properties need to make RMI connection
 */
      private void initSystemFlags() {
            System.setProperty("javax.net.debug","ssl,handshake,record");
            System.setProperty(CIPHER_SUIT, SSL_SUITES);
            System.setProperty(CPHR_PRTCLS, SSL_PROTOCOLS);
            System.setProperty(TRUST_STORE, getInitParameter(SSL_TRST_ST));
            System.setProperty(TRUST_PSWRD, getInitParameter(SSL_PASWORD));
            }

/*
 * get the registry values from the web.xml file
 */
      private void initRegistry() {
            try {
                  rmiHost = getInitParameter(RMI_HOST_AD);
                  rmiName = getInitParameter(RMI_SERVICE);
                  rmiPort = Integer.parseInt(getInitParameter(RMI_TCP_PRT));
                  }
            catch(NumberFormatException nfe) {
                  if (logInfo == null) System.err.println("RMI Port Failed to Load: "+nfe.getLocalizedMessage());
                  else logInfo.error("RMI Port Failed to Load: "+nfe.getLocalizedMessage());
                  nfe.printStackTrace();
                  rmiPort = BAD_PORT;
                  }
            }

/*
 * The servlet init function, sets up system values for the servlet
 */
      public void init() {
            try {
                  super.init();
                  initSystemFlags();
                  if (logInfo == null) initLogging();
                  if (rmiPort == BAD_PORT) initRegistry();
                  if (csf == null) csf = new SslRMIClientSocketFactory();
                  }
            catch(ServletException se) {
                  if (logInfo == null) System.err.println("Servlet Single Sign On Failed to Initialize: "+se.getLocalizedMessage());
                  else logInfo.error("Servlet Single Sign On Failed to Initialize: "+se.getLocalizedMessage());
                  se.printStackTrace();
                  }
            }

/*************************************************************************************/


/*
 * The RMI Call to the Request Handler service behind the fire wall
 *
 * @param   data  the data for the request
 *
 * @return  a request response object
 *
 */
      private Response getRequest(Datatable data) {
            Registry      registry = null;
            Response       response = null;
            Request       request = null;

            try {
                  logInfo.debug("Call RMI: "+rmiHost+":"+rmiPort+"/"+rmiName);
                  //locate the registy
                  registry = LocateRegistry.getRegistry(rmiHost, rmiPort, csf);
                  //find the request handler
                  request  = (Request)registry.lookup(rmiName);
                  //get the response from the request handler
                  response = request.handle(data);
                  logInfo.debug("Response: "+response);
                  }
            catch(NotBoundException nbe) {
                  //print out the exception stack trace
                  nbe.printStackTrace();
                  //log the error that occurred
                  logInfo.error("Could Not Locate RMI Service: "+nbe.getLocalizedMessage());
                  //Build the default response object
                  response = (new Response(Response.PAGE_NO_RMI_ERROR, data));
                  }
            catch(RemoteException re) {
                  //print out the exception stack trace
                  re.printStackTrace();
                  //log the error that occurred
                  logInfo.error("Could Not Create RMI Socket Connection: "+re.getLocalizedMessage());
                  //Build the default response object
                  response = (new Response(Response.PAGE_NO_RMI_ERROR, data));
                  }
            catch(Exception excp) {
                  //print out the exception stack trace
                  excp.printStackTrace();
                  //log the error that occurred
                  logInfo.error("Unforeseen Exception in RMI Call: "+excp.getLocalizedMessage());
                  //Build the default response object
                  response = (new Response(Response.PAGE_NO_RMI_ERROR, data));
                  }
            //return the response
            return response;
            }


0
 
objectsCommented:
     private static final String[] SSL_PROTOCOLS = {"SSLv3"};
      private static final String[] SSL_SUITES = {"SSL_RSA_WITH_NULL_SHA"};

think they should be:

      private static final String SSL_PROTOCOLS = "SSLv3";
      private static final String SSL_SUITES = "SSL_RSA_WITH_NULL_SHA";

0
 
kcmurphy1Author Commented:
According to the Java Doc for SSL RMI Server Socket Factory, the enabled cipher suites and protocols are both string arrays:

SslRMIServerSocketFactory(String[] enabledCipherSuites,
                     String[] enabledProtocols,
                     boolean needClientAuth);
0
 
objectsCommented:
ah, didn't see you using them there as well.

then your problem is with:

            System.setProperty(CIPHER_SUIT, SSL_SUITES);
            System.setProperty(CPHR_PRTCLS, SSL_PROTOCOLS);

should be:

            System.setProperty(CIPHER_SUIT, "SSL_RSA_WITH_NULL_SHA");
            System.setProperty(CPHR_PRTCLS, "SSLv3");

0
 
kcmurphy1Author Commented:
OK, I see the point of confusion.   All the code below the three lines of stars is from the servlet that acts as the client for the RMI Service.  Unfortunately I can't put the entire servlet up because it contains to much proprietary information.  In the servlet the definitions are:

      private static final String      SSL_PROTOCOLS = "SSLv3";
      private static final String      SSL_SUITES = "SSL_RSA_WITH_NULL_SHA";

0
 
objectsCommented:
as a test try removing the specification of suite and protocol and see how that goes

0
 
kcmurphy1Author Commented:
That made things worse.

Server side says:
javax.net.ssl.SSLHandshakeException: no cipher suites in common

Client side says:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
0
 
objectsCommented:
do your keystores include the required keys/certs?

0
 
kcmurphy1Author Commented:
We think we have all the necessary required keys, is there a way to verify that?
0
 
objectsCommented:
use the keystore command to list the contents

also as a test try running it with an empty keystore

0
 
kcmurphy1Author Commented:
We did lots of tests today involving our cacerts file.  It seems that the line:

            System.setProperty(TRUST_STORE, getInitParameter(SSL_TRST_ST));

effects all the instances in our cold fusion system.  So this may not be usable with out other applications.  We were able to to create an SSL socket using our cacerts file and some simple ssl client and server code from Sun's web site outside of cold fusion and RMI.  Both the client and server processes had long lists of encryption suites available to then.  They was no problem with the handshaking, the connections were established and the data transferred.  When we run with the RMI service on the server and inside JRun on the client, we still get the "no cipher suite in common message."
0
 
objectsCommented:
> effects all the instances in our cold fusion system.

correct it sets system properties for the whole vm

>  When we run with the RMI service on the server and inside JRun on the client, we still get the "no cipher suite in common message."

Am wondering if the rmi security manager is involved somehow (may well not be)


found this thread that may help
http://forums.sun.com/thread.jspa?threadID=5197672

0
 
kcmurphy1Author Commented:
After long and extensive set test, the problem does appear to have something to doe with RMI.  As per your suggested thread I pulled all the assertions dealing with the suites and protocols, generated a new key.  Basically starting all over, the client side then sent requests with long lists of possible suites.  Did the same on the rmi server side, but still got the "No Ciper Suite In Common" error message.  I've tried it with no suites asserted, a small list of asserted suites and a large list of asserted suites but to no avail, the "No Ciper Suite In Common" error message remains.  Do you have any idea what needs to be changed?
0
 
objectsCommented:
no idea sorry

0
 
kcmurphy1Author Commented:
As it turns out, the problem was tracked down to be a bad trust store.  The trust store was not readable so it was not contributing any Cipher Suites to the available list.  Which ment there was nothing to match.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 9
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now