You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Tony Blanchard <bl...@wanadoo.fr> on 2006/09/08 12:48:06 UTC
Problem using rc4 with SUN LDAP CertStore provider
Hi all,
I have a strange behavior with the SUN ldap certStore provider when
trying to find pkiCA entry...
With openSSL:
I created a self signed certificate for a CA. (PEM format and RSA key)
I created another certificate for two users A and B (PEM format and RSA
key). I have requested signature from the previous created CA for each
one. I revoke certificate for A and generate a crl whith openssl. Then I
transform this crl in a pkcs7 crl for java SUN provider understanding.
Those two certificates have an issuer for
OU=MyOrganization,DC=example,DC=com
So I create a pkiCa and organizationlUnit entry at
OU=MyOrganization,DC=example,DC=com on the server.
In this entry, i put the caCertificate, the
certificateRevocationLists(CRL in PKCS7) and the
authorityRevocationList(Same CRL in PKCS7) values.
I enable Anonymous access on my apacheds server...
When executing the following code, I generate a unexpected exception
which closes server connexion...
LDAPCertStoreParameter lParams = new LDAPCertStoreParameter("localhost",
10389);
lCertStore = CertStore.getInstance("LDAP", lParams, "SUN");
X509CRLSelector = new X509CRLSelector();
lCRLSelector.setCertificateChecking(pCertificate);
lCrlCollection = certStore.getCRLs(lCRLSelector); // lCRLCoolection is
returned empty even if it should contain a crl for A and the logging
file apacheds-rolling.log shows that a server connection closed... There
is no exception shown from SUN CertStore provider. It is very silent.
Extract of apacheds-rolling.log:
[12:12:10] WARN
[org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler]
- [/127.0.0.1:1235] Unexpected exception forcing session to close:
sending disconnect notice to client.
java.io.IOException: Une connexion existante a dû être fermée par l'hôte
distant
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:271)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:42)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566)
[12:12:10] WARN
[org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler]
- [/127.0.0.1:1236] Unexpected exception forcing session to close:
sending disconnect notice to client.
java.io.IOException: Une connexion existante a dû être fermée par l'hôte
distant
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:271)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:42)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566)
Does anyone has a clue on what happens. Is it a bug from apacheds or SUN
CertStore provider?
Thanks for help,
Tony
Re: Problem using rc4 with SUN LDAP CertStore provider
Posted by Emmanuel Lecharny <el...@gmail.com>.
Hi Tony,
I remember having had problems when trying to set SSL with OpenSSL when I
first tried.
Can you check this page and tell us if it works for you ? :
http://docs.safehaus.org/display/APACHEDS/SSL+Enabling
Thanks fro the feedback.
Emmanuel
On 9/8/06, Tony Blanchard <bl...@wanadoo.fr> wrote:
>
> Hi all,
>
> I have a strange behavior with the SUN ldap certStore provider when
> trying to find pkiCA entry...
>
> With openSSL:
> I created a self signed certificate for a CA. (PEM format and RSA key)
> I created another certificate for two users A and B (PEM format and RSA
> key). I have requested signature from the previous created CA for each
> one. I revoke certificate for A and generate a crl whith openssl. Then I
> transform this crl in a pkcs7 crl for java SUN provider understanding.
>
> Those two certificates have an issuer for
> OU=MyOrganization,DC=example,DC=com
> So I create a pkiCa and organizationlUnit entry at
> OU=MyOrganization,DC=example,DC=com on the server.
> In this entry, i put the caCertificate, the
> certificateRevocationLists(CRL in PKCS7) and the
> authorityRevocationList(Same CRL in PKCS7) values.
>
> I enable Anonymous access on my apacheds server...
> When executing the following code, I generate a unexpected exception
> which closes server connexion...
>
> LDAPCertStoreParameter lParams = new LDAPCertStoreParameter("localhost",
> 10389);
> lCertStore = CertStore.getInstance("LDAP", lParams, "SUN");
> X509CRLSelector = new X509CRLSelector();
> lCRLSelector.setCertificateChecking(pCertificate);
> lCrlCollection = certStore.getCRLs(lCRLSelector); // lCRLCoolection is
> returned empty even if it should contain a crl for A and the logging
> file apacheds-rolling.log shows that a server connection closed... There
> is no exception shown from SUN CertStore provider. It is very silent.
>
> Extract of apacheds-rolling.log:
> [12:12:10] WARN
> [org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler
> ]
> - [/127.0.0.1:1235] Unexpected exception forcing session to close:
> sending disconnect notice to client.
> java.io.IOException: Une connexion existante a dû être fermée par l'hôte
> distant
> at sun.nio.ch.SocketDispatcher.read0(Native Method)
> at sun.nio.ch.SocketDispatcher.read(Unknown Source)
> at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
> at sun.nio.ch.IOUtil.read(Unknown Source)
> at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
> at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.read(
> SocketIoProcessor.java:271)
> at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.process(
> SocketIoProcessor.java:245)
> at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(
> SocketIoProcessor.java:42)
> at
> org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(
> SocketIoProcessor.java:566)
> [12:12:10] WARN
> [org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler
> ]
> - [/127.0.0.1:1236] Unexpected exception forcing session to close:
> sending disconnect notice to client.
> java.io.IOException: Une connexion existante a dû être fermée par l'hôte
> distant
> at sun.nio.ch.SocketDispatcher.read0(Native Method)
> at sun.nio.ch.SocketDispatcher.read(Unknown Source)
> at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
> at sun.nio.ch.IOUtil.read(Unknown Source)
> at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
> at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.read(
> SocketIoProcessor.java:271)
> at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.process(
> SocketIoProcessor.java:245)
> at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(
> SocketIoProcessor.java:42)
> at
> org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(
> SocketIoProcessor.java:566)
>
> Does anyone has a clue on what happens. Is it a bug from apacheds or SUN
> CertStore provider?
> Thanks for help,
> Tony
>
>
>
>
>
--
Cordialement,
Emmanuel Lécharny