You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by Tony Blanchard <bl...@wanadoo.fr> on 2006/09/08 12:48:06 UTC

Problem using rc4 with SUN LDAP CertStore provider

Hi all,

I have a strange behavior with the SUN ldap certStore provider when 
trying to find pkiCA entry...

With openSSL:
I created a self signed certificate for a CA. (PEM format and RSA key)
I created another certificate for two users A and B (PEM format and RSA 
key). I have requested signature from the previous created CA for each 
one. I revoke certificate for A and generate a crl whith openssl. Then I 
transform this crl in a pkcs7 crl for java SUN provider understanding.

Those two certificates have an issuer for 
OU=MyOrganization,DC=example,DC=com
So I create a pkiCa and organizationlUnit entry at 
OU=MyOrganization,DC=example,DC=com on the server.
In this entry, i put the caCertificate, the 
certificateRevocationLists(CRL in PKCS7) and the 
authorityRevocationList(Same CRL in PKCS7) values.

I enable Anonymous access on my apacheds server...
When executing the following code, I generate a unexpected exception 
which closes server connexion...

LDAPCertStoreParameter lParams = new LDAPCertStoreParameter("localhost", 
10389);
lCertStore = CertStore.getInstance("LDAP", lParams, "SUN");
X509CRLSelector = new X509CRLSelector();
lCRLSelector.setCertificateChecking(pCertificate);
lCrlCollection = certStore.getCRLs(lCRLSelector); // lCRLCoolection is 
returned empty even if it should contain a crl for A and the logging 
file apacheds-rolling.log shows that a server connection closed... There 
is no exception shown from SUN CertStore provider. It is very silent.

Extract of apacheds-rolling.log:
[12:12:10] WARN 
[org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler] 
- [/127.0.0.1:1235] Unexpected exception forcing session to close: 
sending disconnect notice to client.
java.io.IOException: Une connexion existante a dû être fermée par l'hôte 
distant
    at sun.nio.ch.SocketDispatcher.read0(Native Method)
    at sun.nio.ch.SocketDispatcher.read(Unknown Source)
    at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
    at sun.nio.ch.IOUtil.read(Unknown Source)
    at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
    at 
org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:271)
    at 
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245)
    at 
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:42)
    at 
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566)
[12:12:10] WARN 
[org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler] 
- [/127.0.0.1:1236] Unexpected exception forcing session to close: 
sending disconnect notice to client.
java.io.IOException: Une connexion existante a dû être fermée par l'hôte 
distant
    at sun.nio.ch.SocketDispatcher.read0(Native Method)
    at sun.nio.ch.SocketDispatcher.read(Unknown Source)
    at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
    at sun.nio.ch.IOUtil.read(Unknown Source)
    at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
    at 
org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:271)
    at 
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245)
    at 
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:42)
    at 
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566)

Does anyone has a clue on what happens. Is it a bug from apacheds or SUN 
CertStore provider?
Thanks for help,
Tony

Re: Problem using rc4 with SUN LDAP CertStore provider

Posted by Emmanuel Lecharny <el...@gmail.com>.

Hi Tony,

I remember having had problems when trying to set SSL with OpenSSL when I
first tried.

Can you check this page and tell us if it works for you ? :
http://docs.safehaus.org/display/APACHEDS/SSL+Enabling

Thanks fro the feedback.

Emmanuel

On 9/8/06, Tony Blanchard <bl...@wanadoo.fr> wrote:
>
> Hi all,
>
> I have a strange behavior with the SUN ldap certStore provider when
> trying to find pkiCA entry...
>
> With openSSL:
> I created a self signed certificate for a CA. (PEM format and RSA key)
> I created another certificate for two users A and B (PEM format and RSA
> key). I have requested signature from the previous created CA for each
> one. I revoke certificate for A and generate a crl whith openssl. Then I
> transform this crl in a pkcs7 crl for java SUN provider understanding.
>
> Those two certificates have an issuer for
> OU=MyOrganization,DC=example,DC=com
> So I create a pkiCa and organizationlUnit entry at
> OU=MyOrganization,DC=example,DC=com on the server.
> In this entry, i put the caCertificate, the
> certificateRevocationLists(CRL in PKCS7) and the
> authorityRevocationList(Same CRL in PKCS7) values.
>
> I enable Anonymous access on my apacheds server...
> When executing the following code, I generate a unexpected exception
> which closes server connexion...
>
> LDAPCertStoreParameter lParams = new LDAPCertStoreParameter("localhost",
> 10389);
> lCertStore = CertStore.getInstance("LDAP", lParams, "SUN");
> X509CRLSelector = new X509CRLSelector();
> lCRLSelector.setCertificateChecking(pCertificate);
> lCrlCollection = certStore.getCRLs(lCRLSelector); // lCRLCoolection is
> returned empty even if it should contain a crl for A and the logging
> file apacheds-rolling.log shows that a server connection closed... There
> is no exception shown from SUN CertStore provider. It is very silent.
>
> Extract of apacheds-rolling.log:
> [12:12:10] WARN
> [org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler
> ]
> - [/127.0.0.1:1235] Unexpected exception forcing session to close:
> sending disconnect notice to client.
> java.io.IOException: Une connexion existante a dû être fermée par l'hôte
> distant
>     at sun.nio.ch.SocketDispatcher.read0(Native Method)
>     at sun.nio.ch.SocketDispatcher.read(Unknown Source)
>     at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
>     at sun.nio.ch.IOUtil.read(Unknown Source)
>     at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
>     at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.read(
> SocketIoProcessor.java:271)
>     at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.process(
> SocketIoProcessor.java:245)
>     at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(
> SocketIoProcessor.java:42)
>     at
> org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(
> SocketIoProcessor.java:566)
> [12:12:10] WARN
> [org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler
> ]
> - [/127.0.0.1:1236] Unexpected exception forcing session to close:
> sending disconnect notice to client.
> java.io.IOException: Une connexion existante a dû être fermée par l'hôte
> distant
>     at sun.nio.ch.SocketDispatcher.read0(Native Method)
>     at sun.nio.ch.SocketDispatcher.read(Unknown Source)
>     at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
>     at sun.nio.ch.IOUtil.read(Unknown Source)
>     at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
>     at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.read(
> SocketIoProcessor.java:271)
>     at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.process(
> SocketIoProcessor.java:245)
>     at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(
> SocketIoProcessor.java:42)
>     at
> org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(
> SocketIoProcessor.java:566)
>
> Does anyone has a clue on what happens. Is it a bug from apacheds or SUN
> CertStore provider?
> Thanks for help,
> Tony
>
>
>
>
>


-- 
Cordialement,
Emmanuel Lécharny