Hello, I have problems on establishing SSL connection between server and android using Apache Mina (both on server and client); First of all I generated self signed keys. Bouncy Castle for Android and JKS for server:
SERVER: keytool -genkey -dname "cn=sslkey, o=test, c=RU" -alias serverkey -keyalg RSA -keypass pass -storepass pass -keystore serverkey.jks -validity 1000 keytool -export -alias serverkey -storepass pass -file server.cer -keystore serverkey.jks keytool -import -alias serverkey -file server.cer -keypass pass -keystore trustclient.bks -storetype BKS -storepass pass -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk15on-148.jar CLIENT: keytool -genkey -dname "cn=sslkey, o=test, c=RU" -alias clientkey -keyalg RSA -keypass pass -storepass pass -keystore clientkey.jks -validity 1000 keytool -export -alias clientkey -storepass pass -file client.cer -keystore clientkey.jks keytool -import -alias clientkey -file client.cer -keypass pass -keystore clientkey.bks -storetype BKS -storepass pass -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath /Users/tabtrader/Workspace/tools/bcprov-jdk15on-148.jar keytool -import -v -trustcacerts -alias clientkey -file client.cer -keystore trustserver.jks -keypass pass -storepass pass Then modified SSLContext: SERVER: KeyStore keyStore = KeyStore.getInstance("JKS"); InputStream in = null; try { in = FileUtil.open(SSLContextFactory.class, "res/serverkey.jks"); keyStore.load(in, keyStorePassword); } KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(keyStore, "pass".toCharArray()); KeyStore trustStore = KeyStore.getInstance("JKS"); InputStream in = null; try { in = FileUtil.open(SSLContextFactory.class, "res/trustserver.jks"); trustStore.load(in, keyStorePassword); } TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(trustStore); SSLContext sslContext = SSLContext.getInstance(PROTOCOL); sslContext.init(kmf.getKeyManagers(), null, new SecureRandom()); SSLFilter sslFilter = new SSLFilter(sslContext); sslFilter.setUseClientMode(false); sslFilter.setNeedClientAuth(false); CLIENT: KeyStore keyStore = KeyStore.getInstance("BKS"); InputStream in = null; try { in = getResources().openRawResource(R.raw.clientkey); // clientkey.bks keyStore.load(in, keyStorePassword); } KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509"); kmf.init(keyStore, "pass".toCharArray()); KeyStore trustStore = KeyStore.getInstance("BKS"); in = null; try { in = getResources().openRawResource(R.raw.trustclient); // trustclient.bks trustStore.load(in, keyStorePassword); } TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509"); tmf.init(trustStore); SSLContext sslContext = SSLContext.getInstance(PROTOCOL); sslContext.init(kmf.getKeyManagers(), null, new SecureRandom()); SSLFilter sslFilter = new SSLFilter(sslContext); sslFilter.setUseClientMode(true); sslFilter.setNeedClientAuth(false); Using this code SLL Handshake finished without errors: DEBUG mina.acceptor.AcceptorIoHandler *handshakeStatus=FINISHED* DEBUG mina.acceptor.AcceptorIoHandler sslSession CipherSuite used * SSL_RSA_WITH_RC4_128_MD5* And get established Mina Session. But then nothing happened. Next messages from client are ignored without any logs. It is very strange. If set sslFilter.setNeedClientAuth(true) for server I got exception: SSLHandshakeException: null cert chain Haw can I create this SSL connection? Where is the problem? I found the same issue on stackoverflow, but there are no answers and I cant write to question's author: http://stackoverflow.com/questions/12527884/using-apache-mina-with-sslfilter-on-android/15222099 -- -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.