jessie-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jessie-discuss] Client Auth Enabled, Getting "RSA Signature not ava


From: chinmaya
Subject: Re: [Jessie-discuss] Client Auth Enabled, Getting "RSA Signature not available" Error
Date: Mon, 9 Apr 2007 14:01:22 -0600

On 4/9/07, address@hidden <address@hidden> wrote:
> On 4/6/07, Casey Marshall <address@hidden> wrote:
>>
>> On Apr 6, 2007, at 4:26 PM, chinmaya wrote:
>>
>> > Hi
>> > I tried using client auth and I used following as the only cipher
>> > suite for the negotiation
>> > TLS_RSA_WITH_AES_128_CBC_SHA. This is causing an error on the TLS
>> > server side,
>> > giving me 'RSA signature not available error'.
>> >
>> > Isn't RSA signature impelementation part of Standarad SUN JDK?
>> > Is there anything I am doing wrong? Any suggestion to fix this?
>> >
>>
>> The code is actually looking for the signature algorithm called
>> "TLSv1.1-RSA", which handles things a little different. This *should*
>> be a part of Jessie: in gnu.javax.net.ssl.provider.Jessie there is:
>>
>>    put("Signature.TLSv1.1-RSA ", SSLRSASignatureImpl.class.getName());
>>    put("Alg.Alias.Signature.TLSv1-RSA", "TLSv1.1-RSA");
>>    put("Alg.Alias.Signature.SSLv3-RSA", "TLSv1.1-RSA");
>>
>> And the class SSLRSASignatureImpl implements this. If you're
>> installing the Jessie provider properly, this should work.
>>
>>
>>
> Yup the is exactly like this, but it still does not work.
> Well, point to be noted is that, I have one-more provider being used in
> the
> same JVM.
> But I have added Jesse at position one
>
> -- code --
> java.security.Security.insertProvider (new Jessie(), 1);
> java.security.Security.insertPovider(new BouncyCastle(), 2).
> -- code --
>
> Also while creating SSLContext I explicitly specify Jessie as the
> provider.
>
> -- code --
> Provider provider = new Jessie();
> ctx = SSLContext.getInstance("TLS", provider)
> -- code --
>
>
>
> I have put some debugs at (ServerHandshake.java:1249), the code
> engine.session().suite.signatureAlgorithm().toString() is returning RSA as
> the string, so basically the call which is failing is
> java.security.Signature.getInstance("RSA").
>
>
> Any clues to proceed further to fix this issue?
>

Ah, I see that this line in ServerHandshake.java:

        java.security.Signature sig =
java.security.Signature.getInstance(engine.session().suite.signatureAlgorithm().toString());

Is calling "toString()" on the SignatureAlgorithm, but should (I think) be
calling "algorithm()." Anyway, that's why the "TLS1.1-RSA" isn't being
used. It may suffice to change that line to:

        java.security.Signature sig =
java.security.Signature.getInstance(engine.session().suite.signatureAlgorithm().algorithm());

But, I'm not sure if TLS1.1-RSA actually will work, since it seems I
haven't tested Jessie with it, after all :-( Let me know if this gets you
further.




Now I am getting this error

javax.net.ssl.SSLException: java.security.NoSuchAlgorithmException: TLSv1.1-RSA Signature not available
        at gnu.javax.net.ssl.provider.ServerHandshake.verifyClient(ServerHandshake.java:1259)
        at gnu.javax.net.ssl.provider.ServerHandshake.implHandleInput(ServerHandshake.java:604)
        at gnu.javax.net.ssl.provider.AbstractHandshake.handleInput(AbstractHandshake.java:241)
        at gnu.javax.net.ssl.provider.SSLEngineImpl.unwrap(SSLEngineImpl.java:644)
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
        at gnu.javax.net.ssl.provider.SSLSocketImpl.doHandshake(SSLSocketImpl.java:474)
        at gnu.javax.net.ssl.provider.SSLSocketImpl$SocketInputStream.read(SSLSocketImpl.java:150)
        at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411)
        at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453)
        at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
        at java.io.InputStreamReader.read(InputStreamReader.java:167)
        at java.io.BufferedReader.fill(BufferedReader.java:136)
        at java.io.BufferedReader.read(BufferedReader.java:157)
        at TLSDataListener.processData(TLSDataListener.java:26)
        at TLSServer$2.run(TLSServer.java:200)
Caused by: java.security.NoSuchAlgorithmException: TLSv1.1-RSA Signature not available
        at java.security.Signature.getInstance(Signature.java:208)
        at gnu.javax.net.ssl.provider.ServerHandshake.verifyClient(ServerHandshake.java:1248)





reply via email to

[Prev in Thread] Current Thread [Next in Thread]