# RMI über SSL ohne JVM-Parameter (TrustStore, KeyStore)



## MaRsuPiLaMi3 (16. Januar 2008)

Hallo zusammen,

so langsam verzweifel ich. Es gilt ein bestehendes RMI Projekt auf SSL umzustellen. Da diese Projekt jedoch als Bundle in einem OSGi-Framework läuft, sollen nicht die JVM-Parameter
	
	
	



```
-Djavax.net.ssl.trustStore=[...]samplecacerts 
-Djavax.net.ssl.keyStore=[...]testkeys
-Djavax.net.ssl.keyStorePassword=passphrase
-Djavax.net.ssl.trustStorePassword=changeit
```
verwendet, sondern alles auf Java Ebene über Code realisiert werden.

Die Quallen im Internet sind dazu wohl eher nicht als solche zu Bezeichnen. Egal welches Beispiel ich werdet habe, nichts hat funktioniert.
Als key/truststore hab ich die Dinger aus dem Sun Javabeispiel genommen. (Die mit dem Duke-Zertifikat).


```
package se.kommedia.sso.ssl.rmi;

import java.io.*;
import java.net.*;
import java.rmi.server.*;
import javax.net.ssl.*;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;

public class RMISSLServerSocketFactory implements RMIServerSocketFactory {

    /*
     * Create one SSLServerSocketFactory, so we can reuse sessions
     * created by previous sessions of this SSLContext.
     */
    private SSLServerSocketFactory ssf = null;

    public RMISSLServerSocketFactory() throws Exception {
	try {
	    // set up key manager to do server authentication
	    SSLContext ctx;
	    KeyManagerFactory kmf;
	    TrustManagerFactory tmf;
	    KeyStore ks, ts;
	    char[] passphrase = "passphrase".toCharArray();
	    ks = KeyStore.getInstance("JKS");
	    ks.load(getClass().getClassLoader().getResourceAsStream("testkeys"), passphrase);

	    kmf = KeyManagerFactory.getInstance("SunX509");
	    kmf.init(ks, passphrase);

	    passphrase = "changeit".toCharArray();
	    ts = KeyStore.getInstance("JKS");
	    ts.load(getClass().getClassLoader().getResourceAsStream("samplecacerts"), passphrase);

	    tmf = TrustManagerFactory.getInstance("SunX509");
	    tmf.init(ks);
	    ctx = SSLContext.getInstance("TLS");
	    ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

	    ssf = ctx.getServerSocketFactory();
	} catch (Exception e) {
	    e.printStackTrace();
	    throw e;
	}
    }

    public ServerSocket createServerSocket(int port) throws IOException {
	    return ssf.createServerSocket(port);
    }
}
```


```
package se.kommedia.sso.ssl.rmi;

import java.io.*;
import java.net.*;
import java.rmi.server.*;
import java.security.KeyStore;

import javax.net.ssl.*;

public class RMISSLClientSocketFactory
	implements RMIClientSocketFactory, Serializable {

    /**
	 * 
	 */
	private static final long serialVersionUID = -2929316845166204942L;

	public Socket createSocket(String host, int port) throws IOException {
    	Socket s = null;
    	KeyStore ts;
    	try{	
    		char[] passphrase  = "changeit".toCharArray();
		    ts = KeyStore.getInstance("JKS");
		    ts.load(getClass().getClassLoader().getResourceAsStream("samplecacerts"), passphrase);
	    	
	    	TrustManagerFactory tmf =
			TrustManagerFactory.getInstance("SunX509");
			tmf.init(ts);
			
			SSLContext context = SSLContext.getInstance("TLS");
			TrustManager[] trustManagers = tmf.getTrustManagers();
			context.init(null, trustManagers, null);
			
			SSLSocketFactory sf = context.getSocketFactory();
			s = sf.createSocket(host,port);
    	}catch(Exception e){
    		
    	}
	    return s;
    }
}
```


```
public class SSOsslServiceRMIImpl extends UnicastRemoteObject implements SSOServiceRMI{
	private static final long serialVersionUID = 6107251065802875261L;
	transient private SSOsslServiceImpl sso = null;   //instance of the SSOService implementation
	
	public SSOsslServiceRMIImpl(SSOsslServiceImpl sso) throws Exception{
		super(0, new RMISSLClientSocketFactory(), new RMISSLServerSocketFactory());
		this.sso = sso;
	}}
```

Ausschnitt aus der Klasse die den RMI-Service registriert

```
public SSOsslServiceImpl() {
		//provide RMI	
		try{	
			
			SSOServiceRMI ssoRMIService = new SSOsslServiceRMIImpl(this);
			//get the rmi registry at the appropriate port 1099
			Registry registry = LocateRegistry.getRegistry(null, RMIPORT, new RMISSLClientSocketFactory());       
			registry.rebind(SSOServiceRMI.REGISTRY_NAME,ssoRMIService); Hier tritt der Fehler auf
		} catch(Exception e) {
			e.printStackTrace();
		}
	}
```

So siehts momentan aus. Wenn ich aber nun das Ding ausführ, dann bekomm ich nur ne nette Exception
	
	
	



```
java.rmi.ServerError: Error occurred in server thread; nested exception is: 
	java.lang.ClassFormatError: Truncated class file
	at sun.rmi.server.UnicastServerRef.oldDispatch(Unknown Source)
	at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
	at sun.rmi.transport.Transport$1.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.rmi.transport.Transport.serviceCall(Unknown Source)
	at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
	at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Unknown Source)
	at sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)
	at sun.rmi.server.UnicastRef.invoke(Unknown Source)
	at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
	at se.kommedia.sso.ssl.service.SSOsslServiceImpl.<init>(SSOsslServiceImpl.java:47) Siehe SSOsslServiceImpl
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
	at java.lang.reflect.Constructor.newInstance(Unknown Source)
	at java.lang.Class.newInstance0(Unknown Source)
	at java.lang.Class.newInstance(Unknown Source)
	at org.eclipse.equinox.ds.instance.BuildDispose.createInstance(BuildDispose.java:255)
	at org.eclipse.equinox.ds.instance.BuildDispose.buildComponentConfigInstance(BuildDispose.java:114)
	at org.eclipse.equinox.ds.instance.InstanceProcess.registerComponentConfigurations(InstanceProcess.java:145)
	at org.eclipse.equinox.ds.resolver.Resolver.dispatchWork(Resolver.java:701)
	at org.eclipse.equinox.ds.workqueue.WorkQueue$Queued.dispatch(WorkQueue.java:57)
	at org.eclipse.equinox.ds.workqueue.WorkQueue.run(WorkQueue.java:108)
Caused by: java.lang.ClassFormatError: Truncated class file
	at java.lang.ClassLoader.defineClass1(Native Method)
	at java.lang.ClassLoader.defineClass(Unknown Source)
	at java.security.SecureClassLoader.defineClass(Unknown Source)
	at java.net.URLClassLoader.defineClass(Unknown Source)
	at java.net.URLClassLoader.access$000(Unknown Source)
	at java.net.URLClassLoader$1.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.net.URLClassLoader.findClass(Unknown Source)
	at java.lang.ClassLoader.loadClass(Unknown Source)
	at java.lang.ClassLoader.loadClass(Unknown Source)
	at java.lang.ClassLoader.loadClassInternal(Unknown Source)
	at java.lang.Class.forName0(Native Method)
	at java.lang.Class.forName(Unknown Source)
	at sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
	at sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
	at java.rmi.server.RMIClassLoader$2.loadClass(Unknown Source)
	at java.rmi.server.RMIClassLoader.loadClass(Unknown Source)
	at sun.rmi.server.MarshalInputStream.resolveClass(Unknown Source)
	at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
	at java.io.ObjectInputStream.readClassDesc(Unknown Source)
	at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
	at java.io.ObjectInputStream.readObject0(Unknown Source)
	at java.io.ObjectInputStream.readObject(Unknown Source)
	at sun.rmi.transport.tcp.TCPEndpoint.read(Unknown Source)
	at sun.rmi.transport.LiveRef.read(Unknown Source)
	at sun.rmi.server.UnicastRef2.readExternal(Unknown Source)
	at java.rmi.server.RemoteObject.readObject(Unknown Source)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
	at java.io.ObjectInputStream.readSerialData(Unknown Source)
	at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
	at java.io.ObjectInputStream.readObject0(Unknown Source)
	at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
	at java.io.ObjectInputStream.readSerialData(Unknown Source)
	at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
```


----------

