Invalid key type @ SSL

Tadej Lasic Mon, 06 Feb 2006 04:45:38 -0800

Hi,

I'm working on a signing API using JSS (latest v4.2.0.0), NSS v3.11
and NSPR v4.6.1 on Java v1.5.0_06.


I want to connect to a trusted server via SSL for data signing, but
the connection always stops just before the CertificateVerify, so
after the final handshake Server write key.

I have created a truststore with the ROOT CA for the provider and I'm
reading the pkcs12 keystore with the client CA. This seems to work ok,
the certificate is recognized and the trusted CA is added correctly
after reading the truststore.

                System.setProperty("javax.net.ssl.trustStore","c:/truststore");
                System.setProperty("javax.net.ssl.trustStorePassword","123456");
                
                System.setProperty("javax.net.ssl.keyStore", 
"c:/P-SP2-passworda.pfx");
                System.setProperty("javax.net.ssl.keyStorePassword", "a");
                System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");

Now, for the data excange I'm using the Axis APIs (SOAP) and when I
tested the SSL connection using only Axis, it worked. But as soon as I
used JSS, things stoped working. Here's the stack trace.

---------------------------------------
Server write key:
0000: A9 C3 FD 3C 8B 4B 15 4D   AE B2 E7 10 AE 35 9C F3  ...<.K.M.....5..
... no IV for cipher
%% Invalidated:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, SEND TLSv1 ALERT:  fatal, description = handshake_failure
Padded plaintext before ENCRYPTION:  len = 18
0000: 02 28 6C 89 07 29 9C 46   0A 6F 9B 90 3B 49 07 C5  .(l..).F.o..;I..
0010: 94 E1                                              ..
main, WRITE: TLSv1 Alert, length = 18
[Raw write]: length = 23
0000: 15 03 01 00 12 DE 1C B8   37 B8 52 F0 79 7F 95 53  ........7.R.y..S
0010: 3D 1A 83 16 11 BA 78                               =.....x
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Error
signing certificate verify
main, called close()
main, called closeInternal(true)
Finalizer, called close()
Finalizer, called closeInternal(true)


<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Body 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";><soapenv:Fault><:faultcode
xmlns=""/><:faultstring xmlns=""/><:detail xmlns=""><ns1:stackTrace
xmlns:ns1="http://xml.apache.org/axis/";>javax.net.ssl.SSLHandshakeException:
Error signing certificate verify
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
        at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:608)
        at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:160)
        at 
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at 
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:677)
        at 
com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:235)
        at 
org.apache.axis.transport.http.HTTPSender.readHeadersFromSocket(HTTPSender.java:583)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:143)
        at 
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
        at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
        at org.apache.axis.client.Call.invoke(Call.java:2767)
        at org.apache.axis.client.Call.invoke(Call.java:1870)
        at 
org.apache.axis.soap.SOAPConnectionImpl.call(SOAPConnectionImpl.java:90)
        at 
si.hermes.security.Collections.TimestampProviderImpl.CreateTimestamp(TimestampProviderImpl.java:232)
        at 
si.hermes.security.Collections.TimestampImpl.CreateTimestamp(TimestampImpl.java:57)
        at 
si.hermes.security.ESignDocTestTimestamp.testTimestampCreatePostarca(ESignDocTestTimestamp.java:286)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at junit.framework.TestCase.runTest(TestCase.java:154)
        at junit.framework.TestCase.runBare(TestCase.java:127)
        at junit.framework.TestResult$1.protect(TestResult.java:106)
        at junit.framework.TestResult.runProtected(TestResult.java:124)
        at junit.framework.TestResult.run(TestResult.java:109)
        at junit.framework.TestCase.run(TestCase.java:118)
        at junit.framework.TestSuite.runTest(TestSuite.java:208)
        at junit.framework.TestSuite.run(TestSuite.java:203)
        at junit.textui.TestRunner.doRun(TestRunner.java:116)
        at junit.textui.TestRunner.doRun(TestRunner.java:109)
        at junit.textui.TestRunner.run(TestRunner.java:72)
        at junit.textui.TestRunner.run(TestRunner.java:57)
        at 
si.hermes.security.ESignDocTestTimestamp.main(ESignDocTestTimestamp.java:404)
Caused by: java.security.InvalidKeyException: Invalid key type:
org.mozilla.jss.pkcs11.PK11RSAPrivateKey
        at 
org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.importKey(JSSCipherSpi.java:123)
        at 
org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineInit(JSSCipherSpi.java:161)
        at 
org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineInit(JSSCipherSpi.java:270)
        at javax.crypto.Cipher.init(DashoA12275)
        at 
java.security.Signature$CipherAdapter.engineInitSign(Signature.java:1205)
        at java.security.Signature$Delegate.init(Signature.java:1079)
        at java.security.Signature$Delegate.chooseProvider(Signature.java:1036)
        at java.security.Signature$Delegate.engineInitSign(Signature.java:1109)
        at java.security.Signature.initSign(Signature.java:503)
        at 
com.sun.net.ssl.internal.ssl.RSASignature.engineInitSign(RSASignature.java:108)
        at java.security.Signature$Delegate.engineInitSign(Signature.java:1107)
        at java.security.Signature.initSign(Signature.java:503)
        at 
com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateVerify.&lt;init&gt;(HandshakeMessage.java:1002)
        at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:604)
        ... 38 more</ns1:stackTrace><ns2:hostname
xmlns:ns2="http://xml.apache.org/axis/";>yukon</ns2:hostname></:detail></soapenv:Fault></soapenv:Body>
---------------------------------------

Any idea what might be wrong?

Regards,
   Tadej
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Invalid key type @ SSL

Reply via email to