Fighting with sockets!Posted: 08/23/2012
Last week, I was appointed to develop a Java program that should connect to an external secure socket, in order to get data provided by a partner company. Another requisite was that the module should be stored on an Oracle 11g Database, so I must use a 1.5 JDK. Easy, I thought!
First of all, I review Java Secure Socket Extension (JSSE) Reference Guide. Our company partner IT team provided me with the key store containing the certificate I should trust and I decide to program a custom SSL context:
... KeyStore keyStoreTrust = KeyStore.getInstance("PKCS12"); keyStoreTrust.load(this.getClass().getResourceAsStream("KeyStoreTrust.pfx"), "password".toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX"); trustManagerFactory.init(keyStoreTrust); SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustManagerFactory.getTrustManagers(), null); ...
The first problem arose when the server socket (developed in Microsoft .NET C#) unexpectedly closed the connection during the handshake, the support guy of my partner company said me that they got the following error message: “The client and server cannot communicate, because they do not possess a common algorithm”. Therefore, I delved into the problem and finally I realized that the server wanted to use a TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA cipher suite, which wasn’t supported by the security providers shipped with the JDK 1.5 I’d like to point out that a key point to find out the source of the error was to activate the debug of the SSL connection:
Hence, I decided to add to my program the well-known Bouncy Castle security provider, which supports the required cipher suite and it’s 1.5 compliant:
Once I sorted out the problem, everything started to work properly, at least as an stand-alone client! So, I created a “Loadjava and Java Stored Procedures” profile in my JDeveloper IDE, in order to deploy the software to the Oracle Database 11.2, but when I tried to do it I got the following errors:
Invoking loadjava on connection 'Test11g_Paco' with arguments: -order -resolve -definer -thin -resolver ((* TEST) (* PUBLIC) (* -)) -synonym errors : class org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey ORA-29552: verification warning: java.lang.NoClassDefFoundError: java/security/interfaces/ECPrivateKey errors : class org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey ORA-29552: verification warning: java.lang.NoClassDefFoundError: java/security/interfaces/ECPublicKey errors : class org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey ORA-29552: verification warning: java.lang.NoClassDefFoundError: java/security/interfaces/ECPrivateKey errors : class org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey ORA-29552: verification warning: java.lang.NoClassDefFoundError: java/security/interfaces/ECPublicKey errors : class org/bouncycastle/jce/provider/JCEECPrivateKey ORA-29552: verification warning: java.lang.NoClassDefFoundError: java/security/interfaces/ECPrivateKey errors : class org/bouncycastle/jce/provider/JCEECPublicKey ORA-29552: verification warning: java.lang.NoClassDefFoundError: java/security/interfaces/ECPublicKey Loadjava finished.
I can’t understand the problem because the interfaces java.security.interfaces.ECPublicKey and java.security.interfaces.ECPrivateKey are available in 1.5 and the Oracle Database 11.2 JVM is supposed to be 1.5 compliant, but I couldn’t find any satisfactory solution.