Skip to main content

EJB mutual authentication faliling with java standalone client

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
No replies
EJB-TLS
Offline
Joined: 2014-07-03

Hi,

EJBCA EJBs are deployed in Glassfish V2. We try to access them using java standalone client using SSL mutual authentication port 3920.
Here is the snippet of client code :

props.setProperty("java.naming.factory.initial", "com.sun.enterprise.naming.SerialInitContextFactory");
props.setProperty("java.naming.factory.url.pkgs", "com.sun.enterprise.naming");
props.setProperty("java.naming.factory.state","com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl");
props.setProperty("org.omg.CORBA.connection.ORBSocketFactory","javax.net.ssl.IIOPSSLSocketFactory");
props.put("org.omg.CORBA.ORBInitialHost","hostname");
props.put("org.omg.CORBA.ORBInitialPort","3920");
props.put("com.sun.CSIV2.ssl.client.required","true");

System.setProperty("javax.net.ssl.trustStore", "/var/tmp/EJB/trust/trust.jks") ;
System.setProperty("javax.net.ssl.keyStore", "/var/tmp/EJB/BACK/testsecure.jks") ;
System.setProperty("javax.net.ssl.keyStorePassword", "abcdef") ;
System.setProperty("javax.net.ssl.trustStorePassword", "abcdef") ;

InitialContext ic = new InitialContext(props);
CaSessionRemote cr = (CaSessionRemote) ic.lookup("ejbca/CaSessionRemote");

When we try this client side we are getting below exception :

javax.naming.CommunicationException: Can't find SerialContextProvider [Root exception is org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 208 completed: Maybe]
at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.java:165)
at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:398)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at Main.main(Main.java:38)
Caused by: org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 208 completed: Maybe
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectionAbort(ORBUtilSystemException.java:2862)
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectionAbort(ORBUtilSystemException.java:2880)

On server log we get below error :

[#|2014-07-02T16:04:28.891+0100|FINE|sun-appserver9.1|javax.enterprise.resource.corba.ee._CORBA_.rpc.protocol|_ThreadID=40;_ThreadName=p: thread-pool-1; w: 5;ClassName=com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase;MethodName=readGIOPHeader;SocketOrChannelConnectionImpl[ 1c637fc[SSL_NULL_WITH_NULL_NULL: Socket[addr=/127.0.0.1,port=61835,localport=3920]] ESTABLISHED false false];_RequestID=a9b347c1-7ddb-4898-abcc-43a48ea88e1b;|"IOP00410211: (COMM_FAILURE) IOException received when reading from connection SocketOrChannelConnectionImpl[ 1c637fc[SSL_NULL_WITH_NULL_NULL: Socket[addr=/127.0.0.1,port=61835,localport=3920]] ESTABLISHED false false]"
org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 211 completed: No
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.ioexceptionWhenReadingConnection(ORBUtilSystemException.java:2946)
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.ioexceptionWhenReadingConnection(ORBUtilSystemException.java:2965)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPHeader(MessageBase.java:136)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPMessage(MessageBase.java:121)
at com.sun.corba.ee.impl.transport.CorbaContactInfoBase.createMessageMediator(CorbaContactInfoBase.java:156)
at com.sun.corba.ee.impl.transport.SocketOrChannelAcceptorImpl.createMessageMediator(SocketOrChannelAcceptorImpl.java:558)
at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readBits(SocketOrChannelConnectionImpl.java:382)
at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:346)
at com.sun.corba.ee.impl.transport.ReaderThreadImpl.doWork(ReaderThreadImpl.java:108)
at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:555)

Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:785)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readFully(SocketOrChannelConnectionImpl.java:660)
at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:482)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPHeader(MessageBase.java:133)
... 7 more

Please help us to resolve this ? Does Glassfish V2 supports EJB mutual Authentication ?

Thank you in Advance