2

I want to create SSL connection. I created keystore. and trying to use x509.

 final KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");

but I am getting below exception on console after running.

java.security.NoSuchAlgorithmException: X509 KeyManagerFactory not available at sun.security.jca.GetInstance.getInstance(Unknown Source) at javax.net.ssl.KeyManagerFactory.getInstance(Unknown Source) SSLContext sc = SSLContext.getInstance(connectionType); final char[] keyPassPhrase = "changeit".toCharArray(); //String [] array = Security.getProviders(); final KeyStore ks = KeyStore.getInstance("jks"); 

        ks.load(new FileInputStream("ClientKeyStore"), keyPassPhrase);
        provider();
        final KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509"); // this line is problem

        // SunX509 : supporting only: [TLSv1, TLSv1.1, TLSv1.2]
        kmf.init(ks, keyPassPhrase);

        sc.init(kmf.getKeyManagers(), new TrustManager[] {
                new X509TrustManager(){
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                    @Override
                    public void checkClientTrusted(X509Certificate[] arg0, String arg1)
                            throws CertificateException {

                    }
                    public void checkServerTrusted(X509Certificate[] arg0, String arg1)
                            throws CertificateException {
                    }
                }
        },new SecureRandom());
        SSLSocketFactory factory = sc.getSocketFactory();
        SSLSocket socket=null;
        try{
            //socket = (SSLSocket) factory.createSocket("XXXX",xxxx);/
            socket = (SSLSocket) factory.createSocket(ipAddress, Integer.parseInt(ports[portIndex]));

            //convert to array
            String[] cipherSelectedArray;
            if(isSupported == 1 ) {
                cipherSelectedArray = new String[] {msupportedcipherList.get(cipherIndex).trim()};
            }
            else {
                cipherSelectedArray = new String[] {mnotSupportedcipherList.get(cipherIndex).trim()};
            }

            String []mselectedSSLOrTLSVersionArrray = new String[] {mselectedSSLOrTLSVersion};   // if passing these --> getting connection timeout

            socket.setEnabledProtocols(mselectedSSLOrTLSVersionArrray);
            socket.setEnabledCipherSuites(cipherSelectedArray);
            for(int i = 0; i<cipherSelectedArray.length ; i++) {
                //System.out.println("ciphers are :" +  cipherSelectedArray[i]);
            }


            socket.setSoTimeout(15000);

            socket.addHandshakeCompletedListener(new HandshakeCompletedListener() {

                @Override
                public void handshakeCompleted(HandshakeCompletedEvent event) {
                    ////System.out.println("completed");

                }
            });



            socket.startHandshake(); //handshake                                            as "SunX509" does not support SSL. I need to create above one. Can someone help.   And also with "SunX509" i am getting                                              java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers problem with some ciphers. please help
Improve this question

4 Answers 4

Reset to default
8

The parameter you are using X509 is not recognized by the algorithm provider.

As described getInstance(String algorithm) the reason is clear.

NoSuchAlgorithmException - if no Provider supports a KeyManagerFactorySpi implementation for the specified algorithm.

The standard algorithms are described here

I guess they support PKIX, SunX509 this two algorithm in KeyManagerFactory

So you have to use SunX509 instead of X509.

See the table here

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Even if i use "PKIX" , there are some cihers with gives exception. javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate). can someone help.
have you used SunX509?
yes. I used SunX509. at that with there are more exceptions. " javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)." while using "PKIX" less.
can somebody give one example for X509 for SSL connection.
3

Read what the stack trace is telling you:

java.security.NoSuchAlgorithmException: X509 KeyManagerFactory not available

The X509 algorithm is not available from the security provider you are using. However, the following code should work for you:

final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

Please have a look at this Code Ranch article which discusses your problem and also shows how to find out which security algorithms are available from your provider.

Improve this answer

1 Comment

Thanks for reply. I already used above code as you suggested. But SunX509 doesn't support SSl . It only support TLSv1,v2,v3. What i have to use if i want to create using SSL. please suggest. One more issue if i use SunX509, it gives me exception. e.g. Cannot support TLS_DH_anon_WITH_AES_256_CBC_SHA with currently installed providers: what i have do to in that case.
3

The problem with the use of "SunX509" is that it is specific for an Oracle JRE and doesn't work in an IBM JRE, where the default is "IbmX509". A better solution which is vendor-agnostic is:

KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

The default algorithm is defined by the security property "ssl.keyManagerFactory.algorithm" in <JRE_HOME>/lib/security/java.security, and is by default "SunX509" in Oracle and "IbmX509" in IBM JREs (at least for Java 8).

Improve this answer

Comments

0

first check if needed algorithm is available in java.security of JDK jre In my case I just changed the sequence of Algorithms and added a security provider in Java.security and it worked.

  1. added security provides :

security.provider.12=sun.x.rsa.SunRsaSign

  1. changed sequence of Algorithm :

From :

ssl.KeyManagerFactory.algorithm=SunX509

ssl.TrustManagerFactory.algorithm=PKIX

To

ssl.TrustManagerFactory.algorithm=PKIX

ssl.KeyManagerFactory.algorithm=SunX509

java.security path : \jdk1.7.0_25\jre\lib\security\java.security

Use below code to check if SunX509 algorithm is supported or not in you JDK

public static void main(String[] args) {
    String algorithm = "SunX509";
    Provider provider = Security.getProvider("SunJSSE");

    if (provider != null && provider.getService("KeyManagerFactory", algorithm) != null) {
        System.out.println("SunJSSE provider supports the " + algorithm + " algorithm.");
    } else {
        System.out.println("SunJSSE provider does not support the " + algorithm + " algorithm.");
    }
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.