Smack 4.10 and openfire3.10, How to make "normal" TLS connection?

Hello world

I have openfire 3.10 and smack 4.10 on Android. How to make TLS connection, somebody help me. I`m not find fully documentaion about these theme.

XMPP work via internet and not many users, but i need secure this connection fully.

How I see this situation:

  1. instal openfire

-openfire generate 2 SELF-signed certificates RSA and DSA (and shows that their PENDING VERIFICATION);

I make own CA via openssl (perl ca.pl -newca)

I sign regusets(I copy text from server_settings/server certificates in rsa.crt file and dsa.crt files) , which generated openfire, (OpenSSL> ca -days 3650 -out rsa_sign.crt -in rsa.crt)

Add own ca to truststore in OPENFIRE/resourse/security/trustore

Add data BEGIN…END from rsa_sign.crt to reply box in server_settings/server certificates

Then openfire shows “CA signed” about rsa and dsa certificates.

  1. install on android

add cert from own CA(how i understand, that is public certificate, which I add to truststore in openfire)

XMPPTCPConnectionConfiguration.Builder configBuilder = XMPPTCPConnectionConfiguration.builder();
configBuilder.setHost(HOST);
configBuilder.setPort(PORT); //5222 and in openfire 5222
configBuilder.setUsernameAndPassword(USERNAME, PASSWORD);
configBuilder.setResource(RESOURCENAME);
configBuilder.setSendPresence(true);
configBuilder.setSecurityMode(ConnectionConfiguration.SecurityMode.required);
configBuilder.setDebuggerEnabled(true);
configBuilder.setServiceName(SERVICENAME);
configBuilder.setEnabledSSLProtocols(new String[]{“TLS”});

CertificateFactory cf = CertificateFactory.getInstance(“X.509”);

InputStream caInput = new BufferedInputStream(getResources().openRawResource(R.raw.cacert));// i copy public CA cert in res/raw

Certificate ca=cf.generateCertificate(caInput);

           String keyStoreType = KeyStore.getDefaultType();

           KeyStore keyStore = KeyStore.getInstance(keyStoreType);
           keyStore.load(null, null);
           keyStore.setCertificateEntry("ca", ca);

           String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
           TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
           tmf.init(keyStore);

           SSLContext context = SSLContext.getInstance("TLS");

           context.init(null, tmf.getTrustManagers(), null);
           configBuilder.setSocketFactory(context.getSocketFactory());

I get error

javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x60a36978: Failure in SSL library, usually a protocol error

05-18 21:11:54.411 13089-13114/test.justtest W/System.err﹕ error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:766 0x5faa0d5c:0x00000000)

W/System.err﹕ at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.ja va:448)

W/System.err﹕ at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.(OpenSSLSocket Impl.java:661)

W/System.err﹕ at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.ja va:632)

W/System.err﹕ at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnect ion.java:642)

W/System.err﹕ at org.jivesoftware.smack.tcp.XMPPTCPConnection.initConnection(XMPPTCPConnection.j ava:612)

W/System.err﹕ at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection. java:834)

W/System.err﹕ at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.ja va:360)

So, I need still generated certificate for client and put it on raw folder? (I trying and get same error). I think, i wrong generated certificates or anything,but I don`t how make right, please help me…

(SORRY FOR MY VERY BAD ENGLISH =))

Used libs:

jxmpp-core-0.4.1.jar

jxmpp-util-cache-0.4.1.jar

smack-android-4.1.0.jar

smack-core-4.1.0.jar

smack-extensions-4.1.0.jar

smack-sasl-provided-4.1.0.jar

smack-tcp-4.1.0.jar

Certificate for Android I convert to PEM format OpenSSL> x509 -inform PEM -outform DER -in cacert.pem -out cacert.der

Сообщение отредактировано: dizel

For Android 4.0 or lower it may be an Andoid bug: android - Javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: Failure in SSL…

Does the handshake work fine when you use a Linux or Windows client?

I`m now try, and get follow error (WIN 7)

WARNING: Server did not report any SASL mechanisms

мая 19, 2015 9:33:49 PM org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketWriter shutdown

WARNING: shutdownDone was not marked as successful by the writer thread

org.jivesoftware.smack.SmackException$NoResponseException: No response received within reply timeout. Timeout was 5000ms (~5s). Used filter: No filter used or filter was ‘null’.

at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackExceptio n.java:106)

at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackExceptio n.java:85)

at org.jivesoftware.smack.SynchronizationPoint.checkForResponse(SynchronizationPoi nt.java:192)

at org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWait(Synchronizatio nPoint.java:114)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketWriter.shutdown(XMPPTCPConne ction.java:1265)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.shutdown(XMPPTCPConnection.java:49 4)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.instantShutdown(XMPPTCPConnection. java:483)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.notifyConnectionError(XMPPTCPConne ction.java:863)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2600(XMPPTCPConnection.java :139)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketWriter.writePackets(XMPPTCPC onnection.java:1415)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketWriter.access$2700(XMPPTCPCo nnection.java:1166)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketWriter$1.run(XMPPTCPConnecti on.java:1214)

at java.lang.Thread.run(Unknown Source)

мая 19, 2015 9:33:49 PM org.jivesoftware.smack.AbstractXMPPConnection callConnectionClosedOnErrorListener

WARNING: Connection closed with error

javax.net.ssl.SSLException: java.net.SocketException: Connection reset

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)

at sun.security.ssl.AppInputStream.read(Unknown Source)

at sun.nio.cs.StreamDecoder.readBytes(Unknown Source)

at sun.nio.cs.StreamDecoder.implRead(Unknown Source)

at sun.nio.cs.StreamDecoder.read(Unknown Source)

at java.io.InputStreamReader.read(Unknown Source)

at java.io.BufferedReader.read1(Unknown Source)

at java.io.BufferedReader.read(Unknown Source)

at org.jivesoftware.smack.util.ObservableReader.read(ObservableReader.java:41)

at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2992)

at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046)

at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1410)

at org.xmlpull.mxp1.MXParser.nextImpl(MXParser.java:1395)

at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1151)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$200(XMPPTCPCon nection.java:937)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnecti on.java:952)

at java.lang.Thread.run(Unknown Source)

Caused by: java.net.SocketException: Connection reset

at java.net.SocketInputStream.read(Unknown Source)

at java.net.SocketInputStream.read(Unknown Source)

at sun.security.ssl.InputRecord.readFully(Unknown Source)

at sun.security.ssl.InputRecord.read(Unknown Source)

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)

… 17 more

USED libs on WIN7:

jxmpp-core-0.4.1.jar

jxmpp-util-cache-0.4.1.jar

smack-core-4.1.0.jar

smack-extensions-4.1.0.jar

smack-java7-4.1.0.jar

smack-sasl-javax-4.1.0.jar

smack-sasl-provided-4.1.0.jar

smack-tcp-4.1.0.jar

xmlpull-xpp3-1.1.4c.jar

May be need more libs? While I`m disable secure connection, work fine (On win and android, and android 4.4.2)

Anybody help me? =) I think, somebody already made tls connection with android smack and openfire, please share your expirience =))

I configure jks store for win client and configure pkcs12 store for android, and it wotks ok, problem was with generate “right” keystore and trustore