Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
4.7k views
in Technique[技术] by (71.8m points)

ssl - Java Empty issuer DN not allowed in X509Certificate (Libimobiledevice implementation)

I am working hard on an open project to implement Libimobiledevice library in Java.

I already had implement Usbmuxd / PlistService / DeviceConnexion etc..

All working good, except when I am trying to wrap the SSL Socket.

According to the different implementation made in C (Libimobiledevice) or in Python (pymobiledevice), I generate the X509Certificat using the PEM provided during the Host & Device pairing.

I use this following PEM to generate my X509Certificat (first generated using libimobiledevice) :

-----BEGIN CERTIFICATE-----
MIICujCCAaKgAwIBAgIBADANBgkqhkiG9w0BAQUFADAAMB4XDTIxMDExMjE0MDcy
OVoXDTMxMDExMDE0MDcyOVowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMtALTNIPEv1KjnzSarFl5ahC6UB9SMCRZbaPP3270Fxl8BW8BcbhqEn5j5K
pB+f+f4QXSh8ITx2/LPPuwd2YNlpR+pYmvKCLZRTxyrNLDY5srj3bIxAcJKIcuiQ
zISbGxNd/1jK52Y6ZmB9ntFpK094ZCL40TRvlghlzdYhS9Fr82OvIetyC+WXn64D
+gyrrtASvydOSzyiVJELDWe7ULHsVSafBBOL76BOmA6g4iruFujuMfrxFydg5RGp
TwTe9VnwJJO1xuKTlgMP9zQKxTP0EoEOGJ+rcqfmwExYRELQe4YwAkEKiq48BIxp
WHMo88Kj6MFmCnaDY9is18g+2yUCAwEAAaM/MD0wDAYDVR0TAQH/BAIwADAdBgNV
HQ4EFgQUHx2bzAmGPtEdlX34YL6pu9cfqMkwDgYDVR0PAQH/BAQDAgWgMA0GCSqG
SIb3DQEBBQUAA4IBAQDQeLnRXk3LWVBdZ7OzgtmHM236bDms2dgBPZv3WfTSHriT
l3PTssO08elH6/WAT2ljRluu3jtkwaqwKsEsG+8XAoMyHbW8VmzqC+PNou0PZPpY
cLMqTVdDq+9Do1AyQ8i3V16GGCxBb8NCHyfUcRnnq04KiuwaKBwWtttpTwMoAkYB
I+aH1drtRDiBcxuALZqEcAg5jfatgaRfgWsWNE0NJiXdk1PHUcF9dBOUhNttp1AS
THwqJXdBEiPc00zRlUQEx5Wu5pO4SVvhwbEM1F00srcDK6yYz0s+23eU7XLH6bGd
ik7hOSZjkEP/mmkrYHZUYYY9obpFbtLLsTWp0b0S
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDLQC0zSDxL9So5
80mqxZeWoQulAfUjAkWW2jz99u9BcZfAVvAXG4ahJ+Y+SqQfn/n+EF0ofCE8dvyz
z7sHdmDZaUfqWJrygi2UU8cqzSw2ObK492yMQHCSiHLokMyEmxsTXf9YyudmOmZg
fZ7RaStPeGQi+NE0b5YIZc3WIUvRa/NjryHrcgvll5+uA/oMq67QEr8nTks8olSR
Cw1nu1Cx7FUmnwQTi++gTpgOoOIq7hbo7jH68RcnYOURqU8E3vVZ8CSTtcbik5YD
D/c0CsUz9BKBDhifq3Kn5sBMWERC0HuGMAJBCoquPASMaVhzKPPCo+jBZgp2g2PY
rNfIPtslAgMBAAECggEBAJblvqkkKB/8lK0Rgs/WgwTB6/NF0Ml9Fk05Ga8zdc4Q
l6mk4ftF5F4hUT9OCyuvidqmK4OzJLnPXS3iO+j+akj/cPT7c444N763tFaCnSBl
FdtdVqmJ7gncY/NmDXEl9qQaVUmG2uV61ictHIw8mHsX1sBgGnHjpm/1pSwk7DU9
rC8ZsaNlDhEWGETohqXxUvK0e1MXNWWjg+XNSYrkj8b0f6SLKOFQcUQqreGDyg5I
uz/5pS6IGpetqWt43WbcgeRAELhtWBZsJgWv07Esf52RIqY1tW12QCguJUTP+Hqv
qfO7B+RJcv+m1Y4KEfMbShcl+SbMNagtjOQzGNmhlAECgYEA+J8ryB1cUdIuxtgG
EPBy+2JCb1Hjr8mIvdzuBj9Mbtlp9/n1tGCsex2T+Ct8IkohS/lOMgGXy+aw+Ats
pW9Z0XfEucyg8WgZ7zRPl83YIMDAXkOEQhNxZ+mgBHKPFCKLGzLOL392Le7niUxw
CX6mNVkKesP1Tn2gm+g+I3lMzNUCgYEA0UhP/tGV2G76hK3qp/X15ao3yG2FgEZv
qFU7rIi/jrJaFwCpPZ4y828iv3nScSgBBSUOKwhY/k+LTPHaSkpgeX5Rhpj1mW+t
cVeEjbHLAlhX/FivfaJOLJfQTU2YChqA9Ax5VVPMTjhVS77BU68omUZpG2xzBp6K
clDn8XE8vRECgYEA4kEwPcACeO+W5BxJgPbhHMZyAQ5770ivqWE6N/M44pP27NXL
9agYrz3en/Uq1aWyoYoy0C1E8ClzmXgEGpW4HnkpTZDcUnTTTS3E1Thd3IitR9uX
q+43wUIJ/qImdUNuZoUYwH71lJ2algc62lkodtoeQFS+k/ydweRbUDseWjUCgYEA
yscSG4jfc9I0EhKhZxS+qUUAv8a+r8ePsL7FDyuAz7an69nMIdQC8jQgqv5SlSl5
s45v5+oysFZKVseQBqOCTrXCMHRMo9q9ZzCxUsmONjt7JRqZD1YQAM0oG36vbjq3
77+WYMLNFo0muDmgAIGbCMhcVyIBYcyDwLf7xMk/XMECgYBim0gMEYAE+2U2b1wm
5CnTDcObOTf2cUh56YWwPOlmQIbXKQxlEajCBYCfX51HHi0TyozutJ9oFuGQJzzH
h4UHmSykionM7KTgQOtnEbYVzTSyx4wlQWciHSHUZ3RhOGTM1jbeTXTUXwcXVfLA
z0UpDK0tm1S3o/aQFS1RkX+chg==
-----END PRIVATE KEY-----

When I decode this PEM File , I can see there is no DN provided in this key.

And during the SSLHandshake I receive this Exception :

Exception in thread "main" java.io.IOException: java.io.IOException: javax.net.ssl.SSLProtocolException: Empty issuer DN not allowed in X509Certificates

And this is the part of my code causing this Exception :

SSLSocket sslSocket = (SSLSocket) SSLContext.getDefault().getSocketFactory().createSocket(socket, "127.0.0.1", 62078, true);
                System.out.println("Socket open");
                
                sslSocket.setEnabledCipherSuites(new String[] { "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" });
                sslSocket.setEnabledProtocols(new String[] { "TLSv1.2" });
                try{
                    sslSocket.startHandshake();
                    System.out.println("================================Socket open success");
                }catch(Exception e){
                    throw new IOException(e);
                }

There is a way to bypass the "Empty issuer Exception" in Java ? or Someone do have an other idea ? I really need your help on this.

Thank you.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...