0

I am having problem connection ssl socket code where java client is simply sending a message to the python server listening. When I run the code as localhost for both server and client, it works just fine. If I use the python server on my embedded board so the java client can send it data, there is a connection refused from java. I created the self assigned certifications with the ip of the embedded board 

openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout privKey.key -out server.pem -subj /CN=XXX.XX.XX.XXX

I created the client certification using : 

keytool -keystore clientCert -importcert -alias tS -file client.pem

But still it does not work.

I do not think it is a problem with my code since when I try the same exact code with theServerName(HOST) as localhost, the connection happens just fine.

Here is the Python Server code : 

import time , glob, os, sys

def deal_with_client(connstream):
    timestr = time.strftime("%Y-%m-%d_%H-%M-%S")
    outfile = open((timestr) + ".wav", 'ab')
    data = connstream.recv(1024)
    print data
    sys.exit(1)
    outfile.write(data )
    # null data means the client is finished with us
    while data:
        if not data:
            print 'no more data being sent'
            break
        data = connstream.recv(1024)
        outfile.write(data)
    # finished with client
def get_IP_Edison(value=basestring):
    IP = os.popen(value).read()
    tag1 , tag2= IP.find(":") , IP.find("n")
    return IP[tag1+1:tag2]

def start_Server():
    import ssl,socket

    context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) # calling the client context to loaded with
    # configs
    key , cert = "/home/root/Coding/certificates/server/privKey.key", \
                 "/home/root/Coding/certificates/server/server.pem" # Key and cert created with OPENSSL
    context.load_cert_chain(certfile=cert, keyfile=key) # Load the certifications
    value = '''ifconfig | grep "inet " | grep -v 127.0.0.1 | grep -v 192.* | awk '{print $2}' '''
    HOST, PORT = get_IP_Edison(value), 50007 # calling the port and host / needs to be of the edison
    print "IP of the Edison : " + HOST
    bindsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # create a normal socket
    bindsocket.bind((HOST, PORT)) # Bind the socket or create it
    bindsocket.listen(5)  # make the socket listen on five connections
    print 'Listening..'
    while True:
        newsocket, fromaddr = bindsocket.accept() # accept the connection
        print 'accepted connection from' + str(fromaddr)
        connstream = context.wrap_socket(newsocket, server_side=True,do_handshake_on_connect=True) # wrap it in socket but make sure keys match
        try:
            deal_with_client(connstream) # call the receive function to receive file (more details above )
        finally:
            connstream.shutdown(socket.SHUT_RDWR)
            connstream.close()
            print 'socket was closed'

def wavFinder():
    newest = max(glob.iglob('*.[Ww][Aa][Vv]'), key=os.path.getctime)
    return newest


if __name__=='__main__':
    start_Server()
    wavFileNew = wavFinder()
    print wavFileNew

Here is my java code :

import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.*;

/**
 * Created by admirmonteiro on 2/18/16.
 */
public class testCertEdison {
    /** TrustStores which is for the client use**/


    final String theServerName = "XXX.XX.XX.XXX";
    final int theServerPort = 50007;
    //   final static String pathToStores = "../../Desktop/SSL_KEY/x509_Java/keyStore/ex/";
    final static String pathToStores = "/Users/admirmonteiro/Desktop/SSL_KEY/x509_Java/client/tS";
    final static String trustStoreFile = "clientCert" ; // filename
    final static String passwd = "admir2006";

    public static void main(String args[]) throws Exception {

        String trustFileName = pathToStores + "/" + trustStoreFile;
        System.setProperty("javax.net.ssl.trustStore",trustFileName);
        System.setProperty("javax.net.ssl.trustStorePassword",passwd);

        new test_certificate().doClient();

    }

    void doClient() throws Exception{
        SSLSocketFactory sslsf = (SSLSocketFactory) SSLSocketFactory.getDefault();
        SSLSocket sslSocket = (SSLSocket) sslsf.createSocket(theServerName,theServerPort);

        OutputStream sslOS = sslSocket.getOutputStream();
        sslOS.write("Connected to the stupid thing".getBytes());
        sslOS.flush();
        sslSocket.close();

    }
}

Please help, I have been at this for a while.

0andriy
  • 4,183
  • 1
  • 24
  • 37
Aboogie
  • 450
  • 2
  • 9
  • 27
  • What is "client.pem" in your keytool import? For this to work as it looks like you're trying, this value should be "server.pem" - i.e. the exact same certificate file that the server is starting up using. – Joshua Davies Feb 25 '16 at 23:24
  • yes, it is exactly what sever.pem is, I copied and pasted it. – Aboogie Feb 26 '16 at 00:00
  • The code you posted works for me (after adjusting filenames, paths, and hosts) when client.pem and server.pem are the same. Do they connect to each other when you run them on the same box? If they do when they're colocated but not otherwise, then you're being blocked by a firewall somewhere. – Joshua Davies Feb 26 '16 at 16:57
  • what if it isn't a firewall problem because really the Intel Edison as far as I know does have firewall . ?? I listened on the server and was able to connect to it with openssl s_client just fine with no connection refused. I am a little confused at this point why the java client doesn't work. I was also able to telnet to the server and that worked just fine. Does this mean that my java code is not correct ? – Aboogie Feb 27 '16 at 19:38

1 Answers1

2

'Connection refused' means there was nothing listening at the IP:port you tried to connect to.

It has nothing to do with truststores or keystores or certificates or SSL or Python or Java or OpenSSL.

user207421
  • 305,947
  • 44
  • 307
  • 483