**Context: **Using smack 4.1.0 in client to connect to openfire 3.9.3 server configured with xmpp.client.cert.policy=needed, sasl.mechs=EXTERNAL. Client and server trust set up and appear to authenticate.
Problem: *With a smartcard, the TLS Handshake does not complete on server side. Client performs its CertificateVerify (signed secret and prior messages), ciphersuite and finished messages but server never responds with its own ciphersuite and *finished *messages. Instead I NoResponse Timeouts in SmackException. *
Psuedo-summary*: I will post my code if requested but first I thought I would describe what it’s doing and just post the part of interest.*
-
Using a test class with main() method.
-
Create a KeyStore based on softoken (scenario 1) and MSCAPI “Windows-MY” (scenario 2) and initialize with KeyManagerFactory
-
Use a jssecacerts in %JAVA_HOME%/lib/security truststore (for now)
-
Use an X509ExtendedKeyManager to select alias (chooseClientAlias() in scenario 2 KeyManager and authenticate with smartcard.
-
Create a custom SSLContext to initialize my custom KeyManager (array of 1).
-
Use the XMPPTCPConnectionConfiguration.builder() to construct details of connection including my custom SSLContext and SecurityMode.required
-
Instantiate an AbstractXMPPTCPConnection using the configuration I build in #6
-
connect().
-
disconnect().
Scenario 1*: Softoken (filesystem KeyStore) authentication output*
01:27:46 PM SENT (0): <stream:stream xmlns=‘jabber:client’ to=‘example.com’ xmlns:stream=‘http://etherx.jabber.org/streams’ version=‘1.0’ xml:lang=‘en’>
01:27:46 PM RECV (0): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream=“http://etherx.jabber.org/streams” xmlns=“jabber:client” from=“example.com” id=“67bad334” xml:lang=“en” version=“1.0”>stream:featuresEXTERNAL</mecha nisms></stream:features>
01:27:46 PM SENT (0):
01:27:46 PM RECV (0):
01:27:46 PM SENT (0): <stream:stream xmlns=‘jabber:client’ to=‘example.com’ xmlns:stream=‘http://etherx.jabber.org/streams’ version=‘1.0’ xml:lang=‘en’>
01:27:46 PM RECV (0): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream=“http://etherx.jabber.org/streams” xmlns=“jabber:client” from=“example.com” id=“67bad334” xml:lang=“en” version=“1.0”>stream:featuresEXTERNAL</mecha nisms>zlib</stream:features>
01:27:46 PM SENT (0):
01:27:46 PM SENT (0): </stream:stream>
Scenario 2*: Smartcard (through Windows-MY) authentication output*
01:34:55 PM SENT (0): <stream:stream xmlns=‘jabber:client’ to=‘example.com’ xmlns:stream=‘http://etherx.jabber.org/streams’ version=‘1.0’ xml:lang=‘en’>
01:34:55 PM RECV (0): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream=“http://etherx.jabber.org/streams” xmlns=“jabber:client” from=“example.com” id=“c5d2996e” xml:lang=“en” version=“1.0”>
01:34:55 PM RECV (0): stream:featuresEXTERNAL</mecha nisms></stream:features>
01:34:55 PM SENT (0):
01:34:55 PM RECV (0):
org.jivesoftware.smack.SmackException$NoResponseException: No response received within reply timeout. Timeout was 5000ms (~5s). Used filter: No filter used or filter was ‘null’.
at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackExceptio n.java:106)
at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackExceptio n.java:85)
at org.jivesoftware.smack.SynchronizationPoint.checkForResponse(SynchronizationPoi nt.java:192)
at org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWait(Synchronizatio nPoint.java:114)
at org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWaitOrThrow(Synchro nizationPoint.java:97)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection. java:837)
at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.ja va:360)
at pke4chat.TestProtoType.main(TestProtoType.java:84)
01:35:00 PM SENT (0):
May 28, 2015 1:35:05 PM org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketWriter shutdown
WARNING: shutdownDone was not marked as successful by the writer thread
org.jivesoftware.smack.SmackException$NoResponseException: No response received within reply timeout. Timeout was 5000ms (~5s). Used filter: No filter used or filter was ‘null’.
at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackExceptio n.java:106)
at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackExceptio n.java:85)
at org.jivesoftware.smack.SynchronizationPoint.checkForResponse(SynchronizationPoi nt.java:192)
at org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWait(Synchronizatio nPoint.java:114)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketWriter.shutdown(XMPPTCPConne ction.java:1265)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.shutdown(XMPPTCPConnection.java:49 4)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.shutdown(XMPPTCPConnection.java:47 6)
at org.jivesoftware.smack.AbstractXMPPConnection.disconnect(AbstractXMPPConnection .java:666)
at org.jivesoftware.smack.AbstractXMPPConnection.disconnect(AbstractXMPPConnection .java:646)
at pke4chat.TestProtoType.main(TestProtoType.java:108)
The Big Question: What can be causing the SmackException$NoResponseException?
Stabbing in the dark…
-
increasing packetReply timeout made no difference
-
while I wait for any replies (Flow?), I will move my alias selection to a callback handler implementation. Right now it is all coded within the custom KeyManager.
Thanks in advance.
regards,
tt