Https authentication failed
ych
Posts: 44
I have no problem testing the code on the computer. I can communicate with the device via https, but it is not successful after uploading to the device. I cannot establish HTTPS communication with the device. Have you ever encountered this situation?
0
Comments
Capture and paste the Java error log from NetLinx Studio Diagnostics would be helpful.
Hi, I emailed you to inquire about this issue. At that time, I used the program you sent me to skip SSL authentication to test Huawei BOX terminal skipping SSL, and it was unsuccessful!
For the benefit of others who might find the same problem pasting the Java error log here would be helpful.
Using org. eclipse. jetty. client. HttpClient, the controller prompts an error:
javax.net.ssl.SSLException: Received fatal alert: handshake_failure
public class httputility {
private static HttpClient _httpclient=null;
private static String cookie=null;
private static SslContextFactory ContextFactory=null;
static void intizationHttpClient() throws Exception{
try {
ContextFactory=new SslContextFactory();
ContextFactory.setTrustAll(true);
_httpclient =new HttpClient(ContextFactory);
_httpclient.setConnectTimeout(5000);
_httpclient.setFollowRedirects(false);
_httpclient.setCookieStore(new HttpCookieStore.Empty());
_httpclient.start();
}catch(Exception e) {
System.out.println(e.getMessage());
}
}
Use javax. net. ssl. HttpsURLConnection;, Controller prompt error:
Received fatal alert: handshake_failure
static {
disableSslVerification();
}
private static void disableSslVerification() { try { // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() { @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkClientTrusted(X509Certificate[] certs, String authType) { } @Override public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; // Install the all-trusting trust manager SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); httpsconnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }; // Install the all-trusting host verifier httpsconnection.setDefaultHostnameVerifier(allHostsValid); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } }Still need to see the detailed Java error log as printed to Diagnostics.
Also if you are not using a minimum of NX f/w 1.6.201 then you could be running into unsupported cypher key issues.
@ych - The product page only contains the official release version. Go here for hot fix versions -
https://help.harmanpro.com/nx-master
hi:
I have upgraded my firmware to v1.6.205 and tested it using org.eclipse.kitty.client.HttpClient. The computer is running normally, but uploading to the controller still fails, prompting a handshake error:
Line 207 2023-03-21 (09:25:31):: javax.net.ssl.SSLException: Received fatal alert: handshake_ failure
The test using javax.net.ssl.HttpsURLConnection cannot be uploaded to the controller. Prompt:
Line 77 2023-03-21 (11:03:01):: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Printing the full error log to Diagnostics will output a very accurate log of what wrong including the class and code line number. This will be more helpful to debug your code than just the generic Exception that was found.
try { // stuff to try } catch (Exception e) { e.printStackTrace(); }And this code snippet snippet doesn't make sense to me
static { disableSslVerification(); }You would probably better off passing the httpsconnection as a parameter to the disableSslVerification - as it has to be applied to every https connection, not just one.
Hello!
I have modified the following code to allow verification to be skipped using httpsconnection, but it is still not possible to skip verification using org.eclipse.detty.client.HttpClient:
static void intizationHttpClient(){
try {
TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); //sc.init(null, null,new java.security.SecureRandom()); //SSLContext.setDefault(sc); ContextFactory=new SslContextFactory(); //ContextFactory.setValidateCerts(false); ContextFactory.setTrustAll(true); ContextFactory.setSslContext(sc); _httpclient =new HttpClient(ContextFactory); _httpclient.setConnectTimeout(5000); _httpclient.setFollowRedirects(false); _httpclient.setCookieStore(new HttpCookieStore.Empty()); _httpclient.start(); }catch(Exception e) { e.printStackTrace(); } }Controller prompt:javax.net.ssl.SSLException: Received fatal alert: handshake_failure
This is the method we use to load the device certificate to the NX truststore - it shows how to implement a trust all certificate javax.net.ssl.HttpsURLConnection. This method is called in most of the published AMX Duet modules where the device is a physical device on the local network. You can also try getting the certificate and loading it to the Duet TrustStore through the NetLinx Studio Certificate Manager then just let the HTTPS connection run its normal course through the underlying system processes to establish the trust with the device. The RMS Admistrators Guide https://www.amx.com/en-US/site_elements/system-administrator-s-manual-rms-enterprise-resource-management-suite has step by step directions for importing into the Duet TrustStore.
If this doesn't help you figure out how to get your code working you will need to start digging around sourceforge.net or other open source resources for the answer.
/** * Read and install device SSL certificate on Netlinx Controller. * return - if executed successfully */ public boolean init() { logger.info("init() called..."); if (!getModule().hasConfiguration()) { return false; } HttpsURLConnection httpsClient = null; SSLContext sslCtx; deleteCertFile(); SSLSocketFactoryProvider.reInit(null, null); try { sslCtx = SSLContext.getInstance("TLS"); sslCtx.init(null, new TrustManager[] { new X509TrustManager() { private X509Certificate[] accepted; public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { } public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { accepted = xcs; } public X509Certificate[] getAcceptedIssuers() { return accepted; } } }, null); httpsClient = (HttpsURLConnection) new URL(getModule().getDeviceURL()).openConnection(); httpsClient.setHostnameVerifier(new HostnameVerifier() { public boolean verify(String string, SSLSession ssls) { return true; } }); httpsClient.setSSLSocketFactory(sslCtx.getSocketFactory()); logger.info("Connecting to server to retrieve certificate(s)..."); httpsClient.connect(); final Certificate[] certificates = httpsClient.getServerCertificates(); for (final Certificate certificate : certificates) { if (logger.doDebug()) { BannerLogger.logit(BannerLogger.centeredLineOfText("certificate")+ "\n\t" + certificate); } if (certificate instanceof X509Certificate) { try { final CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); final ByteArrayInputStream in = new ByteArrayInputStream(certificate.getEncoded()); final X509Certificate cert = (X509Certificate) certFactory.generateCertificate(in); final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, null); ks.setCertificateEntry( "certificate", cert); new File(getModule().getCertFileDir()).mkdirs(); File file = getCertFile(); file.createNewFile(); logger.info("Write to certificate file:", file.getAbsolutePath()); try (final FileOutputStream os = new FileOutputStream(file)) { ks.store( os, getModule().getCertFilePassword().toCharArray()); } } catch (final Exception e) { logger.exception( e, "Exception at Read SSL Certificate(s): "); } } } } catch (final Exception e) { logger.exception( e, "Exception at Install SSL Certificate(s): "); } finally { if (httpsClient != null) { logger.debug("Disconnecting from server..."); httpsClient.disconnect(); } } if (isCerticateInstalled()) { SSLSocketFactoryProvider.reInit(getModule().getCertFileDir() + getModule().getDefaultCertificateFileName(), getModule().getCertFilePassword()); logger.info("Certificate(s) installed on controller"); } else { logger.warn("Certificate(s) not installed on controller"); } return isCerticateInstalled(); }I can understand the code you sent. If you need to keep a long link,justignore discoonnect.
Is there a program for the amx central control to control Huawei box310? brother
No module available in the resource center.
By documentation it is HTTP with JSON
https://support.huawei.com/enterpriseics/Box 310/22.2.2/topic/view.do?portalid=1665222519830&hdxfileid=HWICS1000001242&pidid=pid_bookmap_0000001511518532&topicid=TOPIC_0000001511518668&relationid=default&path=