Home AMX User Forum Duet/Cafe Duet

Https authentication failed

I have no problem testing the code on the computer. I can communicate with the device via https, but it is not successful after uploading to the device. I cannot establish HTTPS communication with the device. Have you ever encountered this situation?

Comments

  • Capture and paste the Java error log from NetLinx Studio Diagnostics would be helpful.

  • ychych Posts: 30

    Hi, I emailed you to inquire about this issue. At that time, I used the program you sent me to skip SSL authentication to test Huawei BOX terminal skipping SSL, and it was unsuccessful!

  • For the benefit of others who might find the same problem pasting the Java error log here would be helpful.

  • ychych Posts: 30

    Using org. eclipse. jetty. client. HttpClient, the controller prompts an error:
    javax.net.ssl.SSLException: Received fatal alert: handshake_failure

    public class httputility {
    private static HttpClient _httpclient=null;
    private static String cookie=null;
    private static SslContextFactory ContextFactory=null;
    static void intizationHttpClient() throws Exception{
    try {
    ContextFactory=new SslContextFactory();
    ContextFactory.setTrustAll(true);
    _httpclient =new HttpClient(ContextFactory);
    _httpclient.setConnectTimeout(5000);
    _httpclient.setFollowRedirects(false);
    _httpclient.setCookieStore(new HttpCookieStore.Empty());
    _httpclient.start();
    }catch(Exception e) {
    System.out.println(e.getMessage());
    }
    }

  • ychych Posts: 30

    Use javax. net. ssl. HttpsURLConnection;, Controller prompt error:
    Received fatal alert: handshake_failure

    static {
    disableSslVerification();
    }

    private static void disableSslVerification() {
        try
        {
            // Create a trust manager that does not validate certificate chains
            TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
                @Override
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
                @Override
                public void checkClientTrusted(X509Certificate[] certs, String authType) {
                }
                @Override
                public void checkServerTrusted(X509Certificate[] certs, String authType) {
                }
            }
            };
    
            // Install the all-trusting trust manager
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            httpsconnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    
            // Create all-trusting host name verifier
            HostnameVerifier allHostsValid = new HostnameVerifier() {
                @Override
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            };
    
            // Install the all-trusting host verifier
            httpsconnection.setDefaultHostnameVerifier(allHostsValid);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
    }
    
  • Still need to see the detailed Java error log as printed to Diagnostics.

  • Also if you are not using a minimum of NX f/w 1.6.201 then you could be running into unsupported cypher key issues.

  • ychych Posts: 30
    I have upgraded the firmware of the controller to the highest version. Does this have anything to do with it?
  • ychych Posts: 30
    The firmware I can download now is 1.6.179
  • @ych - The product page only contains the official release version. Go here for hot fix versions -
    https://help.harmanpro.com/nx-master

  • ychych Posts: 30

    hi:
    I have upgraded my firmware to v1.6.205 and tested it using org.eclipse.kitty.client.HttpClient. The computer is running normally, but uploading to the controller still fails, prompting a handshake error:
    Line 207 2023-03-21 (09:25:31):: javax.net.ssl.SSLException: Received fatal alert: handshake_ failure

  • ychych Posts: 30

    The test using javax.net.ssl.HttpsURLConnection cannot be uploaded to the controller. Prompt:
    Line 77 2023-03-21 (11:03:01):: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  • Printing the full error log to Diagnostics will output a very accurate log of what wrong including the class and code line number. This will be more helpful to debug your code than just the generic Exception that was found.

        try {
         // stuff to try
        } catch (Exception e) {
            e.printStackTrace();
        }
    

    And this code snippet snippet doesn't make sense to me

    static {
    disableSslVerification();
    }
    

    You would probably better off passing the httpsconnection as a parameter to the disableSslVerification - as it has to be applied to every https connection, not just one.

  • ychych Posts: 30

    Hello!
    I have modified the following code to allow verification to be skipped using httpsconnection, but it is still not possible to skip verification using org.eclipse.detty.client.HttpClient:
    static void intizationHttpClient(){
    try {
    TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
    @Override
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
    return null;
    }
    @Override
    public void checkClientTrusted(X509Certificate[] certs, String authType) {
    }
    @Override
    public void checkServerTrusted(X509Certificate[] certs, String authType) {
    }
    }
    };

                // Install the all-trusting trust manager
               SSLContext sc = SSLContext.getInstance("SSL");
                sc.init(null, trustAllCerts, new java.security.SecureRandom());
              //sc.init(null, null,new java.security.SecureRandom());
              //SSLContext.setDefault(sc);
            ContextFactory=new SslContextFactory();
            //ContextFactory.setValidateCerts(false);
            ContextFactory.setTrustAll(true);
            ContextFactory.setSslContext(sc);
            _httpclient =new HttpClient(ContextFactory);
         _httpclient.setConnectTimeout(5000);
         _httpclient.setFollowRedirects(false);
         _httpclient.setCookieStore(new HttpCookieStore.Empty());
         _httpclient.start();
        }catch(Exception e) {
            e.printStackTrace();
        }
    }
    

    Controller prompt:javax.net.ssl.SSLException: Received fatal alert: handshake_failure

  • This is the method we use to load the device certificate to the NX truststore - it shows how to implement a trust all certificate javax.net.ssl.HttpsURLConnection. This method is called in most of the published AMX Duet modules where the device is a physical device on the local network. You can also try getting the certificate and loading it to the Duet TrustStore through the NetLinx Studio Certificate Manager then just let the HTTPS connection run its normal course through the underlying system processes to establish the trust with the device. The RMS Admistrators Guide https://www.amx.com/en-US/site_elements/system-administrator-s-manual-rms-enterprise-resource-management-suite has step by step directions for importing into the Duet TrustStore.

    If this doesn't help you figure out how to get your code working you will need to start digging around sourceforge.net or other open source resources for the answer.

        /**
         * Read and install device SSL certificate on Netlinx Controller.
         * return - if executed successfully
         */
        public boolean init() {
            logger.info("init() called...");
            if (!getModule().hasConfiguration()) { return false; }
    
            HttpsURLConnection httpsClient = null;
            SSLContext sslCtx;
    
            deleteCertFile();
            SSLSocketFactoryProvider.reInit(null,
                    null);
    
            try {
    
                sslCtx = SSLContext.getInstance("TLS");
                sslCtx.init(null,
                            new TrustManager[] {
                                    new X509TrustManager() {
    
                                        private X509Certificate[] accepted;
    
                                        public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
                                        }
    
                                        public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
                                            accepted = xcs;
                                        }
    
                                        public X509Certificate[] getAcceptedIssuers() {
                                            return accepted;
                                        }
                                    }
                            },
                            null);
    
                httpsClient = (HttpsURLConnection) new URL(getModule().getDeviceURL()).openConnection();
    
                httpsClient.setHostnameVerifier(new HostnameVerifier() {
                    public boolean verify(String string, SSLSession ssls) {
                        return true;
                    }
                });
    
                httpsClient.setSSLSocketFactory(sslCtx.getSocketFactory());
    
                logger.info("Connecting to server to retrieve certificate(s)...");
                httpsClient.connect();
    
                final Certificate[] certificates = httpsClient.getServerCertificates();
                for (final Certificate certificate : certificates) {
                    if (logger.doDebug()) {
                        BannerLogger.logit(BannerLogger.centeredLineOfText("certificate")+ "\n\t"
                                            + certificate);
                    }
                    if (certificate instanceof X509Certificate) {
                        try {
                            final CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
                            final ByteArrayInputStream in = new ByteArrayInputStream(certificate.getEncoded());
                            final X509Certificate cert = (X509Certificate) certFactory.generateCertificate(in);
    
                            final KeyStore ks = KeyStore.getInstance("JKS");
                            ks.load(null,
                                    null);
                            ks.setCertificateEntry( "certificate",
                                                    cert);
    
                            new File(getModule().getCertFileDir()).mkdirs();
                            File file = getCertFile();                      
                            file.createNewFile();
    
                            logger.info("Write to certificate file:",
                                            file.getAbsolutePath());
    
                            try (final FileOutputStream os = new FileOutputStream(file)) {
                                ks.store(   os,
                                            getModule().getCertFilePassword().toCharArray());
                            }
                        }
                        catch (final Exception e) {
                            logger.exception(   e,
                                                "Exception at Read SSL Certificate(s): ");
                        }                   
                    }
                }
            }
            catch (final Exception e) {
                logger.exception(   e,
                                    "Exception at Install SSL Certificate(s): ");
            }
            finally {
                if (httpsClient != null) {
                    logger.debug("Disconnecting from server...");
                    httpsClient.disconnect();
                }
            }
    
            if (isCerticateInstalled()) {
                SSLSocketFactoryProvider.reInit(getModule().getCertFileDir() + getModule().getDefaultCertificateFileName(),
                                                    getModule().getCertFilePassword());
                logger.info("Certificate(s) installed on controller");
            }
            else {
                logger.warn("Certificate(s) not installed on controller");
            }
    
            return isCerticateInstalled();
        }
    
    
  • ychych Posts: 30

    I can understand the code you sent. If you need to keep a long link,justignore discoonnect.

  • tttttt Posts: 14

    Is there a program for the amx central control to control Huawei box310? brother

Sign In or Register to comment.