I am working hard on an open project to implement Libimobiledevice library in Java.
I already had implement Usbmuxd / PlistService / DeviceConnexion etc..
All working good, except when I am trying to wrap the SSL Socket.
According to the different implementation made in C (Libimobiledevice) or in Python (pymobiledevice), I generate the X509Certificat using the PEM provided during the Host & Device pairing.
I use this following PEM to generate my X509Certificat (first generated using libimobiledevice) :
-----BEGIN CERTIFICATE-----
MIICujCCAaKgAwIBAgIBADANBgkqhkiG9w0BAQUFADAAMB4XDTIxMDExMjE0MDcy
OVoXDTMxMDExMDE0MDcyOVowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMtALTNIPEv1KjnzSarFl5ahC6UB9SMCRZbaPP3270Fxl8BW8BcbhqEn5j5K
pB+f+f4QXSh8ITx2/LPPuwd2YNlpR+pYmvKCLZRTxyrNLDY5srj3bIxAcJKIcuiQ
zISbGxNd/1jK52Y6ZmB9ntFpK094ZCL40TRvlghlzdYhS9Fr82OvIetyC+WXn64D
+gyrrtASvydOSzyiVJELDWe7ULHsVSafBBOL76BOmA6g4iruFujuMfrxFydg5RGp
TwTe9VnwJJO1xuKTlgMP9zQKxTP0EoEOGJ+rcqfmwExYRELQe4YwAkEKiq48BIxp
WHMo88Kj6MFmCnaDY9is18g+2yUCAwEAAaM/MD0wDAYDVR0TAQH/BAIwADAdBgNV
HQ4EFgQUHx2bzAmGPtEdlX34YL6pu9cfqMkwDgYDVR0PAQH/BAQDAgWgMA0GCSqG
SIb3DQEBBQUAA4IBAQDQeLnRXk3LWVBdZ7OzgtmHM236bDms2dgBPZv3WfTSHriT
l3PTssO08elH6/WAT2ljRluu3jtkwaqwKsEsG+8XAoMyHbW8VmzqC+PNou0PZPpY
cLMqTVdDq+9Do1AyQ8i3V16GGCxBb8NCHyfUcRnnq04KiuwaKBwWtttpTwMoAkYB
I+aH1drtRDiBcxuALZqEcAg5jfatgaRfgWsWNE0NJiXdk1PHUcF9dBOUhNttp1AS
THwqJXdBEiPc00zRlUQEx5Wu5pO4SVvhwbEM1F00srcDK6yYz0s+23eU7XLH6bGd
ik7hOSZjkEP/mmkrYHZUYYY9obpFbtLLsTWp0b0S
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDLQC0zSDxL9So5
80mqxZeWoQulAfUjAkWW2jz99u9BcZfAVvAXG4ahJ+Y+SqQfn/n+EF0ofCE8dvyz
z7sHdmDZaUfqWJrygi2UU8cqzSw2ObK492yMQHCSiHLokMyEmxsTXf9YyudmOmZg
fZ7RaStPeGQi+NE0b5YIZc3WIUvRa/NjryHrcgvll5+uA/oMq67QEr8nTks8olSR
Cw1nu1Cx7FUmnwQTi++gTpgOoOIq7hbo7jH68RcnYOURqU8E3vVZ8CSTtcbik5YD
D/c0CsUz9BKBDhifq3Kn5sBMWERC0HuGMAJBCoquPASMaVhzKPPCo+jBZgp2g2PY
rNfIPtslAgMBAAECggEBAJblvqkkKB/8lK0Rgs/WgwTB6/NF0Ml9Fk05Ga8zdc4Q
l6mk4ftF5F4hUT9OCyuvidqmK4OzJLnPXS3iO+j+akj/cPT7c444N763tFaCnSBl
FdtdVqmJ7gncY/NmDXEl9qQaVUmG2uV61ictHIw8mHsX1sBgGnHjpm/1pSwk7DU9
rC8ZsaNlDhEWGETohqXxUvK0e1MXNWWjg+XNSYrkj8b0f6SLKOFQcUQqreGDyg5I
uz/5pS6IGpetqWt43WbcgeRAELhtWBZsJgWv07Esf52RIqY1tW12QCguJUTP+Hqv
qfO7B+RJcv+m1Y4KEfMbShcl+SbMNagtjOQzGNmhlAECgYEA+J8ryB1cUdIuxtgG
EPBy+2JCb1Hjr8mIvdzuBj9Mbtlp9/n1tGCsex2T+Ct8IkohS/lOMgGXy+aw+Ats
pW9Z0XfEucyg8WgZ7zRPl83YIMDAXkOEQhNxZ+mgBHKPFCKLGzLOL392Le7niUxw
CX6mNVkKesP1Tn2gm+g+I3lMzNUCgYEA0UhP/tGV2G76hK3qp/X15ao3yG2FgEZv
qFU7rIi/jrJaFwCpPZ4y828iv3nScSgBBSUOKwhY/k+LTPHaSkpgeX5Rhpj1mW+t
cVeEjbHLAlhX/FivfaJOLJfQTU2YChqA9Ax5VVPMTjhVS77BU68omUZpG2xzBp6K
clDn8XE8vRECgYEA4kEwPcACeO+W5BxJgPbhHMZyAQ5770ivqWE6N/M44pP27NXL
9agYrz3en/Uq1aWyoYoy0C1E8ClzmXgEGpW4HnkpTZDcUnTTTS3E1Thd3IitR9uX
q+43wUIJ/qImdUNuZoUYwH71lJ2algc62lkodtoeQFS+k/ydweRbUDseWjUCgYEA
yscSG4jfc9I0EhKhZxS+qUUAv8a+r8ePsL7FDyuAz7an69nMIdQC8jQgqv5SlSl5
s45v5+oysFZKVseQBqOCTrXCMHRMo9q9ZzCxUsmONjt7JRqZD1YQAM0oG36vbjq3
77+WYMLNFo0muDmgAIGbCMhcVyIBYcyDwLf7xMk/XMECgYBim0gMEYAE+2U2b1wm
5CnTDcObOTf2cUh56YWwPOlmQIbXKQxlEajCBYCfX51HHi0TyozutJ9oFuGQJzzH
h4UHmSykionM7KTgQOtnEbYVzTSyx4wlQWciHSHUZ3RhOGTM1jbeTXTUXwcXVfLA
z0UpDK0tm1S3o/aQFS1RkX+chg==
-----END PRIVATE KEY-----
When I decode this PEM File , I can see there is no DN provided in this key.
And during the SSLHandshake I receive this Exception :
Exception in thread "main" java.io.IOException: java.io.IOException: javax.net.ssl.SSLProtocolException: Empty issuer DN not allowed in X509Certificates
And this is the part of my code causing this Exception :
SSLSocket sslSocket = (SSLSocket) SSLContext.getDefault().getSocketFactory().createSocket(socket, "127.0.0.1", 62078, true);
System.out.println("Socket open");
sslSocket.setEnabledCipherSuites(new String[] { "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" });
sslSocket.setEnabledProtocols(new String[] { "TLSv1.2" });
try{
sslSocket.startHandshake();
System.out.println("================================Socket open success");
}catch(Exception e){
throw new IOException(e);
}
There is a way to bypass the "Empty issuer Exception" in Java ? or Someone do have an other idea ? I really need your help on this.
Thank you.