Hello Eben,
the Restlet client should work (I provide you a sample code) assuming
that you are using either the Apache HTTPClient connector or the JDK net
connector which both support the HTTPS protocol.
Have you made a try with the JDK net client connector?
One aspect that may lead you to failure is that self signed certificates
need to be accepted on client side. In a few words, you must import the
server certificate in your local truststore (the default one, or one
that you have specified explicitely) with keytool (program provided by
the JDK). The following command line allows you to import a server
certificate in a specific truststore :
keytool -import
-alias my-client
-keystore /path/to/your/truststore/myClientTruststore
-file myServerCertificate.cert
For more explanations, have a look at this
- jsse (truststore, etc) =>
http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html
<http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html>
- keytool usage =>
http://java.sun.com/j2se/1.5.0/docs/tooldocs/#security
<http://java.sun.com/j2se/1.5.0/docs/tooldocs/#security>
best regards,
Thierry Boileau
ps : I send you a sample client code app that takes care of the truststore
import java.io.File;
import java.io.IOException;
import org.restlet.Client;
import org.restlet.data.Method;
import org.restlet.data.Protocol;
import org.restlet.data.Request;
import org.restlet.data.Response;
public class BasicHttpsClient {
public static void main(String[] args) {
// Instantiates a client according to a protocol
Client client = new Client(Protocol.HTTPS);
// Instantiates a request with a method and the resource's URI
Request request = new Request(Method.GET,
"https://localhost:8182/helloWorld";);
File keystoreFile = new File("d:\\temp\\certificats",
"myClientKeystore");
System.setProperty("javax.net.ssl.trustStore", keystoreFile
.getAbsolutePath());
// Sends the request and gets the response
Response response = client.handle(request);
// Prints the status of the response
System.out.println(response.getStatus());
// Writes the response's entity content, if available
if (response.isEntityAvailable()) {
try {
response.getEntity().write(System.out);
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
Eben a écrit :
Hello,
I was wondering if anyone had some ideas or experience on the
following matter.
So I am trying to run my Restlet-based app in our QA environment. In
that environment I am using a self-signed certificate for Tomcat's
HTTPS on the server side.
My client code is also using Restlet, and I am unable to communicate
with the HTTPS Restlet server.
After doing a bit of research and poking around, I am under the
suspicion that HttpClient is rejecting my self-signed certificate.
There isn't any activity in the logs on the Restlet server when I try
and make a HTTPS call using the Restlet client. HTTP calls work
fine. Also, I am able to successfully make HTTPS calls against the
Restlet server when using the 'curl' program on the command line,
albeit with specifying the --insecure option so it ignores the
certificate.
At this point I have determined I have two options:
1. Persuade Restlet Client to have HttpClient use the
org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory
for handling HTTPS requests
2. Just use HttpClient directly and have it use the
org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory.
One thought of mine I am still trying to test is to just something
along the lines of:
org.apache.commons.httpclient.protocol.Protocol easyhttps =
new org.apache.commons.httpclient.protocol.Protocol(
"https",
new
org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory(),
443);
org.apache.commons.httpclient.protocol.Protocol
.registerProtocol("https", easyhttps);
right before calling:
restClient = new Client(Protocol.HTTPS);
Which I just tried and does not appear to work. For now I am going to
abandon the Restlet client and go try and get an HttpClient call
working first.
Would it be worthwhile to add a 'HTTPS_EASY' to the Restlet Protocol
class that would use the EasySSLProtocolSocketFactory? Is there
another way to get the Restlet client to communicate with HTTPS
servers using self-signed certificates?
This would be a nice feature to have for doing testing. Or when the
program doesn't really care about the origins of a certificate of the
other party, just that it uses a secure channel to communicate.
-Eben
