Re: SSL problem

Sun, 17 Aug 2008 12:27:32 -0700 

Thanks Bruno that worked, your a star ;-)
Interestingly I'm still getting a keystore tamper error, but it works. See below. 



java -jar target/com.vennetics.jbox.fs.api-2.0-dist.dir/ 
com.vennetics.jbox.fs.api-2.0.jar
Exception in thread "main" java.io.IOException: Keystore was tampered  
with, or password was incorrect

        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:768)
        at java.security.KeyStore.load(KeyStore.java:1150)

	at  
com 
.noelios 
.restlet.ext.simple.HttpsServerHelper.start(HttpsServerHelper.java:250)

        at org.restlet.Server.start(Server.java:383)
        at org.restlet.Component.startServers(Component.java:1176)
        at org.restlet.Component.start(Component.java:1137)
        at com.vennetics.jbox.fs.api.Main.main(Main.java:49)





Aug 17, 2008 8:15:27 PM com.noelios.restlet.LogFilter afterHandle

INFO: 2008-08-17	20:15:27	0:0:0:0:0:0:0:1%0	-	-	8182	GET	/	-	404	330	-	https://localhost:8182 
	Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_4; en-us) AppleWebKit/ 
525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1	-





Looking at the Helper File its been generated by a keyStore.load call  
(see below)


     /*

         * If an SslContextFactory has been set up, its settings take  
priority
         * over the other parameters (which are otherwise used to  
build and

         * initialise an SSLContext).
         */
        if (sslContextFactory == null) {

            final KeyStore keyStore =  
KeyStore.getInstance(getKeystoreType());
            final FileInputStream fis = getKeystorePath() == null ?  
null

                    : new FileInputStream(getKeystorePath());

            final char[] password = getKeystorePassword() == null ?  
null

                    : getKeystorePassword().toCharArray();
            keyStore.load(fis, password);
            if (fis != null) {
                fis.close();
            }



I noticed in the changes.txt for Milestone 5 you did some updates to  
the sslContextFactory, is this relevant to the error message?



Bruno thanks again for your help.   I'm interested in documenting  
this, I think it would be useful to provide a cheatsheet for HTTPS /  
Basic Auth from scratch.  There seems to be lots of helloworlds for  
REST, few examples with security.   Where would be the most  
appropriate place to do this on the Restlet site or hosted by  
Vennetics and referenced from Restlet.



Christy Ring
[EMAIL PROTECTED]



On 17 Aug 2008, at 17:32, Bruno Harbulot wrote:


Hi Christy,

Christy Ring wrote:

I wasnt aware of the certificate issue, thanks.  I've modified the  
keytool command to reflect the changes you suggest as follows,  
deleted the .keystore and recreated it.  I assume this is all I  
have to do with the keystore to get up and running?
keytool -genkey -keyalg RSA -dname "cn=www.vennetics.com <http://www.vennetics.com 
>, ou=JBox, o=Vennetics, c=GB" -alias vennetics -keypass jbox123 - 
keystore /Users/christyring/.keystore -storepass jbox123



Yes, this should be sufficient to generate a self-signed  
certificate, which may be enough depending on your requirements.  
This is likely to be a problem if you deploy it for a wide audience.




Bruno do you have an application that you confirm this feature  
works with 1.1-M5?  To test myself I modified the keystore,  
keystorePassword and keyPassword of the BasicHttpServer example  
that came with 1.1-M5 with my details, nothing else and ran this,  
it failed.   I've pasted the code below with my changes.



final File keystoreFile = new File("d:\\temp\\certificats",  
"myServerKeystore");

// Component declaring only one HTTPS server connector.
final Component component = new Component();
component.getServers().add(Protocol.HTTPS, 8182);
component.getDefaultHost().attach("/helloWorld", restlet);
// Update component's context with keystore parameters.

component.getContext().getParameters().add("keystorePath", "/Users/ 
christyring/.keystore");
component.getContext().getParameters().add("keystorePassword",  
"jbox123");

component.getContext().getParameters().add("keyPassword", "jbox123");



I had missed something: now that the Contexts have been split, these  
settings should be configured in the Server context:


Server server = component.getServers().add(Protocol.HTTPS, 8182);
component.getDefaultHost().attach("/helloWorld", restlet);


server.getContext().getParameters().add("keystorePath", "/Users/ 
christyring/.keystore");
server.getContext().getParameters().add("keystorePassword",  
"jbox123");

server.getContext().getParameters().add("keyPassword", "jbox123");


That's certainly something we should clarify in the documentation [1] 
[2].



I've just tried this with a test keystore on OSX with Restlet 1.1-M5  
and it worked.


Best wishes,

Bruno.


[1] 
http://wiki.restlet.org/docs_1.1/g1/13-restlet/29-restlet/99-restlet/46-restlet.html
[2] http://wiki.restlet.org/docs_1.1/g1/43-restlet/153-restlet.html

























					Reply via email to