Thanks Bruno that worked, your a star ;-)
Interestingly I'm still getting a keystore tamper error, but it works.
See below.
java -jar target/com.vennetics.jbox.fs.api-2.0-dist.dir/
com.vennetics.jbox.fs.api-2.0.jar
Exception in thread "main" java.io.IOException: Keystore was tampered
with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:768)
at java.security.KeyStore.load(KeyStore.java:1150)
at
com
.noelios
.restlet.ext.simple.HttpsServerHelper.start(HttpsServerHelper.java:250)
at org.restlet.Server.start(Server.java:383)
at org.restlet.Component.startServers(Component.java:1176)
at org.restlet.Component.start(Component.java:1137)
at com.vennetics.jbox.fs.api.Main.main(Main.java:49)
Aug 17, 2008 8:15:27 PM com.noelios.restlet.LogFilter afterHandle
INFO: 2008-08-17 20:15:27 0:0:0:0:0:0:0:1%0 - - 8182 GET / - 404 330 - https://localhost:8182
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_4; en-us) AppleWebKit/
525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1 -
Looking at the Helper File its been generated by a keyStore.load call
(see below)
/*
* If an SslContextFactory has been set up, its settings take
priority
* over the other parameters (which are otherwise used to
build and
* initialise an SSLContext).
*/
if (sslContextFactory == null) {
final KeyStore keyStore =
KeyStore.getInstance(getKeystoreType());
final FileInputStream fis = getKeystorePath() == null ?
null
: new FileInputStream(getKeystorePath());
final char[] password = getKeystorePassword() == null ?
null
: getKeystorePassword().toCharArray();
keyStore.load(fis, password);
if (fis != null) {
fis.close();
}
I noticed in the changes.txt for Milestone 5 you did some updates to
the sslContextFactory, is this relevant to the error message?
Bruno thanks again for your help. I'm interested in documenting
this, I think it would be useful to provide a cheatsheet for HTTPS /
Basic Auth from scratch. There seems to be lots of helloworlds for
REST, few examples with security. Where would be the most
appropriate place to do this on the Restlet site or hosted by
Vennetics and referenced from Restlet.
Christy Ring
[EMAIL PROTECTED]
On 17 Aug 2008, at 17:32, Bruno Harbulot wrote:
Hi Christy,
Christy Ring wrote:
I wasnt aware of the certificate issue, thanks. I've modified the
keytool command to reflect the changes you suggest as follows,
deleted the .keystore and recreated it. I assume this is all I
have to do with the keystore to get up and running?
keytool -genkey -keyalg RSA -dname "cn=www.vennetics.com <http://www.vennetics.com
>, ou=JBox, o=Vennetics, c=GB" -alias vennetics -keypass jbox123 -
keystore /Users/christyring/.keystore -storepass jbox123
Yes, this should be sufficient to generate a self-signed
certificate, which may be enough depending on your requirements.
This is likely to be a problem if you deploy it for a wide audience.
Bruno do you have an application that you confirm this feature
works with 1.1-M5? To test myself I modified the keystore,
keystorePassword and keyPassword of the BasicHttpServer example
that came with 1.1-M5 with my details, nothing else and ran this,
it failed. I've pasted the code below with my changes.
final File keystoreFile = new File("d:\\temp\\certificats",
"myServerKeystore");
// Component declaring only one HTTPS server connector.
final Component component = new Component();
component.getServers().add(Protocol.HTTPS, 8182);
component.getDefaultHost().attach("/helloWorld", restlet);
// Update component's context with keystore parameters.
component.getContext().getParameters().add("keystorePath", "/Users/
christyring/.keystore");
component.getContext().getParameters().add("keystorePassword",
"jbox123");
component.getContext().getParameters().add("keyPassword", "jbox123");
I had missed something: now that the Contexts have been split, these
settings should be configured in the Server context:
Server server = component.getServers().add(Protocol.HTTPS, 8182);
component.getDefaultHost().attach("/helloWorld", restlet);
server.getContext().getParameters().add("keystorePath", "/Users/
christyring/.keystore");
server.getContext().getParameters().add("keystorePassword",
"jbox123");
server.getContext().getParameters().add("keyPassword", "jbox123");
That's certainly something we should clarify in the documentation [1]
[2].
I've just tried this with a test keystore on OSX with Restlet 1.1-M5
and it worked.
Best wishes,
Bruno.
[1]
http://wiki.restlet.org/docs_1.1/g1/13-restlet/29-restlet/99-restlet/46-restlet.html
[2] http://wiki.restlet.org/docs_1.1/g1/43-restlet/153-restlet.html