Hi Christy, Thanks for reporting this issue with the HTTPS server example. This is now fixed in our SVN trunk. Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ <http://www.restlet.org/> http://www.restlet.org Noelios Technologies ~ Co-founder ~ <http://www.noelios.com/> http://www.noelios.com
_____ De : Christy Ring [mailto:[EMAIL PROTECTED] Envoye : dimanche 17 aout 2008 21:27 A : [email protected] Objet : Re: SSL problem Thanks Bruno that worked, your a star ;-) Interestingly I'm still getting a keystore tamper error, but it works. See below. java -jar target/com.vennetics.jbox.fs.api-2.0-dist.dir/com.vennetics.jbox.fs.api-2.0. jar Exception in thread "main" java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:768) at java.security.KeyStore.load(KeyStore.java:1150) at com.noelios.restlet.ext.simple.HttpsServerHelper.start(HttpsServerHelper.jav a:250) at org.restlet.Server.start(Server.java:383) at org.restlet.Component.startServers(Component.java:1176) at org.restlet.Component.start(Component.java:1137) at com.vennetics.jbox.fs.api.Main.main(Main.java:49) Aug 17, 2008 8:15:27 PM com.noelios.restlet.LogFilter afterHandle INFO: 2008-08-17 20:15:27 0:0:0:0:0:0:0:1%0 - - 8182 GET / - 404 330 - https://localhost:8182 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_4; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1 - Looking at the Helper File its been generated by a keyStore.load call (see below) /* * If an SslContextFactory has been set up, its settings take priority * over the other parameters (which are otherwise used to build and * initialise an SSLContext). */ if (sslContextFactory == null) { final KeyStore keyStore = KeyStore.getInstance(getKeystoreType()); final FileInputStream fis = getKeystorePath() == null ? null : new FileInputStream(getKeystorePath()); final char[] password = getKeystorePassword() == null ? null : getKeystorePassword().toCharArray(); keyStore.load(fis, password); if (fis != null) { fis.close(); } I noticed in the changes.txt for Milestone 5 you did some updates to the sslContextFactory, is this relevant to the error message? Bruno thanks again for your help. I'm interested in documenting this, I think it would be useful to provide a cheatsheet for HTTPS / Basic Auth from scratch. There seems to be lots of helloworlds for REST, few examples with security. Where would be the most appropriate place to do this on the Restlet site or hosted by Vennetics and referenced from Restlet. Christy Ring [EMAIL PROTECTED] On 17 Aug 2008, at 17:32, Bruno Harbulot wrote: Hi Christy, Christy Ring wrote: I wasnt aware of the certificate issue, thanks. I've modified the keytool command to reflect the changes you suggest as follows, deleted the .keystore and recreated it. I assume this is all I have to do with the keystore to get up and running? keytool -genkey -keyalg RSA -dname "cn=www.vennetics.com <http://www.vennetics.com>, ou=JBox, o=Vennetics, c=GB" -alias vennetics -keypass jbox123 -keystore /Users/christyring/.keystore -storepass jbox123 Yes, this should be sufficient to generate a self-signed certificate, which may be enough depending on your requirements. This is likely to be a problem if you deploy it for a wide audience. Bruno do you have an application that you confirm this feature works with 1.1-M5? To test myself I modified the keystore, keystorePassword and keyPassword of the BasicHttpServer example that came with 1.1-M5 with my details, nothing else and ran this, it failed. I've pasted the code below with my changes. final File keystoreFile = new File("d:\\temp\\certificats", "myServerKeystore"); // Component declaring only one HTTPS server connector. final Component component = new Component(); component.getServers().add(Protocol.HTTPS, 8182); component.getDefaultHost().attach("/helloWorld", restlet); // Update component's context with keystore parameters. component.getContext().getParameters().add("keystorePath", "/Users/christyring/.keystore"); component.getContext().getParameters().add("keystorePassword", "jbox123"); component.getContext().getParameters().add("keyPassword", "jbox123"); I had missed something: now that the Contexts have been split, these settings should be configured in the Server context: Server server = component.getServers().add(Protocol.HTTPS, 8182); component.getDefaultHost().attach("/helloWorld", restlet); server.getContext().getParameters().add("keystorePath", "/Users/christyring/.keystore"); server.getContext().getParameters().add("keystorePassword", "jbox123"); server.getContext().getParameters().add("keyPassword", "jbox123"); That's certainly something we should clarify in the documentation [1][2]. I've just tried this with a test keystore on OSX with Restlet 1.1-M5 and it worked. Best wishes, Bruno. [1] http://wiki.restlet.org/docs_1.1/g1/13-restlet/29-restlet/99-restlet/46-rest let.html [2] http://wiki.restlet.org/docs_1.1/g1/43-restlet/153-restlet.html
