Thanks Bruno. Dan, just in case you end up using the latest development
version of Restlet (v1.2), note that the classes have been refactored:
DefaultSslContextFactory has moved to
org.restlet.engine.util.DefaultSslContextFactory, so the sslContextFactory
parameter would be set as follows:
parameters.add("sslContextFactory",
"org.restlet.engine.util.DefaultSslContextFactory");
Also in v1.2, PkixSslContextFactory has moved from
com.noelios.restlet.ext.ssl.PkixSslContextFactory to
org.restlet.ext.ssl.PkixSslContextFactory.
You'll get an exception when you start your component if you specify the
wrong one, for example specifying the v1.1 package when using v1.2 results
in:
WARNING: Unable to find SslContextFactory class:
com.noelios.restlet.util.DefaultSslContextFactory
java.lang.ClassNotFoundException:
com.noelios.restlet.util.DefaultSslContextFactory
If you're sticking to Restlet 1.1 for now, then use
com.noelios.restlet.util.DefaultSslContextFactory as Bruno indicated.
Cheers
Ben
--------------------------------------------------
From: "Bruno Harbulot" <[email protected]>
Sent: Thursday, January 29, 2009 12:51 PM
To: <[email protected]>
Subject: Re: HTTPS trustAnchors error
> Hi Dan,
>
> It looks like a bug in the code I wrote... I'm going to look into this.
> Can you try using com.noelios.restlet.util.DefaultSslContextFactory
> instead of com.noelios.restlet.ext.ssl.PkixSslContextFactory meanwhile?
>
> Best wishes,
>
> Bruno.
>
> Dan Noble wrote:
>> Hello all,
>>
>> I am new to Restlets, and I am trying to set up a simple server to accept
>> HTTPS connections. (I'm using Restlets 1.1.2, Java 1.6 on OSX 10.5 and
>> my classpath has the following jars:
>> com.noelios.restlet.ext.ssl.jar
>> org.jsslutils.jar
>> org.simpleframework.jar
>> com.noelios.restlet.jar
>> org.restlet.jar
>> com.noelios.restlet.ext.simple_3.1.jar)
>>
>>
>> I have been following:
>> http://wiki.restlet.org/docs_1.1/13-restlet/27-restlet/46-restlet/213-restlet.html
>>
>> To generate the keystore, i used:
>> keytool -genkey -v -alias serverX -keypass password -keystore
>> serverX.jks -keyalg "RSA" -sigalg "MD5withRSA" -keysize 2048 -validity
>> 3650
>> and entered "password" for the keystore password for testing purposes.
>>
>>
>> Here is the code I have so far:
>>
>> public static void main(String[] args) {
>>
>> try {
>> // Create a new Component.
>> Component component = new Component();
>>
>> // Add a new HTTPS server listening on port 8182.
>> Server server = component.getServers().add(Protocol.HTTPS,
>> 8182);
>>
>> Series<Parameter> parameters =
>> server.getContext().getParameters();
>>
>> File pwd = new File(".");
>> String path = pwd.getCanonicalPath();
>> String keystorePath = path + "/keystore/serverX.jks";
>>
>> parameters.add("sslContextFactory",
>> "com.noelios.restlet.ext.ssl.PkixSslContextFactory");
>>
>> parameters.add("keystorePath", keystorePath);
>> parameters.add("keystorePassword", "password");
>> parameters.add("keyPassword", "password");
>> parameters.add("keystoreType", "JKS");
>>
>> // Attach the sample application.
>> component.getDefaultHost().attach("",new
>> MessageForwarderApplication());
>>
>> // Start the component.
>> component.start();
>> System.out.println("Started");
>> } catch (Exception e) {
>> // Something is wrong.
>> e.printStackTrace();
>> }
>> }
>>
>>
>> The exact exception is I'm getting is:
>>
>> org.jsslutils.sslcontext.SSLContextFactory$SSLContextFactoryException:
>> Exception in SSLContextFactory
>> at
>> org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:231)
>> at
>> org.jsslutils.sslcontext.PKIXSSLContextFactory.getTrustParams(PKIXSSLContextFactory.java:190)
>> at
>> org.jsslutils.sslcontext.PKIXSSLContextFactory.getRawTrustManagers(PKIXSSLContextFactory.java:163)
>> at
>> org.jsslutils.sslcontext.X509SSLContextFactory.getTrustManagers(X509SSLContextFactory.java:346)
>> at
>> org.jsslutils.sslcontext.SSLContextFactory.buildSSLContext(SSLContextFactory.java:256)
>> at
>> com.noelios.restlet.ext.ssl.PkixSslContextFactory.createSslContext(PkixSslContextFactory.java:72)
>> at
>> com.noelios.restlet.ext.simple.HttpsServerHelper.start(HttpsServerHelper.java:267)
>> at org.restlet.Server.start(Server.java:383)
>> at org.restlet.Component.startServers(Component.java:1233)
>> at org.restlet.Component.start(Component.java:1194)
>> at
>> com.test.messageservice.MessageService.main(MessageService.java:55)
>> // ---> component.start(); line
>> Caused by: java.security.InvalidAlgorithmParameterException: the
>> trustAnchors parameter must be non-empty
>> at
>> java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:183)
>> at
>> java.security.cert.PKIXParameters.<init>(PKIXParameters.java:140)
>> at
>> java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:113)
>> at
>> org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:215)
>> ... 10 more
>>
>> After a little bit of googling, it looks like this has something to do
>> with the trustStore... I tried setting the truststore using:
>> System.setProperty("javax.net.ssl.trustStore","/path/to/osx/cacerts");
>> System.setProperty("javax.net.ssl.trustStorePassword","changeit");
>> but received the same error.
>>
>> If anyone has any insight, I would be most grateful!
>>
>> Thanks,
>> Dan
>>
>> ------------------------------------------------------
>> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1065230
>>
>
> ------------------------------------------------------
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1068636
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1068767
