Hi Mikis, This definitely sounds like a bug. I'll try to address it shortly. Meanwhile, I'd suggest working around it by using another connector if you can (for example, but putting the org.restlet.ext.net or org.restlet.ext.httpclient on the classpath if you can).
I suspect that these connectors may trigger similar problems with "$HOME/.keystore" since we've introduced client-side certificate support (in 2.0-M6). Jerome, Thierry and the rest of the community, any thoughts about removing the default value of "$HOME/.keystore" when trying to load a keystore (removing it for both client and server side would be easier)? Essentially, this would mean that Restlet no longer assumes that the keystore (what contains the local certificate and private key) is in "$HOME/.keystore" by default, and thus users would have to specify it anyway (either via API or via the usual system property). This would be consistent with the (absence of) default value in the JSSE reference guide <http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization>. I'm only talking about the _keystore_, not the _truststore_ (those default values are specified and would remain the same: either default values in line with the JSSE ref guide, values specified by the system properties, or values specified via the Restlet API -- SslContextFactories/connector parameters). Best wishes, Bruno. Mikis Seth Sørensen wrote: > Hi Bruno > > If the keystore isn't found an java.io.FileNotFoundException, see stacktrace > <i>C:\Users\mikis\.keystore (Den angivne fil blev ikke fundet) > at java.io.FileInputStream.open(Native Method) > at java.io.FileInputStream.<init>(FileInputStream.java:106) > at java.io.FileInputStream.<init>(FileInputStream.java:66) > at > org.restlet.engine.http.StreamClientHelper.createSecureSocketFactory(StreamClientHelper.java:180) > at > org.restlet.engine.http.StreamClientHelper.createSocketFactory(StreamClientHelper.java:255)"<i> > > In case of a invalid password a java.io.IOException is thrown: > <i>java.io.IOException: Keystore was tampered with, or password was > incorrect > at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771) > at > sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) > at java.security.KeyStore.load(KeyStore.java:1185) > at > org.restlet.engine.http.StreamClientHelper.createSecureSocketFactory(StreamClientHelper.java:187)<i> > > what is a bit fishy here is that a connection is actually established, > even though the certificate hasn't been validated, very bold. > > If the certificate isn't found in the keystore a > <i>java.security.UnrecoverableKeyException: Cannot recover key<i> > is thrown. > > So it lookes like this is the cause for the problem. A more precise > error message would have been something like 'Can not find certificate > XXX in keystore YYYY', which I'll be adding to my application. > > ~Mikis > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2427116
