I've just created this issue on this topic: http://restlet.tigris.org/issues/show_bug.cgi?id=977
Bruno. Bruno Harbulot wrote: > Hi Mikis, > > This definitely sounds like a bug. I'll try to address it shortly. > Meanwhile, I'd suggest working around it by using another connector if > you can (for example, but putting the org.restlet.ext.net or > org.restlet.ext.httpclient on the classpath if you can). > > I suspect that these connectors may trigger similar problems with > "$HOME/.keystore" since we've introduced client-side certificate support > (in 2.0-M6). > > Jerome, Thierry and the rest of the community, any thoughts about > removing the default value of "$HOME/.keystore" when trying to load a > keystore (removing it for both client and server side would be easier)? > > Essentially, this would mean that Restlet no longer assumes that the > keystore (what contains the local certificate and private key) is in > "$HOME/.keystore" by default, and thus users would have to specify it > anyway (either via API or via the usual system property). This would be > consistent with the (absence of) default value in the JSSE reference > guide > <http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization>. > > I'm only talking about the _keystore_, not the _truststore_ (those > default values are specified and would remain the same: either default > values in line with the JSSE ref guide, values specified by the system > properties, or values specified via the Restlet API -- > SslContextFactories/connector parameters). > > > Best wishes, > > Bruno. > > Mikis Seth Sørensen wrote: >> Hi Bruno >> >> If the keystore isn't found an java.io.FileNotFoundException, see stacktrace >> <i>C:\Users\mikis\.keystore (Den angivne fil blev ikke fundet) >> at java.io.FileInputStream.open(Native Method) >> at java.io.FileInputStream.<init>(FileInputStream.java:106) >> at java.io.FileInputStream.<init>(FileInputStream.java:66) >> at >> org.restlet.engine.http.StreamClientHelper.createSecureSocketFactory(StreamClientHelper.java:180) >> at >> org.restlet.engine.http.StreamClientHelper.createSocketFactory(StreamClientHelper.java:255)"<i> >> >> In case of a invalid password a java.io.IOException is thrown: >> <i>java.io.IOException: Keystore was tampered with, or password was >> incorrect >> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771) >> at >> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) >> at java.security.KeyStore.load(KeyStore.java:1185) >> at >> org.restlet.engine.http.StreamClientHelper.createSecureSocketFactory(StreamClientHelper.java:187)<i> >> >> what is a bit fishy here is that a connection is actually established, >> even though the certificate hasn't been validated, very bold. >> >> If the certificate isn't found in the keystore a >> <i>java.security.UnrecoverableKeyException: Cannot recover key<i> >> is thrown. >> >> So it lookes like this is the cause for the problem. A more precise >> error message would have been something like 'Can not find certificate >> XXX in keystore YYYY', which I'll be adding to my application. >> >> ~Mikis >> > > ------------------------------------------------------ > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2427116 > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2430258
