Hi,
I'm trying to use the Simple HTTPS library to set up a HTTPS connection with
mutual PKI authentication, after successful server-only authentication.
For the server-only authentication, I created a JKS keystore and modified the
client/server samples in
src\org.restlet.example\org\restlet\example\book\restlet\ch11\{BasicHttpsServer.java,BasicHttpsClient.java}
to load that store.
The client GET request returned the 200 OK.
For the mutual authentication, the BasicHttpsServer.java becomes:
System.setProperty("javax.net.ssl.trustStore",
keystoreFile.getAbsolutePath());
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
// Component declaring only one HTTPS server connector.
Component component = new Component();
Server server = component.getServers().add(Protocol.HTTPS, 8182);
component.getDefaultHost().attach("/helloWorld", restlet);
// Update server's context with keystore parameters.
server.getContext().getParameters().add("keystorePath",
keystoreFile.getAbsolutePath());
server.getContext().getParameters().add("keystorePassword", "changeit");
server.getContext().getParameters().add("keyPassword", "server");
server.getContext().getParameters().add("needClientAuthentication",
"true");
and the BasicHttpsClient.java becomes:
System.setProperty("javax.net.ssl.trustStore",
keystoreFile.getAbsolutePath());
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
Component component = new Component();
Client client = component.getClients().add(Protocol.HTTPS);
client.getContext().getParameters().add("keystorePath",
keystoreFile.getAbsolutePath());
client.getContext().getParameters().add("keystorePassword", "changeit");
client.getContext().getParameters().add("keyPassword", "server");
which is very similar to the server. I used the same jks keystore file for both
client and server to make sure they have the same CA. However, the client GET
request returns this error status:
Communication Error (1001) - Software caused connection abort: recv failed
I also tried to load client side keystore with these:
System.setProperty("javax.net.ssl.keyStore",
keystoreFile.getAbsolutePath());
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
But I got an error status:
Communication Error (1001) - Default SSL context init failed: Cannot recover key
I suspect the client would not find the key from the keystore because Java does
not provide such property "javax.net.ssl.keyPassword".
Does anyone know what is wrong?
For mutual authentication, how do I set up the trustStore on the server side,
and how do I set up the keystore on the client side?
Thanks a lot.
Li
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2430830
