I have been working to update an application to make use of HTTPS instead of
HTTP and am having a difficult time getting Jetty to cooperate with me. It
seems to be ignoring my SSL Parameters.
Component comp = new Component();
Server server = comp.getServers().add(Protocol.HTTPS, 8443);
Series<Parameter> params = server.getContext().getParameters();
params.add("sslContextFactory",
"org.restlet.ext.ssl.PkixSslContextFactory");
params.add("keystorePath", KEYSTORE_LOCATION);
params.add("keystorePassword", KEYSTORE_PASSWORD);
params.add("keyPassword", KEYSTORE_KEY_PASSWORD);
params.add("keystoreType", KEYSTORE_TYPE);
params.add("truststorePath", KEYSTORE_LOCATION);
params.add("truststorePassword", KEYSTORE_PASSWORD);
params.add("trustPassword", KEYSTORE_KEY_PASSWORD);
params.add("truststoreType", KEYSTORE_TYPE);
I check these parameters with simply system.out's to ensure that
KEYSTORE_LOCATION and the like are indeed being set. I have also tried
specifying the string directly in the code rather than as properties, and
changing the path numerous times (absolute/relative references, etc...).
What I end up with however is Jetty checking the default location regardless of
my configuration:
java.io.FileNotFoundException: C:\Users\myuser\.keystore (The system
cannot find the file specified)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:106)
at
org.eclipse.jetty.util.resource.FileResource.getInputStream(FileResource.java:274)
at
org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:41)
at
org.eclipse.jetty.http.ssl.SslContextFactory.getKeyStore(SslContextFactory.java:913)
at
org.eclipse.jetty.http.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:873)
at
org.eclipse.jetty.http.ssl.SslContextFactory.createSSLContext(SslContextFactory.java:825)
at
org.eclipse.jetty.http.ssl.SslContextFactory.doStart(SslContextFactory.java:221)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:58)
at
org.eclipse.jetty.server.ssl.SslSocketConnector.doStart(SslSocketConnector.java:341)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:58)
at org.eclipse.jetty.server.Server.doStart(Server.java:269)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:58)
at
org.restlet.ext.jetty.JettyServerHelper.start(JettyServerHelper.java:395)
at org.restlet.Server.start(Server.java:585)
at org.restlet.Component.startServers(Component.java:601)
at org.restlet.Component.start(Component.java:528)
As a test, I created the keystore in the default location only to be met with:
java.security.UnrecoverableKeyException: Password must not be null
Which seems to be another issue of it ignoring my parameters.
If I intentionally mess up one of the keystore/truststore path parameters with
garbage data, it does indeed throw an error stating that it can not find these
files either.
params.add("keystorePath", "C:\\dummy");
java.lang.RuntimeException: java.io.FileNotFoundException: C:\dummy
(The system cannot find the file specified)
However, when they are all seemingly correct, it simply ignores them. I am
concerned it may be due to the fact that I am using Jetty 7.4.5 rather than a
newer release, and the configuration the Helper performs may have changed?
(have to deal with some SLF4J problems preventing me from using a newer version
of Jetty)
When I took a look at the code for the Jetty and SSL extensions, however, I can
find no issues based on the use of the SSLContext system.
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2891008
