[
https://issues.apache.org/jira/browse/CXF-8363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fadi Mohsen updated CXF-8363:
-----------------------------
Description:
When attempting hot reload of certificate using Jetty:s
{noformat}
JettyHTTPDestination destination = (JettyHTTPDestination)
server.getDestination();
JettyHTTPServerEngine engine = (JettyHTTPServerEngine)
destination.getEngine();
Collection<ConnectionFactory> connectionFactories =
engine.getServer().getConnectors()[0].getConnectionFactories();
SslConnectionFactory connectionFactory = (SslConnectionFactory)
connectionFactories.stream().filter(cf -> cf instanceof SslConnectionFactory)
.findFirst()
.get();
SslContextFactory sslContextFactory =
connectionFactory.getSslContextFactory();
sslContextFactory.reload(ssf -> {
ssf.setSslContext(null);
ssf.setKeyStore(certStore.getKeyStore());
ssf.setKeyStorePassword(new String(certStore.getKeyPassword()));
});{noformat}
I got this exception:
{noformat}
java.lang.IllegalStateException: KeyStores with multiple certificates are not
supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use
org.eclipse.jetty.util.ssl.SslContextFactory$Server or
org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
at
org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1277)
at
org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1259)
at
org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374)
at
org.eclipse.jetty.util.ssl.SslContextFactory.reload(SslContextFactory.java:1990){noformat}
After reading on the issue, it turned out that CXF´s JettyHTTPServerEngine is
using the deprecated :
{noformat}
createConnector-> sslcf = new SslContextFactory(){noformat}
whereas it should been using:
{noformat}
sslcf = new SslContextFactory.Server(){noformat}
was:
When attempting hot reload of certificate using Jetty:s
{noformat}
JettyHTTPDestination destination = (JettyHTTPDestination)
server.getDestination();
JettyHTTPServerEngine engine = (JettyHTTPServerEngine)
destination.getEngine();
Collection<ConnectionFactory> connectionFactories =
engine.getServer().getConnectors()[0].getConnectionFactories();
SslConnectionFactory connectionFactory = (SslConnectionFactory)
connectionFactories.stream().filter(cf -> cf instanceof SslConnectionFactory)
.findFirst()
.get();
SslContextFactory sslContextFactory =
connectionFactory.getSslContextFactory();
sslContextFactory.reload(ssf -> {
ssf.setSslContext(null);
ssf.setKeyStore(certStore.getKeyStore());
ssf.setKeyStorePassword(new String(certStore.getKeyPassword()));
});{noformat}
I got this exception:
{noformat}
java.lang.IllegalStateException: KeyStores with multiple certificates are not
supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use
org.eclipse.jetty.util.ssl.SslContextFactory$Server or
org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
at
org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1277)
at
org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1259)
at
org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374)
at
org.eclipse.jetty.util.ssl.SslContextFactory.reload(SslContextFactory.java:1990){noformat}
After reading on the issue, it turned out that CXF´s JettyHTTPServerEngine is
using the deprecated :
{noformat}
createConnector-> sslcf = new SslContextFactory(){noformat}
whereas it should been using:
{noformat}
sslcf = new SslContextFactory.Server(){noformat}
> Jetty certificate hot reload throws exception due to usage of depreciated
> SslContextFactory
> -------------------------------------------------------------------------------------------
>
> Key: CXF-8363
> URL: https://issues.apache.org/jira/browse/CXF-8363
> Project: CXF
> Issue Type: Improvement
> Reporter: Fadi Mohsen
> Priority: Minor
>
> When attempting hot reload of certificate using Jetty:s
> {noformat}
> JettyHTTPDestination destination = (JettyHTTPDestination)
> server.getDestination();
> JettyHTTPServerEngine engine = (JettyHTTPServerEngine)
> destination.getEngine();
> Collection<ConnectionFactory> connectionFactories =
> engine.getServer().getConnectors()[0].getConnectionFactories();
> SslConnectionFactory connectionFactory = (SslConnectionFactory)
> connectionFactories.stream().filter(cf -> cf instanceof SslConnectionFactory)
> .findFirst()
> .get();
> SslContextFactory sslContextFactory =
> connectionFactory.getSslContextFactory();
> sslContextFactory.reload(ssf -> {
> ssf.setSslContext(null);
> ssf.setKeyStore(certStore.getKeyStore());
> ssf.setKeyStorePassword(new
> String(certStore.getKeyPassword()));
> });{noformat}
> I got this exception:
> {noformat}
> java.lang.IllegalStateException: KeyStores with multiple certificates are not
> supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory.
> (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or
> org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1277)
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1259)
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374)
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.reload(SslContextFactory.java:1990){noformat}
> After reading on the issue, it turned out that CXF´s JettyHTTPServerEngine is
> using the deprecated :
> {noformat}
> createConnector-> sslcf = new SslContextFactory(){noformat}
>
> whereas it should been using:
> {noformat}
> sslcf = new SslContextFactory.Server(){noformat}
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
