[jira] [Assigned] (CXF-8363) Jetty certificate hot reload throws exception due to usage of depreciated SslContextFactory

Wed, 04 Nov 2020 08:26:57 -0800 


     [ 
https://issues.apache.org/jira/browse/CXF-8363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Freeman Yue Fang reassigned CXF-8363:
-------------------------------------

    Assignee: Freeman Yue Fang

> Jetty certificate hot reload throws exception due to usage of depreciated 
> SslContextFactory
> -------------------------------------------------------------------------------------------
>
>                 Key: CXF-8363
>                 URL: https://issues.apache.org/jira/browse/CXF-8363
>             Project: CXF
>          Issue Type: Improvement
>            Reporter: Fadi Mohsen
>            Assignee: Freeman Yue Fang
>            Priority: Minor
>
> When attempting hot reload of certificate using Jetty:s 
> {noformat}
>             JettyHTTPDestination destination = (JettyHTTPDestination) 
> server.getDestination();
>             JettyHTTPServerEngine engine = (JettyHTTPServerEngine) 
> destination.getEngine();
>             Collection<ConnectionFactory> connectionFactories = 
> engine.getServer().getConnectors()[0].getConnectionFactories();
>             SslConnectionFactory connectionFactory = (SslConnectionFactory) 
> connectionFactories.stream().filter(cf -> cf instanceof SslConnectionFactory)
>                     .findFirst()
>                     .get();
>             SslContextFactory sslContextFactory = 
> connectionFactory.getSslContextFactory();
>             sslContextFactory.reload(ssf -> {
>                 ssf.setSslContext(null);
>                 ssf.setKeyStore(certStore.getKeyStore());
>                 ssf.setKeyStorePassword(new 
> String(certStore.getKeyPassword()));
>             });{noformat}
> I got this exception:
> {noformat}
> java.lang.IllegalStateException: KeyStores with multiple certificates are not 
> supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. 
> (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or 
> org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
>    at 
> org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1277)
>    at 
> org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1259)
>    at 
> org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374)
>    at 
> org.eclipse.jetty.util.ssl.SslContextFactory.reload(SslContextFactory.java:1990){noformat}
> After reading on the issue, it turned out that CXF´s JettyHTTPServerEngine is 
> using the deprecated :
> [see createConnector function 
> |https://github.com/apache/cxf/blob/master/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java#L628]
> {noformat}
> createConnector-> sslcf = new SslContextFactory(){noformat}
>  
> whereas it should been using:
> {noformat}
> sslcf = new SslContextFactory.Server(){noformat}
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to