[jetty-users] Issue with using SslContextFactory.setNeedClientAuth

Sun, 29 Jun 2014 19:50:18 -0700 

Hello,



I am using jetty-9.2.1.v20140609 and wishing to configure my application to
use the setNeedClientAuth (from SslContextFactory). I wish to have a client
certificate authentication mechanism within my application.



I am running Jetty in Embedded mode (with no XML configuration).



My code for configuring the SslContextFactory is as follows:





*public* *class* SSLContext *extends* SslContextFactory {



       *private* *final* ServerCertificateKeyStore *certificateKeyStore* =
EngineInstanceCore

                     .*getServerCertificateKeyStore*();



       *private* *static* SSLContext *sslContext*;



       *private* *static* CertificateKeyStore *keyStore*;

       *private* *static* CertificateKeyStore *trustStore*;



       *public* *static* SSLContext getInstance() *throws* Exception {

              *if* (*keyStore* == *null*) *keyStore* = *new*
CertificateKeyStore("keyStore", *true*, *false*);

              *if* (*trustStore* == *null*) *trustStore* = *new*
CertificateKeyStore("trustStore", *true*, *true*);

              *if* (*sslContext* == *null*) *sslContext* = *new*
SSLContext();



              *return* *sslContext*;

       }



       *protected* SSLContext() *throws* Exception {

              *super*(*keyStore*.getKeyStoreFilePath().toString());

              init();

       }





       *private* *void* init() {



              setKeyStorePassword(*new* String(*keyStore*
.getKeyStorePassword()));

              setKeyStoreType(*keyStore*.getKeyStore().getType());

              setKeyStoreProvider(*trustStore*
.getKeyStore().getProvider().getName());



              setTrustStorePath(*trustStore*
.getKeyStoreFilePath().toString());

              setTrustStore(*trustStore*.getKeyStore());

              setTrustStorePassword(*new* String(*trustStore*
.getKeyStorePassword()));

              setTrustStoreType(*trustStore*.getKeyStore().getType());

              setTrustStoreProvider(*trustStore*
.getKeyStore().getProvider().getName());

              setNeedClientAuth(true);



              System.*setProperty*("javax.net.ssl.keyStore", *keyStore*
.getKeyStoreFilePath().toString());

              System.*setProperty*("javax.net.ssl.keyStorePassword", *new*
String(*keyStore*.getKeyStorePassword()));

              System.*setProperty*("javax.net.ssl.trustStore",  *trustStore*
.getKeyStoreFilePath().toString());

              System.*setProperty*("javax.net.ssl.trustStorePassword", *new*
String(*trustStore*.getKeyStorePassword()));

       }



}





Using Chrome, with setNeedClientAuth = TRUE, when I browse to my site
Chrome reports “SSL connection error” (“Error code:
ERR_SSL_PROTOCOL_ERROR”).  However, if I set setNeedClientAuth = FALSE,
 Chrome successfully browses to the requested URL and I can see that the
certificate for the SSL connection is the certificate within the KEYSTORE
defined by *super*(*keyStore*.getKeyStoreFilePath().toString());



Can anyone please assist within the above in determining why I can not get
setNeedClientAuth to work when set to TRUE?



Cheers,

Matthew

_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users

Reply via email to