RE: Re: HTTPS trustAnchors error
Thanks Bruno and Ben - switching to the DefaultSslContextFactory worked for me. I'm going to switch over to Restlet 1.2 as well. Dan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1069368
Re: HTTPS trustAnchors error
Thanks Bruno. Dan, just in case you end up using the latest development
version of Restlet (v1.2), note that the classes have been refactored:
DefaultSslContextFactory has moved to
org.restlet.engine.util.DefaultSslContextFactory, so the sslContextFactory
parameter would be set as follows:
parameters.add("sslContextFactory",
"org.restlet.engine.util.DefaultSslContextFactory");
Also in v1.2, PkixSslContextFactory has moved from
com.noelios.restlet.ext.ssl.PkixSslContextFactory to
org.restlet.ext.ssl.PkixSslContextFactory.
You'll get an exception when you start your component if you specify the
wrong one, for example specifying the v1.1 package when using v1.2 results
in:
WARNING: Unable to find SslContextFactory class:
com.noelios.restlet.util.DefaultSslContextFactory
java.lang.ClassNotFoundException:
com.noelios.restlet.util.DefaultSslContextFactory
If you're sticking to Restlet 1.1 for now, then use
com.noelios.restlet.util.DefaultSslContextFactory as Bruno indicated.
Cheers
Ben
--
From: "Bruno Harbulot"
Sent: Thursday, January 29, 2009 12:51 PM
To:
Subject: Re: HTTPS trustAnchors error
> Hi Dan,
>
> It looks like a bug in the code I wrote... I'm going to look into this.
> Can you try using com.noelios.restlet.util.DefaultSslContextFactory
> instead of com.noelios.restlet.ext.ssl.PkixSslContextFactory meanwhile?
>
> Best wishes,
>
> Bruno.
>
> Dan Noble wrote:
>> Hello all,
>>
>> I am new to Restlets, and I am trying to set up a simple server to accept
>> HTTPS connections. (I'm using Restlets 1.1.2, Java 1.6 on OSX 10.5 and
>> my classpath has the following jars:
>> com.noelios.restlet.ext.ssl.jar
>> org.jsslutils.jar
>> org.simpleframework.jar
>> com.noelios.restlet.jar
>> org.restlet.jar
>> com.noelios.restlet.ext.simple_3.1.jar)
>>
>>
>> I have been following:
>> http://wiki.restlet.org/docs_1.1/13-restlet/27-restlet/46-restlet/213-restlet.html
>>
>> To generate the keystore, i used:
>> keytool -genkey -v -alias serverX -keypass password -keystore
>> serverX.jks -keyalg "RSA" -sigalg "MD5withRSA" -keysize 2048 -validity
>> 3650
>> and entered "password" for the keystore password for testing purposes.
>>
>>
>> Here is the code I have so far:
>>
>> public static void main(String[] args) {
>>
>> try {
>> // Create a new Component.
>> Component component = new Component();
>>
>> // Add a new HTTPS server listening on port 8182.
>> Server server = component.getServers().add(Protocol.HTTPS,
>> 8182);
>>
>> Series parameters =
>> server.getContext().getParameters();
>>
>> File pwd = new File(".");
>> String path = pwd.getCanonicalPath();
>> String keystorePath = path + "/keystore/serverX.jks";
>>
>> parameters.add("sslContextFactory",
>> "com.noelios.restlet.ext.ssl.PkixSslContextFactory");
>>
>> parameters.add("keystorePath", keystorePath);
>> parameters.add("keystorePassword", "password");
>> parameters.add("keyPassword", "password");
>> parameters.add("keystoreType", "JKS");
>>
>> // Attach the sample application.
>> component.getDefaultHost().attach("",new
>> MessageForwarderApplication());
>>
>> // Start the component.
>> component.start();
>> System.out.println("Started");
>> } catch (Exception e) {
>> // Something is wrong.
>> e.printStackTrace();
>> }
>> }
>>
>>
>> The exact exception is I'm getting is:
>>
>> org.jsslutils.sslcontext.SSLContextFactory$SSLContextFactoryException:
>> Exception in SSLContextFactory
>> at
>> org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:231)
>> at
>> org.jsslutils.sslcontext.PKIXSSLContextFactory.getTrustParams(PKIXSSLContextFactory.java:190)
>> at
>> org.jsslutils.sslcontext.PKIXSSLContextFactory.getRawTrustManagers(PKIXSSLContextFactory.java:163)
>> at
>> org.jsslutils.sslcontext.X509SSLContextFactory.getTrustManagers(X509SSLContextFactory.java:346)
>> at
>> org.jsslutils.sslcontext.
Re: HTTPS trustAnchors error
Hi Dan,
It looks like a bug in the code I wrote... I'm going to look into this.
Can you try using com.noelios.restlet.util.DefaultSslContextFactory
instead of com.noelios.restlet.ext.ssl.PkixSslContextFactory meanwhile?
Best wishes,
Bruno.
Dan Noble wrote:
> Hello all,
>
> I am new to Restlets, and I am trying to set up a simple server to accept
> HTTPS connections. (I'm using Restlets 1.1.2, Java 1.6 on OSX 10.5 and my
> classpath has the following jars:
> com.noelios.restlet.ext.ssl.jar
> org.jsslutils.jar
> org.simpleframework.jar
> com.noelios.restlet.jar
> org.restlet.jar
> com.noelios.restlet.ext.simple_3.1.jar)
>
>
> I have been following:
> http://wiki.restlet.org/docs_1.1/13-restlet/27-restlet/46-restlet/213-restlet.html
>
> To generate the keystore, i used:
> keytool -genkey -v -alias serverX -keypass password -keystore serverX.jks
> -keyalg "RSA" -sigalg "MD5withRSA" -keysize 2048 -validity 3650
> and entered "password" for the keystore password for testing purposes.
>
>
> Here is the code I have so far:
>
> public static void main(String[] args) {
>
> try {
> // Create a new Component.
> Component component = new Component();
>
> // Add a new HTTPS server listening on port 8182.
> Server server = component.getServers().add(Protocol.HTTPS, 8182);
>
> Series parameters =
> server.getContext().getParameters();
>
> File pwd = new File(".");
> String path = pwd.getCanonicalPath();
> String keystorePath = path + "/keystore/serverX.jks";
>
> parameters.add("sslContextFactory",
> "com.noelios.restlet.ext.ssl.PkixSslContextFactory");
>
> parameters.add("keystorePath", keystorePath);
> parameters.add("keystorePassword", "password");
> parameters.add("keyPassword", "password");
> parameters.add("keystoreType", "JKS");
>
> // Attach the sample application.
> component.getDefaultHost().attach("",new
> MessageForwarderApplication());
>
> // Start the component.
> component.start();
> System.out.println("Started");
> } catch (Exception e) {
> // Something is wrong.
> e.printStackTrace();
> }
> }
>
>
> The exact exception is I'm getting is:
>
> org.jsslutils.sslcontext.SSLContextFactory$SSLContextFactoryException:
> Exception in SSLContextFactory
> at
> org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:231)
> at
> org.jsslutils.sslcontext.PKIXSSLContextFactory.getTrustParams(PKIXSSLContextFactory.java:190)
> at
> org.jsslutils.sslcontext.PKIXSSLContextFactory.getRawTrustManagers(PKIXSSLContextFactory.java:163)
> at
> org.jsslutils.sslcontext.X509SSLContextFactory.getTrustManagers(X509SSLContextFactory.java:346)
> at
> org.jsslutils.sslcontext.SSLContextFactory.buildSSLContext(SSLContextFactory.java:256)
> at
> com.noelios.restlet.ext.ssl.PkixSslContextFactory.createSslContext(PkixSslContextFactory.java:72)
> at
> com.noelios.restlet.ext.simple.HttpsServerHelper.start(HttpsServerHelper.java:267)
> at org.restlet.Server.start(Server.java:383)
> at org.restlet.Component.startServers(Component.java:1233)
> at org.restlet.Component.start(Component.java:1194)
> at
> com.test.messageservice.MessageService.main(MessageService.java:55) // --->
> component.start(); line
> Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors
> parameter must be non-empty
> at
> java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:183)
> at java.security.cert.PKIXParameters.(PKIXParameters.java:140)
> at
> java.security.cert.PKIXBuilderParameters.(PKIXBuilderParameters.java:113)
> at
> org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:215)
> ... 10 more
>
> After a little bit of googling, it looks like this has something to do with
> the trustStore... I tried setting the truststore using:
> System.setProperty("javax.net.ssl.trustStore","/path/to/osx/cacerts");
> System.setProperty("javax.net.ssl.trustStorePassword","changeit");
> but received the same error.
>
> If anyone has any insight, I would be most grateful!
>
> Thanks,
> Dan
>
> --
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1065230
>
--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1068636
HTTPS trustAnchors error
Hello all,
I am new to Restlets, and I am trying to set up a simple server to accept HTTPS
connections. (I'm using Restlets 1.1.2, Java 1.6 on OSX 10.5 and my classpath
has the following jars:
com.noelios.restlet.ext.ssl.jar
org.jsslutils.jar
org.simpleframework.jar
com.noelios.restlet.jar
org.restlet.jar
com.noelios.restlet.ext.simple_3.1.jar)
I have been following:
http://wiki.restlet.org/docs_1.1/13-restlet/27-restlet/46-restlet/213-restlet.html
To generate the keystore, i used:
keytool -genkey -v -alias serverX -keypass password -keystore serverX.jks
-keyalg "RSA" -sigalg "MD5withRSA" -keysize 2048 -validity 3650
and entered "password" for the keystore password for testing purposes.
Here is the code I have so far:
public static void main(String[] args) {
try {
// Create a new Component.
Component component = new Component();
// Add a new HTTPS server listening on port 8182.
Server server = component.getServers().add(Protocol.HTTPS, 8182);
Series parameters = server.getContext().getParameters();
File pwd = new File(".");
String path = pwd.getCanonicalPath();
String keystorePath = path + "/keystore/serverX.jks";
parameters.add("sslContextFactory",
"com.noelios.restlet.ext.ssl.PkixSslContextFactory");
parameters.add("keystorePath", keystorePath);
parameters.add("keystorePassword", "password");
parameters.add("keyPassword", "password");
parameters.add("keystoreType", "JKS");
// Attach the sample application.
component.getDefaultHost().attach("",new
MessageForwarderApplication());
// Start the component.
component.start();
System.out.println("Started");
} catch (Exception e) {
// Something is wrong.
e.printStackTrace();
}
}
The exact exception is I'm getting is:
org.jsslutils.sslcontext.SSLContextFactory$SSLContextFactoryException:
Exception in SSLContextFactory
at
org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:231)
at
org.jsslutils.sslcontext.PKIXSSLContextFactory.getTrustParams(PKIXSSLContextFactory.java:190)
at
org.jsslutils.sslcontext.PKIXSSLContextFactory.getRawTrustManagers(PKIXSSLContextFactory.java:163)
at
org.jsslutils.sslcontext.X509SSLContextFactory.getTrustManagers(X509SSLContextFactory.java:346)
at
org.jsslutils.sslcontext.SSLContextFactory.buildSSLContext(SSLContextFactory.java:256)
at
com.noelios.restlet.ext.ssl.PkixSslContextFactory.createSslContext(PkixSslContextFactory.java:72)
at
com.noelios.restlet.ext.simple.HttpsServerHelper.start(HttpsServerHelper.java:267)
at org.restlet.Server.start(Server.java:383)
at org.restlet.Component.startServers(Component.java:1233)
at org.restlet.Component.start(Component.java:1194)
at com.test.messageservice.MessageService.main(MessageService.java:55)
// ---> component.start(); line
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors
parameter must be non-empty
at
java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:183)
at java.security.cert.PKIXParameters.(PKIXParameters.java:140)
at
java.security.cert.PKIXBuilderParameters.(PKIXBuilderParameters.java:113)
at
org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:215)
... 10 more
After a little bit of googling, it looks like this has something to do with the
trustStore... I tried setting the truststore using:
System.setProperty("javax.net.ssl.trustStore","/path/to/osx/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword","changeit");
but received the same error.
If anyone has any insight, I would be most grateful!
Thanks,
Dan
--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1065230
