RE: Re: HTTPS trustAnchors error
Thanks Bruno and Ben - switching to the DefaultSslContextFactory worked for me. I'm going to switch over to Restlet 1.2 as well. Dan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1069368
Re: HTTPS trustAnchors error
Thanks Bruno. Dan, just in case you end up using the latest development version of Restlet (v1.2), note that the classes have been refactored: DefaultSslContextFactory has moved to org.restlet.engine.util.DefaultSslContextFactory, so the sslContextFactory parameter would be set as follows: parameters.add("sslContextFactory", "org.restlet.engine.util.DefaultSslContextFactory"); Also in v1.2, PkixSslContextFactory has moved from com.noelios.restlet.ext.ssl.PkixSslContextFactory to org.restlet.ext.ssl.PkixSslContextFactory. You'll get an exception when you start your component if you specify the wrong one, for example specifying the v1.1 package when using v1.2 results in: WARNING: Unable to find SslContextFactory class: com.noelios.restlet.util.DefaultSslContextFactory java.lang.ClassNotFoundException: com.noelios.restlet.util.DefaultSslContextFactory If you're sticking to Restlet 1.1 for now, then use com.noelios.restlet.util.DefaultSslContextFactory as Bruno indicated. Cheers Ben -- From: "Bruno Harbulot" Sent: Thursday, January 29, 2009 12:51 PM To: Subject: Re: HTTPS trustAnchors error > Hi Dan, > > It looks like a bug in the code I wrote... I'm going to look into this. > Can you try using com.noelios.restlet.util.DefaultSslContextFactory > instead of com.noelios.restlet.ext.ssl.PkixSslContextFactory meanwhile? > > Best wishes, > > Bruno. > > Dan Noble wrote: >> Hello all, >> >> I am new to Restlets, and I am trying to set up a simple server to accept >> HTTPS connections. (I'm using Restlets 1.1.2, Java 1.6 on OSX 10.5 and >> my classpath has the following jars: >> com.noelios.restlet.ext.ssl.jar >> org.jsslutils.jar >> org.simpleframework.jar >> com.noelios.restlet.jar >> org.restlet.jar >> com.noelios.restlet.ext.simple_3.1.jar) >> >> >> I have been following: >> http://wiki.restlet.org/docs_1.1/13-restlet/27-restlet/46-restlet/213-restlet.html >> >> To generate the keystore, i used: >> keytool -genkey -v -alias serverX -keypass password -keystore >> serverX.jks -keyalg "RSA" -sigalg "MD5withRSA" -keysize 2048 -validity >> 3650 >> and entered "password" for the keystore password for testing purposes. >> >> >> Here is the code I have so far: >> >> public static void main(String[] args) { >> >> try { >> // Create a new Component. >> Component component = new Component(); >> >> // Add a new HTTPS server listening on port 8182. >> Server server = component.getServers().add(Protocol.HTTPS, >> 8182); >> >> Series parameters = >> server.getContext().getParameters(); >> >> File pwd = new File("."); >> String path = pwd.getCanonicalPath(); >> String keystorePath = path + "/keystore/serverX.jks"; >> >> parameters.add("sslContextFactory", >> "com.noelios.restlet.ext.ssl.PkixSslContextFactory"); >> >> parameters.add("keystorePath", keystorePath); >> parameters.add("keystorePassword", "password"); >> parameters.add("keyPassword", "password"); >> parameters.add("keystoreType", "JKS"); >> >> // Attach the sample application. >> component.getDefaultHost().attach("",new >> MessageForwarderApplication()); >> >> // Start the component. >> component.start(); >> System.out.println("Started"); >> } catch (Exception e) { >> // Something is wrong. >> e.printStackTrace(); >> } >> } >> >> >> The exact exception is I'm getting is: >> >> org.jsslutils.sslcontext.SSLContextFactory$SSLContextFactoryException: >> Exception in SSLContextFactory >> at >> org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:231) >> at >> org.jsslutils.sslcontext.PKIXSSLContextFactory.getTrustParams(PKIXSSLContextFactory.java:190) >> at >> org.jsslutils.sslcontext.PKIXSSLContextFactory.getRawTrustManagers(PKIXSSLContextFactory.java:163) >> at >> org.jsslutils.sslcontext.X509SSLContextFactory.getTrustManagers(X509SSLContextFactory.java:346) >> at >> org.jsslutils.sslcontext.
Re: HTTPS trustAnchors error
Hi Dan, It looks like a bug in the code I wrote... I'm going to look into this. Can you try using com.noelios.restlet.util.DefaultSslContextFactory instead of com.noelios.restlet.ext.ssl.PkixSslContextFactory meanwhile? Best wishes, Bruno. Dan Noble wrote: > Hello all, > > I am new to Restlets, and I am trying to set up a simple server to accept > HTTPS connections. (I'm using Restlets 1.1.2, Java 1.6 on OSX 10.5 and my > classpath has the following jars: > com.noelios.restlet.ext.ssl.jar > org.jsslutils.jar > org.simpleframework.jar > com.noelios.restlet.jar > org.restlet.jar > com.noelios.restlet.ext.simple_3.1.jar) > > > I have been following: > http://wiki.restlet.org/docs_1.1/13-restlet/27-restlet/46-restlet/213-restlet.html > > To generate the keystore, i used: > keytool -genkey -v -alias serverX -keypass password -keystore serverX.jks > -keyalg "RSA" -sigalg "MD5withRSA" -keysize 2048 -validity 3650 > and entered "password" for the keystore password for testing purposes. > > > Here is the code I have so far: > > public static void main(String[] args) { > > try { > // Create a new Component. > Component component = new Component(); > > // Add a new HTTPS server listening on port 8182. > Server server = component.getServers().add(Protocol.HTTPS, 8182); > > Series parameters = > server.getContext().getParameters(); > > File pwd = new File("."); > String path = pwd.getCanonicalPath(); > String keystorePath = path + "/keystore/serverX.jks"; > > parameters.add("sslContextFactory", > "com.noelios.restlet.ext.ssl.PkixSslContextFactory"); > > parameters.add("keystorePath", keystorePath); > parameters.add("keystorePassword", "password"); > parameters.add("keyPassword", "password"); > parameters.add("keystoreType", "JKS"); > > // Attach the sample application. > component.getDefaultHost().attach("",new > MessageForwarderApplication()); > > // Start the component. > component.start(); > System.out.println("Started"); > } catch (Exception e) { > // Something is wrong. > e.printStackTrace(); > } > } > > > The exact exception is I'm getting is: > > org.jsslutils.sslcontext.SSLContextFactory$SSLContextFactoryException: > Exception in SSLContextFactory > at > org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:231) > at > org.jsslutils.sslcontext.PKIXSSLContextFactory.getTrustParams(PKIXSSLContextFactory.java:190) > at > org.jsslutils.sslcontext.PKIXSSLContextFactory.getRawTrustManagers(PKIXSSLContextFactory.java:163) > at > org.jsslutils.sslcontext.X509SSLContextFactory.getTrustManagers(X509SSLContextFactory.java:346) > at > org.jsslutils.sslcontext.SSLContextFactory.buildSSLContext(SSLContextFactory.java:256) > at > com.noelios.restlet.ext.ssl.PkixSslContextFactory.createSslContext(PkixSslContextFactory.java:72) > at > com.noelios.restlet.ext.simple.HttpsServerHelper.start(HttpsServerHelper.java:267) > at org.restlet.Server.start(Server.java:383) > at org.restlet.Component.startServers(Component.java:1233) > at org.restlet.Component.start(Component.java:1194) > at > com.test.messageservice.MessageService.main(MessageService.java:55) // ---> > component.start(); line > Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors > parameter must be non-empty > at > java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:183) > at java.security.cert.PKIXParameters.(PKIXParameters.java:140) > at > java.security.cert.PKIXBuilderParameters.(PKIXBuilderParameters.java:113) > at > org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:215) > ... 10 more > > After a little bit of googling, it looks like this has something to do with > the trustStore... I tried setting the truststore using: > System.setProperty("javax.net.ssl.trustStore","/path/to/osx/cacerts"); > System.setProperty("javax.net.ssl.trustStorePassword","changeit"); > but received the same error. > > If anyone has any insight, I would be most grateful! > > Thanks, > Dan > > -- > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1065230 > -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1068636
HTTPS trustAnchors error
Hello all, I am new to Restlets, and I am trying to set up a simple server to accept HTTPS connections. (I'm using Restlets 1.1.2, Java 1.6 on OSX 10.5 and my classpath has the following jars: com.noelios.restlet.ext.ssl.jar org.jsslutils.jar org.simpleframework.jar com.noelios.restlet.jar org.restlet.jar com.noelios.restlet.ext.simple_3.1.jar) I have been following: http://wiki.restlet.org/docs_1.1/13-restlet/27-restlet/46-restlet/213-restlet.html To generate the keystore, i used: keytool -genkey -v -alias serverX -keypass password -keystore serverX.jks -keyalg "RSA" -sigalg "MD5withRSA" -keysize 2048 -validity 3650 and entered "password" for the keystore password for testing purposes. Here is the code I have so far: public static void main(String[] args) { try { // Create a new Component. Component component = new Component(); // Add a new HTTPS server listening on port 8182. Server server = component.getServers().add(Protocol.HTTPS, 8182); Series parameters = server.getContext().getParameters(); File pwd = new File("."); String path = pwd.getCanonicalPath(); String keystorePath = path + "/keystore/serverX.jks"; parameters.add("sslContextFactory", "com.noelios.restlet.ext.ssl.PkixSslContextFactory"); parameters.add("keystorePath", keystorePath); parameters.add("keystorePassword", "password"); parameters.add("keyPassword", "password"); parameters.add("keystoreType", "JKS"); // Attach the sample application. component.getDefaultHost().attach("",new MessageForwarderApplication()); // Start the component. component.start(); System.out.println("Started"); } catch (Exception e) { // Something is wrong. e.printStackTrace(); } } The exact exception is I'm getting is: org.jsslutils.sslcontext.SSLContextFactory$SSLContextFactoryException: Exception in SSLContextFactory at org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:231) at org.jsslutils.sslcontext.PKIXSSLContextFactory.getTrustParams(PKIXSSLContextFactory.java:190) at org.jsslutils.sslcontext.PKIXSSLContextFactory.getRawTrustManagers(PKIXSSLContextFactory.java:163) at org.jsslutils.sslcontext.X509SSLContextFactory.getTrustManagers(X509SSLContextFactory.java:346) at org.jsslutils.sslcontext.SSLContextFactory.buildSSLContext(SSLContextFactory.java:256) at com.noelios.restlet.ext.ssl.PkixSslContextFactory.createSslContext(PkixSslContextFactory.java:72) at com.noelios.restlet.ext.simple.HttpsServerHelper.start(HttpsServerHelper.java:267) at org.restlet.Server.start(Server.java:383) at org.restlet.Component.startServers(Component.java:1233) at org.restlet.Component.start(Component.java:1194) at com.test.messageservice.MessageService.main(MessageService.java:55) // ---> component.start(); line Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:183) at java.security.cert.PKIXParameters.(PKIXParameters.java:140) at java.security.cert.PKIXBuilderParameters.(PKIXBuilderParameters.java:113) at org.jsslutils.sslcontext.PKIXSSLContextFactory.getPKIXParameters(PKIXSSLContextFactory.java:215) ... 10 more After a little bit of googling, it looks like this has something to do with the trustStore... I tried setting the truststore using: System.setProperty("javax.net.ssl.trustStore","/path/to/osx/cacerts"); System.setProperty("javax.net.ssl.trustStorePassword","changeit"); but received the same error. If anyone has any insight, I would be most grateful! Thanks, Dan -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1065230