Re: Setting the keystore password for SSL
I can confirm that this is also true for Restlet 2.0.6. The blog announcement indicated that Jetty was upgraded, but I guess this happened only in the 2.1 branch. Jetty 7.3 does not work in Restlet 2.0. -Tal On 03/18/2011 03:09 PM, John Karp wrote: I found the problem. Apparently restlet-jse-2.0.5 does not work with jetty-7.3.1. I had to downgrade jetty to version 7.2.2, and then SSL worked. Should I file a bug? -John -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2712441 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2715690
RE: Setting the keystore password for SSL
here is working example: -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2712383
Re: Setting the keystore password for SSL
*John:* there were no attachment; I replied to your post: http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2712383 with this link (which somehow got cut off): http://code.google.com/p/carrotgarden/source/browse/trunk/test-restlet/src/main/java/restlet_01/MainServerSSL.java that is a code that runs restlet server and allows to connect via ssl in browser with user/pass = user/pass and this is http://code.google.com/p/carrotgarden/source/browse/trunk/test-restlet/src/main/java/restlet_01/MainClientSSL.java a restlet client that can not connect using self-signed cert as I described here: http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2712046 Thank you, Andrei. Original Message Subject: Re: Setting the keystore password for SSL From: John Karp johnk...@gmail.com To: Andrei Pozolotin andrei.pozolo...@gmail.com Date: Fri 18 Mar 2011 11:06:17 AM CDT I'm sorry, but I don't seem to have gotten any attachment with your message. Could you send again? Thanks! John here is working example: -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2712414
RE: Setting the keystore password for SSL
I found the problem. Apparently restlet-jse-2.0.5 does not work with jetty-7.3.1. I had to downgrade jetty to version 7.2.2, and then SSL worked. Should I file a bug? -John -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2712441
RE: Re: Setting the keystore password for SSL
Unfortunately, your sample doesn't work for me. The problem seems to be with restlet, since if I create a pure Jetty server I have no trouble setting up SSL. Mar 18, 2011 2:34:35 PM restlet_01.MainServerSSL main INFO: started Mar 18, 2011 2:34:36 PM restlet_01.MainServerSSL main INFO: client org.restlet.Client@2321ab80 Mar 18, 2011 2:34:36 PM restlet_01.MainServerSSL main INFO: server org.restlet.Server@19d009b4 Mar 18, 2011 2:34:36 PM org.eclipse.jetty.util.log.Slf4jLog info INFO: jetty-7.3.1.v20110307 Mar 18, 2011 2:34:36 PM org.eclipse.jetty.util.log.Slf4jLog warn WARNING: FAILED org.eclipse.jetty.http.ssl.SslContextFactory@5e785d65: java.security.UnrecoverableKeyException: Password must not be null Mar 18, 2011 2:34:36 PM org.eclipse.jetty.util.log.Slf4jLog warn WARNING: FAILED HttpsServerHelper$2@0.0.0.0:8183: java.security.UnrecoverableKeyException: Password must not be null Mar 18, 2011 2:34:36 PM org.eclipse.jetty.util.log.Slf4jLog warn WARNING: FAILED org.restlet.ext.jetty.JettyServerHelper$WrappedServer@303bc257: java.security.UnrecoverableKeyException: Password must not be null Exception in thread main java.security.UnrecoverableKeyException: Password must not be null at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:107) at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38) at java.security.KeyStore.getKey(KeyStore.java:763) at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.init(SunX509KeyManagerImpl.java:113) at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48) at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239) at org.eclipse.jetty.http.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:797) at org.eclipse.jetty.http.ssl.SslContextFactory.createSSLContext(SslContextFactory.java:781) at org.eclipse.jetty.http.ssl.SslContextFactory.doStart(SslContextFactory.java:199) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:55) at org.eclipse.jetty.server.ssl.SslSocketConnector.doStart(SslSocketConnector.java:341) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:55) at org.eclipse.jetty.server.Server.doStart(Server.java:269) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:55) at org.restlet.ext.jetty.JettyServerHelper.start(JettyServerHelper.java:395) at org.restlet.Server.start(Server.java:585) at org.restlet.Component.startServers(Component.java:600) at org.restlet.Component.start(Component.java:527) at restlet_01.MainServerSSL.main(MainServerSSL.java:66) -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2712430
Setting the keystore password for SSL
I'm trying to get Restlet 2.0.5 to work with HTTPS, with no luck.
I created a keystore in ~/.keystore (the default location) with a
password of 'changeit'. I can read it successfully, with this
password, using keytool.
However, when I try to set up a HTTPS Restlet server, I get this exception:
2011-03-17 15:35:22.640:INFO::jetty-7.3.1.v20110307
2011-03-17 15:35:22.660:WARN::FAILED
org.eclipse.jetty.http.ssl.SslContextFactory@38dda25b:
java.security.UnrecoverableKeyException: Password must not be null
2011-03-17 15:35:22.661:WARN::FAILED HttpsServerHelper$2@0.0.0.0:8081:
java.security.UnrecoverableKeyException: Password must not be null
2011-03-17 15:35:22.661:WARN::FAILED
org.restlet.ext.jetty.JettyServerHelper$WrappedServer@5ece2187:
java.security.UnrecoverableKeyException: Password must not be null
Exception in thread main java.security.UnrecoverableKeyException:
Password must not be null
at
sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:124)
at
sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55)
at java.security.KeyStore.getKey(KeyStore.java:779)
at
sun.security.ssl.SunX509KeyManagerImpl.init(SunX509KeyManagerImpl.java:131)
at
sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:68)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
at
org.eclipse.jetty.http.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:797)
at
org.eclipse.jetty.http.ssl.SslContextFactory.createSSLContext(SslContextFactory.java:781)
at
org.eclipse.jetty.http.ssl.SslContextFactory.doStart(SslContextFactory.java:199)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:55)
at
org.eclipse.jetty.server.ssl.SslSocketConnector.doStart(SslSocketConnector.java:341)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:55)
at org.eclipse.jetty.server.Server.doStart(Server.java:269)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:55)
at
org.restlet.ext.jetty.JettyServerHelper.start(JettyServerHelper.java:395)
at org.restlet.Server.start(Server.java:585)
at org.restlet.Component.startServers(Component.java:600)
at org.restlet.Component.start(Component.java:527)
at TestSslServer.main(TestSslServer.java:47)
This is despite the fact that my program sets things up before starting:
public TestSslServer() {
Server server = getServers().add(Protocol.HTTPS, 8081);
Series parameters = server.getContext().getParameters();
parameters.add(keystorePath, /home/usr2/jkarp/.keystore);
parameters.add(keystorePassword, changeit);
parameters.add(keyPassword, changeit);
getDefaultHost().attach(new App());
}
and also setting the configuration from the command line does not help:
java -Djavax.net.ssl.keyStorePassword=changeit
-Djetty.ssl.password=changeit -Djetty.ssl.keypassword=changeit -cp
'.:lib/*' TestSslServer
I have no idea where the 'null' password could be coming from. I
strace'd the Java process and it is finding the keystore file
successfully. Does anyone know what could be happening?
I've attached the source for the test.
-John
--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2712238
TestSslServer.java
Description: Binary data
