Keystore breaks when Jetty version upgraded.

Christopher Richmond Mon, 13 Aug 2012 17:34:18 -0700

I had implemented 2 way SSL web services with CXF 2.3.0 and referencing
Jetty 7.2.2 libraries.


This was a purely embedded service/server in my application and used no
external spring configuration, very similar to this popular blog post on
the subject:

http://aruld.info/programming-ssl-for-jetty-based-cxf-services/

public class Server {

    protected Server() throws Exception {
        System.out.println("Starting Server");
        String address = "https://localhost:9001/SoapContext/SoapPort";;
        JaxWsServerFactoryBean sf = new JaxWsServerFactoryBean();
        sf.setServiceClass(Greeter.class);
        sf.setAddress(address);

        Greeter implementor = new GreeterImpl();
        sf.getServiceFactory().setInvoker(new BeanInvoker(implementor));

        sf = configureSSLOnTheServer(sf, 9001);
        org.apache.cxf.endpoint.Server server = sf.create();
        String endpoint =
server.getEndpoint().getEndpointInfo().getAddress();

        System.out.println("Server started at " + endpoint);
    }

    private JaxWsServerFactoryBean
configureSSLOnTheServer(JaxWsServerFactoryBean sf, int port) {
        try {
            TLSServerParameters tlsParams = new TLSServerParameters();
            KeyStore keyStore = KeyStore.getInstance("JKS");
            String password = "password";
            File truststore = new File("certs\\cherry.jks");
            keyStore.load(new FileInputStream(truststore),
password.toCharArray());
            KeyManagerFactory keyFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyFactory.init(keyStore, password.toCharArray());
            KeyManager[] km = keyFactory.getKeyManagers();
            tlsParams.setKeyManagers(km);

            truststore = new File("certs\\truststore.jks");
            keyStore.load(new FileInputStream(truststore),
password.toCharArray());
            TrustManagerFactory trustFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustFactory.init(keyStore);
            TrustManager[] tm = trustFactory.getTrustManagers();
            tlsParams.setTrustManagers(tm);
            FiltersType filter = new FiltersType();
            filter.getInclude().add(".*_EXPORT_.*");
            filter.getInclude().add(".*_EXPORT1024_.*");
            filter.getInclude().add(".*_WITH_DES_.*");
            filter.getInclude().add(".*_WITH_NULL_.*");
            filter.getExclude().add(".*_DH_anon_.*");
            tlsParams.setCipherSuitesFilter(filter);
            ClientAuthentication ca = new ClientAuthentication();
            ca.setRequired(true);
            ca.setWant(true);
            tlsParams.setClientAuthentication(ca);
            JettyHTTPServerEngineFactory factory = new
JettyHTTPServerEngineFactory();
            factory.setTLSServerParametersForPort(port, tlsParams);
        } catch (KeyStoreException kse) {
            System.out.println("Security configuration failed with the
following: " + kse.getCause());
        } catch (NoSuchAlgorithmException nsa) {
            System.out.println("Security configuration failed with the
following: " + nsa.getCause());
        } catch (FileNotFoundException fnfe) {
            System.out.println("Security configuration failed with the
following: " + fnfe.getCause());
        } catch (UnrecoverableKeyException uke) {
            System.out.println("Security configuration failed with the
following: " + uke.getCause());
        } catch (CertificateException ce) {
            System.out.println("Security configuration failed with the
following: " + ce.getCause());
        } catch (GeneralSecurityException gse) {
            System.out.println("Security configuration failed with the
following: " + gse.getCause());
        } catch (IOException ioe) {
            System.out.println("Security configuration failed with the
following: " + ioe.getCause());
        }

        return sf;
    }

    public static void main(String args[]) throws Exception {
        System.out.println("The server's security configuration will be
done programatically.");
        System.out.println();
        new Server();
        System.out.println("Server ready...");

        Thread.sleep(5 * 60 * 1000);
        System.out.println("Server exiting");
        System.exit(0);
    }
}

This all worked fine, but at some point our Jetty .jars were upgraded to
Jetty 7.5.4 and now I get things like this:

 FAILED org.eclipse.jetty.http.ssl.SslContextFactory@4711581a#FAILED:
java.io.FileNotFoundException: C:\Users\<user>\.keystore (The system cannot
find the file specified)
java.io.FileNotFoundException: C:\Users\<user>\.keystore (The system cannot
find the file specified).

Clearly it is looking in the default keystore location.  I copied my
keystore file to that location just to verify and it locates it fine but
then creates an error stating keystore password cannot be null.

Clearly it seems as though the TLS parameters are not being recognized by
the embedded Jetty server which is started using 7.5.4 instead of 7.2.2.

Does anyone have an idea where to start or how I might have to ammend my
code to make it work with Jetty 7.5.4 embedded version instead of 7.2.2?
 Keep in mind I am not using Spring/configuration files of any kind.  It is
all via code as shown.

Thanks,
Chris

Keystore breaks when Jetty version upgraded.

Reply via email to