cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glen Mazza <gma...@talend.com>
Subject Re: Keystore breaks when Jetty version upgraded.
Date Tue, 14 Aug 2012 01:15:41 GMT
I don't know of a non-Spring solution, at least not service-side, but 
the code is very easy & clean if you're willing to incorporate Spring:

http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/Server.java?revision=1368316&view=markup

The wsdl_first_https sample above, does however offer a non-Spring 
solution client-side, look in the hw_https/client folder for that.  
(Note I'm showing the unreleased version presently in trunk, 
considerably simplified from the current release versions.)

Glen

On 08/13/2012 08:33 PM, Christopher Richmond wrote:
> I had implemented 2 way SSL web services with CXF 2.3.0 and referencing
> Jetty 7.2.2 libraries.
>
> This was a purely embedded service/server in my application and used no
> external spring configuration, very similar to this popular blog post on
> the subject:
>
> http://aruld.info/programming-ssl-for-jetty-based-cxf-services/
>
> public class Server {
>
>      protected Server() throws Exception {
>          System.out.println("Starting Server");
>          String address = "https://localhost:9001/SoapContext/SoapPort";
>          JaxWsServerFactoryBean sf = new JaxWsServerFactoryBean();
>          sf.setServiceClass(Greeter.class);
>          sf.setAddress(address);
>
>          Greeter implementor = new GreeterImpl();
>          sf.getServiceFactory().setInvoker(new BeanInvoker(implementor));
>
>          sf = configureSSLOnTheServer(sf, 9001);
>          org.apache.cxf.endpoint.Server server = sf.create();
>          String endpoint =
> server.getEndpoint().getEndpointInfo().getAddress();
>
>          System.out.println("Server started at " + endpoint);
>      }
>
>      private JaxWsServerFactoryBean
> configureSSLOnTheServer(JaxWsServerFactoryBean sf, int port) {
>          try {
>              TLSServerParameters tlsParams = new TLSServerParameters();
>              KeyStore keyStore = KeyStore.getInstance("JKS");
>              String password = "password";
>              File truststore = new File("certs\\cherry.jks");
>              keyStore.load(new FileInputStream(truststore),
> password.toCharArray());
>              KeyManagerFactory keyFactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
>              keyFactory.init(keyStore, password.toCharArray());
>              KeyManager[] km = keyFactory.getKeyManagers();
>              tlsParams.setKeyManagers(km);
>
>              truststore = new File("certs\\truststore.jks");
>              keyStore.load(new FileInputStream(truststore),
> password.toCharArray());
>              TrustManagerFactory trustFactory =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
>              trustFactory.init(keyStore);
>              TrustManager[] tm = trustFactory.getTrustManagers();
>              tlsParams.setTrustManagers(tm);
>              FiltersType filter = new FiltersType();
>              filter.getInclude().add(".*_EXPORT_.*");
>              filter.getInclude().add(".*_EXPORT1024_.*");
>              filter.getInclude().add(".*_WITH_DES_.*");
>              filter.getInclude().add(".*_WITH_NULL_.*");
>              filter.getExclude().add(".*_DH_anon_.*");
>              tlsParams.setCipherSuitesFilter(filter);
>              ClientAuthentication ca = new ClientAuthentication();
>              ca.setRequired(true);
>              ca.setWant(true);
>              tlsParams.setClientAuthentication(ca);
>              JettyHTTPServerEngineFactory factory = new
> JettyHTTPServerEngineFactory();
>              factory.setTLSServerParametersForPort(port, tlsParams);
>          } catch (KeyStoreException kse) {
>              System.out.println("Security configuration failed with the
> following: " + kse.getCause());
>          } catch (NoSuchAlgorithmException nsa) {
>              System.out.println("Security configuration failed with the
> following: " + nsa.getCause());
>          } catch (FileNotFoundException fnfe) {
>              System.out.println("Security configuration failed with the
> following: " + fnfe.getCause());
>          } catch (UnrecoverableKeyException uke) {
>              System.out.println("Security configuration failed with the
> following: " + uke.getCause());
>          } catch (CertificateException ce) {
>              System.out.println("Security configuration failed with the
> following: " + ce.getCause());
>          } catch (GeneralSecurityException gse) {
>              System.out.println("Security configuration failed with the
> following: " + gse.getCause());
>          } catch (IOException ioe) {
>              System.out.println("Security configuration failed with the
> following: " + ioe.getCause());
>          }
>
>          return sf;
>      }
>
>      public static void main(String args[]) throws Exception {
>          System.out.println("The server's security configuration will be
> done programatically.");
>          System.out.println();
>          new Server();
>          System.out.println("Server ready...");
>
>          Thread.sleep(5 * 60 * 1000);
>          System.out.println("Server exiting");
>          System.exit(0);
>      }
> }
>
> This all worked fine, but at some point our Jetty .jars were upgraded to
> Jetty 7.5.4 and now I get things like this:
>
>   FAILED org.eclipse.jetty.http.ssl.SslContextFactory@4711581a#FAILED:
> java.io.FileNotFoundException: C:\Users\<user>\.keystore (The system cannot
> find the file specified)
> java.io.FileNotFoundException: C:\Users\<user>\.keystore (The system cannot
> find the file specified).
>
> Clearly it is looking in the default keystore location.  I copied my
> keystore file to that location just to verify and it locates it fine but
> then creates an error stating keystore password cannot be null.
>
> Clearly it seems as though the TLS parameters are not being recognized by
> the embedded Jetty server which is started using 7.5.4 instead of 7.2.2.
>
> Does anyone have an idea where to start or how I might have to ammend my
> code to make it work with Jetty 7.5.4 embedded version instead of 7.2.2?
>   Keep in mind I am not using Spring/configuration files of any kind.  It is
> all via code as shown.
>
> Thanks,
> Chris
>


Mime
View raw message