Java – how to use a custom sslcontextfactory in a restlet application running on jetty?
I'm trying to use restlet's clientresource to connect HTTPS to a server using a self signed certificate I use an independent application and only use clientresource. My custom sslcontextfactory is added as an attribute. The code can be seen here:
https://github.com/pixelatedpete/selfsignedexample
When I use the same classes (dynamictrustmanager and selfsignsslslsocketfactory) in more complex restlet applications (with the same POM as above), using the rest API provided by restlet through jetty, my custom sslcontextfactory is no longer used
I added it to the clientresource context, but I never saw any log messages indicating that the sslcontextfactory provided to the clientresource was passed to the underlying httpclient
If I directly use httpclient instead of clientresource to rewrite:
HttpPost post = new HttpPost(cr.getReference().toString()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) cf.generateCertificate(...); DynamicTrustManager tm = new DynamicTrustManager(...,cert); SelfSignTrustSslContextFactory scf = (SelfSignTrustSslContextFactory) CloseableHttpClient httpclient = HttpClients.custom().setSslcontext(scf.createSslContext()).build(); CloseableHttpResponse response = httpclient.execute(post);
Things worked again
Is this something that anyone else has encountered that I suspect is a very obvious thing? What did I miss?
Niobium Try again with Tomcat and get the same question
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building Failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
We also tried to inject sslcontextfactory (we use Guice here), but it didn't help
Solution
OK, so I finally figured it out – I missed the client bit:
Client client = new Client(crCtx,Protocol.HTTPS); ClientResource clientResource = new ClientResource("https://example.com"); clientResource.setNext(client);