Thank you Alexey,
I coded a custom KeyManager, luckily, it is works.
But, when I was trying to code a custom TrustManager is failed. And, then
changing the way to the original one(using TrustStore File Only) :
1) serverSslContext.setTrustStoreFile(..) , .setTrustStorePass(…),
2) context = serverSslContext.createSSLContext();
3) new SSLEngineConfigurator(context, false, false, false);
it is still failed. Is there something I missed?
*** the .crt imported into the TrustStore and the browser trusted it
already***
Thanks
Lee
<quote author='oleksiys'>
Hi Lee,
did you try to create SSLContext with custom KeyStores and then pass the
SSLContext to SSLEngineConfigurator?
SSLEngineConfigurator configurator = new
SSLEngineConfigurator(sslContext, false, ....);
In the custom KeyManager implementation (for example you can extend the
X509ExtendedKeyManager, you can chose the alias for SSLEngine before
handshake happens.
@Override
public String chooseEngineServerAlias(String string,
Principal[] prncpls, SSLEngine ssle) {
}
@Override
public String chooseEngineClientAlias(String[] strings,
Principal[] prncpls, SSLEngine ssle) {
}
Grizzly SNI Filter can pass the SNI information via
sslEngine.getSession() attribute.
Want to try that way?
Thanks.
WBR,
Alexey.
On 5 February 2015 at 15:37, Lee You <lee.y.y.you_at_gmail.com> wrote:
> Hi Alexey,
>
>
> I coded a custom KeyManager, luckily, it is works.
>
>
> But, when I was trying to code a custom TrustManager is failed. And, when
> changing the way to the original one(using TrustStore File Only) from your
> sample:
>
> 1) serverSslContext.setTrustStoreFile(..) , .setTrustStorePass(…),
>
> 2) context = serverSslContext.createSSLContext();
>
> 3) new SSLEngineConfigurator(context, false, false, false);
>
>
>
> it is still failed. Is there something I missed?
>
>
> *** the .crt imported in the TrustStore and the browser trusted it
> already***
>
>
> Thanks
>
> Lee
>
>
>
> On 3 February 2015 at 21:25, Lee You <lee.y.y.you_at_gmail.com> wrote:
>
>> Hi Alexey,
>>
>> Yes, that is true, a specific SSLEngine is needed before the SSL
>> handshaking.
>>
>> To add an interface in SSLEngineConfigurator/SSLContextConfigurator/new
>> class for supporting custom KeyManager is really a good idea, then we need
>> not care about the keyStore anymore. And our Grizzly will be more
>> flexible.
>>
>> If there is any sample for it that would be great!
>>
>> Thanks again!
>> Lee
>>
>>
>> >>>>>>>>>
>> Hi Lee,
>>
>> if you could set the KeyManager for SSLEngineConfiguration would it help
>> to solve the problem?
>> What if inside the custom KeyManager you knew the SNI host of a specific
>> SSLEngine (before starting handshake) - would it help?
>>
>> WBR,
>> Alexey.
>>
>>
>>
>