oh duh.. nevermind.. I wasn't setting KeyManagerFactory when calling
sslContext.init. The confusing error message didn't help me much when
debugging the issue.
Just in case someone gets into the same problems, here is the working
code:
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(new File(getKeystorePath())),
getKeystorePass().toCharArray());
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, getKeystorePass().toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
grizzlySelector = new SSLSelectorThread();
SSLSelectorThread sslSelector = (SSLSelectorThread) grizzlySelector;
sslSelector.setSSLContext(sslContext);
sslSelector.setSSLImplementation(new JSSEImplementation());
cheers,
Igor
On Dec 9, 2009, at 11:17 AM, Igor Minar wrote:
> Just for completeness here is the client code & output in the log
> file:
>
> KeyStore keyStore =
> KeyStore.getInstance(KeyStore.getDefaultType());
> keyStore.load(new FileInputStream(new
> File(getKeystorePath())), getKeystorePass().toCharArray());
>
> TrustManagerFactory tmf =
> TrustManagerFactory
> .getInstance(TrustManagerFactory.getDefaultAlgorithm());
> tmf.init(keyStore);
> SSLContext ctx = SSLContext.getInstance("TLS");
> ctx.init(null, tmf.getTrustManagers(), null);
> SSLSocketFactory sslFactory = ctx.getSocketFactory();
>
> URL url = new URL("https://localhost:" + getPort() + "/file1");
> HttpsURLConnection conn = (HttpsURLConnection)
> url.openConnection();
> conn.setSSLSocketFactory(sslFactory);
> conn.setRequestMethod("GET");
> conn.setUseCaches(false);
> conn.connect();
>
>
>
> Dec 9, 2009 11:13:11 AM com.sun.enterprise.web.connector.grizzly.SelectorThread
> initAlgorithm
> FINE: Using Algorithm: com.sun.enterprise.web.connector.grizzly.algorithms.NoParsingAlgorithm
> Dec 9, 2009 11:13:11 AM com.sun.enterprise.web.connector.grizzly.ssl.SSLSelectorThread
> newPipeline
> FINE: http-listener 0 uses pipeline: com.sun.enterprise.web.connector.grizzly.ssl.SSLPipeline
> Dec 9, 2009 11:13:11 AM com.sun.enterprise.web.connector.grizzly.SelectorThread
> initEndpoint
> FINE: Initializing Grizzly Non-Blocking Mode
> Dec 9, 2009 11:13:11 AM com.sun.enterprise.web.connector.grizzly.ssl.SSLAsyncReadTask
> manageKeepAlive
> FINE: SocketChannel Read Exception:
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
> at
> com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:
> 938)
> at
> com
> .sun
> .net
> .ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:
> 465)
> at
> com
> .sun
> .net
> .ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:
> 1081)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:
> 1053)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452)
> at
> com
> .sun
> .enterprise.web.connector.grizzly.ssl.SSLUtils.wrap(SSLUtils.java:265)
> at com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake
> (SSLUtils.java:394)
> at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doHandshake
> (SSLReadTask.java:291)
> at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask
> (SSLReadTask.java:214)
> at
> com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:
> 264)
> at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run
> (SSLWorkerThread.java:106)
> Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in
> common
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:
> 1390)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:189)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:177)
> at
> com
> .sun
> .net
> .ssl
> .internal
> .ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:638)
> at
> com
> .sun
> .net
> .ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:
> 425)
> at
> com
> .sun
> .net
> .ssl
> .internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:
> 139)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:
> 516)
> at com.sun.net.ssl.internal.ssl.Handshaker
> $1.run(Handshaker.java:458)
> at java.security.AccessController.doPrivileged(Native Method)
> at com.sun.net.ssl.internal.ssl.Handshaker
> $DelegatedTask.run(Handshaker.java:875)
> at com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.executeDelegatedTask
> (SSLUtils.java:298)
> at com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake
> (SSLUtils.java:373)
> ... 4 more
> Dec 9, 2009 11:13:11 AM com.sun.enterprise.web.connector.grizzly.DefaultReadTask
> finishConnection
> FINEST: finishConnection
>
>
> /i
>
>
> On Dec 9, 2009, at 10:47 AM, Igor Minar wrote:
>
>> Hi there,
>>
>> I'm having a hard time creating an ssl selector with grizzly
>> 1.0.31. Here is my code:
>>
>> KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
>> keyStore.load(new FileInputStream(new File(getKeystorePath())),
>> getKeystorePass().toCharArray());
>>
>> TrustManagerFactory tmf =
>> TrustManagerFactory
>> .getInstance(TrustManagerFactory.getDefaultAlgorithm());
>> tmf.init(keyStore);
>> SSLContext sslContext = SSLContext.getInstance("TLS");
>> sslContext.init(null, tmf.getTrustManagers(), null);
>>
>> grizzlySelector = new SSLSelectorThread();
>> SSLSelectorThread sslSelector = (SSLSelectorThread) grizzlySelector;
>> sslSelector.setSSLContext(sslContext);
>>
>> //
>> sslSelector
>> .setEnabledCipherSuites
>> (sslContext.createSSLEngine().getEnabledCipherSuites()); //doesn't
>> help
>> sslSelector.setSSLImplementation(new JSSEImplementation());
>>
>>
>> When I make a https connection to this selector with an
>> HttpsUrlConnection, I see the same Exception as captured here:
>>
>> http://markmail.org/message/a6ef4zspdfymebnj#query:related
>> %3Aa6ef4zspdfymebnj+page:1+mid:a6ef4zspdfymebnj+state:results
>>
>> I read that discussion thread and in my case I'm providing the
>> correct path to the keystore.
>>
>> Interestingly only a very slightly modified code (due to api
>> changes) with unmodified client code works well with grizzly 1.9.
>>
>> Does anyone have an idea what I'm doing wrong?
>>
>> thanks,
>> Igor
>