Another update.
Ok. That hunch payed off... I replaced the SSLContextFactory with the
manual equivalent and it's working now....
My eyes are a bit weary at this point so I can't spot an obvious
difference. Hopefully I'll have a chance to go look at
SSLContextFactory and compare it with this code, there's got to be a
critical difference somewhere.
Anyway, here is the working init code to create the each SSLContext.
This is the only part I changed:
KeyStore serverKeyStore = KeyStore.getInstance("PKCS12");
serverKeyStore.load(loader.getResourceAsStream("ssl/server.p12"),
DEFAULT_KEY_PASS.toCharArray());
KeyStore clientKeyStore = KeyStore.getInstance("PKCS12");
clientKeyStore.load(loader.getResourceAsStream("ssl/client.p12"),
DEFAULT_KEY_PASS.toCharArray());
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(loader.getResourceAsStream("ssl/trusted.jks"),
DEFAULT_KEY_PASS.toCharArray());
KeyManagerFactory serverKeyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
serverKeyManagerFactory.init(serverKeyStore,
DEFAULT_KEY_PASS.toCharArray());
KeyManager[] serverKeyManagers =
serverKeyManagerFactory.getKeyManagers();
KeyManagerFactory clientKeyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
clientKeyManagerFactory.init(clientKeyStore,
DEFAULT_KEY_PASS.toCharArray());
KeyManager clientKeyManagers[] =
clientKeyManagerFactory.getKeyManagers();
TrustManagerFactory serverTrustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
serverTrustManagerFactory.init(trustStore);
TrustManager[] serverTrustManagers =
serverTrustManagerFactory.getTrustManagers();
TrustManagerFactory clientTrustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
clientTrustManagerFactory.init(trustStore);
TrustManager[] clientTrustManagers =
clientTrustManagerFactory.getTrustManagers();
SSLContext serverSSLContext = SSLContext.getInstance("TLS");
serverSSLContext.init(serverKeyManagers, serverTrustManagers, null);
SSLContext clientSSLContext = SSLContext.getInstance("TLS");
clientSSLContext.init(clientKeyManagers, clientTrustManagers, null);
On Fri, Mar 7, 2008 at 12:07 PM, Mark Renouf <[EMAIL PROTECTED]> wrote:
> Nope, same failure using wantClientAuth, needClientAuth or neither
>
> I seem to remember now the last time I know I had this code working I
> was doing the configuration of the SSLContext directly
> (KeyManagerFactory.getInstance(...), etc...) I'm going to replace that
> and see what happens. Maybe there is a problem in our case using
> SSLContextFactory? Or quite possibly, I'm just not using it properly
> somehow...
