Sorry for the spam... (I hope this is relevant?)
I found the difference, in my use of SSLContextFactory, I was not calling:
sslContextFactory.setTrustManagerFactoryAlgorithmUseDefault(true);
sslContextFactory.setKeyManagerFactoryAlgorithmUseDefault(true);
I seriously think these should be the default behavior. If these are
not set, and no protocol is set, the factory simply fails to create
either a KeyManagerFactory or TrustManagerFactory internally with no
warnings or errors. (lines 83 & 98 of SslContextFactory.java in
release 2.0.0-M1)
I believe this is from the mina-integration subproject... is there a
more appropriate list or bug database I should submit this to?
On Fri, Mar 7, 2008 at 2:14 PM, Mark Renouf <[EMAIL PROTECTED]> wrote:
> Another update.
> Ok. That hunch payed off... I replaced the SSLContextFactory with the
> manual equivalent and it's working now....
>
> My eyes are a bit weary at this point so I can't spot an obvious
> difference. Hopefully I'll have a chance to go look at
> SSLContextFactory and compare it with this code, there's got to be a
> critical difference somewhere.
>
> Anyway, here is the working init code to create the each SSLContext.
> This is the only part I changed:
>
> KeyStore serverKeyStore = KeyStore.getInstance("PKCS12");
> serverKeyStore.load(loader.getResourceAsStream("ssl/server.p12"),
> DEFAULT_KEY_PASS.toCharArray());
>
> KeyStore clientKeyStore = KeyStore.getInstance("PKCS12");
> clientKeyStore.load(loader.getResourceAsStream("ssl/client.p12"),
> DEFAULT_KEY_PASS.toCharArray());
>
> KeyStore trustStore = KeyStore.getInstance("JKS");
> trustStore.load(loader.getResourceAsStream("ssl/trusted.jks"),
> DEFAULT_KEY_PASS.toCharArray());
>
> KeyManagerFactory serverKeyManagerFactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> serverKeyManagerFactory.init(serverKeyStore,
> DEFAULT_KEY_PASS.toCharArray());
> KeyManager[] serverKeyManagers =
> serverKeyManagerFactory.getKeyManagers();
>
> KeyManagerFactory clientKeyManagerFactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> clientKeyManagerFactory.init(clientKeyStore,
> DEFAULT_KEY_PASS.toCharArray());
> KeyManager clientKeyManagers[] =
> clientKeyManagerFactory.getKeyManagers();
>
> TrustManagerFactory serverTrustManagerFactory =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> serverTrustManagerFactory.init(trustStore);
> TrustManager[] serverTrustManagers =
> serverTrustManagerFactory.getTrustManagers();
>
> TrustManagerFactory clientTrustManagerFactory =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> clientTrustManagerFactory.init(trustStore);
> TrustManager[] clientTrustManagers =
> clientTrustManagerFactory.getTrustManagers();
>
> SSLContext serverSSLContext = SSLContext.getInstance("TLS");
> serverSSLContext.init(serverKeyManagers, serverTrustManagers, null);
>
> SSLContext clientSSLContext = SSLContext.getInstance("TLS");
> clientSSLContext.init(clientKeyManagers, clientTrustManagers, null);
