Hello Mark, On Fri, Mar 7, 2008 at 8:45 PM, Mark Renouf <[EMAIL PROTECTED]> wrote:
> Sorry for the spam... (I hope this is relevant?) > > I found the difference, in my use of SSLContextFactory, I was not calling: > > sslContextFactory.setTrustManagerFactoryAlgorithmUseDefault(true); > sslContextFactory.setKeyManagerFactoryAlgorithmUseDefault(true); > > I seriously think these should be the default behavior. If these are > not set, and no protocol is set, the factory simply fails to create > either a KeyManagerFactory or TrustManagerFactory internally with no > warnings or errors. (lines 83 & 98 of SslContextFactory.java in > release 2.0.0-M1) Your suggestion sounds reasonable. > > > I believe this is from the mina-integration subproject... is there a > more appropriate list or bug database I should submit this to? http://issues.apache.org/jira/browse/DIRMINA regards, Maarten > > > On Fri, Mar 7, 2008 at 2:14 PM, Mark Renouf <[EMAIL PROTECTED]> wrote: > > Another update. > > Ok. That hunch payed off... I replaced the SSLContextFactory with the > > manual equivalent and it's working now.... > > > > My eyes are a bit weary at this point so I can't spot an obvious > > difference. Hopefully I'll have a chance to go look at > > SSLContextFactory and compare it with this code, there's got to be a > > critical difference somewhere. > > > > Anyway, here is the working init code to create the each SSLContext. > > This is the only part I changed: > > > > KeyStore serverKeyStore = KeyStore.getInstance("PKCS12"); > > serverKeyStore.load(loader.getResourceAsStream > ("ssl/server.p12"), > > DEFAULT_KEY_PASS.toCharArray()); > > > > KeyStore clientKeyStore = KeyStore.getInstance("PKCS12"); > > clientKeyStore.load(loader.getResourceAsStream > ("ssl/client.p12"), > > DEFAULT_KEY_PASS.toCharArray()); > > > > KeyStore trustStore = KeyStore.getInstance("JKS"); > > trustStore.load(loader.getResourceAsStream("ssl/trusted.jks"), > > DEFAULT_KEY_PASS.toCharArray()); > > > > KeyManagerFactory serverKeyManagerFactory = > > KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); > > serverKeyManagerFactory.init(serverKeyStore, > > DEFAULT_KEY_PASS.toCharArray()); > > KeyManager[] serverKeyManagers = > > serverKeyManagerFactory.getKeyManagers(); > > > > KeyManagerFactory clientKeyManagerFactory = > > KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); > > clientKeyManagerFactory.init(clientKeyStore, > > DEFAULT_KEY_PASS.toCharArray()); > > KeyManager clientKeyManagers[] = > > clientKeyManagerFactory.getKeyManagers(); > > > > TrustManagerFactory serverTrustManagerFactory = > > TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm > ()); > > serverTrustManagerFactory.init(trustStore); > > TrustManager[] serverTrustManagers = > > serverTrustManagerFactory.getTrustManagers(); > > > > TrustManagerFactory clientTrustManagerFactory = > > TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm > ()); > > clientTrustManagerFactory.init(trustStore); > > TrustManager[] clientTrustManagers = > > clientTrustManagerFactory.getTrustManagers(); > > > > SSLContext serverSSLContext = SSLContext.getInstance("TLS"); > > serverSSLContext.init(serverKeyManagers, serverTrustManagers, > null); > > > > SSLContext clientSSLContext = SSLContext.getInstance("TLS"); > > clientSSLContext.init(clientKeyManagers, clientTrustManagers, > null); >
