SSL handshake problem with jersey-non-blocking-client

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL handshake problem with jersey-non-blocking-client

khanson
Hi!

I want to create a request over SSL to a REST webservice, using keystore and password. The approach I have used previously with blocking jersey client doesn't work with non-blocking client. I create an SSLContext and blocking client seems to be using it automatically. Unfortunately with non-blocking client that is not the case.

        protected void initSSL() throws Exception {
                ClientConfig config = new DefaultNonBlockingClientConfig();
                restClient = NonBlockingClient.create(config);
                KeyStore ks = KeyStore.getInstance("JKS");

                char passphrase[] = passkey.toCharArray();
                FileInputStream fis = null;
                try {
                        fis = new FileInputStream(keystore);
                        ks.load(fis, passphrase);
                } catch (FileNotFoundException e) {
                        ATLogger.warn(Component.bot, "Keystore not found!", this,
                                        getTest(), this);
                } finally {
                        if (fis != null) {
                                fis.close();
                        }
                }

                KeyManagerFactory keyManagerFactory = KeyManagerFactory
                                .getInstance("SunX509");
                keyManagerFactory.init(ks, passphrase);
                KeyManager[] kms = keyManagerFactory.getKeyManagers();

                TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                                return null;
                        }

                        public void checkClientTrusted(
                                        java.security.cert.X509Certificate[] certs, String authType) {
                        }

                        public void checkServerTrusted(
                                        java.security.cert.X509Certificate[] certs, String authType) {
                        }
                } };

                SSLContext context = SSLContext.getInstance("SSL");
                context.init(kms, trustAllCerts, null);
                SSLContext.setDefault(context);
        }

The following exception occurs:

java.util.concurrent.ExecutionException: java.net.ConnectException: Received fatal alert: handshake_failure to <address omitted>
        at java.util.concurrent.FutureTask$Sync.innerGet(Unknown Source)
        at java.util.concurrent.FutureTask.get(Unknown Source)
        at <package omitted>.RESTRequest$1.onComplete(RESTRequest.java:250)
        at com.sun.jersey.api.client.AsyncWebResource$3.done(AsyncWebResource.java:746)
        at java.util.concurrent.FutureTask$Sync.innerSetException(Unknown Source)
        at java.util.concurrent.FutureTask.setException(Unknown Source)
        at com.sun.jersey.client.impl.async.FutureClientResponseListener.onComplete(FutureClientResponseListener.java:111)
        at com.sun.jersey.client.non.blocking.NonBlockingAsyncWebResource$2.run(NonBlockingAsyncWebResource.java:244)
        at com.sun.jersey.client.non.blocking.NonBlockingAsyncWebResource$3.execute(NonBlockingAsyncWebResource.java:253)
        at com.ning.http.client.listenable.ExecutionList$RunnableExecutorPair.execute(ExecutionList.java:128)
        at com.ning.http.client.listenable.ExecutionList.run(ExecutionList.java:113)
        at com.ning.http.client.listenable.AbstractListenableFuture.done(AbstractListenableFuture.java:67)
        at com.ning.http.client.providers.netty.NettyResponseFuture.abort(NettyResponseFuture.java:304)
        at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:99)
        at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:381)
        at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:367)
        at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:334)
        at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1044)
        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:940)
        at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:605)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:282)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:216)
        at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:80)
        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:274)
        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:261)
        at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:349)
        at org.jboss.netty.channel.socket.nio.NioWorker.processSelectedKeys(NioWorker.java:280)
        at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:200)
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:44)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Caused by: java.net.ConnectException: Received fatal alert: handshake_failure to <address omitted>
        at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:95)
        ... 21 more
Caused by: javax.net.ssl.SSLException: Received fatal alert: handshake_failure
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
        at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
        at sun.security.ssl.SSLEngineImpl.recvAlert(Unknown Source)
        at sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source)
        at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
        at javax.net.ssl.SSLEngine.unwrap(Unknown Source)
        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:881)
        ... 16 more

Can't find solution by myself.

Kaarel
Reply | Threaded
Open this post in threaded view
|

Re: SSL handshake problem with jersey-non-blocking-client

khanson
I even tried to add context as a property:
config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
                                new HTTPSProperties(null, context));


Still doesn't work..
Reply | Threaded
Open this post in threaded view
|

Re: SSL handshake problem with jersey-non-blocking-client

Pavel Bucek-2
In reply to this post by khanson
Hello,

looks like you've found a bug. This was not considered when non-blocking
client integration was done. Can you please file new issue and assign it
to me?

Thanks,
Pavel

On 2/16/12 10:20 AM, khanson wrote:

> Hi!
>
> I want to create a request over SSL to a REST webservice, using keystore and
> password. The approach I have used previously with blocking jersey client
> doesn't work with non-blocking client. I create an SSLContext and blocking
> client seems to be using it automatically. Unfortunately with non-blocking
> client that is not the case.
>
> protected void initSSL() throws Exception {
> ClientConfig config = new DefaultNonBlockingClientConfig();
> restClient = NonBlockingClient.create(config);
> KeyStore ks = KeyStore.getInstance("JKS");
>
> char passphrase[] = passkey.toCharArray();
> FileInputStream fis = null;
> try {
> fis = new FileInputStream(keystore);
> ks.load(fis, passphrase);
> } catch (FileNotFoundException e) {
> ATLogger.warn(Component.bot, "Keystore not found!", this,
> getTest(), this);
> } finally {
> if (fis != null) {
> fis.close();
> }
> }
>
> KeyManagerFactory keyManagerFactory = KeyManagerFactory
> .getInstance("SunX509");
> keyManagerFactory.init(ks, passphrase);
> KeyManager[] kms = keyManagerFactory.getKeyManagers();
>
> TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager()
> {
> public java.security.cert.X509Certificate[] getAcceptedIssuers() {
> return null;
> }
>
> public void checkClientTrusted(
> java.security.cert.X509Certificate[] certs, String authType) {
> }
>
> public void checkServerTrusted(
> java.security.cert.X509Certificate[] certs, String authType) {
> }
> } };
>
> SSLContext context = SSLContext.getInstance("SSL");
> context.init(kms, trustAllCerts, null);
> SSLContext.setDefault(context);
> }
>
> The following exception occurs:
>
> java.util.concurrent.ExecutionException: java.net.ConnectException: Received
> fatal alert: handshake_failure to<address omitted>
> at java.util.concurrent.FutureTask$Sync.innerGet(Unknown Source)
> at java.util.concurrent.FutureTask.get(Unknown Source)
> at<package omitted>.RESTRequest$1.onComplete(RESTRequest.java:250)
> at
> com.sun.jersey.api.client.AsyncWebResource$3.done(AsyncWebResource.java:746)
> at java.util.concurrent.FutureTask$Sync.innerSetException(Unknown Source)
> at java.util.concurrent.FutureTask.setException(Unknown Source)
> at
> com.sun.jersey.client.impl.async.FutureClientResponseListener.onComplete(FutureClientResponseListener.java:111)
> at
> com.sun.jersey.client.non.blocking.NonBlockingAsyncWebResource$2.run(NonBlockingAsyncWebResource.java:244)
> at
> com.sun.jersey.client.non.blocking.NonBlockingAsyncWebResource$3.execute(NonBlockingAsyncWebResource.java:253)
> at
> com.ning.http.client.listenable.ExecutionList$RunnableExecutorPair.execute(ExecutionList.java:128)
> at
> com.ning.http.client.listenable.ExecutionList.run(ExecutionList.java:113)
> at
> com.ning.http.client.listenable.AbstractListenableFuture.done(AbstractListenableFuture.java:67)
> at
> com.ning.http.client.providers.netty.NettyResponseFuture.abort(NettyResponseFuture.java:304)
> at
> com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:99)
> at
> org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:381)
> at
> org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:367)
> at
> org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:334)
> at
> org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1044)
> at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:940)
> at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:605)
> at
> org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:282)
> at
> org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:216)
> at
> org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:80)
> at
> org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
> at
> org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:274)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:261)
> at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:349)
> at
> org.jboss.netty.channel.socket.nio.NioWorker.processSelectedKeys(NioWorker.java:280)
> at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:200)
> at
> org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
> at
> org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:44)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
> at java.lang.Thread.run(Unknown Source)
> Caused by: java.net.ConnectException: Received fatal alert:
> handshake_failure to<address omitted>
> at
> com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:95)
> ... 21 more
> Caused by: javax.net.ssl.SSLException: Received fatal alert:
> handshake_failure
> at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.recvAlert(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
> at javax.net.ssl.SSLEngine.unwrap(Unknown Source)
> at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:881)
> ... 16 more
>
> Can't find solution by myself.
>
> Kaarel
>
> --
> View this message in context: http://jersey.576304.n2.nabble.com/SSL-handshake-problem-with-jersey-non-blocking-client-tp7290425p7290425.html
> Sent from the Jersey mailing list archive at Nabble.com.
>