3

I am using Grizzly in order to startup a server and deploy an application which needs client certificates in order to work.

When i am starting up the Grizzly Server, i create two network listeners. A plain one which listens to HTTP and a secure one which is supposed to handle HTTPS requests. While the plain network listener behaves as expected (serves the requests without any security), the HTTPS one is not. The problem is that while i hit the HTTPS endpoint, it prompts me for my client certificate but then nothing happens and the request times out.

I have set "-Djava.net.debug=all" and i can see that the SSL handshake is happening, thus i suspect i am missing something while i set up the Grizzly server. Maybe an authenticator?

The code i use to start up the server is the below:

public void startServer() {
        final String contextPath = "/";
        final WebappContext webappContext = new WebappContext( "Test", contextPath );
        final Map< String, String > contextInitParams = Collections.singletonMap(
                "jersey.config.server.provider.packages", "com.mywebapp" );
        for ( Map.Entry< String, String > entry : contextInitParams.entrySet() )
        {
            webappContext.addContextInitParameter( entry.getKey(), entry.getValue() );
            webappContext.setInitParameter( entry.getKey(), entry.getValue() );
        }
        ServletRegistration servletRegistration = webappContext.addServlet( ServletContainer.class.getName(),
                ServletContainer.class );
        servletRegistration.addMapping( new String[] { "/*" } );
        servletRegistration.setInitParameters( contextInitParams );

        SSLContextConfigurator ssl = new SSLContextConfigurator();
        ssl.setKeyStoreFile( KEY_STORE_FILE_PATH );
        ssl.setKeyStorePass( KEY_STORE_PASSWORD );
        ssl.setTrustStoreFile( TRUSTSTORE_FILE_PATH );
        ssl.setTrustStorePass( TRUSTSTORE_PASSWORD );
        ssl.setSecurityProtocol( "TLSv1.2" );

        SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator( ssl, false, true, true );
        sslEngineConfigurator.setEnabledCipherSuites( new String[] { "TLS_RSA_WITH_AES_128_CBC_SHA",
                "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256",
                "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA" } );

        // HTTP listener
        HttpServer httpServer = GrizzlyHttpServerFactory.createHttpServer( new URI( "http://localhost:8080" ) );
        // HTTPS listener
        NetworkListener lis = new NetworkListener( "HTTPS", "localhost", 8443 );
        lis.setSecure( true );
        lis.setTraceEnabled( true );
        lis.setSSLEngineConfig( sslEngineConfigurator );
        httpServer.addListener( lis );

        httpServer.start();
        webappContext.deploy( httpServer );
        Thread.currentThread().join();
        }

Can anyone spot what is wrong in the above code? Maybe i am missing a handler?

Any help much appreciated. Thank you.

nikkatsa
  • 1,751
  • 4
  • 26
  • 43
  • What client are you using? I don't have time to test right now, but try it with the client api, configured as seen at the bottom of [this post](http://stackoverflow.com/a/28472044/2587435) – Paul Samsotha Mar 19 '15 at 08:25
  • @peeskillet thanks for the comment. I am testing it using a Chrome browser. I can also test it programmatically using a REST client, which will carry the appropriate certificate. The initial SSL handshake seems to be happening but after that the request is timing out – nikkatsa Mar 19 '15 at 08:29
  • 1
    Can you pls. share the testcase on github, so it'll be easier to reproduce? – alexey Mar 29 '15 at 19:29

0 Answers0