juhijariwala / jsslutils Goto Github PK

What steps will reproduce the problem?
1. Construct a KeyStoreLoader by doing: 
KeyStoreLoader ksl = new KeyStoreLoader()
2. call ksl.setKeyStorePath("NONE");
3. call ksl.setKeyStorePassword("the correct password");
3. call ksl.setKeyStoreInputStream(jksInputStream); where jksInputStream is a 
non-null inputstream to a jks file.
4. call ksl.loadKeyStore()

What is the expected output? 
Expect at this point that my keystore is loaded and returned by the 
loadKeyStore() method.

What do you see instead?
Instead, the KeyStore is not loaded because the keyStoreInputStream is null.

What version of the product are you using? 
1.0.5

On what operating system?
Running on my local Windows 7 Enterprise machine.


Please provide any additional information below.
By debugging the source of KeyStoreLoader, I see this:
391:  InputStream keyStoreInputStream = this.keyStoreInputStream;
392:  try {
393:      keyStoreInputStream = (!"NONE".equals(this.keyStorePath)) ? new 
FileInputStream(
394:               this.keyStorePath)
395:               : null;

Since I do not want the KeyStoreLoader to load the jks from a file but rather 
my inputStream, I have set keyStorePath = "NONE", so the code above sets the 
local variable keyStoreInputStream = null (which I believe is the bug), rather 
than to the properly-set member variable this.keyStoreInputStream.

I am thinking the fix should be:
393:   if (!"NONE".equals(this.keyStorePath)) {
394:       keyStoreInputStream = new FileInputStream(this.keyStorePath);
395:   }

Or, as per the javadoc comment in the setKeyStoreInputStream method "If null, 
falls back to KeyStore path.", the better fix might be:
393:   if (null != this.keyStoreInputStream) {
394:       keyStoreInputStream = new FileInputStream(this.keyStorePath);
395:   }

As a side note, I want to say THANK YOU for taking the time to write this 
awesome little api! 
You saved me hours and hours of implementing this myself!
-Tim

What steps will reproduce the problem?
1. Specify system property org.jsslutils.prop.crlReloadInterval to n value. 
This is the number of seconds CRLs are reloaded
2. CRLs are reloaded after n seconds
3. There are no CRLs reloaded after that.

What is the expected output? What do you see instead?
Expected CRLs to reloaded every n seconds but CRLs reloaded only once

What version of the product are you using? On what operating system?
happens in JsslUtils 1.0.5 on both windows and linux.

Please provide any additional information below.

In PKIXSSLContextFactory class the call made in line 361
            crlReloaderScheduledThreadPoolExecutor.schedule(reloader,
                    reloadInterval, TimeUnit.SECONDS);

should be
               crlReloaderScheduledThreadPoolExecutor.scheduleAtFixedRate(...)

When I utilize SslContextedSecureProtocolSocketFactory on Tomcat all works 
well, but when I use in JBoss, I get the following error:


java.lang.IncompatibleClassChangeError: Class 
org.jsslutils.extra.apachehttpclient.SslContextedSecureProtocolSocketFactory 
does not implement the requested interface 
org.apache.commons.httpclient.protocol.ProtocolSocketFactory
    org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
    org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
    org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)

Not sure why this is being thrown b/c I know 
SslContextedSecureProtocolSocketFactory  extends an interface that then extends 
ProtocolSocketFactory.

I am using it like the example code:
X509SSLContextFactory sslContextFactory =
    new X509SSLContextFactory(keyStore, "keypassword", trustStore);
SSLContext sslClientContext = sslContextFactory.buildSSLContext();

// Using SslContextedSecureProtocolSocketFactory
// This doesn't depend on the rest of jSSLutils and could use any
// other SSLContext.
HttpClient httpClient = new HttpClient();
SslContextedSecureProtocolSocketFactory secureProtocolSocketFactory =
   new SslContextedSecureProtocolSocketFactory(sslClientContext);

Protocol.registerProtocol("https", new Protocol("https",
   (ProtocolSocketFactory)secureProtocolSocketFactory, 443));

Thanks

What steps will reproduce the problem?
1.  Configure X509SSLContextFactory through no-arg constructor and configure
2.  Get sslContext
3.  Get java.security.UnrecoverableKeyException: Password must not be null

What is the expected output? What do you see instead?
I expect that setting the  org.jsslutils.prop.keyPassword would perform the 
same functionality as 'setKeyPassword(char[])', but it never calls it


What version of the product are you using? On what operating system?
1.0.5 on a Mac


Please provide any additional information below.

Dear JSSLUtils development team,

I've been using JSSLUtils with Tomcat 6 but now I need to switch to Tomcat 7. 
I've tried to make the last version available from downloads but it doesn't 
seem to work with Tomcat 7. Yes, I noticed it is for Tomcat 6 but I tried 
anyhow. Are there any plans to make it also available for Tomcat 7?

Thanks.

I am using the attached client program to get certificate from server. This
client program is getting and storing trusted entries into my trustStore,
but the client is failing at the time of sending a request to server. The
exception it is throwing is: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target

case 1:
If I place original trustStore(cacerts, which java provides) and do the
following:
1. I am trying to connect server1, It will connect properly.
2. If I try to connect server2, it will fail to connect.
3. If I stop & start JVM(my app), both servers got connected.

case2:
If I place original trustStore(cacerts, which java provides) and do the
following:
1. I am trying to connect server2, It will connect properly.
2. If I try to connect server1, it will fail to connect.
3. If I stop & start JVM(my app), both servers got connected.

In both cases certificate entries are getting stored properly and if I
restart my application, I am able to connect to both the servers.

Please provide your views why I am getting the exception when I am trying
to connect to the second server in both the above cases. Why the JVM is not
recognizing the second server's certificate ? Why the JVM is recognizing
the certificate only if I do a restart the application ( My requirement is
that I should not restart the application) ?

Thanks In Advance,
Vamsee.