You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Fadi Mohsen (Jira)" <ji...@apache.org> on 2020/11/04 16:18:00 UTC
[jira] [Created] (CXF-8363) Jetty certificate hot reload throws
exception due to usage of depreciated SslContextFactory
Fadi Mohsen created CXF-8363:
--------------------------------
Summary: Jetty certificate hot reload throws exception due to usage of depreciated SslContextFactory
Key: CXF-8363
URL: https://issues.apache.org/jira/browse/CXF-8363
Project: CXF
Issue Type: Improvement
Reporter: Fadi Mohsen
When attempting hot reload of certificate using Jetty:s
{noformat}
JettyHTTPDestination destination = (JettyHTTPDestination) server.getDestination();
JettyHTTPServerEngine engine = (JettyHTTPServerEngine) destination.getEngine();
Collection<ConnectionFactory> connectionFactories = engine.getServer().getConnectors()[0].getConnectionFactories();
SslConnectionFactory connectionFactory = (SslConnectionFactory) connectionFactories.stream().filter(cf -> cf instanceof SslConnectionFactory)
.findFirst()
.get();
SslContextFactory sslContextFactory = connectionFactory.getSslContextFactory();
sslContextFactory.reload(ssf -> {
ssf.setSslContext(null);
ssf.setKeyStore(certStore.getKeyStore());
ssf.setKeyStorePassword(new String(certStore.getKeyPassword()));
});{noformat}
I got this exception:
{noformat}
java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1277)
at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1259)
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374)
at org.eclipse.jetty.util.ssl.SslContextFactory.reload(SslContextFactory.java:1990){noformat}
After reading on the issue, it turned out that CXF´s JettyHTTPServerEngine is using the deprecated :
{noformat}
createConnector-> sslcf = new SslContextFactory(){noformat}
whereas it should been using:
{noformat}
sslcf = new SslContextFactory.Server(){noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)