I am trying to use Restet ClientResource to connect using HTTPS to a server using a self-signed certificate. I have work using a standalone application that just uses ClientResource, and my custom SSLContextFactory added as an attribute, and the code for it can be seen here:
https://github.com/pixelatedpete/selfsignedexample
When I use the same classes (DynamicTrustManager and SelfSignSslSocketFactory) in a more complex Restlet application (with the same pom as above) that uses Restlet to provide the REST API served by Jetty, my custom SSLContextFactory is no longer used.
I add it to the ClientResource context as above, but I never see a single log message suggesting that the SSLContextFactory provided by ClientResource be passed to the underlying httpclient.
If I rewrite using HttpClient directly and not ClientResource:
HttpPost post = new HttpPost(cr.getReference().toString()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) cf.generateCertificate(...); DynamicTrustManager tm = new DynamicTrustManager(..., cert); SelfSignTrustSslContextFactory scf = (SelfSignTrustSslContextFactory) CloseableHttpClient httpclient = HttpClients.custom().setSslcontext(scf.createSslContext()).build(); CloseableHttpResponse response = httpclient.execute(post);
everything works again.
Is this something that someone else has met and may indicate that I suspect is a very obvious thing that I am missing?
Nb. Tried to use Tomcat again and get the same problem
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Also tried to introduce SslContextFactory (we use Guice here), but that didn't help either.
java ssl restlet
user2919083
source share