Search code examples
javasslrestletrestlet-2.0

Restlet sending client certificate

I'm using restlet to create an HTTPS channel with both server and client certification. I have no problem to certificate the server ( ie having the server exposing a certificate and trusting it from the client ) but I have no idea on how to send the client certificate. Here below the server important code:

Server server = component.getServers().add(Protocol.HTTPS, config.getInt("server.port"));
        Series<Parameter> parameters = server.getContext().getParameters();
        parameters.add("keystorePath", config.getString("keystore.path"));
        parameters.add("keystorePassword", config.getString("keystore.password"));
        parameters.add("keyPassword", config.getString("key.password"));
        parameters.add("keystoreType",config.getString("keystore.type"));
        /* true */
        parameters.add("needClientAuthentication", config.getString("need.client.authentication"));

and the client configuration is like this:

if(config.getBoolean("truststore.use")){
            Series<Parameter> parameters = client.getContext().getParameters();
            parameters.add("truststorePath", config.getString("truststore.path"));
            parameters.add("truststorePassword", config.getString("truststore.password"));
            // parameters.add("trustPassword", "password");
            parameters.add("truststoreType", config.getString("truststore.type"));
        parameters.add("keystorePath", config.getString("keystore.path"));
        parameters.add("keystorePassword", config.getString("keystore.password"));
        parameters.add("keyPassword", config.getString("key.password"));
        parameters.add("keystoreType",config.getString("keystore.type"));

        }

until the needClientAuthentication is false all works ok. By setting needClientAuthentication to true it start to fail, and it is expected since I'm not sending the client certificate. The exception rised has the followint message:

Software caused connection abort: recv failed

but I have no idea and did not find any example on how to send a client certificate.

I even added the keystore info on the client and relaxed the constraint on the server to wantClientAuthentication, but no certificates appear to come from the server.

Solution

  • I found the trouble. Apparently server does not start to ask certificates to the client until a trust store is configured on the server too. By configuring the trust store the mutual certification happens correctly.