Issue2629

classification
Title: Setting javax.net.ssl.keyStore in script
Type: behaviour Severity: major
Components: Core Versions: Jython 2.7
Milestone:
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: Neha, eknord, stefan.richthofer, zyasoft
Priority: normal Keywords:

Created on 2017-10-04.16:11:57 by eknord, last changed 2018-03-22.08:46:12 by jeff.allen.

Messages
msg11616 (view) Author: Erik Nord (eknord) Date: 2017-10-04.16:11:56
I’m trying to set the following in my Jython script:

	System.setProperty("javax.net.ssl.keyStore", "development.jks");
	System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
	System.setProperty("javax.net.ssl.keyStoreType", "jks");

	System.setProperty("javax.net.ssl.trustStore", "developmentTrusted.jks");
	System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
	System.setProperty("javax.net.ssl.trustStoreType", "jks");

	System.setProperty("javax.net.debug", "ssl”);

Which works fine, in the essence of the script.  I can even print out the get for each of the properties, and they look proper.  When I look into the ssl logs, I see that the trustStore get properly loaded into the JVM:

	trustStore is: developmentTrusted.jks
	trustStore type is : jks
	trustStore provider is : 
	init truststore
	adding as trusted cert:
	...

At no point am I seeing the keyStore get loaded into the JVM.  When I run this in pure Java, I see the following, which is what is missing from the Jython logs:

	keyStore is : development.jks 
	keyStore type is : jks 
	keyStore provider is : 
	init keystore
	...

The issue I’m running into is that I’m not able to properly pass client certificates when the script is required to pass a client certificate to an API or load balancer.  I get the following exception in my ssl logs:

	*** CertificateRequest 
	Cert Types: RSA, DSS, ECDSA 
	Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA 	
	Cert Authorities: 
	<Empty> 
	*** ServerHelloDone 
	Warning: no suitable certificate found - continuing without client authentication 
	*** Certificate chain 
	<Empty> 
	***

Is there an issue with loading a custom keystore with Jython?  What is the proper way to load a custom keystore using Jython?

I’m using Jython 2.7.1 and Java 1.8.
msg11619 (view) Author: Stefan Richthofer (stefan.richthofer) Date: 2017-10-04.16:41:17
Possibly related to http://bugs.jython.org/issue2614, but with a better reproducibility potential. Adding that issue's nosy list...

@Erik I suppose this is Jim's domain (zyasoft), so we'll have to await his reply. So far I just wanted to make sure this is properly tracked.
History
Date User Action Args
2018-03-22 08:46:12jeff.allensetpriority: normal
milestone: Jython 2.7.2 ->
2017-10-04 16:41:18stefan.richthofersetnosy: + Neha, zyasoft, stefan.richthofer
messages: + msg11619
milestone: Jython 2.7.1 -> Jython 2.7.2
2017-10-04 16:11:57eknordcreate