Issue2629

classification

Title:	Setting javax.net.ssl.keyStore in script
Type:	behaviour	Severity:	major
Components:	Core	Versions:	Jython 2.7
		Milestone:

process

Status:	open	Resolution:
Dependencies:		Superseder:
Assigned To:		Nosy List:	Neha, eknord, stefan.richthofer, zyasoft
Priority:	normal	Keywords:

Created on 2017-10-04.16:11:57 by eknord, last changed 2018-03-22.08:46:12 by jeff.allen.

Messages
msg11616 (view)	Author: Erik Nord (eknord)	Date: 2017-10-04.16:11:56
I’m trying to set the following in my Jython script: System.setProperty("javax.net.ssl.keyStore", "development.jks"); System.setProperty("javax.net.ssl.keyStorePassword", "changeit"); System.setProperty("javax.net.ssl.keyStoreType", "jks"); System.setProperty("javax.net.ssl.trustStore", "developmentTrusted.jks"); System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); System.setProperty("javax.net.ssl.trustStoreType", "jks"); System.setProperty("javax.net.debug", "ssl”); Which works fine, in the essence of the script. I can even print out the get for each of the properties, and they look proper. When I look into the ssl logs, I see that the trustStore get properly loaded into the JVM: trustStore is: developmentTrusted.jks trustStore type is : jks trustStore provider is : init truststore adding as trusted cert: ... At no point am I seeing the keyStore get loaded into the JVM. When I run this in pure Java, I see the following, which is what is missing from the Jython logs: keyStore is : development.jks keyStore type is : jks keyStore provider is : init keystore ... The issue I’m running into is that I’m not able to properly pass client certificates when the script is required to pass a client certificate to an API or load balancer. I get the following exception in my ssl logs: * CertificateRequest Cert Types: RSA, DSS, ECDSA Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Cert Authorities: <Empty> * ServerHelloDone Warning: no suitable certificate found - continuing without client authentication * Certificate chain <Empty> * Is there an issue with loading a custom keystore with Jython? What is the proper way to load a custom keystore using Jython? I’m using Jython 2.7.1 and Java 1.8.
msg11619 (view)	Author: Stefan Richthofer (stefan.richthofer)	Date: 2017-10-04.16:41:17
Possibly related to http://bugs.jython.org/issue2614, but with a better reproducibility potential. Adding that issue's nosy list... @Erik I suppose this is Jim's domain (zyasoft), so we'll have to await his reply. So far I just wanted to make sure this is properly tracked.

History
Date	User	Action	Args
2018-03-22 08:46:12	jeff.allen	set	priority: normal milestone: Jython 2.7.2 ->
2017-10-04 16:41:18	stefan.richthofer	set	nosy: + Neha, zyasoft, stefan.richthofer messages: + msg11619 milestone: Jython 2.7.1 -> Jython 2.7.2
2017-10-04 16:11:57	eknord	create