Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] regd. loading certificate from truststore without restarting jetty or loosing sslSocket

Hi,

I need to do ssl client-auth kind of use case using jetty.

The client will be sending their certificate and I'll be registering them in a truststore and then the client can make new requests using the certificate.

I have been able to implement everything but the problem is that after registering the certificate I have to restart jetty for that certificate to be loaded in.

I don't want to restart jetty every time so I wrote some JMX code to restart the SslSocketConnector only. But now the trouble is that the original connection drops after the SslSocketConnector is restarted. If the connection drops then I can't send a response back to the client whose certificate I have just registered.

Is there a way to read in certificates from the truuststore without restarting jetty?

The way I restart SslSocketConnector using JMX is as under:

public void refreshTrustStore() throws Exception {
           System.out.println("In refreshTrustStore");
           try{
               MBeanServer mBeanServer = ManagementFactory.
getPlatformMBeanServer();
                Set names = mBeanServer.queryNames(new ObjectName("*:*"), null);

                 Iterator it=names.iterator();
                 while( it.hasNext()) {
                    ObjectName _oname_= (ObjectName)it.next();

                    MBeanInfo minfo = mBeanServer.getMBeanInfo(oname);

                   
                   
                    if (minfo.getClassName().equals("org.mortbay.jetty.security.SslSocketConnector")) {
                        System.out.println("found ssl socket connector... will try to restart it");

                             System.out.println("Restarting SSL Connector on port ");
                             Object params[] = {};
                             String signature[] = {};
                             ;
                             /**
                              * Stop and restart the connector to get it to re-read the certificate trustfile
                              */
                             mBeanServer.invoke(oname, "stop", params, signature);
                             mBeanServer.invoke(oname, "start", params, signature);
                           
                          }
                       }
                    }
               catch (Exception e) {
                 System.out.println("Did not restart SSL Connector: " + e);
                 e.printStackTrace();
                 throw e;
              }
          
       }

Any help will be greatly appreciated.

Thanks & Regards,
Manu

Back to the top