23 September 2011

HOW TO RUN Embedding Jetty with configured SSL (HTTPS) ?

Solution based on embbeded jetty 6.1, keytool , windows XP

WARNING!
* This is instructions shows how EMBEDDED JETTY with SSL works.
* HOWEVER You need perform few modification make this usable and safe in real world enviroments!
So you go through instructions from http://docs.codehaus.org/display/JETTY/How+to+configure+SSL and .... it doesn't work.

First, you need to create certificate.

1)Run cmd and type

keytool -genkey -validity 365 -keystore ssugg.keystore -keyalg RSA
where:
365 is how long certificate is valid
ssugg.keystore - name of file (change ssugg to whatever you want
INFO:
if you see error :
'keytool' is not recognized as an internal or external command, operable program or batch file."
but you are damn sure,that you install java,then you can find program in "C:\Program Files\Java\(Your JDK)\bin"
where Your JDK will looks like : jdk1.6.0_21 or but with diff numbers).

WARNING!
* Do not forgot about -keyalg RSA,otherwise keytool will use DSA algoritm and you will screwed up.
* Jetty has even special page to say that:
"Note: DSA key algorithm certificate produces an error after several loading of pages. In browser, it gives you a message "Could not establish an encrypted connection because certificate presented by localhost has an invalid signature."
and they wrote that solution for this problem is: " use RSA for key algorithm."


2) Then you need answer on few questions (if you signed to dating websites,then you should have no problem with answering on them).

Enter keystore password: nonguestablepassword
Re-enter new password: nonguestablepassword
What is your first and last name?
[Unknown]: dom sym
What is the name of your organizational unit?
[Unknown]: cave
What is the name of your organization?
[Unknown]: pijama corp.
What is the name of your City or Locality?
[Unknown]: bangor
What is the name of your State or Province?
[Unknown]: gwynedd
What is the two-letter country code for this unit?
[Unknown]: gb
Is CN=dom sym, OU=cave, O=pijama corp., L=bangor, ST=gwynedd, C=gb correct?
[no]: yes

Enter key password for <mykey>
(RETURN if same as keystore password):

(I pressed RETURN ,but i advice use different password)


3)Then you need self singed your certificate.

To do that you need type:
keytool -selfcert -validity 365 -keystore ssugg.keystore -file c:\

where:
365 how long sign is valid
ssugg.keystore - name of keystore file
c:\ - path


4) Copy your sugg.keystore file to your project
(for example C:\dev\projects\smellypijamas\etc\keystore\ssugg.keystore)

Second, you need to create configure embbedded jetty
package dom.pijamas;


import java.io.IOException;


import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


import org.mortbay.jetty.Connector;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.Server;
import org.mortbay.jetty.handler.AbstractHandler;
import org.mortbay.jetty.security.SslSocketConnector;




public class Mainlab extends AbstractHandler {




public void handle(String target, HttpServletRequest request, HttpServletResponse response, int arg) throws IOException, ServletException{
response.setContentType("text/html;charset=utf-8");
response.setStatus(HttpServletResponse.SC_OK);
System.out.println("Handled");
response.getWriter().println("<h1>Embedded jetty with ssl (https) works!</h1>" + "request URI=" + request.getRequestURI());
((Request)request).setHandled(true);
}


public static void main(String[] args) {
Server server = new Server(8099); //you can set port here or use new Server()
SslSocketConnector connector = new SslSocketConnector();
connector.setPort(8099); //or here .it's up to you
connector.setPassword("nonguestablepassword"); //password which you set during creation of certificate
connector.setKeyPassword("nonguestablepassword"); //password which you set during creation of certificate
connector.setKeystore("C:\\dev\\projects\\searchapp\\search-suggestions-service\\etc\\keystore\\ssugg.keystore"); // path to your keystroke file (depend what you've done in step 4(or 3 )
connector.setTrustPassword("nonguestablepassword");
server.setConnectors(new Connector[] { connector });
server.setHandler(new Mainlab());
try {
server.start();
server.join();
}
catch (Exception e) {
System.err.println("It is bad day for jetty and it's moody ,because " + e.getMessage());
}
}


}

5) Run your browser and type your https://localhost:8099/ (use your port of couse)
6) You will see that your browser is concern about certificate,so confirm that evertyhing is right and
7) enjoy view of message "Embedded jetty with ssl (https) works!"

Update:
Another example of run embedded jetty server can be found here :https://cwiki.apache.org/WICKET/jetty6-testing.html