I'm trying to use Restlet's ClientResource to connect using HTTPS to a server that uses a self-signed certificate. I have this working using a stand-alone application that just uses ClientResource and my custom SSLContextFactory added as an attribute and code for it can be seen here:
https://github.com/pixelatedpete/selfsignedexample
When I use the same classes (DynamicTrustManager and SelfSignSslSocketFactory) in a more complex Restlet application (with the same pom as above) that uses Restlet to provide a REST API served via Jetty my custom SSLContextFactory is no longer being used.
I add it to the ClientResource context as above but I never see any of the log messages suggesting that the SSLContextFactory provided to ClientResource is passed down to the underlying httpclient.
If I rewrite using HttpClient directly rather than ClientResource:
HttpPost post = new HttpPost(cr.getReference().toString());
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(...);
DynamicTrustManager tm = new DynamicTrustManager(..., cert);
SelfSignTrustSslContextFactory scf = (SelfSignTrustSslContextFactory)
CloseableHttpClient httpclient = HttpClients.custom().setSslcontext(scf.createSslContext()).build();
CloseableHttpResponse response = httpclient.execute(post);
things work again.
Is this something anyone else has come across and can point out what I suspect is a very obvious thing I'm missing?
Nb. Tried again using Tomcat and get the same issue
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Also tried injecting the SslContextFactory (we're using Guice here) but that didn't help either.