Hello,
First of all, a big thanks for this project.
It is well written, well documented, and very helpful!
I am opening an issue regarding the "Support for using multiple identity materials and trust materials" as I believe it might not be behaving correctly.
In order to illustrate my example, I am going to simplify to two different services (instead of a large number)
First service I need to talk to: OrderService. It is a service where one will place orders. (I order a video game, I order a bicycle)
Second service I need to take to, DeliveryService. It is a service where one will deliver something to someone. It can work a standalone, I deliver this contract to this person, often used in conjunction of OrderService, I deliver the video game I just ordered to someone.
The two companies owning the services are competing company, they will enforce client to have it their own keystores. No way possible to go to one company and say: If I bring you the certificate I use to talk to the other service, can you trust it as well? No no.
In order to perform such, I am using this library, where I beforehand verified.
SSLFactory sslFactory = SSLFactory.builder()
.withIdentityMaterial(Paths.get(/path/to/orderservice/client-to-talk-to-orderservice-keystore.p12), "talkToOrderService".toCharArray())
.withTrustMaterial(Paths.get(/path/to/truststore.p12), "trustStorePassPhrase".toCharArray())
.build();
return NettySslUtils.forClient(sslFactory).build();
This is working fine to talk to order service
But also, I verified,
SSLFactory sslFactory = SSLFactory.builder()
.withIdentityMaterial(Paths.get(/path/to/deliveryservice/client-to-talk-to-deliveryservice-keystore.p12), "talkToDeliveryService".toCharArray())
.withTrustMaterial(Paths.get(/path/to/truststore.p12), "trustStorePassPhrase".toCharArray())
.build();
return NettySslUtils.forClient(sslFactory).build();
This is working fine to talk to delivery service (mock the step to talk to order service)
Now, chaining the two calls, first talk to order service, then to delivery service.
SSLFactory sslFactory = SSLFactory.builder()
.withIdentityMaterial(Paths.get(/path/to/orderservice/client-to-talk-to-orderservice-keystore.p12), "talkToOrderService".toCharArray())
.withIdentityMaterial(Paths.get(/path/to/deliveryservice/client-to-talk-to-deliveryservice-keystore.p12), "talkToDeliveryService".toCharArray())
.withTrustMaterial(Paths.get(/path/to/truststore.p12), "trustStorePassPhrase".toCharArray())
.build();
return NettySslUtils.forClient(sslFactory).build();
This still yields javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca; nested exception is io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
Could you please help?
Thank you