La réception de transport HTTP erreur : javax.net.le protocole ssl.SSLHandshakeException: le soleil.de sécurité.programme de validation.ValidatorException: PKIX chemin de bâtiment échoué
Je me suis mise en œuvre d'un jax-ws client de service web dans un maven sous module à l'aide de jaxws-maven-plugin avec wsimport objectif, qui est en charge de l'analyse des multiples configuré .fichiers wsdl afin de générer des artefacts de code du client.
Le processus de génération fonctionne très bien, mais lors de la mise en œuvre du client, j'ai besoin d'utiliser SSL lors de la communication avec le déploiement du service web. Pour cela, le client m'a fourni avec un certificat (cert.p12 fichier) et un mot de passe .
Que je n'ai pas accès à la HttpsURLConnection pour initialiser le SSLContext par programmation lors de l'utilisation de l'jax-ws artefacts produits à mettre en œuvre le client de service web, j'ai codé un initProxySettings() méthode qui sera en charge de la définition des propriétés du système avant d'appeler le client comme indiqué ci-dessous.
private void initProxySettings() {
Properties systemSettings = System.getProperties();
systemSettings.setProperty("proxySet", "true");
systemSettings.setProperty("http.proxyHost", proxyHost);
systemSettings.setProperty("http.proxyPort", "443");
systemSettings.setProperty("https.proxyHost", sslProxyHost);
systemSettings.setProperty("https.proxyPort", sslProxyPort);
systemSettings.setProperty("javax.net.ssl.keyStore", p12FilePath);
systemSettings.setProperty("javax.net.ssl.keyStorePassword",p12FilePassword);
systemSettings.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
systemSettings.setProperty("javax.net.debug", "ssl");
System.setProperties(systemSettings);
}
Lorsque vous essayez d'exécuter un connecté test avec le service, j'obtiens l'erreur suivante :
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:121)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:142)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:83)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:105)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:587)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:546)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:531)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:428)
at com.sun.xml.internal.ws.client.Stub.process(Stub.java:211)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:124)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:98)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
at $Proxy95.reportRatesTrade(Unknown Source)
at myCompany.connectivity.myApp.wsconnector.FpmlReportSender.sendRateFpmlReport(FpmlReportSender.java:66)
at myCompany.connectivity.myAPP.wsconnector.FpmlWsClientSender.sendFpmlViaWebService(FpmlWsClientSender.java:67)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.camel.component.bean.MethodInfo.invoke(MethodInfo.java:407)
at org.apache.camel.component.bean.MethodInfo$1.doProceed(MethodInfo.java:278)
at org.apache.camel.component.bean.MethodInfo$1.proceed(MethodInfo.java:251)
at org.apache.camel.component.bean.BeanProcessor.process(BeanProcessor.java:166)
at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:72)
at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:398)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:118)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:80)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.component.file.GenericFileConsumer.processExchange(GenericFileConsumer.java:401)
at org.apache.camel.component.file.GenericFileConsumer.processBatch(GenericFileConsumer.java:201)
at org.apache.camel.component.file.GenericFileConsumer.poll(GenericFileConsumer.java:165)
at org.apache.camel.impl.ScheduledPollConsumer.doRun(ScheduledPollConsumer.java:187)
at org.apache.camel.impl.ScheduledPollConsumer.run(ScheduledPollConsumer.java:114)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:98)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:181)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:205)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:109)
... 43 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:325)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:219)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1053)
... 55 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:320)
... 61 more
Ici est un extrait de l'SSL de débogage qui j'ai raccourcir :
keyStore type is : pkcs12
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : company- mail@mail.com
chain [0] = [
[
Version: V3
Subject: CN=company99DF011B-51A9-57F9-E341-E0A68D4B9751, OU=USERS, O=KGC0418
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunPKCS11-Solaris RSA public key, 2048 bits (id 139309464, session object)
modulus: 22112756093157512458757695440781457752806273315592450355957740196952202759592017766120571999875831031807562268295134910443622272782776544232874456458580772402436337356828895708779249509298037562892132455656130873883482145964182231114271360652011365917415253840206676718726431817484730833855366587344152579527243740623
public exponent: 65537
Validity: [From: Sun Dec 08 17:31:09 MET 2013,
To: Thu Jan 08 17:31:09 MET 2015]
Issuer: CN=KGC0418 companyPROD, OU=company Authorized Use Only, O=KGC0418, C=US
SerialNumber: [ 03]
Certificate Extensions: 3
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
S/MIME
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 1A C2 D9 E5 AC 6D 36 2F 65 F1 4C A2 11 3B 92 EB .....m6/e.L..;..
0010: 9B F9 4B CA ..K.
]
[CN=company Global Root CA, OU=company Authorized Use Only, O=COMPANY, C=US]
SerialNumber: [ 14]
]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:....
.........
......
.....
.....
***
trustStore is: /usr/jdk/instances/jdk1.6.0/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
.........
........
.........
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1373450395 bytes = { 223, 37, 1, 148, 219, 69, 149, 109, 169, 194, 44, 197, 99, 80, 16, 189, 197, 104, 28, 99, 157, 172, 34, 240, 145, 73, 49, 89 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
Camel (myApp) thread #0 - file://src/test/resources/fpml, WRITE: TLSv1 Handshake, length = 73
Camel (myApp) thread #0 - file://src/test/resources/fpml, WRITE: SSLv2 client hello message, length = 98
Camel (myApp) thread #0 - file://src/test/resources/fpml, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1373446593 bytes = { 83, 8, 141, 30, 34, 196, 26, 7, 232, 255, 119, 56, 80, 5, 201, 181, 68, 107, 17, 160, 109, 152, 79, 219, 19, 16, 181, 222 }
Session ID: {146, 198, 54, 212, 84, 229, 79, 190, 99, 152, 78, 98, 18, 19, 152, 253, 197, 212, 1, 37, 17, 33, 77, 113, 59, 86, 136, 120, 33, 19, 126, 1}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
Camel (myApp) thread #0 - file://src/test/resources/fpml, READ: TLSv1 Handshake, length = 1295
*** Certificate chain
chain [0] = [
[....
.....
.....
.....
[9]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:...
....
...
]
***
Camel (myApp) thread #0 - file://src/test/resources/fpml, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Camel (myApp) thread #0 - file://src/test/resources/fpml, WRITE: TLSv1 Alert, length = 2
Camel (myApp) thread #0 - file://src/test/resources/fpml, called closeSocket()
Camel (myApp) thread #0 - file://src/test/resources/fpml, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Finalizer, called close()
Finalizer, called closeInternal(true)
Pourriez-vous me dire si c'est la bonne façon d'utiliser un .certificat p12 avec JAX-WS client ? Si mon application est significatif, ce qui me manque alors ?
------ Mise à JOUR -------
Comme suggéré par @Jcs dans le prochain post, j'ai créé une coutume nouvelle clé de stockage dans un format JKS par les étapes suivantes :
1/Extraire la clé publique du cert.p12 fichier à l'aide de la commande :
openssl.exe pkcs12 -in cert.p12 -clcerts -nokeys -out publicCert.pem
2/la Création d'un nouveau magasin de confiance dans JKS format :
keytool -import -alias test -file publicCert.pem -keystore myTrustStore.jks
Puis en gardant la même configuration pour le fichier de clés, j'ai configuré le trusStore propriétés de cette nouvelle généré JKS magasin comme suit :
systemSettings.setProperty("javax.net.ssl.trustStore", myTrustStore.jks);
systemSettings.setProperty("javax.net.ssl.trustStorePassword", jksFilePassword);
systemSettings.setProperty("javax.net.ssl.trustStoreType", "JKS");
/*****/
systemSettings.setProperty("javax.net.ssl.keyStore", cert.p12);
systemSettings.setProperty("javax.net.ssl.keyStorePassword", p12FilePassword);
systemSettings.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
Maintenant de ce que je vois dans le protocole ssl.console de débogage, le trustStore points à celui que j'ai mis dans ma mise en œuvre :
***
trustStore is: src\test\resources\certificate\myTrustStore.jks
trustStore type is : JKS
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=COMPANY 99DF011B-51A9-57F9-E341-E0A68D4B9751, OU=USERS, O=KGC0418
Issuer: CN=KGC0418 XXXXXXXXX
Algorithm: RSA; Serial number: 0x3
Valid from Sun Dec 08 17:31:09 GMT+01:00 2013 until Thu Jan 08 17:31:09 GMT+01:00 2015
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1373559519 bytes = { 73, 210, 46, 42, 251, 113, 112, 255, 135, 100, 241, 240, 245, 125, 197, 72, 118, 72, 226, 121, 151, 222, 36, 76, 69, 108, 59, 223 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
Camel (camel-2) thread #0 - file://src/test/resources/fpml, WRITE: TLSv1 Handshake, length = 73
Camel (camel-2) thread #0 - file://src/test/resources/fpml, WRITE: SSLv2 client hello message, length = 98
Camel (camel-2) thread #0 - file://src/test/resources/fpml, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1373559520 bytes = { 208, 198, 151, 119, 235, 39, 193, 62, 48, 230, 205, 106, 86, 238, 78, 91, 82, 255, 187, 234, 12, 5, 121, 49, 30, 109, 211, 209 }
Session ID: {6, 28, 249, 26, 112, 151, 19, 203, 2, 16, 79, 111, 188, 253, 24, 4, 247, 139, 66, 144, 210, 30, 101, 226, 40, 73, 228, 161, 55, 230, 221, 114}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
Camel (camel-2) thread #0 - file://src/test/resources/fpml, READ: TLSv1 Handshake, length = 1295
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=xxxxxxxxxxxx
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 26518340377185970618433427871998795874305944949774222457599695023228997443108630011833718821919400987851754545189639992819856454324827540671299918071626122667103792561945932972886083246760975456684092491592159887675835743379582226715892057387136711529603424019350987371140627696296825793550900188321364783977163343619847560039629745177775488269466101953205609461762679291911956872358518707250384413293488030799581673273259857148207483603504965811669522407902645141827155299400058670101699158958543405382995894352227209548308584112363108195961049506258872806165116902528885827281882201616114758666943336739405701681289
public exponent: 65537
Validity: [From: Thu Nov 07 12:56:30 GMT+01:00 2013,
To: Sat Jan 09 18:53:11 GMT+01:00 2016]
Issuer: CN=GeoTrust SSL CA, O="GeoTrust, Inc.", C=US
SerialNumber: [ 02a093]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://gtssl-ocsp.geotrust.com,
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://gtssl-aia.geotrust.com/gtssl.crt]
]
....
[2]: ObjectId: 2.xx.xx.17 Criticality=false
....
[3]: ObjectId: 2.xx.xx.35 Criticality=false
...
[4]: ObjectId: 2.xx.xx.14 Criticality=false
....
[5]: ObjectId: 2.xx.xx.32 Criticality=false
....
[6]: ObjectId: 2.xx.xx.19 Criticality=true
....
[7]: ObjectId: 2.xx.xx.37 Criticality=false
....
[8]: ObjectId: 2.xx.xx.31 Criticality=false
..
.
[9]: ObjectId: 2.xx.xx.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 14 EB 1F A8 91 DE F0 A6 54 B4 BB D1 6F E4 10 63 ........T...o..c
]
***
Camel (camel-2) thread #0 - file://src/test/resources/fpml, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Camel (camel-2) thread #0 - file://src/test/resources/fpml, WRITE: TLSv1 Alert, length = 2
Camel (camel-2) thread #0 - file://src/test/resources/fpml, called closeSocket()
Camel (camel-2) thread #0 - file://src/test/resources/fpml, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Camel (camel-2) thread #0 - file://src/test/resources/fpml, called close()
Camel (camel-2) thread #0 - file://src/test/resources/fpml, called closeInternal(true)
mais j'ai encore le même message d'erreur :
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:121)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:142)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:83)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:105)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:587)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:546)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:531)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:428)
at com.sun.xml.internal.ws.client.Stub.process(Stub.java:211)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:124)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:98)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
at $Proxy102.reportRatesTrade(Unknown Source)
at myCompany.connectivity.myApp.wsconnector.FpmlReportSender.sendRateFpmlReport(FpmlReportSender.java:75)
at myCompany.connectivity.myApp.wsconnector.FpmlWsClientSender.sendFpmlViaWebService(FpmlWsClientSender.java:67)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.camel.component.bean.MethodInfo.invoke(MethodInfo.java:407)
at org.apache.camel.component.bean.MethodInfo$1.doProceed(MethodInfo.java:278)
at org.apache.camel.component.bean.MethodInfo$1.proceed(MethodInfo.java:251)
at org.apache.camel.component.bean.BeanProcessor.process(BeanProcessor.java:166)
at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:72)
at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:398)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:118)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:80)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.component.file.GenericFileConsumer.processExchange(GenericFileConsumer.java:401)
at org.apache.camel.component.file.GenericFileConsumer.processBatch(GenericFileConsumer.java:201)
at org.apache.camel.component.file.GenericFileConsumer.poll(GenericFileConsumer.java:165)
at org.apache.camel.impl.ScheduledPollConsumer.doRun(ScheduledPollConsumer.java:187)
at org.apache.camel.impl.ScheduledPollConsumer.run(ScheduledPollConsumer.java:114)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:98)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:181)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:205)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:109)
... 43 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:294)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:200)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1053)
... 55 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:289)
... 61 more
Ai-je régler à la fois le keyStore et le trustStore correctement ?
Issuer: CN=KGC0418 XXXXXXXXX
, et le serveur utilise certifiace avec Issuer: CN=GeoTrust SSL CA
. Essayez d'ajouter le certificat de droit (Émetteur: CN=GeoTrust SSL CA, O="GeoTrust, Inc.", C=US) à truststore.
OriginalL'auteur Karim L. | 2014-01-20
Vous devez vous connecter pour publier un commentaire.
Autant que je le vois, vous utilisez correctement le fichier PKCS#12. Le problème est causé par le certificat de serveur. Puisque vous n'avez pas mis tout
trustStore
la valeur par défauttrustStore
est utilisé. Ce qui est écrit dans ce journal en ligne:Cependant SSL mise en œuvre n'a pas été en mesure de joindre le serveur de certificats de la chaîne de tout certificat de confiance dans ce magasin. Peut-être que ce serveur de certificat est auto-signé, peut-être qu'il est publié par une maison de l'autorité de certification ou peut-être il a juste été émis par une autorité de certification qui n'est pas répertorié ici.
De le fixer, demandez à votre client pour l'autorité de certification racine et l'ajouter dans la
cacerts
fichier ou créer un nouveau fichier de clés. Vous pouvez utiliser lekeytool -importcert
commande.Si vous créez un nouveau fichier de stockage des clés, vous devez l'ajouter à votre code:
Oui, ce sont vos 2 choix. Je ne pense pas que l' .p12 contient le certificat racine (même si il vaut la peine de vérifier). Ma compréhension de ce fichier p12 contient la clé et le certificat requis pour l'authentification du client lors de l'utilisation du service web.
Merci pour votre réponse rapide @Jcs, j'ai généré un fichier JKS de la .certificat p12 et et comme une nouvelle trustStore dans ma mise en œuvre. Je suis maintenant de montrer à la nouvelle trustStore mais stille ont la même exception. j'ai édité mon post pour suivre les changements que vous avez mentionné
Désolé, je crois que j'étais pas clair sur ce point: la banque de confiance doit contenir le certificat de la racine de l'autorité de certification qui a délivré le certificat SSL de serveur, ce n'est pas votre propre certificat (dans le fichier p12). En outre, il n'ya aucune raison pourquoi votre certificat et le certificat du serveur sont signés par la même autorité.
Oui, j'ai changé ma stratégie par l'importation du certificat à partir de son URL en utilisant le navigateur par défaut dans le fichier cacerts magasin sous mon installation du JDK (j'ai listé le fichier cacerts certificats et a constaté que le certificat nécessaire a été importé avec succès), puis j'ai réussi à utiliser le fichier cacerts en tant que par défaut trustStore au lieu d'une clé personnalisée, magasin de, et a gardé la propriété
systemSettings.setProperty("javax.net.ssl.keyStore", "cert.p12");
d'utiliser le cert.p12 fichier de magasin de clés. À la fin, malheureusement, je suis toujours face à la même erreurOriginalL'auteur Jcs