Quantcast

Invoking JAX webservices in CXF framework with HTTPS url doesnt load CustomTrust Manager.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Invoking JAX webservices in CXF framework with HTTPS url doesnt load CustomTrust Manager.

Sakha
Hi, We are trying to invoke secure webservices from cxf framework. We got the following exception even after setting the DummyTrustManager and DummyVerifier to Dispatch object. Client client = ((org.apache.cxf.jaxws.DispatchImpl)sourceDispatch).getClient(); log.log(Level.INFO,"client ="+client); log.log(Level.INFO,"getConduit ="+client.getConduit()); HTTPConduit conduit = (HTTPConduit)client.getConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { log.log(Level.INFO,"TLSClientParameters Null"); params = new TLSClientParameters(); log.log(Level.INFO,"setting Params"); conduit.setTlsClientParameters(params); } params.setSecureSocketProtocol("SSL"); params.setTrustManagers(new TrustManager[]{new DummyTrustManager()}); params.setDisableCNCheck(true); params.setUseHttpsURLConnectionDefaultHostnameVerifier(false); params.setUseHttpsURLConnectionDefaultSslSocketFactory(false); params.setSSLSocketFactory(ctx.getSocketFactory()); conduit.setTlsClientParameters(params); SOAPMessage message = null; javax.xml.ws.Dispatch sourceDispatch = getSourceDispatch(AUTHENTICATION_SERVICE); message = MessageFactory.newInstance(SOAPConstants.SOAP_1_1_PROTOCOL).createMessage(); SOAPPart sp = message.getSOAPPart(); SOAPFactory soapFactory = SOAPFactory.newInstance(); SOAPEnvelope se = sp.getEnvelope(); SOAPBody sb = se.getBody(); SOAPHeader sh = se.getHeader(); .....Costructed Message sourceDispatch .invoke(message) --->Throws Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -------------------------------------------------------------------------------------- at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.endpoint.ClientImpl.invokeWrapped(ClientImpl.java:355)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:383)[125:org.apache.cxf.cxf-rt-frontend-jaxws:2.6.3] at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:243)[125:org.apache.cxf.cxf-rt-frontend-jaxws:2.6.3] core:1.0.0.SNAPSHOT] at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)[:1.7.0_25] at java.util.concurrent.FutureTask$Sync.innerRunAndReset(Unknown Source)[:1.7.0_25] at java.util.concurrent.FutureTask.runAndReset(Unknown Source)[:1.7.0_25] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(Unknown Source)[:1.7.0_25] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)[:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)[:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)[:1.7.0_25] at java.lang.Thread.run(Unknown Source)[:1.7.0_25] Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://host2.com/osapi/com/opsware/fido/AuthenticationService: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.reflect.GeneratedConstructorAccessor43.newInstance(Unknown Source)[:1.7.0_25] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)[:1.7.0_25] at java.lang.reflect.Constructor.newInstance(Unknown Source)[:1.7.0_25] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[116:org.apache.cxf.cxf-api:2.6.3] ... 20 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source)[:1.7.0_25] at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)[:1.7.0_25] at sun.security.ssl.Handshaker.fatalSE(Unknown Source)[:1.7.0_25] at sun.security.ssl.Handshaker.fatalSE(Unknown Source)[:1.7.0_25] at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)[:1.7.0_25] at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)[:1.7.0_25] at sun.security.ssl.Handshaker.processLoop(Unknown Source)[:1.7.0_25] at sun.security.ssl.Handshaker.process_record(Unknown Source)[:1.7.0_25] at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)[:1.7.0_25] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)[:1.7.0_25] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)[:1.7.0_25] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)[:1.7.0_25] at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)[:1.7.0_25] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)[:1.7.0_25] at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)[:1.7.0_25] at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)[:1.7.0_25] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1410)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1351)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1424)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] ... 23 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source)[:1.7.0_25] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source)[:1.7.0_25] at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)[:1.7.0_25] at sun.security.validator.Validator.validate(Unknown Source)[:1.7.0_25] at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)[:1.7.0_25] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)[:1.7.0_25] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)[:1.7.0_25] ... 40 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)[:1.7.0_25] at java.security.cert.CertPathBuilder.build(Unknown Source)[:1.7.0_25] ... 46 more
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Invoking JAX webservices in CXF framework with HTTPS url doesnt load CustomTrust Manager.

Sakha
Hi,

We are trying to invoke secure webservices from cxf framework. We got the following exception even after setting the DummyTrustManager and DummyVerifier to Dispatch object.

Code:

-------------------------------------------------------------------------------------
Client client = ((org.apache.cxf.jaxws.DispatchImpl)sourceDispatch).getClient();
log.log(Level.INFO,"client ="+client); log.log(Level.INFO,"getConduit ="+client.getConduit());
HTTPConduit conduit = (HTTPConduit)client.getConduit();
TLSClientParameters params = conduit.getTlsClientParameters();
if (params == null) {
 log.log(Level.INFO,"TLSClientParameters Null");
 params = new TLSClientParameters();
log.log(Level.INFO,"setting Params");
conduit.setTlsClientParameters(params); }
params.setSecureSocketProtocol("SSL");
params.setTrustManagers(new TrustManager[]{new DummyTrustManager()}); params.setDisableCNCheck(true);
params.setUseHttpsURLConnectionDefaultHostnameVerifier(false); params.setUseHttpsURLConnectionDefaultSslSocketFactory(false); params.setSSLSocketFactory(ctx.getSocketFactory());
 conduit.setTlsClientParameters(params);



------------------------------------------------------------------------------------- at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.endpoint.ClientImpl.invokeWrapped(ClientImpl.java:355)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:383)[125:org.apache.cxf.cxf-rt-frontend-jaxws:2.6.3] at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:243)[125:org.apache.cxf.cxf-rt-frontend-jaxws:2.6.3] core:1.0.0.SNAPSHOT] at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)[:1.7.0_25] at java.util.concurrent.FutureTask$Sync.innerRunAndReset(Unknown Source)[:1.7.0_25] at java.util.concurrent.FutureTask.runAndReset(Unknown Source)[:1.7.0_25] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(Unknown Source)[:1.7.0_25] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)[:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)[:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)[:1.7.0_25] at java.lang.Thread.run(Unknown Source)[:1.7.0_25] Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://host2.com/osapi/com/opsware/fido/AuthenticationService: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.reflect.GeneratedConstructorAccessor43.newInstance(Unknown Source)[:1.7.0_25] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)[:1.7.0_25] at java.lang.reflect.Constructor.newInstance(Unknown Source)[:1.7.0_25] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[116:org.apache.cxf.cxf-api:2.6.3] ... 20 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source)[:1.7.0_25] at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)[:1.7.0_25] at sun.security.ssl.Handshaker.fatalSE(Unknown Source)[:1.7.0_25] at sun.security.ssl.Handshaker.fatalSE(Unknown Source)[:1.7.0_25] at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)[:1.7.0_25] at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)[:1.7.0_25] at sun.security.ssl.Handshaker.processLoop(Unknown Source)[:1.7.0_25] at sun.security.ssl.Handshaker.process_record(Unknown Source)[:1.7.0_25] at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)[:1.7.0_25] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)[:1.7.0_25] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)[:1.7.0_25] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)[:1.7.0_25] at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)[:1.7.0_25] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)[:1.7.0_25] at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)[:1.7.0_25] at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)[:1.7.0_25] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1410)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1351)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)[116:org.apache.cxf.cxf-api:2.6.3] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1424)[123:org.apache.cxf.cxf-rt-transports-http:2.6.3] ... 23 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source)[:1.7.0_25] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source)[:1.7.0_25] at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)[:1.7.0_25] at sun.security.validator.Validator.validate(Unknown Source)[:1.7.0_25] at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)[:1.7.0_25] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)[:1.7.0_25] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)[:1.7.0_25] ... 40 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)[:1.7.0_25] at java.security.cert.CertPathBuilder.build(Unknown Source)[:1.7.0_25] ... 46 more




Loading...