Uploaded image for project: 'JBoss Enterprise SOA Platform'
  1. JBoss Enterprise SOA Platform
  2. SOA-2424

Truststore configuration does not work properly for HttpClientFactory

    XMLWordPrintable

    Details

    • Release Notes Text:
      Hide
      Truststore configuration in HttpClientFactory did not work correctly. There were two issues. Firstly, the defined protocol was never used, meaning that the socket factory always used the factory associated with the default Protocol instance. And secondly, the protocol socket factory builder were unable to retrieve encrypted passwords from a file. Both of these issues have been resolved and Truststore configuration works correctly in HttpClientfactory.
      Show
      Truststore configuration in HttpClientFactory did not work correctly. There were two issues. Firstly, the defined protocol was never used, meaning that the socket factory always used the factory associated with the default Protocol instance. And secondly, the protocol socket factory builder were unable to retrieve encrypted passwords from a file. Both of these issues have been resolved and Truststore configuration works correctly in HttpClientfactory.
    • Release Notes Docs Status:
      Documented as Resolved Issue

      Description

      The attached test case is based on webservice_proxy_security

      1) Configure httpclient-8443.properties to point to the keystore included
      2) COnfigure serv.xml in jbossweb.sar to use the keystore
      3) Start server
      4) ant deploy
      5) ant runtest
      Exception is thrown
      [java] 12:27:24,945 DEBUG [main][content] >> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:hello="http://webservice_proxy_security/helloworld"><soapenv:Header/><soapenv:Body><hello:sayHello><toWhom>jpechane</toWhom></hello:sayHello></soapenv:Body></soapenv:Envelope>"
      [java] Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      [java] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
      [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
      [java] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
      [java] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
      [java] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
      [java] at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
      [java] at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
      [java] at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
      [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
      [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
      [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
      [java] at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
      [java] at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
      [java] at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
      [java] at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
      [java] at org.apache.commons.httpclient.methods.StringRequestEntity.writeRequest(StringRequestEntity.java:150)
      [java] at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:495)
      [java] at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
      [java] at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
      [java] at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
      [java] at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
      [java] at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
      [java] at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
      [java] at org.jboss.soa.esb.samples.quickstart.webservice_proxy_security.test.SendWSMessage.main(SendWSMessage.java:89)
      [java] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      [java] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
      [java] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
      [java] at sun.security.validator.Validator.validate(Validator.java:218)
      [java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
      [java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
      [java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
      [java] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
      [java] ... 19 more
      [java] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      [java] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
      [java] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
      [java] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
      [java] ... 25 more

      6) Uncomment two sysproperty in runinternal target at build XML and set them to point to the keystore
      7) ant runtest

      Now the execution should be finished without problems. Thus it seems that local truststore config are ignored.

        Gliffy Diagrams

          Attachments

            Issue Links

            is blocked by

            Bug - A problem which impairs or prevents the functions of the product. JBESB-3504 quickstart_proxy_security fails with SunCertPathBuilderException: unable to find valid certification path to requested target

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JBESB-3505 ProtocolSocketFactoryBuilders cannot read an encrypted password from a file

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed

              Activity

                People

                • Assignee:
                  kconner Kevin Conner
                  Reporter:
                  jpechanec Jiri Pechanec
                  Writer:
                  Dana Mison
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: