Uploaded image for project: 'JBoss Enterprise SOA Platform'
  1. JBoss Enterprise SOA Platform
  2. SOA-2424

Truststore configuration does not work properly for HttpClientFactory

    XMLWordPrintable

    Details

    • Release Notes Text:
      Hide
      Truststore configuration in HttpClientFactory did not work correctly. There were two issues. Firstly, the defined protocol was never used, meaning that the socket factory always used the factory associated with the default Protocol instance. And secondly, the protocol socket factory builder were unable to retrieve encrypted passwords from a file. Both of these issues have been resolved and Truststore configuration works correctly in HttpClientfactory.
      Show
      Truststore configuration in HttpClientFactory did not work correctly. There were two issues. Firstly, the defined protocol was never used, meaning that the socket factory always used the factory associated with the default Protocol instance. And secondly, the protocol socket factory builder were unable to retrieve encrypted passwords from a file. Both of these issues have been resolved and Truststore configuration works correctly in HttpClientfactory.
    • Release Notes Docs Status:
      Documented as Resolved Issue

      Description

      The attached test case is based on webservice_proxy_security

      1) Configure httpclient-8443.properties to point to the keystore included
      2) COnfigure serv.xml in jbossweb.sar to use the keystore
      3) Start server
      4) ant deploy
      5) ant runtest
      Exception is thrown
      [java] 12:27:24,945 DEBUG [main][content] >> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:hello="http://webservice_proxy_security/helloworld"><soapenv:Header/><soapenv:Body><hello:sayHello><toWhom>jpechane</toWhom></hello:sayHello></soapenv:Body></soapenv:Envelope>"
      [java] Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      [java] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
      [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
      [java] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
      [java] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
      [java] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
      [java] at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
      [java] at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
      [java] at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
      [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
      [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
      [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
      [java] at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
      [java] at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
      [java] at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
      [java] at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
      [java] at org.apache.commons.httpclient.methods.StringRequestEntity.writeRequest(StringRequestEntity.java:150)
      [java] at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:495)
      [java] at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
      [java] at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
      [java] at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
      [java] at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
      [java] at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
      [java] at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
      [java] at org.jboss.soa.esb.samples.quickstart.webservice_proxy_security.test.SendWSMessage.main(SendWSMessage.java:89)
      [java] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      [java] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
      [java] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
      [java] at sun.security.validator.Validator.validate(Validator.java:218)
      [java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
      [java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
      [java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
      [java] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
      [java] ... 19 more
      [java] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      [java] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
      [java] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
      [java] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
      [java] ... 25 more

      6) Uncomment two sysproperty in runinternal target at build XML and set them to point to the keystore
      7) ant runtest

      Now the execution should be finished without problems. Thus it seems that local truststore config are ignored.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  kconner Kevin Conner
                  Reporter:
                  jpechanec Jiri Pechanec
                  Writer:
                  Dana Mison
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: