[jira] [Updated] (CXF-5601) Blueprint property placeholder does not work with http conduit configuration.

Mon, 10 Mar 2014 22:39:13 -0700 

     [ 
https://issues.apache.org/jira/browse/CXF-5601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Carma Robot updated CXF-5601:
-----------------------------

    Attachment: sts-test-system-2.zip

This test attempts to use the CXF STS. However, if I use the blueprint property 
placeholder configurer it fails to even get the WSDL for the STS with the error 
below. If I explicitly configure the trust store parameters for the HTTP 
conduit in my blueprint configuration then the conduit works and it gets the 
WSDL for the STS, successfully constructs the STS client and executes the 
request for security token against the STS.

It seems that blueprint property placeholders do not work with the trust store 
configuration of the CXF http conduit.

2014-03-10 22:23:32,903 | ERROR | l Console Thread | StsClientTests             
      | e.sts.test.system.StsClientTests  152 | 208 - 
com.example.auth.sts-test-system-2 - 0.0.1.SNAPSHOT | 
getSamlTokenWithUsernameTokenTest FAILED.
org.apache.cxf.service.factory.ServiceConstructionException: Failed to create 
service.
        at 
org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:100)[117:org.apache.cxf.cxf-rt-core:2.7.7]
        at 
org.apache.cxf.ws.security.trust.AbstractSTSClient.createClient(AbstractSTSClient.java:557)[156:org.apache.cxf.cxf-rt-ws-security:2.7.7]
        at 
org.apache.cxf.ws.security.trust.AbstractSTSClient.getClient(AbstractSTSClient.java:457)[156:org.apache.cxf.cxf-rt-ws-security:2.7.7]
        at 
com.example.sts.test.system.StsClientTests.getSamlTokenWithUsernameTokenTest(StsClientTests.java:132)[208:com.example.auth.sts-test-system-2:0.0.1.SNAPSHOT]
        at 
com.example.sts.test.system.StsClientTestsCommand.doExecute(StsClientTestsCommand.java:22)[208:com.example.auth.sts-test-system-2:0.0.1.SNAPSHOT]
        at 
org.apache.karaf.shell.console.OsgiCommandSupport.execute(OsgiCommandSupport.java:38)[14:org.apache.karaf.shell.console:2.3.2]
        at 
org.apache.felix.gogo.commands.basic.AbstractCommand.execute(AbstractCommand.java:35)[14:org.apache.karaf.shell.console:2.3.2]
        at 
org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[14:org.apache.karaf.shell.console:2.3.2]
        at 
org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:474)[14:org.apache.karaf.shell.console:2.3.2]
        at 
org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:400)[14:org.apache.karaf.shell.console:2.3.2]
        at 
org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[14:org.apache.karaf.shell.console:2.3.2]
        at 
org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[14:org.apache.karaf.shell.console:2.3.2]
        at 
org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[14:org.apache.karaf.shell.console:2.3.2]
        at 
org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:89)[14:org.apache.karaf.shell.console:2.3.2]
        at 
org.apache.karaf.shell.console.jline.Console.run(Console.java:173)[14:org.apache.karaf.shell.console:2.3.2]
        at java.lang.Thread.run(Thread.java:744)[:1.7.0_51]
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: 
Problem parsing 'https://localhost:10443/sts/transport/ut?wsdl'.: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
        at 
com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)[113:org.apache.servicemix.bundles.wsdl4j:1.6.3.1]
        at 
com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)[113:org.apache.servicemix.bundles.wsdl4j:1.6.3.1]
        at 
com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)[113:org.apache.servicemix.bundles.wsdl4j:1.6.3.1]
        at 
org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:263)[117:org.apache.cxf.cxf-rt-core:2.7.7]
        at 
org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:206)[117:org.apache.cxf.cxf-rt-core:2.7.7]
        at 
org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:98)[117:org.apache.cxf.cxf-rt-core:2.7.7]
        ... 15 more
Caused by: javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.7.0_51]
        at 
sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)[:1.7.0_51]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)[:1.7.0_51]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)[:1.7.0_51]
        at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)[:1.7.0_51]
        at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)[:1.7.0_51]
        at 
sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)[:1.7.0_51]
        at 
sun.security.ssl.Handshaker.process_record(Handshaker.java:804)[:1.7.0_51]
        at 
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)[:1.7.0_51]
        at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)[:1.7.0_51]
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)[:1.7.0_51]
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)[:1.7.0_51]
        at 
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)[:1.7.0_51]
        at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)[:1.7.0_51]
        at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)[:1.7.0_51]
        at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)[:1.7.0_51]
        at org.apache.xerces.impl.XMLEntityManager.setupCurrentEntity(Unknown 
Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at 
org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown 
Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at org.apache.xerces.parsers.XML11Configuration.parse(Unknown 
Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at org.apache.xerces.parsers.XML11Configuration.parse(Unknown 
Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at org.apache.xerces.parsers.XMLParser.parse(Unknown 
Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at org.apache.xerces.parsers.DOMParser.parse(Unknown 
Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown 
Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1]
        at 
com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2188)[113:org.apache.servicemix.bundles.wsdl4j:1.6.3.1]
        ... 20 more
Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
        at 
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)[:1.7.0_51]
        at 
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)[:1.7.0_51]
        at 
sun.security.validator.Validator.validate(Validator.java:260)[:1.7.0_51]
        at 
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)[:1.7.0_51]
        at 
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)[:1.7.0_51]
        at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)[:1.7.0_51]
        at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)[:1.7.0_51]
        ... 39 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable 
to find valid certification path to requested target
        at 
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)[:1.7.0_51]
        at 
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)[:1.7.0_51]
        at 
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)[:1.7.0_51]
        ... 45 more


> Blueprint property placeholder does not work with http conduit configuration.
> -----------------------------------------------------------------------------
>
>                 Key: CXF-5601
>                 URL: https://issues.apache.org/jira/browse/CXF-5601
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 2.7.7
>         Environment: Linux, Karaf 2.3.2
>            Reporter: Carma Robot
>         Attachments: sts-test-system-2.zip
>
>
> I cannot setup an HTTP conduit configuration that uses the Apache Aries 
> Blueprint property-placeholder to inject trust store parameters. The conduit 
> works when I explicitly configure the trust store properties. Unfortunately, 
> when I use placeholders it fails.
> Please see.
> http://cxf.547215.n5.nabble.com/Blueprint-property-placeholder-does-not-work-with-HTTP-conduit-configuration-td5740946.html#a5741062
> I will also attach my code.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to