Hello everybody! *I tried to create a WS-Client that uses a secure SSL connection with CXF framework. Thus, I created a spring configuration file following the model from the svn. https://svn.apache.org/repos/asf/cxf/trunk - \ApacheCXF\distribution\src\main\release\samples\wsdl_first_https\*
The file looks like below: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xsi:schemaLocation=" http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd";> <http:conduit name="{http://pachet.ebs.com/}GreeterPort.http-conduit";> <http:tlsClientParameters> <sec:keyManagers keyPassword="ckpass"> <sec:keyStore file="src/main/resources/clientKeystore.jks" password="cspass" type="JKS"/> </sec:keyManagers> <sec:trustManagers> <sec:keyStore file="src/main/resources/clientKeystore.jks" password="cspass" type="JKS"/> </sec:trustManagers> <sec:cipherSuitesFilter> <!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks --> <sec:include>.*_EXPORT_.*</sec:include> <sec:include>.*_EXPORT1024_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:include>.*_WITH_AES_.*</sec:include> <sec:include>.*_WITH_NULL_.*</sec:include> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:cipherSuitesFilter> </http:tlsClientParameters> </http:conduit> </beans> *Secondly, I tried to develop a client like this: * public class SSLDynamic { public static void main(String args[]) throws Exception { System.setProperty( "javax.net.debug", "ssl"); SpringBusFactory bf = new SpringBusFactory(); URL busFile = SSLClient.class.getResource("SecureClient.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); DynamicClientFactory factory = DynamicClientFactory.newInstance(); Client client = factory.createClient(" https://localhost:443/SoapContext/SoapPort?wsdl";); Object[] res = client.invoke("greetMe", "Florin"); System.out.println(res[0] + "\n"); } } *When i run the code, the following error occures: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 30 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) * *I also tried this style of client*, *and the result is similar.* *In my opinion, the client.jks keystore is not well configured or not found. I used the keystores from the svn for test and i think that the jks files are correct generated.* *Can you help me please? Thanks in advance!* public class SSLClient { private static final QName SERVICE_NAME = new QName( "http://pachet.ebs.com/";, "SOAPService"); private static final QName PORT_NAME = new QName("http://pachet.ebs.com/ ", "GreeterPort"); private SSLClient() { } public static void main(String args[]) throws Exception { //System.setProperty("http.nonProxyHosts", "localhost"); // System.setProperty( "javax.net.debug", "ssl"); SpringBusFactory bf = new SpringBusFactory(); URL busFile = SSLClient.class.getResource("SecureClient.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); URL wsdlURL = new URL( "https://localhost:443/SoapContext/SoapPort?wsdl";); SOAPService ss = new SOAPService(wsdlURL, SERVICE_NAME); Greeter port = ss.getPort(PORT_NAME, Greeter.class); System.out.println("Invoking greetMe..."); try { String resp = port.greetMe("Florin"); System.out.println("Server responded with: " + resp); System.out.println(); } catch (Exception e) { System.out.println("Invocation failed with the following: " + e.getCause()); System.out.println(); } System.exit(0); } }
