Doesn't that error message just mean the server's public cert isn't in
the client's truststore
(http://www.jroller.com/gmazza/entry/ssl_for_web_services#SSL8)?
Glen
On 03/20/2013 11:00 AM, Andrei Shakirin wrote:
Hi,
Your problem is caused by SSL handshake by getting WSDL from
'https://localhost:9093/SecurityTokenService/Transport?wsdl':
javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem
parsing 'https://localhost:9093/SecurityTokenService/Transport?wsdl'.:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target at
com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source) at
com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at
It means that Sun security provider doesn't accept certificate from server.
I have not the solution at the moment, will look into in the next days.
You can try proposals from following links:
http://caffiendfrog.blogspot.de/2011/06/setting-up-apache-cxf-with-ssl-for.html
http://stackoverflow.com/questions/8000918/apache-cxf-soap-client-using-generated-stubs-in-https
http://stackoverflow.com/questions/12178273/how-do-i-setup-a-cxf-soap-client-connection-over-https-with-username-password-n
Regards,
Andrei.
-----Original Message-----
From: geecxf [mailto:[email protected]]
Sent: Dienstag, 19. März 2013 19:57
To: [email protected]
Subject: RE: Code only STSClient
Andrei,
Unfortunately, getDefaultBus() and getDefaultSpringBus() are not returning
a bus that works. On the other hand, injecting the bus into a class property
does work. Here is my spring configuration:
<cxf:bus name="cxf">
<cxf:features>
<cxf:logging />
</cxf:features>
</cxf:bus>
<jaxws:client
name="{http://docs.oasis-open.org/ws-sx/ws-
trust/200512/}SecurityTokenService"
createdFromAPI="true" username="demo" password="demo" />
<http:conduit name="https://localhost:.*"; >
<http:tlsClientParameters
disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="jks" password="cspass"
resource="certs/clientKeystore.jks" />
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
The error I get with the bus returned from getDefaultBus() and
getThreadDefaultBus():
"org.apache.cxf.service.factory.ServiceConstructionException: Failed to
create service. at
org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:
94)
at
org.apache.cxf.ws.security.trust.STSClient.createClient(STSClient.java:550)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.j
ava:641)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.j
ava:635)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.j
ava:627)
at
com.ge.dsp.example.webservice.test.SamlRestTest.requestSecurityToken(S
amlRestTest.java:400)
at
com.ge.dsp.example.webservice.test.SamlRestTest.testGetSamlBearerToke
nFromSts(SamlRestTest.java:291)
at com.ge.dsp.testng.runner.TestNgRunner.test(TestNgRunner.java:153) at
com.ge.dsp.testng.runner.TestNgRunner.init(TestNgRunner.java:130) at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanF
actory$8.run(AbstractAutowireCapableBeanFactory.java:1568)
at java.security.AccessController.doPrivileged(Native Method) at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanF
actory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java
:1566)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanF
actory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1522)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanF
actory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanF
actory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanF
actory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObje
ct(AbstractBeanFactory.java:294)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.g
etSingleton(DefaultSingletonBeanRegistry.java:225)
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBea
n(AbstractBeanFactory.java:291)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(A
bstractBeanFactory.java:193)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preI
nstantiateSingletons(DefaultListableBeanFactory.java:609)
at
org.springframework.context.support.AbstractApplicationContext.finishBea
nFactoryInitialization(AbstractApplicationContext.java:918)
at
org.springframework.osgi.context.support.AbstractDelegatedExecutionAppli
cationContext.access$1600(AbstractDelegatedExecutionApplicationContext.j
ava:69)
at
org.springframework.osgi.context.support.AbstractDelegatedExecutionAppli
cationContext$4.run(AbstractDelegatedExecutionApplicationContext.java:35
5)
at
org.springframework.osgi.util.internal.PrivilegedUtils.executeWithCustomTC
CL(PrivilegedUtils.java:85)
at
org.springframework.osgi.context.support.AbstractDelegatedExecutionAppli
cationContext.completeRefresh(AbstractDelegatedExecutionApplicationCon
text.java:320)
at
org.springframework.osgi.extender.internal.dependencies.startup.Depende
ncyWaiterApplicationContextExecutor$CompleteRefreshTask.run(Dependen
cyWaiterApplicationContextExecutor.java:132)
at java.lang.Thread.run(Thread.java:680) Caused by:
javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR:
Problem parsing
'https://localhost:9093/SecurityTokenService/Transport?wsdl'.:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target at
com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source) at
com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at
com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at
org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl
.java:249)
at
org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.
java:192)
at
org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:
92)
... 52 more Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747) at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241) at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh
aker.java:1209)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandsh
aker.java:135)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:52
9)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:9
43)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSock
etImpl.java:1188)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.ja
va:1215)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.ja
va:1199)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
AbstractDelegateHttpsURLConnection.java:166)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCo
nnection.java:1172)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Http
sURLConnectionImpl.java:234)
at
com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentE
ntity(XMLEntityManager.java:675)
at
com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDo
cVersion(XMLVersionDetector.java:186)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML
11Configuration.java:772)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML
11Configuration.java:737)
at
com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.jav
a:119)
at
com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.j
ava:232)
at
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Docu
mentBuilderImpl.java:284)
... 58 more Caused by: sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323) at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218) at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustMana
gerImpl.java:126)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X50
9TrustManagerImpl.java:209)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X50
9TrustManagerImpl.java:249)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh
aker.java:1188)
... 76 more Caused by:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPath
Builder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) ... 82
more ... Removed 25 stack frames
org.apache.cxf.service.factory.ServiceConstructionException: Failed to
create service. at
org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:
94)
at
org.apache.cxf.ws.security.trust.STSClient.createClient(STSClient.java:550)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.j
ava:641)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.j
ava:635)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.j
ava:627)
at
com.ge.dsp.example.webservice.test.SamlRestTest.requestSecurityToken(S
amlRestTest.java:400)
at
com.ge.dsp.example.webservice.test.SamlRestTest.testGetSamlBearerToke
nFromSts(SamlRestTest.java:291)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
ava:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597) at
org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocat
ionHelper.java:80)
at org.testng.internal.Invoker.invokeMethod(Invoker.java:714) at
org.testng.internal.Invoker.invokeTestMethod(Invoker.java:901) at
org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1231) at
org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWo
rker.java:127)
at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:111)
at
org.testng.TestRunner.privateRun(TestRunner.java:767) at
org.testng.TestRunner.run(TestRunner.java:617) at
org.testng.SuiteRunner.runTest(SuiteRunner.java:334) at
org.testng.SuiteRunner.runSequentially(SuiteRunner.java:329) at
org.testng.SuiteRunner.privateRun(SuiteRunner.java:291) at
org.testng.SuiteRunner.run(SuiteRunner.java:240) at
org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52) at
org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86) at
org.testng.TestNG.runSuitesSequentially(TestNG.java:1198) at
org.testng.TestNG.runSuitesLocally(TestNG.java:1123) at
org.testng.TestNG.run(TestNG.java:1031) at
com.ge.dsp.testng.runner.TestNgRunner.test(TestNgRunner.java:153) at
com.ge.dsp.testng.runner.TestNgRunner.init(TestNgRunner.java:130) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
ava:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597) at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanF
actory$8.run(AbstractAutowireCapableBeanFactory.java:1568)
at java.security.AccessController.doPrivileged(Native Method) at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanF
actory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java
:1566)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanF
actory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1522)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanF
actory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanF
actory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanF
actory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObje
ct(AbstractBeanFactory.java:294)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.g
etSingleton(DefaultSingletonBeanRegistry.java:225)
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBea
n(AbstractBeanFactory.java:291)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(A
bstractBeanFactory.java:193)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preI
nstantiateSingletons(DefaultListableBeanFactory.java:609)
at
org.springframework.context.support.AbstractApplicationContext.finishBea
nFactoryInitialization(AbstractApplicationContext.java:918)
at
org.springframework.osgi.context.support.AbstractDelegatedExecutionAppli
cationContext.access$1600(AbstractDelegatedExecutionApplicationContext.j
ava:69)
at
org.springframework.osgi.context.support.AbstractDelegatedExecutionAppli
cationContext$4.run(AbstractDelegatedExecutionApplicationContext.java:35
5)
at
org.springframework.osgi.util.internal.PrivilegedUtils.executeWithCustomTC
CL(PrivilegedUtils.java:85)
at
org.springframework.osgi.context.support.AbstractDelegatedExecutionAppli
cationContext.completeRefresh(AbstractDelegatedExecutionApplicationCon
text.java:320)
at
org.springframework.osgi.extender.internal.dependencies.startup.Depende
ncyWaiterApplicationContextExecutor$CompleteRefreshTask.run(Dependen
cyWaiterApplicationContextExecutor.java:132)
at java.lang.Thread.run(Thread.java:680) Caused by:
javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR:
Problem parsing
'https://localhost:9093/SecurityTokenService/Transport?wsdl'.:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target at
com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source) at
com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at
com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at
org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl
.java:249)
at
org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.
java:192)
at
org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:
92)
... 52 more Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747) at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241) at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh
aker.java:1209)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandsh
aker.java:135)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:52
9)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:9
43)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSock
etImpl.java:1188)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.ja
va:1215)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.ja
va:1199)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
AbstractDelegateHttpsURLConnection.java:166)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCo
nnection.java:1172)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Http
sURLConnectionImpl.java:234)
at
com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentE
ntity(XMLEntityManager.java:675)
at
com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDo
cVersion(XMLVersionDetector.java:186)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML
11Configuration.java:772)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML
11Configuration.java:737)
at
com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.jav
a:119)
at
com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.j
ava:232)
at
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Docu
mentBuilderImpl.java:284)
... 58 more Caused by: sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323) at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218) at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustMana
gerImpl.java:126)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X50
9TrustManagerImpl.java:209)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X50
9TrustManagerImpl.java:249)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh
aker.java:1188)
... 76 more Caused by:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPath
Builder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) ... 82
more "
--
View this message in context: http://cxf.547215.n5.nabble.com/Code-only-
STSClient-tp5724575p5724805.html
Sent from the cxf-user mailing list archive at Nabble.com.
