Hi Tharindu, Thank you for the improvements suggested and when I executed the client app as Dulanja suggested I was able to confirm that the truststore used was infact the one I have specified and by using the method suggested in [1] I was able to get rid of the sun security validator exception (replacing the JRE keystore by my client apps' truststore), but the data doesn't get pushed to the database.
I tested the data service using soap ui and I can successfully push data to the database through soap. I am not sure if I have set the epr correctly in my code. Thanks in advance. [1] https://fdmanana.wordpress.com/2008/07/01/getting-a-servers-certificate-with-openssl/ Regards. Sabra Ossen. On Sun, May 17, 2015 at 10:17 AM, Tharindu Edirisinghe <tharin...@wso2.com> wrote: > Hi Sabra, > > One more thing to pay attention. If the remote server is fronted by a Load > Balancer (i.e NginX), then in your client app's truststore, you need to > have the public certificate of the load balancer instead of the remote > server's public certificate. > > Regards, > TharinduE > > On Sun, May 17, 2015 at 10:15 AM, Dulanja Liyanage <dula...@wso2.com> > wrote: > >> Hi Sabra, >> >> You can also start your client app with the following JVM argument and >> check which trust store is getting loaded, and also the certificate that's >> sent from the server side. >> >> -Djavax.net.debug=SSL,handshake,trustmanager >> >> Hope it helps. >> >> Thanks, >> Dulanja >> >> On Sun, May 17, 2015 at 9:54 AM, Tharindu Edirisinghe <tharin...@wso2.com >> > wrote: >> >>> Hi Sabra, >>> >>> I can see that for making the SSL call you are setting the truststore >>> path and the password as system properties. >>> >>> >>> >>> >>> *System.setProperty(TRUST_STORE_PROPERTY, (new >>> File(TRUST_STORE_PATH).getAbsolutePath())); >>> System.setProperty(TRUST_STORE_PASSWORD_PROPERTY, TRUST_STORE_PASSWORD);* >>> This is not recommended because assume that you have another client >>> application which sets those system properties. Then the truststore path >>> and password are overwritten. So at runtime your client may be using a >>> different truststore where you don't have the server's public certificate >>> imported in that truststore. >>> >>> javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>> valid certification path to requested target >>> >>> Above exception happens when the server's public certificate is not >>> found in the client app's truststore. >>> >>> One simple solution is in you client app, you can print the system >>> properties for truststore where it makes the HTTPS call. Then you can >>> verify whether it uses the correct truststore. If it uses the correct >>> trustore, make sure that you export the server's public certificate and >>> import to that truststore. >>> >>> A sample code is available in [1] where it makes an HTTPS call without >>> setting the truststore as system properties. You can refer that. It is the >>> recommended way as it doesn't use system properties. If you need more help, >>> please let me know. >>> >>> [1] >>> https://github.com/wso2-dev/carbon-platform-integration/blob/master/test-automation-framework/org.wso2.carbon.automation.test.utils/src/main/java/org/wso2/carbon/automation/test/utils/generic/MutualSSLClient.java >>> >>> Thanks, >>> TharinduE >>> >>> On Sat, May 16, 2015 at 7:55 PM, Sabra Ossen <sabra...@gmail.com> wrote: >>> >>>> Hi, >>>> >>>> I have deployed a Data Service in WSO2 Cloud and I am trying to push >>>> data to the data service. >>>> >>>> I have specified the code below which connects to the dataservice >>>> deployed. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> *String epr = >>>> "https://appserver.dev.cloud.wso2.com/services/t/sabra8339/dataservice1-default-SNAPSHOT >>>> <https://appserver.dev.cloud.wso2.com/services/t/sabra8339/dataservice1-default-SNAPSHOT>"; >>>> System.setProperty(TRUST_STORE_PROPERTY, (new >>>> File(TRUST_STORE_PATH).getAbsolutePath())); >>>> System.setProperty(TRUST_STORE_PASSWORD_PROPERTY, TRUST_STORE_PASSWORD); >>>> ConfigurationContext ctx = ConfigurationContextFactory >>>> .createConfigurationContextFromFileSystem("/home/sabra/repository", >>>> null); WSO2MarketingDashboardDataServiceStub stub = new >>>> WSO2MarketingDashboardDataServiceStub(ctx, epr); ServiceClient client = >>>> stub._getServiceClient(); Options options = client.getOptions(); >>>> client.engageModule(MODULE); options.setUserName(USERNAME); >>>> options.setPassword(PASSWORD); >>>> options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, >>>> loadPolicy(POLICY_FILE_PATH));* >>>> >>>> But I get the following error when I execute the program. >>>> >>>> May 15, 2015 11:57:25 AM >>>> org.apache.commons.httpclient.HttpMethodDirector executeWithRetry >>>> *INFO: I/O exception (org.apache.axis2.AxisFault) caught when >>>> processing request: Connection has been shutdown: >>>> javax.net.ssl.**SSLHandshakeException: >>>> sun.security.validator.**ValidatorException: PKIX path building >>>> failed: sun.security.provider.**certpath.**SunCertPathBuilderException: >>>> unable to find valid certification path to requested target* >>>> May 15, 2015 11:57:25 AM >>>> org.apache.commons.httpclient.HttpMethodDirector executeWithRetry >>>> INFO: Retrying request >>>> May 15, 2015 11:57:25 AM org.apache.axis2.transport.http.HTTPSender >>>> sendViaPost >>>> INFO: Unable to sendViaPost to url[ >>>> https://appserver.dev.cloud.wso2.com/services/t/sabra8339/dataservice1-default-SNAPSHOT >>>> ] >>>> org.apache.axis2.AxisFault: Connection has been shutdown: >>>> javax.net.ssl.SSLHandshakeException: >>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>>> valid certification path to requested target >>>> at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430) >>>> at >>>> org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78) >>>> at >>>> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:84) >>>> at >>>> org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499) >>>> at >>>> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114) >>>> at >>>> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) >>>> at >>>> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) >>>> at >>>> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) >>>> at >>>> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) >>>> at >>>> org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:622) >>>> at >>>> org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193) >>>> at >>>> org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75) >>>> at >>>> org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451) >>>> at >>>> org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278) >>>> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) >>>> at >>>> org.apache.axis2.description.OutOnlyAxisOperationClient.executeImpl(OutOnlyAxisOperation.java:297) >>>> at >>>> org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) >>>> at >>>> org.wso2.dashboard.marketing.client.WSO2MarketingDashboardDataServiceStub.insertWebsiteVisitorsPerWeek(WSO2MarketingDashboardDataServiceStub.java:610) >>>> at DataServiceConnector.publishData(DataServiceConnector.java:72) >>>> at Application.main(Application.java:8) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>> at java.lang.reflect.Method.invoke(Method.java:606) >>>> at >>>> com.intellij.rt.execution.application.AppMain.main(AppMain.java:134) >>>> Caused by: com.ctc.wstx.exc.WstxIOException: Connection has been >>>> shutdown: javax.net.ssl.SSLHandshakeException: >>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>>> valid certification path to requested target >>>> at >>>> com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:1687) >>>> at com.ctc.wstx.sw.BaseStreamWriter.close(BaseStreamWriter.java:288) >>>> at >>>> org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.close(XMLStreamWriterWrapper.java:46) >>>> at >>>> org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:188) >>>> at >>>> org.apache.axiom.om.impl.dom.NodeImpl.serializeAndConsume(NodeImpl.java:844) >>>> at >>>> org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74) >>>> ... 23 more >>>> Caused by: javax.net.ssl.SSLException: Connection has been shutdown: >>>> javax.net.ssl.SSLHandshakeException: >>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>>> valid certification path to requested target >>>> at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1496) >>>> at >>>> sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1508) >>>> at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:70) >>>> at >>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) >>>> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) >>>> at >>>> org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191) >>>> at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:99) >>>> at >>>> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214) >>>> at >>>> com.ctc.wstx.sw.BufferingXmlWriter.close(BufferingXmlWriter.java:194) >>>> at >>>> com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:1685) >>>> ... 28 more >>>> Caused by: javax.net.ssl.SSLHandshakeException: >>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>>> valid certification path to requested target >>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) >>>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904) >>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279) >>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273) >>>> at >>>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446) >>>> at >>>> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209) >>>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913) >>>> at sun.security.ssl.Handshaker.process_record(Handshaker.java:849) >>>> at >>>> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023) >>>> at >>>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) >>>> at >>>> sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:709) >>>> at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) >>>> at >>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) >>>> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) >>>> at >>>> org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191) >>>> at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:99) >>>> at >>>> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214) >>>> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311) >>>> at >>>> org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50) >>>> at >>>> org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:198) >>>> at >>>> org.apache.axiom.om.impl.dom.NodeImpl.serializeAndConsume(NodeImpl.java:842) >>>> ... 24 more >>>> Caused by: sun.security.validator.ValidatorException: PKIX path >>>> building failed: >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>>> valid certification path to requested target >>>> at >>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) >>>> at >>>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) >>>> at sun.security.validator.Validator.validate(Validator.java:260) >>>> at >>>> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) >>>> at >>>> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) >>>> at >>>> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) >>>> at >>>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428) >>>> ... 40 more >>>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >>>> unable to find valid certification path to requested target >>>> at >>>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) >>>> at >>>> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) >>>> at >>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) >>>> ... 46 more >>>> >>>> I appreciate any help on this issue. >>>> >>>> Thanks. >>>> Sabra Ossen. >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> >>> Tharindu Edirisinghe >>> Software Engineer | WSO2 Inc >>> Identity Server Team >>> mobile : +94 775 181586 >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Thanks & Regards, >> Dulanja Liyanage >> WSO2 Inc. >> M: +94776764717 >> > > > > -- > > Tharindu Edirisinghe > Software Engineer | WSO2 Inc > Identity Server Team > mobile : +94 775 181586 >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
