Hi list I'm trying to get Fedora (2.4) to read https-URLs and add them as datastreams to an object via the SOAP-API. When Fedora tries to download the object from the https-location, I fails and I see the error message as appended at the end of this post.
I am supplying Tomcat with the path to the Certificate chain (/etc/ java-1.5.0-sun/security/cacerts in our case on Debian Etch) when I start it: /etc/default/tomcat5.5: CATALINA_OPTS="-Djavax.net.ssl.trustStore=/etc/java-1.5.0-sun/security/ cacerts -Djavax.net.ssl.trustStorePassword=changeit - Djava.awt.headless=true -Xms384M -Xmx512M -server" and this seems to work: roh...@peler:ps aux | grep java tomcat55 10485 4.7 35.6 906464 367232 pts/1 Sl 11:47 0:57 /usr/ lib/jvm/java-1.5.0-sun/bin/java - Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager - Djava.util.logging.config.file=/var/lib/tomcat5.5/conf/ logging.properties -Djavax.net.ssl.trustStore=/opt/fedora/client/ truststore -Djavax.net.ssl.trustStorePassword=tomcat - Djava.awt.headless=true -Xms384M -Xmx512M -server - Djava.endorsed.dirs=/usr/share/tomcat5.5/common/endorsed -classpath :/ usr/lib/jvm/java-1.5.0-sun/jre//lib/jcert.jar:/usr/lib/jvm/java-1.5.0- sun/jre//lib/jnet.jar:/usr/lib/jvm/java-1.5.0-sun/jre//lib/jsse.jar:/ usr/share/tomcat5.5/bin/bootstrap.jar:/usr/share/tomcat5.5/bin/commons- logging-api.jar -Dcatalina.base=/var/lib/tomcat5.5 -Dcatalina.home=/ usr/share/tomcat5.5 -Djava.io.tmpdir=/var/lib/tomcat5.5/temp org.apache.catalina.startup.Bootstrap start A colleague suggested that the truststore options may not be passed to the Fedora web application or Fedora may be overriding these options and using a different truststore. Are there any known bugs related to this? Does Fedora use a special truststore when retrieving HTTPS datastreams or does it use the system specified trust store? Regards Christian ERROR 2009-06-09 11:52:36.873 [http-8080-Processor11] (FedoraAPIMBindingSOAPHTTPImpl) Error adding datastream fedora.server.errors.GeneralException: Error getting http://switch.ch/aai/docs/AAI-Flyer_de.pdf at fedora .server .storage .DefaultExternalContentManager.get(DefaultExternalContentManager.java: 119) at fedora .server .storage .DefaultExternalContentManager .getExternalContent(DefaultExternalContentManager.java:179) at fedora.server.storage.DefaultDOManager.doCommit(DefaultDOManager.java: 1019) at fedora.server.storage.GSearchDOManager.doCommit(GSearchDOManager.java: 142) at fedora.server.storage.SimpleDOWriter.commit(SimpleDOWriter.java:329) at fedora .server .management.DefaultManagement.addDatastream(DefaultManagement.java:511) at fedora .server .management .FedoraAPIMBindingSOAPHTTPImpl .addDatastream(FedoraAPIMBindingSOAPHTTPImpl.java:249) at fedora .server .management .FedoraAPIMBindingSOAPHTTPSkeleton .addDatastream(FedoraAPIMBindingSOAPHTTPSkeleton.java:490) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun .reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: 39) at sun .reflect .DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 25) at java.lang.reflect.Method.invoke(Method.java:585) at org .apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java: 397) at org .apache .axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186) at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java: 323) at org .apache .axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java: 453) at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281) at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java: 699) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at org .apache .axis.transport.http.AxisServletBase.service(AxisServletBase.java:327) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org .apache .catalina .core .ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java: 252) at org .apache .catalina .core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at fedora .server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java: 173) at org .apache .catalina .core .ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java: 202) at org .apache .catalina .core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at fedora .server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java: 173) at org .apache .catalina .core .ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java: 202) at org .apache .catalina .core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at fedora .server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java: 173) at org .apache .catalina .core .ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java: 202) at org .apache .catalina .core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at fedora .server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java: 173) at org .apache .catalina .core .ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java: 202) at org .apache .catalina .core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at fedora .server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java: 173) at org .apache .catalina .core .ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java: 202) at org .apache .catalina .core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org .apache .catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java: 213) at org .apache .catalina.core.StandardContextValve.invoke(StandardContextValve.java: 178) at org .apache .catalina .authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524) at org .apache .catalina.valves.RequestFilterValve.process(RequestFilterValve.java:275) at org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java: 80) at org .apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java: 126) at org .apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java: 105) at org .apache .catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java: 148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java: 869) at org.apache.coyote.http11.Http11BaseProtocol $Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org .apache .tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org .apache .tomcat .util .net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java: 80) at org.apache.tomcat.util.threads.ThreadPool $ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java: 1584) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java: 1547) at com .sun .net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java: 1530) at com .sun .net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java: 1456) at com .sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java: 65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at org .apache .commons .httpclient .HttpConnection.flushRequestOutputStream(HttpConnection.java:827) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager $ HttpConnectionAdapter .flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1523) at org .apache .commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java: 2018) at org .apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java: 994) at org .apache .commons .httpclient .HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397) at org .apache .commons .httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java: 170) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java: 396) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java: 324) at fedora.common.http.HttpInputStream.<init>(HttpInputStream.java:33) at fedora.common.http.WebClient.get(WebClient.java:129) at fedora.common.http.WebClient.get(WebClient.java:93) at fedora .server .storage .DefaultExternalContentManager.get(DefaultExternalContentManager.java: 112) ... 55 more Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:56) at sun.security.validator.Validator.getInstance(Validator.java:146) at com .sun .net .ssl .internal .ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:105) at com .sun .net .ssl .internal .ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java: 167) at com .sun .net .ssl .internal .ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) at com .sun .net .ssl .internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java: 841) at com .sun .net .ssl .internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java: 433) at com .sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java: 877) at com .sun .net .ssl .internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java: 1089) at com .sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java: 618) at com .sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) ... 69 more Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java: 183) at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:103) at java .security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java: 87) at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:54) ... 81 more ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
