Eamon,
I tried you suggestion, but had the same results, any other ideas?
Perhaps this is a bug?
--Steve
Stephen Langella
Co-Director
Software Research Institute
Center for IT Innovations in Healthcare
Ohio State University
Senior Researcher
Department of Biomedical Informatics
Ohio State University
Office: (614) 293-9534
Lab: (614) 292-8420
stephen.lange...@osumc.edu
> From: Eamonn Dwyer <eamdwyer...@hotmail.com>
> Reply-To: <users@cxf.apache.org>
> Date: Wed, 12 Aug 2009 11:23:31 +0100
> To: <users@cxf.apache.org>
> Subject: RE: HTTPS
>
>
> Hi Stephen
> I wonder would it work any better if you changed the trustManages and
> keyStores to use the "resource=" prefix rather than the "file=" prefix. The
> "resource=" prefix tells the code to load the certificate from the classpath
> rather than the relative path. For example
>
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="password"
> resource="certs/truststore.jks"/>
> </sec:trustManagers>
> <sec:keyManagers keyPassword="password">
> <sec:keyStore type="JKS" password="password"
> resource="certs/wibble.jks"/>
> </sec:keyManagers>
>
>
> Regards
> Eamonn
>
>
>> From: stephen.lange...@inventrio.com
>> To: users@cxf.apache.org
>> Subject: HTTPS
>> Date: Tue, 11 Aug 2009 22:42:15 -0400
>>
>> I was playing around with the WSDL First HTTPS sample distributed with
>> apache 2.2.3. I got it working out of the box as one might have
>> expected, I did however run into a problem when changing around the
>> client to use the remote WSDL published by the service instead of the
>> local file. When I do this I get the following exception:
>>
>> Caused by: javax.wsdl.WSDLException: WSDLException:
>> faultCode=PARSER_ERROR: Problem parsing
>> 'https://llanowar:9001/HelloWorldService?wsdl'
>> .: javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>> find valid certification path to requested target
>> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source)
>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>> at
>> org
>> .apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:
>> 210)
>> at
>> org
>> .apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:
>> 175)
>> at
>> org
>> .apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:91)
>> ... 9 more
>> Caused by: javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>> find valid certification path to requested target
>> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:
>> 150)
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:
>> 1584)
>> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:
>> 174)
>> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:
>> 168)
>> at
>> com
>> .sun
>> .net
>> .ssl
>> .internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
>> 848)
>> at
>> com
>> .sun
>> .net
>> .ssl
>> .internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
>> at
>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
>> at
>> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:
>> 433)
>> at
>> com
>> .sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:
>> 877)
>> at
>> com
>> .sun
>> .net
>> .ssl
>> .internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:
>> 1089)
>> at
>> com
>> .sun
>> .net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
>> 1116)
>> at
>> com
>> .sun
>> .net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
>> 1100)
>> at
>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:
>> 402)
>> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
>> (AbstractDelegateHttpsURLConnection.java:166)
>> at
>> sun
>> .net
>> .www
>> .protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:
>> 951)
>> at
>> sun
>> .net
>> .www
>> .protocol
>> .https
>> .HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
>> at
>> com
>> .sun
>> .org
>> .apache
>> .xerces
>> .internal
>> .impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:973)
>> at
>> com
>> .sun
>> .org
>> .apache
>> .xerces
>> .internal
>> .impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:
>> 184)
>> at
>> com
>> .sun
>> .org
>> .apache
>> .xerces
>> .internal.parsers.XML11Configuration.parse(XML11Configuration.java:798)
>> at
>> com
>> .sun
>> .org
>> .apache
>> .xerces
>> .internal.parsers.XML11Configuration.parse(XML11Configuration.java:764)
>> at
>> com
>> .sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:
>> 148)
>> at
>> com
>> .sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:
>> 250)
>> at
>> com
>> .sun
>> .org
>> .apache
>> .xerces
>> .internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:292)
>> ... 15 more
>>
>> It seems that the code that obtains the remote WSDL (WSDLReaderImpl)
>> is not using the trust manager configuration set in the spring
>> configuration file (WibbleClient.xml). I can get to work if I set
>> the ³javax.net.ssl.trustStore³ system property to the trust store I
>> configured in WibbleClient.xml, however this seems redundant and I
>> would think that the underlying client code would use a single point
>> of configuration, am I missing something?, is this intentional?, or is
>> this a bug? Thanks in advance.
>>
>> --Steve
>>
>> Stephen Langella
>> Co-Founder
>> Inventrio, LLC
>> www.inventrio.com
>>
>> stephen.lange...@inventrio.com
>>
>>
>>
>>
>>
>>
>
> _________________________________________________________________
> See all the ways you can stay connected to friends and family
> http://www.microsoft.com/windows/windowslive/default.aspx
