Have you tried using an address instead of the QName? Something like: <http:conduit name="https://localhost:.*";>
Colm. On Mon, Mar 18, 2019 at 3:48 PM Mickaël Salmon <[email protected]> wrote: > Hello CXF Users, > > I have the following error when I consume my SOAP WS : > > Caused by: org.apache.cxf.service.factory.ServiceConstructionException: > Failed to create service. > at > org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:87) > at > org.apache.cxf.jaxws.ServiceImpl.initializePorts(ServiceImpl.java:218) > at > org.apache.cxf.jaxws.ServiceImpl.initialize(ServiceImpl.java:161) > ... 25 more > Caused by: javax.wsdl.WSDLException: WSDLException: > faultCode=PARSER_ERROR: Problem parsing > 'https://myservice.xx/COM_WEB/ComWeb.asmx?wsdl'.: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target at > com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198) > at > com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390) > at > com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422) > at > org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:238) > at > org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:163) > at > org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:85) > ... 27 more > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) > at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) > at > sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1546) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) > at > com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:647) > at > com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:148) > at > com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:805) > at > com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:770) > at > com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) > at > com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:243) > at > com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:339) > at > com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2188) > ... 32 more > Caused by: sun.security.validator.ValidatorException: PKIX path > building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) > at sun.security.validator.Validator.validate(Validator.java:260) > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) > ... 52 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at > sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) > at > java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) > ... 58 more > > This is due to server's SSL certificate not present in the default JVM > TrustStore. > > I found it was possible to configure client SSL settings for a specific > endpoint : > > http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport(includingSSLsupport)-ConfiguringSSLSupport > > Here is my cxf.xml > > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:sec="http://cxf.apache.org/configuration/security"; > xmlns:http="http://cxf.apache.org/transports/http/configuration"; > xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"; > xsi:schemaLocation=" > http://cxf.apache.org/configuration/security > http://cxf.apache.org/schemas/configuration/security.xsd > http://cxf.apache.org/transports/http/configuration > http://cxf.apache.org/schemas/configuration/http-conf.xsd > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";> > > <http:conduit name="{ > http://myservice.xx/comweb/}ComWebSoap.http-conduit";> > <http:tlsClientParameters disableCNCheck="true"> > <sec:keyManagers> > <sec:keyStore resource="myservice.jks" type="JKS" /> > </sec:keyManagers> > <sec:trustManagers> > <sec:certStore resource="myservice.jks" type="JKS" /> > </sec:trustManagers> > </http:tlsClientParameters> > > </http:conduit> > </beans> > > But I can't make this work. > > I suspect error is thrown at the very beggining of the process (when WSDL > is parsed), and cxf.xml is not loaded yet. > If I set trustore via system property like > > System.setProperty("javax.net.ssl.trustStoreType", "JKS"); > System.setProperty("javax.net.ssl.trustStore", "/path/to/myservice.jks"); > > It works fine, but I don't want to do so globally. > > How can I tell CXF to use my custom TrustStore for every SSL connection > made ? Is this a bug ? Please help. > > CXF version : 3.1.6 > > WSDL : ComWeb.wsdl > <http://jira.sylob.local/secure/attachment/517676/517676_ComWeb.wsdl> > > -- > Notice de confidentialité : Les informations contenues dans ce courriel > sont strictement confidentielles et réservées à l'usage de la ou des > personne(s) identifiée(s) comme destinataire(s). L'usage, la publication, > la copie, la divulgation ou la transmission des informations contenues > dans > ce message ou les documents qui y sont attachés est interdit à moins d'y > avoir été expressément autorisé par l'émetteur. Si vous avez reçu ce > message par erreur, merci de le supprimer et d'en avertir immédiatement > son > expéditeur. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
