Thanks for your answer Colm.
I was a little inaccurate.
I'm setting trust and keyStore via code as explained in cxf client example.
...
TLSClientParameters params = conduit.getTlsClientParameters();
params.setKeyManagers(myKeyManagers);
params.setTrustManagers(myTrustStoreKeyManagers);
...
When I test my client in development enviroment I set trustManager in this
way ( where TrustAllCerts is a my custom X509KeyManager implementation
that trust all remote entities.) :
params.setTrustManagers( new TrustManager[] {new
TrustAllCerts()} );
while I haven't set a keyManager.
In cxf 3.0.x I haven't any warning, while in 3.3.x I've an
java.io.IOException
thanks
Il giorno gio 13 giu 2019 alle ore 11:26 Colm O hEigeartaigh <
[email protected]> ha scritto:
> What it means is that CXF is trying to load the keystore referenced by the
> "javax.net.ssl.keyStore" system property. If you don't want to load a
> keyManager for TLS then you will need to unset this property. Otherwise,
> perhaps you are not also setting the "javax.net.ssl.keyStoreType" property
> (to "JKS")? Or the "javax.net.ssl.keyStorePassword" property?
>
> Colm.
>
> On Thu, Jun 13, 2019 at 9:41 AM luke <[email protected]> wrote:
>
> > Hi
> > In my cxf client I'mconnecting to a Ws soap in https setting tls
> > properties.
> >
> > All works properly.
> >
> > Recently I've updated cxf libraries from a 3.0.x to 3.3.x version.
> >
> > It continue to works correctly, but I've only this warning in my logs:
> >
> > Jun 13, 2019 10:31:40 AM org.apache.cxf.configuration.jsse.SSLUtils
> > loadDefaultKeyManagers
> > WARNING: Default key managers cannot be initialized:
> > DerInputStream.getLength(): lengthTag=109, too big.
> > java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
> > at sun.security.util.DerInputStream.getLength(DerInputStream.java:599)
> > at sun.security.util.DerValue.init(DerValue.java:391)
> > at sun.security.util.DerValue.<init>(DerValue.java:332)
> > at sun.security.util.DerValue.<init>(DerValue.java:345)
> > at
> sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)
> > at java.security.KeyStore.load(KeyStore.java:1445)
> > at
> >
> >
> org.apache.cxf.configuration.jsse.SSLUtils.loadDefaultKeyManagers(SSLUtils.java:122)
> > at
> >
> >
> org.apache.cxf.configuration.jsse.SSLUtils.getDefaultKeyStoreManagers(SSLUtils.java:88)
> > at
> org.apache.cxf.transport.https.SSLUtils.getSSLContext(SSLUtils.java:75)
> > at
> >
> >
> org.apache.cxf.transport.https.HttpsURLConnectionFactory.decorateWithTLS(HttpsURLConnectionFactory.java:144)
> > at
> >
> >
> org.apache.cxf.transport.https.HttpsURLConnectionFactory.createConnection(HttpsURLConnectionFactory.java:101)
> > at
> >
> >
> org.apache.cxf.transport.http.URLConnectionHTTPConduit.createConnection(URLConnectionHTTPConduit.java:121)
> > at
> >
> >
> org.apache.cxf.transport.http.URLConnectionHTTPConduit.setupConnection(URLConnectionHTTPConduit.java:125)
> > at
> org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:505)
> > at
> >
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:47)
> > at
> >
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:440)
> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:355)
> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> > at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140)
> >
> > The problem could be that I configure a trustManager but not the
> > KeyManager?
> > what does it mean in practice?
> >
> > thanks a lot
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
