Right, but when you don't specify a "params.setKeyManagers", it tries to get the KeyManagers from the "javax.net.ssl.keyStore" system property. Can you check in your case if this is being set?
Colm. On Thu, Jun 13, 2019 at 1:40 PM Luca Maderna <[email protected]> wrote: > Thanks for your answer Colm. > I was a little inaccurate. > I'm setting trust and keyStore via code as explained in cxf client example. > > ... > > TLSClientParameters params = conduit.getTlsClientParameters(); > > params.setKeyManagers(myKeyManagers); > > params.setTrustManagers(myTrustStoreKeyManagers); > > ... > > When I test my client in development enviroment I set trustManager in this > way ( where TrustAllCerts is a my custom X509KeyManager implementation > that trust all remote entities.) : > > params.setTrustManagers( new TrustManager[] {new > TrustAllCerts()} ); > > while I haven't set a keyManager. > In cxf 3.0.x I haven't any warning, while in 3.3.x I've an > java.io.IOException > > thanks > > > > > Il giorno gio 13 giu 2019 alle ore 11:26 Colm O hEigeartaigh < > [email protected]> ha scritto: > > > What it means is that CXF is trying to load the keystore referenced by > the > > "javax.net.ssl.keyStore" system property. If you don't want to load a > > keyManager for TLS then you will need to unset this property. Otherwise, > > perhaps you are not also setting the "javax.net.ssl.keyStoreType" > property > > (to "JKS")? Or the "javax.net.ssl.keyStorePassword" property? > > > > Colm. > > > > On Thu, Jun 13, 2019 at 9:41 AM luke <[email protected]> wrote: > > > > > Hi > > > In my cxf client I'mconnecting to a Ws soap in https setting tls > > > properties. > > > > > > All works properly. > > > > > > Recently I've updated cxf libraries from a 3.0.x to 3.3.x version. > > > > > > It continue to works correctly, but I've only this warning in my logs: > > > > > > Jun 13, 2019 10:31:40 AM org.apache.cxf.configuration.jsse.SSLUtils > > > loadDefaultKeyManagers > > > WARNING: Default key managers cannot be initialized: > > > DerInputStream.getLength(): lengthTag=109, too big. > > > java.io.IOException: DerInputStream.getLength(): lengthTag=109, too > big. > > > at sun.security.util.DerInputStream.getLength(DerInputStream.java:599) > > > at sun.security.util.DerValue.init(DerValue.java:391) > > > at sun.security.util.DerValue.<init>(DerValue.java:332) > > > at sun.security.util.DerValue.<init>(DerValue.java:345) > > > at > > sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914) > > > at java.security.KeyStore.load(KeyStore.java:1445) > > > at > > > > > > > > > org.apache.cxf.configuration.jsse.SSLUtils.loadDefaultKeyManagers(SSLUtils.java:122) > > > at > > > > > > > > > org.apache.cxf.configuration.jsse.SSLUtils.getDefaultKeyStoreManagers(SSLUtils.java:88) > > > at > > org.apache.cxf.transport.https.SSLUtils.getSSLContext(SSLUtils.java:75) > > > at > > > > > > > > > org.apache.cxf.transport.https.HttpsURLConnectionFactory.decorateWithTLS(HttpsURLConnectionFactory.java:144) > > > at > > > > > > > > > org.apache.cxf.transport.https.HttpsURLConnectionFactory.createConnection(HttpsURLConnectionFactory.java:101) > > > at > > > > > > > > > org.apache.cxf.transport.http.URLConnectionHTTPConduit.createConnection(URLConnectionHTTPConduit.java:121) > > > at > > > > > > > > > org.apache.cxf.transport.http.URLConnectionHTTPConduit.setupConnection(URLConnectionHTTPConduit.java:125) > > > at > > org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:505) > > > at > > > > > > > > > org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:47) > > > at > > > > > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > > > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531) > > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:440) > > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:355) > > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313) > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140) > > > > > > The problem could be that I configure a trustManager but not the > > > KeyManager? > > > what does it mean in practice? > > > > > > thanks a lot > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
