Confirm auto key registration using javax.net.ssl.keyStore system property is broken in REST module (mayb since cxf 3.2 / 3.3 )
чт, 13 июн. 2019 г. в 19:10, Colm O hEigeartaigh <cohei...@apache.org>: > Right, but when you don't specify a "params.setKeyManagers", it tries to > get the KeyManagers from the "javax.net.ssl.keyStore" system property. Can > you check in your case if this is being set? > > Colm. > > On Thu, Jun 13, 2019 at 1:40 PM Luca Maderna <luca.made...@gmail.com> > wrote: > > > Thanks for your answer Colm. > > I was a little inaccurate. > > I'm setting trust and keyStore via code as explained in cxf client > example. > > > > ... > > > > TLSClientParameters params = conduit.getTlsClientParameters(); > > > > params.setKeyManagers(myKeyManagers); > > > > params.setTrustManagers(myTrustStoreKeyManagers); > > > > ... > > > > When I test my client in development enviroment I set trustManager in > this > > way ( where TrustAllCerts is a my custom X509KeyManager implementation > > that trust all remote entities.) : > > > > params.setTrustManagers( new TrustManager[] {new > > TrustAllCerts()} ); > > > > while I haven't set a keyManager. > > In cxf 3.0.x I haven't any warning, while in 3.3.x I've an > > java.io.IOException > > > > thanks > > > > > > > > > > Il giorno gio 13 giu 2019 alle ore 11:26 Colm O hEigeartaigh < > > cohei...@apache.org> ha scritto: > > > > > What it means is that CXF is trying to load the keystore referenced by > > the > > > "javax.net.ssl.keyStore" system property. If you don't want to load a > > > keyManager for TLS then you will need to unset this property. > Otherwise, > > > perhaps you are not also setting the "javax.net.ssl.keyStoreType" > > property > > > (to "JKS")? Or the "javax.net.ssl.keyStorePassword" property? > > > > > > Colm. > > > > > > On Thu, Jun 13, 2019 at 9:41 AM luke <luke.b...@gmail.com> wrote: > > > > > > > Hi > > > > In my cxf client I'mconnecting to a Ws soap in https setting tls > > > > properties. > > > > > > > > All works properly. > > > > > > > > Recently I've updated cxf libraries from a 3.0.x to 3.3.x version. > > > > > > > > It continue to works correctly, but I've only this warning in my > logs: > > > > > > > > Jun 13, 2019 10:31:40 AM org.apache.cxf.configuration.jsse.SSLUtils > > > > loadDefaultKeyManagers > > > > WARNING: Default key managers cannot be initialized: > > > > DerInputStream.getLength(): lengthTag=109, too big. > > > > java.io.IOException: DerInputStream.getLength(): lengthTag=109, too > > big. > > > > at > sun.security.util.DerInputStream.getLength(DerInputStream.java:599) > > > > at sun.security.util.DerValue.init(DerValue.java:391) > > > > at sun.security.util.DerValue.<init>(DerValue.java:332) > > > > at sun.security.util.DerValue.<init>(DerValue.java:345) > > > > at > > > sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914) > > > > at java.security.KeyStore.load(KeyStore.java:1445) > > > > at > > > > > > > > > > > > > > org.apache.cxf.configuration.jsse.SSLUtils.loadDefaultKeyManagers(SSLUtils.java:122) > > > > at > > > > > > > > > > > > > > org.apache.cxf.configuration.jsse.SSLUtils.getDefaultKeyStoreManagers(SSLUtils.java:88) > > > > at > > > org.apache.cxf.transport.https.SSLUtils.getSSLContext(SSLUtils.java:75) > > > > at > > > > > > > > > > > > > > org.apache.cxf.transport.https.HttpsURLConnectionFactory.decorateWithTLS(HttpsURLConnectionFactory.java:144) > > > > at > > > > > > > > > > > > > > org.apache.cxf.transport.https.HttpsURLConnectionFactory.createConnection(HttpsURLConnectionFactory.java:101) > > > > at > > > > > > > > > > > > > > org.apache.cxf.transport.http.URLConnectionHTTPConduit.createConnection(URLConnectionHTTPConduit.java:121) > > > > at > > > > > > > > > > > > > > org.apache.cxf.transport.http.URLConnectionHTTPConduit.setupConnection(URLConnectionHTTPConduit.java:125) > > > > at > > > org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:505) > > > > at > > > > > > > > > > > > > > org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:47) > > > > at > > > > > > > > > > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > > > > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531) > > > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:440) > > > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:355) > > > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313) > > > > at > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > > > > at > > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140) > > > > > > > > The problem could be that I configure a trustManager but not the > > > > KeyManager? > > > > what does it mean in practice? > > > > > > > > thanks a lot > > > > > > > > > > > > > -- > > > Colm O hEigeartaigh > > > > > > Talend Community Coder > > > http://coders.talend.com > > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >