Re: cxf client default key managers not initialized

luke Fri, 14 Jun 2019 00:07:51 -0700

property "javax.net.ssl.keyStore" is set but "javax.net.ssl.keyStoreType"
is not set: maybe this could be the problem.


Anyway, my request is accepted by the server. I imagine this because the
server (is an internal server in trusted network) is configured to accept
all users, otherwise I would expect an error response.

thanks a lot

Il giorno gio 13 giu 2019 alle ore 17:10 Colm O hEigeartaigh <
cohei...@apache.org> ha scritto:

> Right, but when you don't specify a "params.setKeyManagers", it tries to
> get the KeyManagers from the "javax.net.ssl.keyStore" system property. Can
> you check in your case if this is being set?
>
> Colm.
>
> On Thu, Jun 13, 2019 at 1:40 PM Luca Maderna <luca.made...@gmail.com>
> wrote:
>
> > Thanks for your answer Colm.
> > I was a little inaccurate.
> > I'm setting trust and keyStore via code as explained in cxf client
> example.
> >
> > ...
> >
> > TLSClientParameters params = conduit.getTlsClientParameters();
> >
> > params.setKeyManagers(myKeyManagers);
> >
> > params.setTrustManagers(myTrustStoreKeyManagers);
> >
> > ...
> >
> > When I test my client in development enviroment I set trustManager in
> this
> > way ( where  TrustAllCerts  is a my custom X509KeyManager implementation
> > that trust all remote entities.) :
> >
> >                       params.setTrustManagers( new TrustManager[] {new
> > TrustAllCerts()} );
> >
> > while I haven't set a keyManager.
> > In cxf 3.0.x I haven't any warning, while in 3.3.x I've  an
> > java.io.IOException
> >
> > thanks
> >
> >
> >
> >
> > Il giorno gio 13 giu 2019 alle ore 11:26 Colm O hEigeartaigh <
> > cohei...@apache.org> ha scritto:
> >
> > > What it means is that CXF is trying to load the keystore referenced by
> > the
> > > "javax.net.ssl.keyStore" system property. If you don't want to load a
> > > keyManager for TLS then you will need to unset this property.
> Otherwise,
> > > perhaps you are not also setting the "javax.net.ssl.keyStoreType"
> > property
> > > (to "JKS")? Or the "javax.net.ssl.keyStorePassword" property?
> > >
> > > Colm.
> > >
> > > On Thu, Jun 13, 2019 at 9:41 AM luke <luke.b...@gmail.com> wrote:
> > >
> > > > Hi
> > > > In my cxf client I'mconnecting to a Ws soap in https setting tls
> > > > properties.
> > > >
> > > > All works properly.
> > > >
> > > > Recently I've updated cxf libraries from a 3.0.x to 3.3.x version.
> > > >
> > > > It continue to works correctly, but I've only this warning in my
> logs:
> > > >
> > > > Jun 13, 2019 10:31:40 AM org.apache.cxf.configuration.jsse.SSLUtils
> > > > loadDefaultKeyManagers
> > > > WARNING: Default key managers cannot be initialized:
> > > > DerInputStream.getLength(): lengthTag=109, too big.
> > > > java.io.IOException: DerInputStream.getLength(): lengthTag=109, too
> > big.
> > > > at
> sun.security.util.DerInputStream.getLength(DerInputStream.java:599)
> > > > at sun.security.util.DerValue.init(DerValue.java:391)
> > > > at sun.security.util.DerValue.<init>(DerValue.java:332)
> > > > at sun.security.util.DerValue.<init>(DerValue.java:345)
> > > > at
> > > sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)
> > > > at java.security.KeyStore.load(KeyStore.java:1445)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.configuration.jsse.SSLUtils.loadDefaultKeyManagers(SSLUtils.java:122)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.configuration.jsse.SSLUtils.getDefaultKeyStoreManagers(SSLUtils.java:88)
> > > > at
> > > org.apache.cxf.transport.https.SSLUtils.getSSLContext(SSLUtils.java:75)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.transport.https.HttpsURLConnectionFactory.decorateWithTLS(HttpsURLConnectionFactory.java:144)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.transport.https.HttpsURLConnectionFactory.createConnection(HttpsURLConnectionFactory.java:101)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.transport.http.URLConnectionHTTPConduit.createConnection(URLConnectionHTTPConduit.java:121)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.transport.http.URLConnectionHTTPConduit.setupConnection(URLConnectionHTTPConduit.java:125)
> > > > at
> > > org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:505)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:47)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> > > > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> > > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:440)
> > > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:355)
> > > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> > > > at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> > > > at
> > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140)
> > > >
> > > > The problem could be that I configure a trustManager but not the
> > > > KeyManager?
> > > > what does it mean in practice?
> > > >
> > > > thanks a lot
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Re: cxf client default key managers not initialized

Reply via email to