project_key: SOA The attached test case is based on webservice_proxy_security 1) Configure httpclient-8443.properties to point to the keystore included 2) COnfigure serv.xml in jbossweb.sar to use the keystore 3) Start server 4) ant deploy 5) ant runtest Exception is thrown [java] 12:27:24,945 DEBUG [main][content] >> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:hello="http://webservice_proxy_security/helloworld"><soapenv:Header/><soapenv:Body><hello:sayHello><toWhom>jpechane</toWhom></hello:sayHello></soapenv:Body></soapenv:Envelope>" [java] Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target [java] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611) [java] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) [java] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) [java] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035) [java] at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124) [java] at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) [java] at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112) [java] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623) [java] at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) [java] at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) [java] at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) [java] at java.io.FilterOutputStream.flush(FilterOutputStream.java:123) [java] at org.apache.commons.httpclient.methods.StringRequestEntity.writeRequest(StringRequestEntity.java:150) [java] at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:495) [java] at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973) [java] at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993) [java] at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397) [java] at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170) [java] at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396) [java] at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324) [java] at org.jboss.soa.esb.samples.quickstart.webservice_proxy_security.test.SendWSMessage.main(SendWSMessage.java:89) [java] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target [java] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) [java] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191) [java] at sun.security.validator.Validator.validate(Validator.java:218) [java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) [java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) [java] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) [java] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014) [java] ... 19 more [java] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target [java] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) [java] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) [java] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) [java] ... 25 more 6) Uncomment two sysproperty in runinternal target at build XML and set them to point to the keystore 7) ant runtest Now the execution should be finished without problems. Thus it seems that local truststore config are ignored.
Attachment: Added: wsp.zip
There are a couple of issues to be addressed - The defined protocol is never used, which means that the socket factory will always use the factory associated with the default Protocol instance - The protocol socket factory builders cannot retrieve an encrypted password from a file
Link: Added: This issue depends JBESB-3504
Link: Added: This issue depends JBESB-3505
Writer: Added: Darrin
Release Notes Docs Status: Added: Not Yet Documented
Verified in ER6
Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Resolved Issue Release Notes Text: Added: Truststore configuration in HttpClientFactory did not work correctly. There were two issues. Firstly, the defined protocol was never used, meaning that the socket factory always used the factory associated with the default Protocol instance. And secondly, the protocol socket factory builder were unable to retrieve encrypted passwords from a file. Both of these issues have been resolved and Truststore configuration works correctly in HttpClientfactory.