Bug 780059 - (SOA-2424) Truststore configuration does not work properly for HttpClientFactory
Truststore configuration does not work properly for HttpClientFactory
Status: CLOSED NEXTRELEASE
Product: JBoss Enterprise SOA Platform 5
Classification: JBoss
Component: JBossESB (Show other bugs)
5.1.0.ER2
Unspecified Unspecified
high Severity high
: ---
: 5.1.0 GA
Assigned To: Kevin Conner
http://jira.jboss.org/jira/browse/SOA...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-10-14 06:35 EDT by Jiri Pechanec
Modified: 2011-02-17 04:01 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-02-17 04:01:32 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
wsp.zip (20.98 KB, application/zip)
2010-10-14 06:35 EDT, Jiri Pechanec
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker SOA-2424 Major Closed Truststore configuration does not work properly for HttpClientFactory 2014-05-28 08:24:30 EDT

  None (edit)
Description Jiri Pechanec 2010-10-14 06:35:01 EDT
project_key: SOA

The attached test case is based on webservice_proxy_security

1) Configure httpclient-8443.properties to point to the keystore included
2) COnfigure serv.xml in jbossweb.sar to use the keystore
3) Start server
4) ant deploy
5) ant runtest
Exception is thrown
     [java] 12:27:24,945 DEBUG [main][content] >> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:hello="http://webservice_proxy_security/helloworld"><soapenv:Header/><soapenv:Body><hello:sayHello><toWhom>jpechane</toWhom></hello:sayHello></soapenv:Body></soapenv:Envelope>"
     [java] Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     [java] 	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
     [java] 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
     [java] 	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
     [java] 	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
     [java] 	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
     [java] 	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
     [java] 	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
     [java] 	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
     [java] 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
     [java] 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
     [java] 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
     [java] 	at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
     [java] 	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
     [java] 	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
     [java] 	at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
     [java] 	at org.apache.commons.httpclient.methods.StringRequestEntity.writeRequest(StringRequestEntity.java:150)
     [java] 	at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:495)
     [java] 	at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
     [java] 	at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
     [java] 	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
     [java] 	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
     [java] 	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
     [java] 	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
     [java] 	at org.jboss.soa.esb.samples.quickstart.webservice_proxy_security.test.SendWSMessage.main(SendWSMessage.java:89)
     [java] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     [java] 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
     [java] 	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
     [java] 	at sun.security.validator.Validator.validate(Validator.java:218)
     [java] 	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
     [java] 	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
     [java] 	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
     [java] 	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
     [java] 	... 19 more
     [java] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     [java] 	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
     [java] 	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
     [java] 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
     [java] 	... 25 more

6) Uncomment two sysproperty in runinternal target at build XML and set them to point to the keystore
7) ant runtest

Now the execution should be finished without problems. Thus it seems that local truststore config are ignored.
Comment 1 Jiri Pechanec 2010-10-14 06:35:29 EDT
Attachment: Added: wsp.zip
Comment 2 Kevin Conner 2010-10-15 01:22:00 EDT
There are a couple of issues to be addressed

- The defined protocol is never used, which means that the socket factory will always use the factory associated with the default Protocol instance
- The protocol socket factory builders cannot retrieve an encrypted password from a file
Comment 3 Kevin Conner 2010-10-15 01:27:14 EDT
Link: Added: This issue depends JBESB-3504
Comment 4 Kevin Conner 2010-10-15 01:29:43 EDT
Link: Added: This issue depends JBESB-3505
Comment 5 Laura Bailey 2010-12-16 19:41:32 EST
Writer: Added: Darrin
Comment 6 Laura Bailey 2010-12-16 19:48:00 EST
Release Notes Docs Status: Added: Not Yet Documented
Comment 8 Jiri Pechanec 2011-01-11 06:00:41 EST
Verified in ER6
Comment 9 Darrin Mison 2011-02-17 04:01:32 EST
Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Resolved Issue
Release Notes Text: Added: Truststore configuration in HttpClientFactory did not work correctly.  There were two issues.  Firstly, the defined protocol was never used, meaning that  the socket factory always used the factory associated with the default Protocol instance.  And secondly, the protocol socket factory builder were  unable to retrieve encrypted passwords from a file.  Both of these issues have been resolved and Truststore configuration works correctly in HttpClientfactory.

Note You need to log in before you can comment on or make changes to this bug.