Return-Path: X-Original-To: apmail-cxf-issues-archive@www.apache.org Delivered-To: apmail-cxf-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A87CB10EAD for ; Tue, 11 Mar 2014 05:38:46 +0000 (UTC) Received: (qmail 81780 invoked by uid 500); 11 Mar 2014 05:38:46 -0000 Delivered-To: apmail-cxf-issues-archive@cxf.apache.org Received: (qmail 81723 invoked by uid 500); 11 Mar 2014 05:38:44 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 81695 invoked by uid 99); 11 Mar 2014 05:38:43 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Mar 2014 05:38:43 +0000 Date: Tue, 11 Mar 2014 05:38:43 +0000 (UTC) From: "Carma Robot (JIRA)" To: issues@cxf.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (CXF-5601) Blueprint property placeholder does not work with http conduit configuration. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CXF-5601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carma Robot updated CXF-5601: ----------------------------- Attachment: sts-test-system-2.zip This test attempts to use the CXF STS. However, if I use the blueprint property placeholder configurer it fails to even get the WSDL for the STS with the error below. If I explicitly configure the trust store parameters for the HTTP conduit in my blueprint configuration then the conduit works and it gets the WSDL for the STS, successfully constructs the STS client and executes the request for security token against the STS. It seems that blueprint property placeholders do not work with the trust store configuration of the CXF http conduit. 2014-03-10 22:23:32,903 | ERROR | l Console Thread | StsClientTests | e.sts.test.system.StsClientTests 152 | 208 - com.example.auth.sts-test-system-2 - 0.0.1.SNAPSHOT | getSamlTokenWithUsernameTokenTest FAILED. org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service. at org.apache.cxf.wsdl11.WSDLServiceFactory.(WSDLServiceFactory.java:100)[117:org.apache.cxf.cxf-rt-core:2.7.7] at org.apache.cxf.ws.security.trust.AbstractSTSClient.createClient(AbstractSTSClient.java:557)[156:org.apache.cxf.cxf-rt-ws-security:2.7.7] at org.apache.cxf.ws.security.trust.AbstractSTSClient.getClient(AbstractSTSClient.java:457)[156:org.apache.cxf.cxf-rt-ws-security:2.7.7] at com.example.sts.test.system.StsClientTests.getSamlTokenWithUsernameTokenTest(StsClientTests.java:132)[208:com.example.auth.sts-test-system-2:0.0.1.SNAPSHOT] at com.example.sts.test.system.StsClientTestsCommand.doExecute(StsClientTestsCommand.java:22)[208:com.example.auth.sts-test-system-2:0.0.1.SNAPSHOT] at org.apache.karaf.shell.console.OsgiCommandSupport.execute(OsgiCommandSupport.java:38)[14:org.apache.karaf.shell.console:2.3.2] at org.apache.felix.gogo.commands.basic.AbstractCommand.execute(AbstractCommand.java:35)[14:org.apache.karaf.shell.console:2.3.2] at org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[14:org.apache.karaf.shell.console:2.3.2] at org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:474)[14:org.apache.karaf.shell.console:2.3.2] at org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:400)[14:org.apache.karaf.shell.console:2.3.2] at org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[14:org.apache.karaf.shell.console:2.3.2] at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[14:org.apache.karaf.shell.console:2.3.2] at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[14:org.apache.karaf.shell.console:2.3.2] at org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:89)[14:org.apache.karaf.shell.console:2.3.2] at org.apache.karaf.shell.console.jline.Console.run(Console.java:173)[14:org.apache.karaf.shell.console:2.3.2] at java.lang.Thread.run(Thread.java:744)[:1.7.0_51] Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:10443/sts/transport/ut?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)[113:org.apache.servicemix.bundles.wsdl4j:1.6.3.1] at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)[113:org.apache.servicemix.bundles.wsdl4j:1.6.3.1] at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)[113:org.apache.servicemix.bundles.wsdl4j:1.6.3.1] at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:263)[117:org.apache.cxf.cxf-rt-core:2.7.7] at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:206)[117:org.apache.cxf.cxf-rt-core:2.7.7] at org.apache.cxf.wsdl11.WSDLServiceFactory.(WSDLServiceFactory.java:98)[117:org.apache.cxf.cxf-rt-core:2.7.7] ... 15 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.7.0_51] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)[:1.7.0_51] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)[:1.7.0_51] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)[:1.7.0_51] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)[:1.7.0_51] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)[:1.7.0_51] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)[:1.7.0_51] at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)[:1.7.0_51] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)[:1.7.0_51] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)[:1.7.0_51] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)[:1.7.0_51] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)[:1.7.0_51] at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)[:1.7.0_51] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)[:1.7.0_51] at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)[:1.7.0_51] at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)[:1.7.0_51] at org.apache.xerces.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1] at org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1] at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1] at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1] at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1] at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1] at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)[150:org.apache.servicemix.bundles.xerces:2.11.0.1] at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2188)[113:org.apache.servicemix.bundles.wsdl4j:1.6.3.1] ... 20 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)[:1.7.0_51] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)[:1.7.0_51] at sun.security.validator.Validator.validate(Validator.java:260)[:1.7.0_51] at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)[:1.7.0_51] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)[:1.7.0_51] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)[:1.7.0_51] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)[:1.7.0_51] ... 39 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)[:1.7.0_51] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)[:1.7.0_51] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)[:1.7.0_51] ... 45 more > Blueprint property placeholder does not work with http conduit configuration. > ----------------------------------------------------------------------------- > > Key: CXF-5601 > URL: https://issues.apache.org/jira/browse/CXF-5601 > Project: CXF > Issue Type: Bug > Affects Versions: 2.7.7 > Environment: Linux, Karaf 2.3.2 > Reporter: Carma Robot > Attachments: sts-test-system-2.zip > > > I cannot setup an HTTP conduit configuration that uses the Apache Aries Blueprint property-placeholder to inject trust store parameters. The conduit works when I explicitly configure the trust store properties. Unfortunately, when I use placeholders it fails. > Please see. > http://cxf.547215.n5.nabble.com/Blueprint-property-placeholder-does-not-work-with-HTTP-conduit-configuration-td5740946.html#a5741062 > I will also attach my code. -- This message was sent by Atlassian JIRA (v6.2#6252)