Return-Path: Delivered-To: apmail-cxf-users-archive@www.apache.org Received: (qmail 1503 invoked from network); 12 Aug 2009 10:27:32 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 12 Aug 2009 10:27:32 -0000 Received: (qmail 68567 invoked by uid 500); 12 Aug 2009 10:27:38 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 68478 invoked by uid 500); 12 Aug 2009 10:27:38 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 68467 invoked by uid 99); 12 Aug 2009 10:27:38 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Aug 2009 10:27:38 +0000 X-ASF-Spam-Status: No, hits=3.7 required=10.0 tests=HTML_MESSAGE,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of eamdwyercxf@hotmail.com designates 65.55.90.149 as permitted sender) Received: from [65.55.90.149] (HELO snt0-omc3-s10.snt0.hotmail.com) (65.55.90.149) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Aug 2009 10:27:27 +0000 Received: from SNT121-W13 ([65.55.90.137]) by snt0-omc3-s10.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 12 Aug 2009 03:23:31 -0700 Message-ID: Content-Type: multipart/alternative; boundary="_4ff44ee6-14ab-45a4-82f3-237046259bc2_" X-Originating-IP: [62.17.23.35] From: Eamonn Dwyer To: Subject: RE: HTTPS Date: Wed, 12 Aug 2009 11:23:31 +0100 Importance: Normal In-Reply-To: <339C1254-ACE2-449C-8F78-F5A660EAD1CC@inventrio.com> References: <339C1254-ACE2-449C-8F78-F5A660EAD1CC@inventrio.com> MIME-Version: 1.0 X-OriginalArrivalTime: 12 Aug 2009 10:23:31.0567 (UTC) FILETIME=[F0CD97F0:01CA1B36] X-Virus-Checked: Checked by ClamAV on apache.org --_4ff44ee6-14ab-45a4-82f3-237046259bc2_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi Stephen=20 I wonder would it work any better if you changed the trustManages and keySt= ores to use the "resource=3D" prefix rather than the "file=3D" prefix. The = "resource=3D" prefix tells the code to load the certificate from the classp= ath rather than the relative path. For example Regards Eamonn > From: stephen.langella@inventrio.com > To: users@cxf.apache.org > Subject: HTTPS > Date: Tue=2C 11 Aug 2009 22:42:15 -0400 >=20 > I was playing around with the WSDL First HTTPS sample distributed with =20 > apache 2.2.3. I got it working out of the box as one might have =20 > expected=2C I did however run into a problem when changing around the =20 > client to use the remote WSDL published by the service instead of the =20 > local file. When I do this I get the following exception: >=20 > Caused by: javax.wsdl.WSDLException: WSDLException: =20 > faultCode=3DPARSER_ERROR: Problem parsing 'https://llanowar:9001/HelloWor= ldService?wsdl'=20 > .: javax.net.ssl.SSLHandshakeException: =20 > sun.security.validator.ValidatorException: PKIX path building failed: =20 > sun.security.provider.certpath.SunCertPathBuilderException: unable to =20 > find valid certification path to requested target > at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source) > at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) > at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) > at =20 > org=20 > .apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:=20 > 210) > at =20 > org=20 > .apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:=20 > 175) > at =20 > org=20 > .apache.cxf.wsdl11.WSDLServiceFactory.(WSDLServiceFactory.java:91) > ... 9 more > Caused by: javax.net.ssl.SSLHandshakeException: =20 > sun.security.validator.ValidatorException: PKIX path building failed: =20 > sun.security.provider.certpath.SunCertPathBuilderException: unable to =20 > find valid certification path to requested target > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:=20 > 150) > at =20 > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:=20 > 1584) > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:=20 > 174) > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:=20 > 168) > at =20 > com=20 > .sun=20 > .net=20 > .ssl=20 > .internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:=20 > 848) > at =20 > com=20 > .sun=20 > .net=20 > .ssl=20 > .internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) > at =20 > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) > at =20 > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:=20 > 433) > at =20 > com=20 > .sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:=20 > 877) > at =20 > com=20 > .sun=20 > .net=20 > .ssl=20 > .internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:=20 > 1089) > at =20 > com=20 > .sun=20 > .net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:=20 > 1116) > at =20 > com=20 > .sun=20 > .net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:=20 > 1100) > at =20 > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:=20 > 402) > at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.conn= ect=20 > (AbstractDelegateHttpsURLConnection.java:166) > at =20 > sun=20 > .net=20 > .www=20 > .protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:=20 > 951) > at =20 > sun=20 > .net=20 > .www=20 > .protocol=20 > .https=20 > .HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) > at =20 > com=20 > .sun=20 > .org=20 > .apache=20 > .xerces=20 > .internal=20 > .impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:973) > at =20 > com=20 > .sun=20 > .org=20 > .apache=20 > .xerces=20 > .internal=20 > .impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:=20 > 184) > at =20 > com=20 > .sun=20 > .org=20 > .apache=20 > .xerces=20 > .internal.parsers.XML11Configuration.parse(XML11Configuration.java:798) > at =20 > com=20 > .sun=20 > .org=20 > .apache=20 > .xerces=20 > .internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) > at =20 > com=20 > .sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:=20 > 148) > at =20 > com=20 > .sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:=20 > 250) > at =20 > com=20 > .sun=20 > .org=20 > .apache=20 > .xerces=20 > .internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:292) > ... 15 more >=20 > It seems that the code that obtains the remote WSDL (WSDLReaderImpl) =20 > is not using the trust manager configuration set in the spring =20 > configuration file (WibbleClient.xml). I can get to work if I set =20 > the =93javax.net.ssl.trustStore=93 system property to the trust store I = =20 > configured in WibbleClient.xml=2C however this seems redundant and I =20 > would think that the underlying client code would use a single point =20 > of configuration=2C am I missing something?=2C is this intentional?=2C or= is =20 > this a bug? Thanks in advance. >=20 > --Steve >=20 > Stephen Langella > Co-Founder > Inventrio=2C LLC > www.inventrio.com >=20 > Stephen.Langella@inventrio.com >=20 >=20 >=20 >=20 >=20 >=20 _________________________________________________________________ See all the ways you can stay connected to friends and family http://www.microsoft.com/windows/windowslive/default.aspx= --_4ff44ee6-14ab-45a4-82f3-237046259bc2_--