FAQ
Hey!

I am trying to connect to a https enabled secure service at SAP PI end.

I have the SSL certificates in form of jks files namely truststore.jks and
keystore.jks


Could you advice which is the best component to use in my case. I will be
sending xml data to SAP PI which is received from third party system at the
CXF Endpoint in Fuse ESB.

I found a note at http://camel.apache.org/jetty.html as follows:::::

/Jetty is stream based, which means the input it receives is submitted to
Camel as a stream. That means you will only be able to read the content of
the stream once.
If you find a situation where the message body appears to be empty or you
need to access the data multiple times (eg: doing multicasting, or
redelivery error handling)
you should use Stream caching or convert the message body to a String which
is safe to be re-read multiple times./


So can I use this component? Will SAP PI be able to receive my xml data or
will it receive it as stream ?


*

Pls look at my code configuring JETTY:

  <bean id="jetty"
class="org.apache.camel.component.jetty.JettyHttpComponent">
   <property name="sslSocketConnectorProperties">
    <map>
     <entry key="password" value="fuseesb" />
     <entry key="keyPassword" value="fuseesb" />
     <entry key="keystore" value="src/main/resources/certs/keystore.jks" />
     <entry key="truststore" value="src/main/resources/certs/truststore.jks"
/>
     <entry key="trustPassword" value="fuse" />
     <entry key="needClientAuth" value="true" />
    </map>
   </property>
  </bean>
  <jaxws:client id="PIServiceProxy"

address="jetty:https://server:8105/XISOAPAdapter/MessageServlet?senderParty=&amp;senderService=SS_Q_MES_Miheevsky&amp;receiverParty=&amp;receiverService=&amp;interface=SI_ID56_CopperRecovery_async_out&amp;interfaceNamespace=urn:company:pi:mes:id56:CopperRecovery"

serviceClass="company.pi.mes.id56.copperrecovery.SIID56CopperRecoveryAsyncOut"
   username="om_sys_user" password="om_sys_user" />
  <osgi:reference id="company-datasource" interface="javax.sql.DataSource" />
*

IS THIS THE CORRECT WAY of configuring jetty?


Reji



--
View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Search Discussions

  • Christian Müller at Aug 25, 2013 at 5:52 pm
    IF the SAP service is exposed as JAX-WS or JAX-RS service, I would
    recommend to use the camel-cxf component to access this service.

    It supports HTTPS with server and client certificates by using the
    'conduit' configuration [1].

    [1]
    http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html

    Best,
    Christian
    -----------------

    Software Integration Specialist

    Apache Camel committer: https://camel.apache.org/team
    V.P. Apache Camel: https://www.apache.org/foundation/
    Apache Member: https://www.apache.org/foundation/members.html

    https://www.linkedin.com/pub/christian-mueller/11/551/642

    On Sun, Aug 25, 2013 at 9:19 AM, contactreji wrote:

    Hey!

    I am trying to connect to a https enabled secure service at SAP PI end.

    I have the SSL certificates in form of jks files namely truststore.jks and
    keystore.jks


    Could you advice which is the best component to use in my case. I will be
    sending xml data to SAP PI which is received from third party system at the
    CXF Endpoint in Fuse ESB.

    I found a note at http://camel.apache.org/jetty.html as follows:::::

    /Jetty is stream based, which means the input it receives is submitted to
    Camel as a stream. That means you will only be able to read the content of
    the stream once.
    If you find a situation where the message body appears to be empty or you
    need to access the data multiple times (eg: doing multicasting, or
    redelivery error handling)
    you should use Stream caching or convert the message body to a String which
    is safe to be re-read multiple times./


    So can I use this component? Will SAP PI be able to receive my xml data or
    will it receive it as stream ?


    *

    Pls look at my code configuring JETTY:

    <bean id="jetty"
    class="org.apache.camel.component.jetty.JettyHttpComponent">
    <property name="sslSocketConnectorProperties">
    <map>
    <entry key="password" value="fuseesb" />
    <entry key="keyPassword" value="fuseesb" />
    <entry key="keystore"
    value="src/main/resources/certs/keystore.jks" />
    <entry key="truststore"
    value="src/main/resources/certs/truststore.jks"
    />
    <entry key="trustPassword" value="fuse" />
    <entry key="needClientAuth" value="true" />
    </map>
    </property>
    </bean>
    <jaxws:client id="PIServiceProxy"

    address="jetty:
    https://server:8105/XISOAPAdapter/MessageServlet?senderParty=&amp;senderService=SS_Q_MES_Miheevsky&amp;receiverParty=&amp;receiverService=&amp;interface=SI_ID56_CopperRecovery_async_out&amp;interfaceNamespace=urn:company:pi:mes:id56:CopperRecovery
    "


    serviceClass="company.pi.mes.id56.copperrecovery.SIID56CopperRecoveryAsyncOut"
    username="om_sys_user" password="om_sys_user" />
    <osgi:reference id="company-datasource"
    interface="javax.sql.DataSource" />
    *

    IS THIS THE CORRECT WAY of configuring jetty?


    Reji



    --
    View this message in context:
    http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876.html
    Sent from the Camel - Users mailing list archive at Nabble.com.
  • Contactreji at Aug 26, 2013 at 8:04 am
    Hi Christain

    I used the apporach suggested by you. I get the following exception. Could
    you suggest what could have went wrong.
    Pls advice. Its really urgent

    Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException
    invoking
    https://ascsq14:8105/XISOAPAdapter/MessageServlet?senderParty=&senderService=BS_Q_MES_Miheevsky&receiverParty=&receiverService=&interface=SI_ID56_CopperRecovery_async_out&interfaceNamespace=urn:outotec:pi:mes:id56:CopperRecovery:
    sun.security.validator.ValidatorException: PKIX path building failed:
    sun.security.provider.certpath.SunCertPathBuilderException: unable to find
    valid certification path to requested target
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
    Method)[:1.6.0_45]
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown
    Source)[:1.6.0_45]
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
    Source)[:1.6.0_45]
      at java.lang.reflect.Constructor.newInstance(Unknown Source)[:1.6.0_45]
      at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
      at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
      at
    org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
      at
    org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
      at
    org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
      ... 65 more
    Caused by: javax.net.ssl.SSLHandshakeException:
    sun.security.validator.ValidatorException: PKIX path building failed:
    sun.security.provider.certpath.SunCertPathBuilderException: unable to find
    valid certification path to requested target
      at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
    Source)[:1.6]
      at
    com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
    Source)[:1.6]
      at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
    Source)[:1.6]
      at
    sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
    Source)[:1.6]
      at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
    Source)[:1.6.0_45]
      at
    sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown
    Source)[:1.6]
      at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1410)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
      at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1351)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
      at
    org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
      at
    org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
      at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1424)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
      ... 68 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building
    failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
    to find valid certification path to requested target
      at sun.security.validator.PKIXValidator.doBuild(Unknown Source)[:1.6.0_45]
      at sun.security.validator.PKIXValidator.engineValidate(Unknown
    Source)[:1.6.0_45]
      at sun.security.validator.Validator.validate(Unknown Source)[:1.6.0_45]
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
    Source)[:1.6]
      at
    com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
    Source)[:1.6]
      at
    com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
    Source)[:1.6]
      ... 85 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
    unable to find valid certification path to requested target
      at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
    Source)[:1.6.0_45]
      at java.security.cert.CertPathBuilder.build(Unknown Source)[:1.6.0_45]
      ... 91 more
    10:55:01,663 | INFO | ault-workqueue-1 | Pi_CopperRecoveryPerc |
    432 - com.outotec.mes-bw-copper_recovery_perc_ssl - 1.0.0 | Unexpected
    Exception for CU Recovery. javax.xml.ws.WebServiceException: Could not send
    Message.
    10:55:01,679 | ERROR | ault-workqueue-1 | DefaultErrorHandler |
    147 - org.apache.camel.came



    --
    View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876p5737932.html
    Sent from the Camel - Users mailing list archive at Nabble.com.
  • Bharath at Aug 26, 2013 at 8:04 am
    Hi reji,

    Can you share your http-conduit configuration details

    Cheers!!!
    Bharath




    --
    View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876p5737933.html
    Sent from the Camel - Users mailing list archive at Nabble.com.
  • Contactreji at Aug 26, 2013 at 8:22 am
    hi Bharath

    its as follows
    <http:conduit
       name="{urn:outotec:pi:mes:id56:CopperRecovery}.HTTPS_Port.http-conduit">

       <http:tlsClientParameters>

        <sec:keyManagers keyPassword="fuseesb">
         <sec:keyStore type="JKS" password="fuseesb"
    resource="certs/keystore.jks" />
        </sec:keyManagers>
        <sec:trustManagers>
         <sec:keyStore type="JKS" password="fuse"
          resource="certs/truststore.jks" />
        </sec:trustManagers>


        <sec:cipherSuitesFilter>

         <sec:include>.*_EXPORT_.*</sec:include>
         <sec:include>.*_EXPORT1024_.*</sec:include>
         <sec:include>.*_WITH_DES_.*</sec:include>
         <sec:include>.*_WITH_AES_.*</sec:include>
         <sec:include>.*_WITH_NULL_.*</sec:include>
         <sec:exclude>.*_DH_anon_.*</sec:exclude>
        </sec:cipherSuitesFilter>
       </http:tlsClientParameters>

       <http:client AutoRedirect="true" Connection="Keep-Alive" />

      </http:conduit>

    I am getting following exception
    *
    Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException
    invoking
    https://ascsq14:8105/XISOAPAdapter/MessageServlet?senderParty=&senderService=BS_Q_MES_Miheevsky&receiverParty=&receiverService=&interface=SI_ID56_CopperRecovery_async_out&interfaceNamespace=urn:outotec:pi:mes:id56:CopperRecovery:
    sun.security.validator.ValidatorException: PKIX path building failed:
    sun.security.provider.certpath.SunCertPathBuilderException: unable to find
    valid certification path to requested target
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
    Method)[:1.6.0_45]
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown
    Source)[:1.6.0_45]
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
    Source)[:1.6.0_45]
      at java.lang.reflect.Constructor.newInstance(Unknown Source)[:1.6.0_45]
      at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
      at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
      at
    org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
      at
    org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
      at
    org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
      ... 65 more
    Caused by: javax.net.ssl.SSLHandshakeException:
    sun.security.validator.ValidatorException: PKIX path building failed:
    sun.security.provider.certpath.SunCertPathBuilderException: unable to find
    valid certification path to requested target
      at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
    Source)[:1.6]
      at
    com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
    Source)[:1.6]
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
    Source)[:1.6]
      at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
    Source)[:1.6]
      at
    sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
    Source)[:1.6]
      at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
    Source)[:1.6.0_45]
      at
    sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown
    Source)[:1.6]
      at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1410)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
      at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1351)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
      at
    org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
      at
    org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
      at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1424)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
      ... 68 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building
    failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
    to find valid certification path to requested target
      at sun.security.validator.PKIXValidator.doBuild(Unknown Source)[:1.6.0_45]
      at sun.security.validator.PKIXValidator.engineValidate(Unknown
    Source)[:1.6.0_45]
      at sun.security.validator.Validator.validate(Unknown Source)[:1.6.0_45]
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
    Source)[:1.6]
      at
    com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
    Source)[:1.6]
      at
    com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
    Source)[:1.6]
      ... 85 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
    unable to find valid certification path to requested target
      at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
    Source)[:1.6.0_45]
      at java.security.cert.CertPathBuilder.build(Unknown Source)[:1.6.0_45]*



    --
    View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876p5737935.html
    Sent from the Camel - Users mailing list archive at Nabble.com.
  • Aki Yoshida at Aug 26, 2013 at 8:40 am
    have you verified by which certificate your service provider (SAP
    PI)'s certificate is signed and if this certificate is in your
    truststore? I think it's not in there, so the cxf client can't verify
    the provider's certificate.



    2013/8/26 contactreji <contactreji@gmail.com>:
    hi Bharath

    its as follows
    <http:conduit
    name="{urn:outotec:pi:mes:id56:CopperRecovery}.HTTPS_Port.http-conduit">

    <http:tlsClientParameters>

    <sec:keyManagers keyPassword="fuseesb">
    <sec:keyStore type="JKS" password="fuseesb"
    resource="certs/keystore.jks" />
    </sec:keyManagers>
    <sec:trustManagers>
    <sec:keyStore type="JKS" password="fuse"
    resource="certs/truststore.jks" />
    </sec:trustManagers>


    <sec:cipherSuitesFilter>

    <sec:include>.*_EXPORT_.*</sec:include>
    <sec:include>.*_EXPORT1024_.*</sec:include>
    <sec:include>.*_WITH_DES_.*</sec:include>
    <sec:include>.*_WITH_AES_.*</sec:include>
    <sec:include>.*_WITH_NULL_.*</sec:include>
    <sec:exclude>.*_DH_anon_.*</sec:exclude>
    </sec:cipherSuitesFilter>
    </http:tlsClientParameters>

    <http:client AutoRedirect="true" Connection="Keep-Alive" />

    </http:conduit>

    I am getting following exception
    *
    Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException
    invoking
    https://ascsq14:8105/XISOAPAdapter/MessageServlet?senderParty=&senderService=BS_Q_MES_Miheevsky&receiverParty=&receiverService=&interface=SI_ID56_CopperRecovery_async_out&interfaceNamespace=urn:outotec:pi:mes:id56:CopperRecovery:
    sun.security.validator.ValidatorException: PKIX path building failed:
    sun.security.provider.certpath.SunCertPathBuilderException: unable to find
    valid certification path to requested target
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
    Method)[:1.6.0_45]
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown
    Source)[:1.6.0_45]
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
    Source)[:1.6.0_45]
    at java.lang.reflect.Constructor.newInstance(Unknown Source)[:1.6.0_45]
    at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
    at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
    at
    org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
    at
    org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
    at
    org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
    ... 65 more
    Caused by: javax.net.ssl.SSLHandshakeException:
    sun.security.validator.ValidatorException: PKIX path building failed:
    sun.security.provider.certpath.SunCertPathBuilderException: unable to find
    valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
    Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
    Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
    Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
    Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
    Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
    Source)[:1.6]
    at
    com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
    Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
    Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
    Source)[:1.6]
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
    Source)[:1.6]
    at
    sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
    Source)[:1.6]
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
    Source)[:1.6.0_45]
    at
    sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown
    Source)[:1.6]
    at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1410)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
    at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1351)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
    at
    org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
    at
    org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
    at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1424)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
    ... 68 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building
    failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
    to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)[:1.6.0_45]
    at sun.security.validator.PKIXValidator.engineValidate(Unknown
    Source)[:1.6.0_45]
    at sun.security.validator.Validator.validate(Unknown Source)[:1.6.0_45]
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
    Source)[:1.6]
    at
    com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
    Source)[:1.6]
    at
    com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
    Source)[:1.6]
    ... 85 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
    unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
    Source)[:1.6.0_45]
    at java.security.cert.CertPathBuilder.build(Unknown Source)[:1.6.0_45]*



    --
    View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876p5737935.html
    Sent from the Camel - Users mailing list archive at Nabble.com.
  • Christian Müller at Aug 26, 2013 at 9:25 am
    If it doesn't help, please enable SSL debuging with the JVM option "
    javax.net.debug=all" as shown at [1].

    [1]
    http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/samples/sslengine/SSLEngineSimpleDemo.java

    Best,
    Christian
    -----------------

    Software Integration Specialist

    Apache Camel committer: https://camel.apache.org/team
    V.P. Apache Camel: https://www.apache.org/foundation/
    Apache Member: https://www.apache.org/foundation/members.html

    https://www.linkedin.com/pub/christian-mueller/11/551/642

    On Mon, Aug 26, 2013 at 10:39 AM, Aki Yoshida wrote:

    have you verified by which certificate your service provider (SAP
    PI)'s certificate is signed and if this certificate is in your
    truststore? I think it's not in there, so the cxf client can't verify
    the provider's certificate.



    2013/8/26 contactreji <contactreji@gmail.com>:
    hi Bharath

    its as follows
    <http:conduit
    name="{urn:outotec:pi:mes:id56:CopperRecovery}.HTTPS_Port.http-conduit">
    <http:tlsClientParameters>

    <sec:keyManagers keyPassword="fuseesb">
    <sec:keyStore type="JKS"
    password="fuseesb"
    resource="certs/keystore.jks" />
    </sec:keyManagers>
    <sec:trustManagers>
    <sec:keyStore type="JKS" password="fuse"
    resource="certs/truststore.jks" />
    </sec:trustManagers>


    <sec:cipherSuitesFilter>

    <sec:include>.*_EXPORT_.*</sec:include>
    <sec:include>.*_EXPORT1024_.*</sec:include>
    <sec:include>.*_WITH_DES_.*</sec:include>
    <sec:include>.*_WITH_AES_.*</sec:include>
    <sec:include>.*_WITH_NULL_.*</sec:include>
    <sec:exclude>.*_DH_anon_.*</sec:exclude>
    </sec:cipherSuitesFilter>
    </http:tlsClientParameters>

    <http:client AutoRedirect="true" Connection="Keep-Alive" />
    </http:conduit>

    I am getting following exception
    *
    Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException
    invoking
    https://ascsq14:8105/XISOAPAdapter/MessageServlet?senderParty=&senderService=BS_Q_MES_Miheevsky&receiverParty=&receiverService=&interface=SI_ID56_CopperRecovery_async_out&interfaceNamespace=urn:outotec:pi:mes:id56:CopperRecovery
    :
    sun.security.validator.ValidatorException: PKIX path building failed:
    sun.security.provider.certpath.SunCertPathBuilderException: unable to find
    valid certification path to requested target
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
    Method)[:1.6.0_45]
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown
    Source)[:1.6.0_45]
    at
    sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
    Source)[:1.6.0_45]
    at java.lang.reflect.Constructor.newInstance(Unknown
    Source)[:1.6.0_45]
    at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
    at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
    at
    org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
    at
    org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
    at
    org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
    ... 65 more
    Caused by: javax.net.ssl.SSLHandshakeException:
    sun.security.validator.ValidatorException: PKIX path building failed:
    sun.security.provider.certpath.SunCertPathBuilderException: unable to find
    valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
    Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown
    Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
    Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
    Source)[:1.6]
    at
    com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
    Source)[:1.6]
    at
    com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
    Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
    Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
    Source)[:1.6]
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
    Source)[:1.6]
    at
    com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
    Source)[:1.6]
    at
    com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
    Source)[:1.6]
    at
    com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
    Source)[:1.6]
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
    Source)[:1.6]
    at
    sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
    Source)[:1.6]
    at
    sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
    Source)[:1.6.0_45]
    at
    sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown
    Source)[:1.6]
    at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1410)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
    at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1351)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
    at
    org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
    at
    org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
    at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1424)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
    ... 68 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building
    failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
    to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown
    Source)[:1.6.0_45]
    at sun.security.validator.PKIXValidator.engineValidate(Unknown
    Source)[:1.6.0_45]
    at sun.security.validator.Validator.validate(Unknown
    Source)[:1.6.0_45]
    at
    com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
    Source)[:1.6]
    at
    com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
    Source)[:1.6]
    at
    com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
    Source)[:1.6]
    ... 85 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
    unable to find valid certification path to requested target
    at
    sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
    Source)[:1.6.0_45]
    at java.security.cert.CertPathBuilder.build(Unknown
    Source)[:1.6.0_45]*


    --
    View this message in context:
    http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876p5737935.html
    Sent from the Camel - Users mailing list archive at Nabble.com.
  • Bharath at Aug 26, 2013 at 9:04 am
    Hi Reji,

           1) Try with adding client connection params and conduit name as
    *.http-conduit

           2) Also disableCNCheck should be true.

    Here am posting the working conduit config details which i did while doing
    some poc

    <http:conduit name="*.http-conduit">

      <http-conf:client Connection="Keep-Alive" MaxRetransmits="1"
      AllowChunking="false" ConnectionTimeout="0" ReceiveTimeout="0" />

       <http:tlsClientParameters
        secureSocketProtocol="SSL" disableCNCheck="true">
        <sec:keyManagers keyPassword="password">
         <sec:keyStore type="JKS" password="xxx" file="etc/keystore.jks" />
        </sec:keyManagers>
        <sec:trustManagers>
         <sec:keyStore type="JKS" password="xxx" file="etc/truststore.jks" />
        </sec:trustManagers>

        <sec:cipherSuitesFilter>

    <sec:include>TLS_DHE_RSA_WITH_AES_128_CBC_SHA|SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA|TLS_RSA_WITH_AES_128_CBC_SHA|SSL_RSA_WITH_3DES_EDE_CBC_SHA|TLS_DHE_DSS_WITH_AES_128_CBC_SHA|SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA|</sec:include>
         <sec:exclude>.*_DH_anon_.*</sec:exclude>
        </sec:cipherSuitesFilter>
       </http:tlsClientParameters>

      </http:conduit>

    Hope this helps you!!!

    Cheers!!!
    Bharath



    --
    View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876p5737938.html
    Sent from the Camel - Users mailing list archive at Nabble.com.
  • Contactreji at Aug 26, 2013 at 10:10 am
    Hi Brother!!

    You saved!!! Thank you so much for that! My prog works now..
    U deserve a beer!!

    Reji



    --
    View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876p5737952.html
    Sent from the Camel - Users mailing list archive at Nabble.com.
  • Bharath at Aug 26, 2013 at 10:42 am
    cool!!
    nice to hear


    Cheers!!!
    Bharath



    --
    View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876p5737954.html
    Sent from the Camel - Users mailing list archive at Nabble.com.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupusers @
categoriescamel
postedAug 25, '13 at 7:21a
activeAug 26, '13 at 10:42a
posts10
users4
websitecamel.apache.org

People

Translate

site design / logo © 2021 Grokbase