I have generated java classes using cxf wsdl2java. But not sure how to authenticate the request with client certificate. I was able to generate client classes from wsdl with out any issue by using the below command:
wsdl2java -ant - client -d D:\cxf-client D:\HelperActions.wsdl
I am getting the blogs or forums with userid and password authentication in google search. But not able to find how to authenticate the request with the jks or .crt certificate.
I tried what it was mentioned in the below link
https://db-blog.web.cern.ch/blog/luis-rodriguez-fernandez/2014-07-java-soap-client-certificate-authentication
and also I tried implementing the certification mentioned in the below link
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java?revision=1406329&view=markup
But I am getting the following exception
javax.xml.ws.webserviceException: org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'wsdl path'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failes: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: javax.net.ssl.HandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I placed the certificate in the class path, I tried both the ways mentioned in the above links, but all the effort didnt work well. I am not sure where I am going wrong.
Can anyone help me in sending the request with client certificate?
Related
While connecting vault(hosted on https) with spring boot I am getting the below error.
org.springframework.vault.authentication.VaultLoginException: Cannot log in using
org.springframework.web.client.ResourceAccessException: I/O error on POST request
for "https://10.166.181.83:31975/v1/auth/cert/login":
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target; nested exception is
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
My pom.xml is
org.springframework.cloud
spring-cloud-starter-vault-config
While connectiong to localhost vault server which is on http , everything works fine.
Could anyone please help me on this?
**bootstrap.properties is :**
spring.cloud.vault.scheme=https
spring.cloud.vault.kv.enabled=true
spring.cloud.vault.generic.enabled=true
spring.cloud.vault.generic.backend=configuration-server
spring.cloud.vault.generic.default-context=credentials
spring.cloud.vault.connection-timeout=5000
spring.cloud.vault.read-timeout=15000
spring.cloud.vault.config.order=-10
spring.cloud.vault.authentication=CERT
spring.cloud.vault.ssl.cert-auth-path=cert
spring.cloud.vault.ssl.trust-store-location=classpath:vault.jks
spring.cloud.vault.ssl.trust-store-password=ril#12345
management.endpoints.web.exposure.include=*
management.endpoint.env.post.enabled=true
spring.cloud.vault.uri=https://../../../
spring.cloud.vault.token=hvs.XXXXXXXX
It looks like you are connecting to https using IP address in the URI. This results in an SSL error (since certificates are based on name and not IPs) so. you can either add the certificate to the trusted list using keytool or add code to ignore certificate validation (depending on how you connect, this will vary https://howtodoinjava.com/java/java-security/bypass-ssl-certificate-checking-java/ has some examples where one probably will fit).
I am using GMail API to get code, but I am getting below issue mostly every time:
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Can someone please help me on this?
I am developing a Java application that provides a REST API over HTTP.
For security reasons this communication should be switched to HTTPS.
I generate a trusted certificate from Let's Encrypt using certbot tool, this certificate seems to be working when I call my API from Chrome browser, but I get this exception when I use a Java 1.8.0_191 client based on Spring RestTemplate:
Exception in thread "main"
org.springframework.web.client.ResourceAccessException: I/O error on GET
request for "https://hostname/api/v1/event":
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target; nested exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:743)
at
org.springframework.web.client.RestTemplate.execute(RestTemplate.java:669)
at
org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:578)
at
com.swingws.wiser.tasks.GetFrimwareVersionTask.main(GetFrimwareVersionTask.
java:80)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:
1639)
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:
1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
AbstractD
elegateHttpsURLConnection.java:185)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.connect
(HttpsURLConnectionImpl.java:162)
at
org.springframework.http.client.SimpleBufferingClientHttpRequest.
executeInternal(SimpleBufferingClientHttpRequest.java:76)
at
org.springframework.http.client.AbstractBufferingClientHttpRequest
.executeIntern
al(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.
execute(AbstractClient HttpRequest.java:53)
at
org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:734)
... 3 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:
324)
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java
:229)
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(
X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(
ClientHandshaker.java:1621)
... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.build(
SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(
SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 23 more
Is there any way to make this working without adding this certificate to Java clients keystore ?
We had the same issue and in our case the server that we contacted was misconfigured. It did not provide the full certificate chain. You can check that using this tool.
When the server is under your control, you should be able to configure this. When using Apache, you can configure this using SSLCertificateChainFile. See also this answer
So I am trying to send a hello world email using the ews-java-api.
My code looks like:
ExchangeService exchangeWebService = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
exchangeWebService.setCredentials(new WebCredentials(username , password, localPcDomain));
exchangeWebService.setUrl(new URI(companyExchangeURL));
EmailMessage msg= new EmailMessage(exchangeWebService);
msg.setSubject("Hello world!");
msg.setBody(MessageBody.getMessageBodyFromText("Sent using the EWS Java API."));
msg.getToRecipients().add(testEmail);
msg.send();
But I get the following exception:
microsoft.exchange.webservices.data.ServiceRequestException: The request failed. The request failed. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: microsoft.exchange.webservices.data.ServiceRequestException: The request failed. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Any ideas on what I need to do? I have tried using autodiscover but it always seems to fail.
From the error it sounds like it may be an SSL issue (invalid certificate, untrusted certificate, etc.). A quick test would be to go to the OWA url for that server and see if your browser gives a warning or error about the SSL cert.
I am connecting to a webservice SSL client auth, I set up the keystore by:
System.getProperties().setProperty("javax.net.ssl.keyStore",
"d:/banking/BankClient/classes/xxcompany/bank/certificate/keystore.jks");
System.getProperties().setProperty("javax.net.ssl.keyStorePassword","password");
When calling the webservice:
GetAccountBalanceResponse resp = services.getAccountBalance(request);
I get a following error
WARNING:Cannot connecti with url: https://[redacted] ; reason: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Exception in thread "main" java.rmi.RemoteException: ; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:146)
at xxcompany.bank.proxy.ServicesPortClient.getAccountBalance(ServicesPortClient.java:48)
at xx.bank.client.main(client.java:111)
Caused by: HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at oracle.j2ee.ws.client.http.HttpClientTransport.invokeImpl(HttpClientTransport.java:174)
at oracle.j2ee.ws.client.http.HttpClientTransport.invoke(HttpClientTransport.java:150)
at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:176)
at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:113)
at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:130)
... 2 more
The keystore containes the private certificate for the client, the certificate is valid and works fine when used in the browser. How should I fix it?
Many thanks.
This error occurs when the CA which signed the server cert is either not one of the well know CAs or the public certificate of the CA is not in the trust store of the client. To get around this you will have to add the public certificate of the CA to the trust store of the client.
See unable to find valid certification path to requested target and No more 'unable to find valid certification path to requested target' for detailed instructions.