Skip to Content
0
Former Member
Oct 23, 2013 at 11:25 AM

Connection to Web Service has failed due to missing certificate

523 Views

Hi,

I try to access some web service outside SAP.

The code that I use:

private void createRFIDCheck() throws OEMException {
final RfidCheckServiceV2 service = new RfidCheckServiceV2(this.getClass().getResource("/vwwsdl/rfidcheckservice.wsdl"));
rfidCheck = service.getRfidCheckServiceV2Port();

String endpointURL = "https://tui-emob-pcbus.audi-connect.de/pa/services/lms/v2/RfidCheckServiceV2/";
BindingProvider bp = (BindingProvider) rfidCheck;
bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpointURL);

List<Header> headersList = new ArrayList<Header>();
Header vwHeader;
try {
vwHeader = new Header(new QName(null, "X-Asserted-LmsId"), "SAPCV", new JAXBDataBinding(String.class));
headersList.add(vwHeader);
bp.getRequestContext().put(Header.HEADER_LIST, headersList);
} catch (JAXBException e1) {
throw new OEMException(e1);
}

final Client stub = ClientProxy.getClient(rfidCheck);
try {
defineConduit(stub);
} catch (NamingException e) {
throw new OEMException(e);
} catch (UnrecoverableKeyException e) {
throw new OEMException(e);
} catch (KeyStoreNotFoundException e) {
throw new OEMException(e);
} catch (KeyStoreException e) {
throw new OEMException(e);
} catch (NoSuchAlgorithmException e) {
throw new OEMException(e);
} catch (KeyStoreServiceException e) {
throw new OEMException(e);
}
}

private void defineConduit(Client stub) throws NamingException, KeyStoreNotFoundException, KeyStoreServiceException, UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, OEMException {

KeyStoreService keystoreService = (KeyStoreService) new InitialContext().lookup("java:comp/env/KeyStoreService");
KeyStore keyStore = null;
KeyStore trustStore = null;
if ( keystoreService != null ) {
keyStore = keystoreService.getKeyStore(KEYSTORE_NAME, KEYSTORE_PASSWORD.toCharArray());
trustStore = keystoreService.getKeyStore(TRUSTSTORE_NAME, KEYSTORE_PASSWORD.toCharArray());
} else {
throw new OEMException( "Keystore is not available. Please provide an appropriate keystore." );
}


KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );


//HttpDestination destination = (HttpDestination) new InitialContext().lookup( VW_DESTINATION );
HttpClient client;
try {
client = HttpRequestHelper.getHttpClient( VW_DESTINATION );
} catch (IOException e) {
throw new OEMException( "No HTTP Destination [vwdestination] is found." );
}

keyFactory.init( keyStore, KEYSTORE_PASSWORD.toCharArray() );
trustFactory.init( trustStore );
KeyManager[] keyManagers = keyFactory.getKeyManagers();
TrustManager[] trustManagers = trustFactory.getTrustManagers();


final HTTPConduit conduit = (HTTPConduit) stub.getConduit();

conduit.setTlsClientParameters(new TLSClientParameters());
conduit.getTlsClientParameters().setKeyManagers(keyManagers);
conduit.getTlsClientParameters().setTrustManagers(trustManagers);


HTTPClientPolicy policy = new HTTPClientPolicy();
policy.setConnectionTimeout(300000);
policy.setAllowChunking(true);
policy.setReceiveTimeout(300000);


if ( client != null ) {
HttpHost proxy = (HttpHost) client.getParams().getParameter( ConnRoutePNames.DEFAULT_PROXY );
if ( proxy != null ) {
if ( proxy.getHostName() != null && !proxy.getHostName().isEmpty() ) {
policy.setProxyServer( proxy.getHostName() );
}
if ( proxy.getPort() > 0 ) {
policy.setProxyServerPort( proxy.getPort() );
}
}
}

conduit.setClient(policy);
}

public boolean isValidRfid(String rfid) throws OEMException, InvalidInputOEMException {

if ( rfid != null && !rfid.isEmpty() ) {

CheckRfidRequest request = new CheckRfidRequest();

request.setRfid(rfid);

CheckRfidResponse response = null;

try {

response = rfidCheck.checkRfid( request );

} catch (ParkAndChargeFaultV2 e) {

throw new OEMException(e);

}

if ( response != null ) {

return response.isValid();

}

else {

throw new OEMException( "Accessing remote VW server has failed. " );

}

} else {

throw new InvalidInputOEMException( "RFID paramater should be filled in." );

}

}

The error message I receive when I turn to the remote Web Server:

2013 10 23 13:16:22#+0200#ERROR#com.sap.cvs.odata.adaptor.processor.CVSODataSingleProcessor##anonymous#http-bio-8080-exec-3###Failed to execute FunctionImport

javax.xml.ws.WebServiceException: Could not send Message.

at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)

at $Proxy142.checkRfid(Unknown Source)

at com.sap.cvs.services.oem.vw.ExternalFunctionsDefaultImpl.isValidRfid(ExternalFunctionsDefaultImpl.java:243)

at com.sap.cvs.services.oem.vw.ExternalFunctions.isValidRfid(ExternalFunctions.java:23)

at com.sap.cvs.services.session.StartSession.isValidCard(StartSession.java:219)

at com.sap.cvs.services.session.StartSession.execute(StartSession.java:115)

at com.sap.cvs.odata.adaptor.processor.EntityProcessorManager.executeFunctionImportWithContext(EntityProcessorManager.java:525)

at com.sap.cvs.odata.adaptor.processor.EntityProcessorManager.executeFunctionImport(EntityProcessorManager.java:512)

at com.sap.cvs.odata.adaptor.processor.CVSODataSingleProcessor.executeFunctionImport(CVSODataSingleProcessor.java:297)

at com.sap.core.odata.core.Dispatcher.dispatch(Dispatcher.java:170)

at com.sap.core.odata.core.ODataRequestHandler.handle(ODataRequestHandler.java:99)

at com.sap.core.odata.core.rest.ODataSubLocator.handle(ODataSubLocator.java:121)

at com.sap.core.odata.core.rest.ODataSubLocator.handleGet(ODataSubLocator.java:35)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)

at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)

at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)

at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)

at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:255)

at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:115)

at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)

at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)

at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)

at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:238)

at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:222)

at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:163)

at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)

at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:158)

at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:239)

at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:164)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)

at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:215)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)

at com.sap.security.auth.service.webcontainer.internal.Authenticator.invoke(Authenticator.java:191)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)

at com.sap.core.tenant.valve.TenantValidationValve.invokeNextValve(TenantValidationValve.java:170)

at com.sap.core.tenant.valve.TenantValidationValve.invoke(TenantValidationValve.java:85)

at com.sap.js.statistics.tomcat.valve.RequestTracingValve.invoke(RequestTracingValve.java:25)

at com.sap.core.js.monitoring.tomcat.valve.RequestTracingValve.invoke(RequestTracingValve.java:27)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)

at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1008)

at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)

at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)

at java.lang.Thread.run(Thread.java:619)

Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://tui-emob-pcbus.audi-connect.de/pa/services/lms/v2/SessionReportServiceV2/: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)

at java.lang.reflect.Constructor.newInstance(Constructor.java:513)

at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1337)

at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1321)

at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)

at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)

at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)

at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)

at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)

at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)

at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)

... 54 more

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)

at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131)

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)

at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)

at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:170)

at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1281)

at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1232)

at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:182)

at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)

at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)

at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1294)

... 64 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:294)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:200)

at sun.security.validator.Validator.validate(Validator.java:218)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1053)

... 82 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:289)

... 88 more|

The truststore that I use works perfectly in SOAPUI.

Any ideas?

Thank you,

EG