Discussoes de Programacao e Tecnologia

Keystore Jboss7 não funciona com javax.net.ssl.keyStore

3 respostas
carreira_p
carreira_p

Boa Tarde!

Estou com dificuldade para fazer funcionar o código abaixo no Jboss7:

System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
 System.setProperty("javax.net.ssl.keyStore","certificado.pfx");
 System.out.println(System.getProperty("javax.net.ssl.keyStore"));
 System.setProperty("javax.net.ssl.keyStorePassword", "xxxxxxx");  
 System.setProperty("javax.net.ssl.trustStoreType", "JKS"); 
 System.setProperty("javax.net.ssl.trustStore","cert.jks"); 
 System.setProperty("javax.net.ssl.trustStorePassword", "xxxx");

Esse código funciona normalmente no tomcat e no Glassfish 3.0.1, porém no Jboss7 não funciona. Eu seto o keystore para comunicar com um webserice.
Estamos migrando varios sistemas para java e decidimos utilizar o jboss como container padrão, porém esse problema está impactando na migração.
Se alguém tiver alguma dica fico muito grato. Já segui varias how-to que achei no google e nenhum deu certo.

obrigado pela atenção!

No log server.log do jboss aparece:

14:20:12,687 ERROR [stderr] (http127.0.0.1-8081-1) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) 	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) 	at sun.security.validator.Validator.validate(Validator.java:218)

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) 	 65 more

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) 	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) 	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) 	 71 more

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1)

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1) 	{<a href="http://xml.apache.org/axis/">http://xml.apache.org/axis/</a>}hostname:et-suporte1

14:20:12,703 ERROR [stderr] (http127.0.0.1-8081-1)

14:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

14:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)

14:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)

14:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

14:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

14:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)

14:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)

4:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.client.Call.invokeEngine(Call.java:2784)

14:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.client.Call.invoke(Call.java:2767)

14:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.client.Call.invoke(Call.java:2443)

14:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.client.Call.invoke(Call.java:2366)

14:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.client.Call.invoke(Call.java:1812)

14:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) 	at br.inf.portalfiscal.www.nfe.wsdl.NfeConsulta2.NfeConsulta2Soap12Stub.nfeConsultaNF2(NfeConsulta2Soap12Stub.java:178)

14:20:12,718 ERROR [stderr] (http127.0.0.1-8081-1) 	at br.com.condor.nfe.Nfe.consultarNfe20(Nfe.java:1790)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at br.com.condor.Generico.consultas20(Generico.java:430)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at java.lang.reflect.Method.invoke(Method.java:597)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.jboss.ws.common.invocation.AbstractInvocationHandlerJSE.invoke(AbstractInvocationHandlerJSE.java:111)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.jboss.wsf.stack.cxf.JBossWSInvoker._invokeInternal(JBossWSInvoker.java:181)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.jboss.wsf.stack.cxf.JBossWSInvoker.invoke(JBossWSInvoker.java:127)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at java.util.concurrent.FutureTask.run(FutureTask.java:138)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106)

14:20:12,734 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

14:20:12,750 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

14:20:12,750 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)

14:20:12,750 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)

14:20:12,750 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)

14:20:12,750 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)

14:20:12,750 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)

14:20:12,750 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)

14:20:12,750 ERROR [stderr] (http127.0.0.1-8081-1) 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)

14:20:12,750 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)

14:20:12,750 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)

14:20:12,750 ERROR [stderr] (http127.0.0.1-8081-1) 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

14:20:12,750 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)

14:20:12,750 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)

14:20:12,765 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62)

14:20:12,765 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)

14:20:12,765 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)

14:20:12,765 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)

14:20:12,765 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)

14:20:12,765 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)

14:20:12,765 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)

14:20:12,765 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)

14:20:12,765 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

14:20:12,765 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

14:20:12,765 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)

14:20:12,765 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)

14:20:12,765 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)

14:20:12,781 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)

14:20:12,781 ERROR [stderr] (http127.0.0.1-8081-1) 	at java.lang.Thread.run(Thread.java:662)

14:20:12,781 ERROR [stderr] (http127.0.0.1-8081-1) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

14:20:12,781 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)

14:20:12,781 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1699)

14:20:12,781 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)

14:20:12,781 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)

14:20:12,781 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)

14:20:12,796 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)

14:20:12,796 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)

14:20:12,796 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)

14:20:12,796 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)

14:20:12,796 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)

14:20:12,796 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)

14:20:12,796 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)

14:20:12,796 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)

14:20:12,796 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)

14:20:12,796 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)

14:20:12,796 ERROR [stderr] (http127.0.0.1-8081-1) 	at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)

14:20:12,796 ERROR [stderr] (http127.0.0.1-8081-1) 	 54 more

14:20:12,796 ERROR [stderr] (http127.0.0.1-8081-1) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

14:20:12,812 ERROR [stderr] (http127.0.0.1-8081-1) 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)

14:20:12,812 ERROR [stderr] (http127.0.0.1-8081-1) 	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)

14:20:12,812 ERROR [stderr] (http127.0.0.1-8081-1) 	at sun.security.validator.Validator.validate(Validator.java:218)

14:20:12,812 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)

14:20:12,812 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)

14:20:12,812 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)

14:20:12,812 ERROR [stderr] (http127.0.0.1-8081-1) 	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)

14:20:12,812 ERROR [stderr] (http127.0.0.1-8081-1) 	 65 more

14:20:12,812 ERROR [stderr] (http127.0.0.1-8081-1) Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

14:20:12,812 ERROR [stderr] (http127.0.0.1-8081-1) 	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)

14:20:12,812 ERROR [stderr] (http127.0.0.1-8081-1) 	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)

14:20:12,812 ERROR [stderr] (http127.0.0.1-8081-1) 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)

14:20:12,812 ERROR [stderr] (http127.0.0.1-8081-1) 	 71 more
Alura Desenvolvimento Back-End Java Sua Carreira em desenvolvimento back-end Java: dos fundamentos à arquitetura de sistemas...

3 Respostas

WRYEL
WRYEL

Veja esse reply aqui: https://community.jboss.org/message/645356#645356

:slight_smile:

carreira_p
carreira_p

Wryel,

Eu li esse forum, configurei no meu standalone.xml os parametros:









A primeira linha “javax.net.debug = ssl” mudou o sistema para o modo debug. Quando chamei o webservice o sistema printou meu certificado no arquivo server.log, com isso eu presumo que ele está carregando os certificados porém na hora do handshake aparentemente o sistema não está enviando o certificado para a troca de chaves. Isso é meio estranho, estou quebrando a cabeça para descobrir o porque.

Obrigado pela atenção!

carreira_p
carreira_p

Wyrel,

Boa noite!

Consegui resolver. Infelizmente estava com a versão do cert.jks desatualizada. Peguei uma versão de produção e funcionou, provavelmente os certificados que estava dentro estava vencidos.
Com o system-properties dentro do standalone.xml resolve o problema…

Obrigado!!!

Criado 24 de julho de 2012
Ultima resposta 24 de jul. de 2012
Respostas 3
Participantes 2

Topicos relacionados

Como saber se um mes tem 4 ou 5 semanas?[RESOLVIDO] 31 respostas Como converter inteiro para string! 13 respostas Comando SELECT para selecionar intervalo de data SQL SERVER 12 respostas &, &&, |, ||. Qndo usar? 6 respostas O método split 12 respostas
Alura O que são algoritmos e lógica de programação e como aprender? Entenda o que são algoritmos e lógica de programação e qual é a importância desses conceitos para começar a programar
Casa do Codigo Desbravando SOLID: Praticas avancadas para codigos de... Por Alexandre Aquiles — Casa do Codigo