Keystore Jboss7 não funciona com javax.net.ssl.keyStore

carreira_p · Julho 24, 2012, 12:18pm

Boa Tarde!

Estou com dificuldade para fazer funcionar o código abaixo no Jboss7:

 System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
 System.setProperty("javax.net.ssl.keyStore","certificado.pfx");
 System.out.println(System.getProperty("javax.net.ssl.keyStore"));
 System.setProperty("javax.net.ssl.keyStorePassword", "xxxxxxx");  
 System.setProperty("javax.net.ssl.trustStoreType", "JKS"); 
 System.setProperty("javax.net.ssl.trustStore","cert.jks"); 
 System.setProperty("javax.net.ssl.trustStorePassword", "xxxx");

Esse código funciona normalmente no tomcat e no Glassfish 3.0.1, porém no Jboss7 não funciona. Eu seto o keystore para comunicar com um webserice.
Estamos migrando varios sistemas para java e decidimos utilizar o jboss como container padrão, porém esse problema está impactando na migração.
Se alguém tiver alguma dica fico muito grato. Já segui varias how-to que achei no google e nenhum deu certo.

obrigado pela atenção!

No log server.log do jboss aparece:

14:20:12,687 ERROR [stderr] (http–127.0.0.1-8081-1) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) at sun.security.validator.Validator.validate(Validator.java:218)
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) … 65 more
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) … 71 more
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1)
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1) {http://xml.apache.org/axis/}hostname:et-suporte1
14:20:12,703 ERROR [stderr] (http–127.0.0.1-8081-1)
14:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
14:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
14:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
14:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
14:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
14:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
14:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
4:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
14:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.client.Call.invoke(Call.java:2767)
14:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.client.Call.invoke(Call.java:2443)
14:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.client.Call.invoke(Call.java:2366)
14:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.client.Call.invoke(Call.java:1812)
14:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) at br.inf.portalfiscal.www.nfe.wsdl.NfeConsulta2.NfeConsulta2Soap12Stub.nfeConsultaNF2(NfeConsulta2Soap12Stub.java:178)
14:20:12,718 ERROR [stderr] (http–127.0.0.1-8081-1) at br.com.condor.nfe.Nfe.consultarNfe20(Nfe.java:1790)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at br.com.condor.Generico.consultas20(Generico.java:430)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at java.lang.reflect.Method.invoke(Method.java:597)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at org.jboss.ws.common.invocation.AbstractInvocationHandlerJSE.invoke(AbstractInvocationHandlerJSE.java:111)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at org.jboss.wsf.stack.cxf.JBossWSInvoker._invokeInternal(JBossWSInvoker.java:181)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at org.jboss.wsf.stack.cxf.JBossWSInvoker.invoke(JBossWSInvoker.java:127)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at java.util.concurrent.FutureTask.run(FutureTask.java:138)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106)
14:20:12,734 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
14:20:12,750 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
14:20:12,750 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
14:20:12,750 ERROR [stderr] (http–127.0.0.1-8081-1) at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)
14:20:12,750 ERROR [stderr] (http–127.0.0.1-8081-1) at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)
14:20:12,750 ERROR [stderr] (http–127.0.0.1-8081-1) at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
14:20:12,750 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
14:20:12,750 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
14:20:12,750 ERROR [stderr] (http–127.0.0.1-8081-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
14:20:12,750 ERROR [stderr] (http–127.0.0.1-8081-1) at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)
14:20:12,750 ERROR [stderr] (http–127.0.0.1-8081-1) at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)
14:20:12,750 ERROR [stderr] (http–127.0.0.1-8081-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
14:20:12,750 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
14:20:12,750 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
14:20:12,765 ERROR [stderr] (http–127.0.0.1-8081-1) at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62)
14:20:12,765 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
14:20:12,765 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
14:20:12,765 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
14:20:12,765 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
14:20:12,765 ERROR [stderr] (http–127.0.0.1-8081-1) at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
14:20:12,765 ERROR [stderr] (http–127.0.0.1-8081-1) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
14:20:12,765 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
14:20:12,765 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
14:20:12,765 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
14:20:12,765 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
14:20:12,765 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
14:20:12,765 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
14:20:12,781 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
14:20:12,781 ERROR [stderr] (http–127.0.0.1-8081-1) at java.lang.Thread.run(Thread.java:662)
14:20:12,781 ERROR [stderr] (http–127.0.0.1-8081-1) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
14:20:12,781 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
14:20:12,781 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1699)
14:20:12,781 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
14:20:12,781 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
14:20:12,781 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
14:20:12,796 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
14:20:12,796 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
14:20:12,796 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
14:20:12,796 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
14:20:12,796 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
14:20:12,796 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
14:20:12,796 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
14:20:12,796 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
14:20:12,796 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
14:20:12,796 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
14:20:12,796 ERROR [stderr] (http–127.0.0.1-8081-1) at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
14:20:12,796 ERROR [stderr] (http–127.0.0.1-8081-1) … 54 more
14:20:12,796 ERROR [stderr] (http–127.0.0.1-8081-1) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
14:20:12,812 ERROR [stderr] (http–127.0.0.1-8081-1) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
14:20:12,812 ERROR [stderr] (http–127.0.0.1-8081-1) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
14:20:12,812 ERROR [stderr] (http–127.0.0.1-8081-1) at sun.security.validator.Validator.validate(Validator.java:218)
14:20:12,812 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
14:20:12,812 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
14:20:12,812 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
14:20:12,812 ERROR [stderr] (http–127.0.0.1-8081-1) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
14:20:12,812 ERROR [stderr] (http–127.0.0.1-8081-1) … 65 more
14:20:12,812 ERROR [stderr] (http–127.0.0.1-8081-1) Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
14:20:12,812 ERROR [stderr] (http–127.0.0.1-8081-1) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
14:20:12,812 ERROR [stderr] (http–127.0.0.1-8081-1) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
14:20:12,812 ERROR [stderr] (http–127.0.0.1-8081-1) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
14:20:12,812 ERROR [stderr] (http–127.0.0.1-8081-1) … 71 more

WRYEL · Julho 24, 2012, 1:48pm

Veja esse reply aqui: https://community.jboss.org/message/645356#645356

carreira_p · Julho 24, 2012, 4:07pm

Wryel,

Eu li esse forum, configurei no meu standalone.xml os parametros:

A primeira linha “javax.net.debug = ssl” mudou o sistema para o modo debug. Quando chamei o webservice o sistema printou meu certificado no arquivo server.log, com isso eu presumo que ele está carregando os certificados porém na hora do handshake aparentemente o sistema não está enviando o certificado para a troca de chaves. Isso é meio estranho, estou quebrando a cabeça para descobrir o porque.

Obrigado pela atenção!

carreira_p · Julho 24, 2012, 4:34pm

Wyrel,

Boa noite!

Consegui resolver. Infelizmente estava com a versão do cert.jks desatualizada. Peguei uma versão de produção e funcionou, provavelmente os certificados que estava dentro estava vencidos.
Com o system-properties dentro do standalone.xml resolve o problema…

Obrigado!!!

system · Dezembro 28, 2015, 4:08pm

Keystore Jboss7 não funciona com javax.net.ssl.keyStore

Cursos de Mobile

Cursos de Programação

Cursos de Front-end

Cursos de DevOps

Cursos de Design & UX

Cursos de Business

Cursos de Data & BI