Olá, tenho o seguinte código abaixo, onde tento acessar o metodo receive de um servico disponibilizado pelo meu cliente. Nele eu informo onde estão os certificados e depois através de um client dinamico do xfire eu tento acessar o metodo. Não entendo o porque fica dando essa exception se eu estou informando os certificados e pedindo para ignorar a checagem do nome.
Alguém já passou por essa experiencia?
[code] HttpSecureProtocol protocolSocketFactory = new HttpSecureProtocol();
TrustMaterial trustMaterial = new TrustMaterial( new FileInputStream (“src/JnJCA_key.cer”) );
protocolSocketFactory.addTrustMaterial(trustMaterial);
trustMaterial = new TrustMaterial( new FileInputStream (“src/mddlatn_key.cer”) );
protocolSocketFactory.addTrustMaterial(trustMaterial);
trustMaterial = new TrustMaterial( new FileInputStream (“src/mddnapn_key.cer”) );
protocolSocketFactory.addTrustMaterial(trustMaterial);
trustMaterial = new TrustMaterial( new FileInputStream (“src/mddnaqn_key.cer”) );
protocolSocketFactory.addTrustMaterial(trustMaterial);
protocolSocketFactory.setCheckHostname(false);
Protocol protocol = new Protocol("https", (ProtocolSocketFactory) protocolSocketFactory, 8443);
Protocol.registerProtocol("https", protocol);
URL url = new URL("urlDoClient");
Client cliente = new Client(url);
Object[] resultado = cliente.invoke("receive", new Object[] {null});
System.out.println(resultado);[/code]
Exception
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1520)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1056)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1040)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:981)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at java.net.URL.openStream(URL.java:1009)
at org.codehaus.xfire.client.Client.<init>(Client.java:246)
at app.JohnsonClientTest.main(JohnsonClientTest.java:39)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
... 14 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 20 more
Você não entendeu o que está escrito neste paragrafo? O problema são os certificados auto-assinados. Tem que usar certificado assinado por uma CA que a JDK suporte.
Eu também encontrei o mesmo erro. Segui o exemplo do site da XFire mas não funcionou.
Meu código:
[code] public static void main( String[] args ) throws Exception
{
HttpSecureProtocol f = new HttpSecureProtocol();
// might as well trust the usual suspects:
f.addTrustMaterial(TrustMaterial.CACERTS);
// here's where we start trusting usertrust.com's CA:
FileInputStream stream = new FileInputStream ("base64.cer");
f.addTrustMaterial(new TrustMaterial(stream ));
Protocol trustHttps = new Protocol("https", f, 443);
Protocol.registerProtocol("https", trustHttps);
HttpClient client = new HttpClient();
GetMethod httpget = new GetMethod("https://hnfe.fazenda.mg.gov.br/nfe/services/CadConsultaCadastro/");
client.executeMethod(httpget);
String s = httpget.getStatusLine().toString();
System.out.println( "HTTPClient: " + s );
// Notice that Java still can't access it. Only HTTPClient knows
// to trust the cert!
URL u = new URL( "https://hnfe.fazenda.mg.gov.br/nfe/services/CadConsultaCadastro/" );
try
{
// This will throw an SSLHandshakeException
u.openStream();
}
catch ( SSLHandshakeException she )
{
System.out.println( "Java: " + she );
}
}
[/code]
Erro:
Exception in thread "main" javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.available(Unknown Source)
at org.apache.commons.ssl.HostnameVerifier$AbstractVerifier.check(HostnameVerifier.java:313)
at org.apache.commons.ssl.SSL.doPostConnectSocketStuff(SSL.java:551)
at org.apache.commons.ssl.Java14.buildSocket(Java14.java:159)
at org.apache.commons.ssl.JavaImpl.createSocket(JavaImpl.java:204)
at org.apache.commons.ssl.SSL.createSocket(SSL.java:581)
at org.apache.commons.ssl.SSLClient.createSocket(SSLClient.java:224)
at org.apache.commons.ssl.HttpSecureProtocol.createSocket(HttpSecureProtocol.java:90)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at com.chart.testcases.TrustExample.main(TrustExample.java:85)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.getSession(Unknown Source)
at org.apache.commons.ssl.HostnameVerifier$AbstractVerifier.check(HostnameVerifier.java:272)
... 12 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at org.apache.commons.ssl.Java14TrustManagerWrapper.checkServerTrusted(Java14TrustManagerWrapper.java:74)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 27 more
Este erro esta relacionado a parte de certificados digitais: o certificado da Secretaria da Fazenda de Minas Gerais foi assinado por um certificado root “ligado” ao certificado do ICP-Brasil e este certificado root não é reconhecido pela JDK. Tem que importar este certificado root (a cadeia toda) no cacerts da sua JDK para que funcione corretamente.