I wish that a Java application connects to web service using EJBCA library but it throws an exception. You see the following void method trying to connect to Ejbca
protected void connectToEjbca() {
LOG.info("Establishing Ejbca conecction");
String trustStore = CONFIG.getProperty("truststore");
String trustStorePassword = CONFIG.getProperty("truststore.password");
String keyStoreType = CONFIG.getProperty("keystore.type");
String keyStore = CONFIG.getProperty("keystore");
String keyStorePassword = CONFIG.getProperty("keystore.password");
String ejbcaUrl = CONFIG.getProperty("url");
try{
CryptoProviderTools.installBCProvider();
KeyManager[] kms = this.getKeyManagers(keyStore, keyStorePassword);
TrustManager[] tms = this.getTrustManagers(trustStore, trustStorePassword);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kms, tms, null);
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) { return true; }
};
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
QName qname = new QName("http://ws.protocol.core.ejbca.org/", "EjbcaWSService");
EjbcaWSService service = new EjbcaWSService(new URL(ejbcaUrl),qname);
ws = service.getEjbcaWSPort();
connect = true;
LOG.info("EJBCA connection was successfully");
}catch(Exception ex){
LOG.info("Error in EJBCA connection: " + ex.getLocalizedMessage());
connect = false;
ex.printStackTrace();
}
}
The code execution fails in line: EjbcaWSService service = new EjbcaWSService(new URL(ejbcaUrl),qname);
And the exceptions says:
org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://192.168.1.30:443/ejbca/ejbcaws/ejbcaws?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
According to config.properties:
url=https:\//192.168.1.30:443/ejbca/ejbcaws/ejbcaws?wsdl
truststore=E:\\admin_test.jks
keystore=E:\\admin_test.p12
keystore.type=PKCS12
The password variables are Ok.
Additionally, I imported the admin_test.p12 certificate to firefox and the browsers shows the page https://192.168.1.30:443/ejbca/ejbcaws/ejbcaws?wsdl very well.
Also, I imported the admin_test.p12 certificate to Windows Cert Manager. Then. I exported as X.509 cert (admin_test.cert). After that I created a JKS file by KeyStore Explorer and I imported the admin_test.cert.
These two files admin_test.cert and admin_test.p12 are referenced in config.properties
So the url https://192.168.1.30:443/ejbca/ejbcaws/ejbcaws?wsdl work by firefox but the java application doesn't.
I'm suspecting the problem is in jks file that I think is not generated well.
What can I do?
