Certificate Exception In calling generated stub of AndesAdminService WSDL in wso2 message broker

0
votes

I am using on WSO2 Message Broker as a message brokering system in my project. To get the queue information (information like to get all queues created in wso2mb server, number of messages in each queue and so on), I generated client from AndesAdminServics WSDL and tried to call getAllQueues() api from my api. Everytime i am getting unable to find valid certification path to requested target exception. I am not able to figure out what is the problem. Exception is -

Jul 06, 2016 5:21:19 PM org.apache.axis.utils.JavaUtils isAttachmentSupported
WARNING: Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.
AxisFault
 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
 faultSubcode: 
 faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 faultActor: 
 faultNode: 
 faultDetail: 
    {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
    at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
    at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    at org.apache.axis.client.Call.invoke(Call.java:2767)
    at org.apache.axis.client.Call.invoke(Call.java:2443)
    at org.apache.axis.client.Call.invoke(Call.java:2366)
    at org.apache.axis.client.Call.invoke(Call.java:1812)
    at org.wso2.carbon.andes.admin.AndesAdminServiceSoap11BindingStub.getAllQueues(AndesAdminServiceSoap11BindingStub.java:858)
    at org.wso2.carbon.andes.admin.AndesAdminServicePortTypeProxy.getAllQueues(AndesAdminServicePortTypeProxy.java:62)
    at org.wso2.carbon.andes.admin.TestClass.main(TestClass.java:11)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 24 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 30 more

    {http://xml.apache.org/axis/}hostname:RIL15066YJB152

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    at org.apache.axis.client.Call.invoke(Call.java:2767)
    at org.apache.axis.client.Call.invoke(Call.java:2443)
    at org.apache.axis.client.Call.invoke(Call.java:2366)
    at org.apache.axis.client.Call.invoke(Call.java:1812)
    at org.wso2.carbon.andes.admin.AndesAdminServiceSoap11BindingStub.getAllQueues(AndesAdminServiceSoap11BindingStub.java:858)
    at org.wso2.carbon.andes.admin.AndesAdminServicePortTypeProxy.getAllQueues(AndesAdminServicePortTypeProxy.java:62)
    at org.wso2.carbon.andes.admin.TestClass.main(TestClass.java:11)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
    at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
    at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
    ... 12 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 24 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 30 more

My api to call getAllQueues() method is - 

package org.wso2.carbon.andes.admin;

import java.rmi.RemoteException;

public class TestClass {

    public static void main(String args[]) {
        AndesAdminServiceSoap11BindingStub aadptp;
    AndesAdminServiceLocator loact = new AndesAdminServiceLocator();

    try {
        aadptp = new AndesAdminServiceSoap11BindingStub();
        aadptp._setProperty(org.apache.axis.client.Stub.USERNAME_PROPERTY, "admin");
        aadptp._setProperty(org.apache.axis.client.Stub.PASSWORD_PROPERTY, "admin"); 
        aadptp._setProperty(org.apache.axis.client.Stub.ENDPOINT_ADDRESS_PROPERTY,
                loact.getAndesAdminServiceHttpsSoap11EndpointAddress());

        org.wso2.carbon.andes.admin.internal.xsd.Queue[] queues = aadptp.getAllQueues();
        System.out.println(queues.length);
    } catch (AxisFault e1) {
        e1.printStackTrace();
    } catch (RemoteException e) {
        e.printStackTrace();
    }
    }

}
1
wsdlwso2message-queuewso2carbonwso2mb

1 Answers

0
votes

First, please try to access your endpoint with SoapUI or any other preferred tool to you. If you could access it, sounds like you need to add wso2 certificate to your JVM key store.

WSO2 products using custom key store which is located at ${carbon.home}/repository/resources/security/ directory. If you need access any https endpoint in WSO2 server with a java client, you need to add the certificate to the keystore file of the used JVM located at `${JAVA_HOME}/lib/security/cacerts'.

First you can check if your certificate is already in the keystore by running the following command: keytool -list -keystore "${JAVA_HOME}/lib/security/cacerts" (you don't need to provide a password)

If your certificate is missing, add it to the keystore with the following command:

keytool -import -noprompt -trustcacerts -alias wso2carbon -file ${carbon.home}/repository/resources/security/ -keystore ${JAVA_HOME}/lib/security/cacerts -storepass wso2carbon