3

I'm trying to run the example code for building RMI here and while I can get the server to run if I modify the policy file to this:

grant {
    permission java.net.SocketPermission "*", "listen,accept,resolve";
};

The client returns this exception:

HelloClient exception: error during JRMP connection establishment; nested exception is: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.newCall(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at Client.Client.main(Client.java:25)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at java.io.DataOutputStream.flush(Unknown Source)
... 5 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 22 more

but I can't even find where all this things are defined so I can even try to solve it. Can anyone help me?

EDIT:

Now it gives me this error. I think it is related to the trust anchors but I can't understand how to define them.

 HelloClient exception: error during JRMP connection establishment; nested exception is: 
     javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
 java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
     javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.newCall(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at Client.Client.main(Client.java:25)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at java.io.DataOutputStream.flush(Unknown Source)
... 5 more
 Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(Unknown Source)
at sun.security.validator.Validator.getInstance(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.getValidator(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
... 9 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(Unknown Source)
at java.security.cert.PKIXParameters.<init>(Unknown Source)
at java.security.cert.PKIXBuilderParameters.<init>(Unknown Source)
... 22 more
user2934164
  • 193
  • 12
  • @EJP that post didn't help me.. I don't understand the answer and I have understood I have tried: changed JAVA_HOME to java1.8... where the samplecacert is. Tried to move samplecacert to the root directory of the project, to the src folder and to the server folder. – user2934164 May 07 '16 at 11:31

1 Answers1

0

Check the README.txt file section "NOTES FOR RUNNING WITH SUN's JDK", seems you are running Java with the default trustore.

samplecacerts

This truststore file is very similar to the stock JDK cacerts file, in that it contains trust certificates from several vendors. It also contains the trusted certificates from "Duke" and "localhost" above.

The password for this keystore is the same as the JDK cacert's initial password: changeit

Please see your provider's documentation for how to configure the location of your trusted cert file.

NOTES FOR RUNNING WITH SUN's JDK:

Users of the Sun JDK can specify the location of the truststore by using one of the following methods (and are described more fully in the Sun JDK JSSE Reference Guide):

  1. System properties:
    java -Djavax.net.ssl.trustStore=samplecacerts \
    -Djavax.net.ssl.trustStorePassword=changeit
    Application
  1. Install the file into:
    <java-home>/lib/security/jssecacerts
  1. Install the file into:
    <java-home>/lib/security/cacerts

If you choose 2) or 3), be sure to replace this file with a production cacerts file before deployment.

user207421
  • 305,947
  • 44
  • 307
  • 483
vzamanillo
  • 9,905
  • 1
  • 36
  • 56
  • thanks for replying. The tried what you said and the error changed. Edited original question. – user2934164 May 06 '16 at 16:34
  • This is all about using the 'duke' certificate provided with the sample code. There's no evidence in the question that the OP is doing that. – user207421 May 06 '16 at 18:41
  • My answer is related to the first error, not to the error added after configuring the trustore that is not the original question . – vzamanillo May 06 '16 at 19:14
  • Your answer states that he should use the samplecacerts file supplied with the samples, which is not required unless he is using the 'duke' certificate. The Note you have cited is about running sample code, not general software using JSSE. – user207421 May 07 '16 at 00:46
  • The note is related to the original question, a problem running the example and he dont need the duke cert but needs the localhost entry, read the rmi entry in the readme – vzamanillo May 07 '16 at 09:31