1

Hi, I am trying to do send SOAP's POST webservice request to the server using Keystore in JKS format, but in the process I am getting the below errors. 

Properties systemProps = System.getProperties();
systemProps.put("javax.net.ssl.keyStore", keyStoreFile);
systemProps.put("javax.net.ssl.keyStorePassword", strKeyStorePassword);
systemProps.put("javax.net.ssl.keyStoreType", "JKS");
systemProps.put("javax.net.ssl.trustStore", keyStoreFile);
systemProps.put("javax.net.ssl.trustStoreType", "JKS");
systemProps.put("javax.net.ssl.trustStorePassword", strKeyStorePassword);
System.setProperties(systemProps); 
keyStore.load(new FileInputStream(keyStoreFile), strKeyStorePassword.toCharArray());
KeyManagerFactory kmFactory = KeyManagerFactory.getInstance("SunX509");
kmFactory.init(keyStore, strKeyStorePassword.toCharArray());
TrustManager[] trustManager;
TrustManagerFactory tmFactory = TrustManagerFactory.getInstance("SunX509");
tmFactory.init(keyStore);
trustManager = tmFactory.getTrustManagers();            // 
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(kmFactory.getKeyManagers(), trustManager, null);            
sslSocketFactory = sslContext.getSocketFactory();
HttpURLConnection httpConnection = null;
java.net.URL url = new URL(strURL);
if (url.getProtocol().equalsIgnoreCase("https")) {
httpConnection = (HttpURLConnection) url.openConnection();      
}
System.out.println("\nRequesting POST for URL -  " + url);
httpConnection.setRequestProperty("SOAPAction","POST");
httpConnection.setDoOutput(true);
httpConnection.setDoInput(true);
httpConnection.setRequestMethod("POST");
OutputStreamWriter writer = new OutputStreamWriter(httpConnection.getOutputStream());//Exception occurs here
writer.write(strReq);
writer.close();
String strResponse = null; 
if (httpConnection.getResponseCode() == HttpURLConnection.HTTP_OK) {
strResponse = getSOAPResponseString(httpConnection.getInputStream());
}
System.out.println(httpConnection.getResponseCode());          
System.out.println(httpConnection.getResponseMessage());

What could be the possible reason for the below Exception?

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
at package1.SOAPClientSAAJ.SOAPReqResp(SOAPClientSAAJ.java:111)
at package1.SOAPClientSAAJ.main(SOAPClientSAAJ.java:66)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 15 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 21 more*
Hifzur Rahman
  • 93
  • 11
  • Looks like you have only a single certificate in your keystore. As far as I know youare supposed to have the complete certificate chain in your keystore. – Frank Jun 06 '16 at 14:06
  • @Frank - that's not it. The problem will be that the server has either sent an incomplete certificate chain, or a self-signed certificate chain, or a chain with a root certificate that is not in the client-side keystore. You don't need a complete cert chain in the store. Only the appropriate root cert is needed. – Stephen C Jun 06 '16 at 14:15

0 Answers0