我在WSO2消息代理上使用作为项目中的消息代理系统。为了获取队列信息(例如获取在wso2mb服务器中创建的所有队列,每个队列中的消息数等信息),我从AndesAdminServics WSDL生成了客户端,并尝试从我的api调用getAllQueues() api。每次我都无法找到请求的目标异常的有效证书路径。我无法弄清楚问题出在哪里。例外是 -
Jul 06, 2016 5:21:19 PM org.apache.axis.utils.JavaUtils isAttachmentSupported
WARNING: Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at org.wso2.carbon.andes.admin.AndesAdminServiceSoap11BindingStub.getAllQueues(AndesAdminServiceSoap11BindingStub.java:858)
at org.wso2.carbon.andes.admin.AndesAdminServicePortTypeProxy.getAllQueues(AndesAdminServicePortTypeProxy.java:62)
at org.wso2.carbon.andes.admin.TestClass.main(TestClass.java:11)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 24 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 30 more
{http://xml.apache.org/axis/}hostname:RIL15066YJB152
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at org.wso2.carbon.andes.admin.AndesAdminServiceSoap11BindingStub.getAllQueues(AndesAdminServiceSoap11BindingStub.java:858)
at org.wso2.carbon.andes.admin.AndesAdminServicePortTypeProxy.getAllQueues(AndesAdminServicePortTypeProxy.java:62)
at org.wso2.carbon.andes.admin.TestClass.main(TestClass.java:11)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
... 12 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 24 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 30 more
我调用getAllQueues()方法的api是 -
package org.wso2.carbon.andes.admin;
import java.rmi.RemoteException;
public class TestClass {
public static void main(String args[]) {
AndesAdminServiceSoap11BindingStub aadptp;
AndesAdminServiceLocator loact = new AndesAdminServiceLocator();
try {
aadptp = new AndesAdminServiceSoap11BindingStub();
aadptp._setProperty(org.apache.axis.client.Stub.USERNAME_PROPERTY, "admin");
aadptp._setProperty(org.apache.axis.client.Stub.PASSWORD_PROPERTY, "admin");
aadptp._setProperty(org.apache.axis.client.Stub.ENDPOINT_ADDRESS_PROPERTY,
loact.getAndesAdminServiceHttpsSoap11EndpointAddress());
org.wso2.carbon.andes.admin.internal.xsd.Queue[] queues = aadptp.getAllQueues();
System.out.println(queues.length);
} catch (AxisFault e1) {
e1.printStackTrace();
} catch (RemoteException e) {
e.printStackTrace();
}
}
}
首先,请尝试使用 SoapUI 或任何其他首选工具访问您的端点。如果可以访问它,听起来您需要将 wso2 证书添加到您的 JVM 密钥存储中。
WSO2 产品使用位于${carbon.home}/repository/resources/security/目录中的自定义密钥存储。如果您需要使用 java 客户机访问 WSO2 服务器中的任何 https 端点,则需要将证书添加到位于 '${JAVA_HOME}/lib/security/cacerts' 的所用 JVM 的密钥库文件中。
首先,您可以通过运行以下命令来检查证书是否已在密钥库中:keytool -list -keystore "${JAVA_HOME}/lib/security/cacerts"(您无需提供密码)
如果缺少证书,请使用以下命令将其添加到密钥库:
keytool -import -noprompt -trustcacerts -alias wso2carbon -file ${carbon.home}/repository/resources/security/ -keystore ${JAVA_HOME}/lib/security/cacerts -storepass wso2carbon