Reputation: 184
"SunX509 TrustManagerFactory not available" on AIX (SSL webservice client)
My Java component within an JBoss 4.2.2 container tries to access an SSL webservice, but it gets an exception (not critical, functionality works, response is retrieved from the ssl webservice).
OS: AIX
Java:
> /usr/java6_64/bin/java -version
java version "1.6.0"
Java(TM) SE Runtime Environment (build pap6460sr9fp1-20110208_03(SR9 FP1))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 AIX ppc64-64 jvmap6460sr9-20110203_74623 (JIT enabled, AOT enabled)
J9VM - 20110203_074623
JIT - r9_20101028_17488ifx3
GC - 20101027_AA)
JCL - 20110203_01
Code:
SOAPMessage reply = connection.call(message, webserviceUrl);
connection is a SOAPConnection.
I get the following log output:
2012-03-29 15:10:17,651 ERROR [org.jboss.remoting.transport.http.HTTPClientInvoker] (Thread-17) Error creating SSL Socket Factory for client invoker.
java.io.IOException: Error initializing socket factory SSL context: SunX509 TrustManagerFactory not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:230)
at javax.net.ssl.TrustManagerFactory.getInstance(TrustManagerFactory.java:11)
at org.jboss.remoting.security.SSLSocketBuilder.loadTrustManagers(SSLSocketBuilder.java:1407)
at org.jboss.remoting.security.SSLSocketBuilder.initializeSocketFactorySSLContext(SSLSocketBuilder.java:1326)
at org.jboss.remoting.security.SSLSocketBuilder.createCustomSocketFactory(SSLSocketBuilder.java:451)
at org.jboss.remoting.security.SSLSocketBuilder.createSSLSocketFactory(SSLSocketBuilder.java:431)
at org.jboss.remoting.security.SSLSocketBuilder.createSSLSocketFactory(SSLSocketBuilder.java:381)
at org.jboss.remoting.transport.http.ssl.HTTPSClientInvoker.createSocketFactory(HTTPSClientInvoker.java:140)
at org.jboss.remoting.RemoteClientInvoker.<init>(RemoteClientInvoker.java:46)
at org.jboss.remoting.transport.http.HTTPClientInvoker.<init>(HTTPClientInvoker.java:105)
at org.jboss.remoting.transport.https.TransportClientFactory.createClientInvoker(TransportClientFactory.java:39)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.jboss.remoting.InvokerRegistry.loadClientInvoker(InvokerRegistry.java:419)
at org.jboss.remoting.InvokerRegistry.createClientInvoker(InvokerRegistry.java:320)
at org.jboss.remoting.Client.connect(Client.java:459)
at org.jboss.ws.core.client.RemotingConnectionImpl.createRemotingClient(RemotingConnectionImpl.java:247)
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:165)
at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
at org.jboss.ws.core.soap.SOAPConnectionImpl.callInternal(SOAPConnectionImpl.java:106)
at org.jboss.ws.core.soap.SOAPConnectionImpl.call(SOAPConnectionImpl.java:66)
at xxx.yyy.fooservice.FooServiceImpl.foo(FooServiceImpl.java:103)
at xxx.yyy.fooservice.FooAsyncRunner.run(FooAsyncRunner.java:31)
at java.lang.Thread.run(Thread.java:736)
I've tried using hints on the net to modify ssl.KeyManagerFactory.algorithm and ssl.TrustManagerFactory.algorithm in $JAVA_HOME/jre/lib/security/java.security, but error prevails.
Extra info: The exception above appeared after having specified
export JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=foo"
... in JBoss 4.2.2 startup, before that I got the following exception:
2012-03-28 12:10:13,424 ERROR [org.jboss.remoting.transport.http.HTTPClientInvoker] (Thread-13) Error creating SSL Socket Factory for client invoker.
java.io.IOException: Error initializing socket factory SSL context: Can not find truststore url.
at org.jboss.remoting.security.SSLSocketBuilder.initializeSocketFactorySSLContext(SSLSocketBuilder.java:1340)
at org.jboss.remoting.security.SSLSocketBuilder.createCustomSocketFactory(SSLSocketBuilder.java:451)
at org.jboss.remoting.security.SSLSocketBuilder.createSSLSocketFactory(SSLSocketBuilder.java:431)
at org.jboss.remoting.security.SSLSocketBuilder.createSSLSocketFactory(SSLSocketBuilder.java:381)
at org.jboss.remoting.transport.http.ssl.HTTPSClientInvoker.createSocketFactory(HTTPSClientInvoker.java:140)
at org.jboss.remoting.RemoteClientInvoker.<init>(RemoteClientInvoker.java:46)
at org.jboss.remoting.transport.http.HTTPClientInvoker.<init>(HTTPClientInvoker.java:105)
at org.jboss.remoting.transport.https.TransportClientFactory.createClientInvoker(TransportClientFactory.java:39)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.jboss.remoting.InvokerRegistry.loadClientInvoker(InvokerRegistry.java:419)
at org.jboss.remoting.InvokerRegistry.createClientInvoker(InvokerRegistry.java:320)
at org.jboss.remoting.Client.connect(Client.java:459)
at org.jboss.ws.core.client.RemotingConnectionImpl.createRemotingClient(RemotingConnectionImpl.java:247)
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:165)
at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
at org.jboss.ws.core.soap.SOAPConnectionImpl.callInternal(SOAPConnectionImpl.java:106)
at org.jboss.ws.core.soap.SOAPConnectionImpl.call(SOAPConnectionImpl.java:66)
at xxx.yyy.fooservice.FooServiceImpl.foo(FooServiceImpl.java:103)
at xxx.yyy.fooservice.FooAsyncRunner.run(FooAsyncRunner.java:31)
at java.lang.Thread.run(Thread.java:736)
What can be I do to make these exceptions disappear? All help is highly appreciated! Thank you in advance.
Upvotes: 0
Views: 7266
Answers (2)
Reputation: 122719
After a quick look at JBoss's SSLSocketBuilder.loadTrustManagers, it tries to use the org.jboss.remoting.trustStoreAlgorithm property in the configuration, falling back to org.jboss.remoting.keyStoreAlgorithm, then falling back to the hard-coded default, SunX509.
Note that, even on a Sun/Oracle JRE, this is not the default value for the trust manager algorithm, it's PKIX.
I would report this as a bug/RFE to JBoss: it should probably fall back to TrustManagerFactory.getDefaultAlgorithm() when nothing is set (that's the point of this method).
You may have to set one of these properties in the configuration explicitly to use IBM's default trust manager algorithm, to prevent it to fall back to these hard-coded default values.
Upvotes: 2
Reputation: 75406
With IBM JVM's the name is IbmX509 and not SunX509, which is the default value used by JBoss unless explicitly configured otherwise.
See http://docs.jboss.org/jbossweb/2.1.x/ssl-howto.html for details. Search for IbmX509.
Upvotes: 1
Related Questions
- No X509TrustManager Implementation available
- SSLHandshakeException: PKIX path building failed SunCertPathBuilderException: unable to find valid certification path to requested target
- Implementing X509TrustManager
- Restore SSL X509TrustManager in Java
- java web service client trying to access web service through SSL - TrustManagerFactoryImpl is not initialized
- Keep getting No X509TrustManager implementation available error when trying to connect to web socket server
- Java/Websphere NoSuchProviderException: IBMCertPath
- javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException
- java.security.NoSuchAlgorithmException: TrustManagerFactory SunX509 implementation not found
- sun.security.ssl.allowUnsafeRenegotiation