Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-11449

Unable to find valid certification path to requested target when using SSL with connectors

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.0
    • Fix Version/s: 6.5.0
    • Component/s: None
    • Labels:
    • Environment:
      OpenDJ 6.5.0-SNAPSHOT (388716d6b7f)
      OpenIDM 6.5.0-SNAPSHOT (d5e7115)
      ScriptedCrestConnector 1.5.1.0-SNAPSHOT (cf2563b92ac)
    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      2
    • Sprint:
      OpenIDM Sprint 6.5-7

      Description

      After https://bugster.forgerock.org/jira/browse/OPENIDM-9934 update, SSL connections with connectors stops to work.

      Steps to reproduce

      1. Setup OpenIDM with connector SSL connection to resource (e.g. scriptedcrest -> SSL OpenDJ)
      2. GET on resource

      Error for scriptedcrest with SSL

      FINE: Exception: 	Method: search
      org.identityconnectors.framework.common.exceptions.ConnectorException: SearchScript error
      	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
      	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
      	at org.codehaus.groovy.reflection.CachedConstructor.invoke(CachedConstructor.java:83)
      	at org.codehaus.groovy.runtime.callsite.ConstructorSite$ConstructorSiteNoUnwrapNoCoerce.callConstructor(ConstructorSite.java:105)
      	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallConstructor(CallSiteArray.java:60)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:235)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:255)
      	at org.forgerock.openicf.connectors.groovy.ScriptedConnectorBase.executeQuery(ScriptedConnectorBase.groovy:423)
      	at org.forgerock.openicf.connectors.groovy.ScriptedConnectorBase.executeQuery(ScriptedConnectorBase.groovy)
      	at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:152)
      	at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:118)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:104)
      	at com.sun.proxy.$Proxy70.search(Unknown Source)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
      	at com.sun.proxy.$Proxy70.search(Unknown Source)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:157)
      Caused by: org.forgerock.json.resource.InternalServerErrorException: General SSLEngine problem
      	at org.forgerock.openicf.connectors.scriptedcrest.AbstractRemoteConnection.adapt(AbstractRemoteConnection.java:164)
      	at org.forgerock.openicf.connectors.scriptedcrest.AbstractRemoteConnection$3.failed(AbstractRemoteConnection.java:281)
      	at org.apache.http.concurrent.BasicFuture.failed(BasicFuture.java:134)
      	at org.apache.http.impl.nio.client.AbstractClientExchangeHandler.failed(AbstractClientExchangeHandler.java:419)
      	at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.exception(HttpAsyncRequestExecutor.java:155)
      	at org.apache.http.impl.nio.client.InternalIODispatch.onException(InternalIODispatch.java:76)
      	at org.apache.http.impl.nio.client.InternalIODispatch.onException(InternalIODispatch.java:39)
      	at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:125)
      	at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
      	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
      	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
      	at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
      	at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
      	at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
      	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478)
      	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
      	at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214)
      	at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186)
      	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
      	at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:265)
      	at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:305)
      	at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:509)
      	at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
      	... 7 more
      Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
      	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)
      	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304)
      	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
      	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
      	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
      	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)
      	at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283)
      	at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353)
      	... 9 more
      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
      	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
      	at sun.security.validator.Validator.validate(Validator.java:260)
      	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
      	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
      	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
      	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501)
      	... 17 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
      	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
      	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
      	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
      	... 23 more
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                whitney.hunter Whitney Hunter [X] (Inactive)
                Reporter:
                michal.orlik@profiq.cz Michal Orlik
                QA Assignee:
                Michal Orlik
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: