Sunday, February 22, 2009

How to solve WSS1816: Error occurred while resolving Direct Reference

Solution:
sp:X509Token
in the "IncludeToken" for "InitiatorToken" use "AlwaysToRecipient"
for the "RecipientToken" use "Never"
for "wsp:Policy" use "sp:RequireIssuerSerialReference"
"sp:X509Token"

for "sp:Wss10" "wsp:Policy" use "sp:MustSupportRefIssuerSerial"

WSS1816: Error occurred while resolving Direct Reference

Tuesday, February 17, 2009

How to solve the CertPathValidatorException: Path does not chain with any of the trust anchors

Solution:
From the browser
1. Export public key of the cert to base64 .cer
2. Export intermediate root CA's certificate e.g. SDN base64.cer file
3. Export root CA certificate to Base64 .cer

4. Import all of the above .cer files into the trust store (both in the server and client if mutual authentication is used.)




Feb 17, 2009 4:47:06 PM [com.sun.xml.ws.policy.jaxws.PolicyConfigParser] parse
INFO: WSP1049: Loaded WSIT configuration from file: file:/C:/PHIN-SRM/container/webapps/WSRM_Client/WEB-INF/classes/META-INF/wsit-client.xml
Feb 17, 2009 4:47:16 PM com.sun.xml.wss.impl.misc.DefaultCallbackHandler$X509CertificateValidatorImpl validate
SEVERE: WSS1518: Failed to validate certificate
java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:195)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler$X509CertificateValidatorImpl.validate(DefaultCallbackHandler.java:1572)
at com.sun.xml.wss.impl.callback.CertificateValidationCallback.getResult(CertificateValidationCallback.java:80)
at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.validateCertificate(DefaultSecurityEnvironmentImpl.java:700)
at com.sun.xml.ws.security.opt.impl.incoming.X509BinarySecurityToken.validate(X509BinarySecurityToken.java:186)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHeader(SecurityRecipient.java:400)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(SecurityRecipient.java:280)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:222)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:438)
at com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTube.java:206)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:129)
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:160)
at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:75)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Feb 17, 2009 4:47:17 PM [com.sun.xml.ws.rm.runtime.ClientSession] processOutgoingPacket
WARNING: WSRM1106: Attempt to initiate RM session failed with an exception
javax.xml.ws.soap.SOAPFaultException: Path does not chain with any of the trust anchors
at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:431)
at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:260)
at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:129)
at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:79)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.startSecureConversation(SecurityClientTube.java:460)
at com.sun.xml.ws.rm.runtime.ProtocolCommunicator.tryStartSecureConversation(ProtocolCommunicator.java:103)
at com.sun.xml.ws.rm.runtime.ClientSession.initializeIfNecessary(ClientSession.java:255)
at com.sun.xml.ws.rm.runtime.ClientSession.processOutgoingPacket(ClientSession.java:157)
at com.sun.xml.ws.rm.runtime.RmClientTube.processRequest(RmClientTube.java:123)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439)
at com.sun.xml.ws.client.Stub.process(Stub.java:222)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:135)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118)
at $Proxy74.receiveMessage(Unknown Source)
at gov.cdc.wsigrid.wsrm.WsrmClientServlet.processRequest(WsrmClientServlet.java:215)
at gov.cdc.wsigrid.wsrm.WsrmClientServlet.doPost(WsrmClientServlet.java:277)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Feb 17, 2009 4:47:17 PM com.sun.xml.wss.impl.misc.DefaultCallbackHandler$X509CertificateValidatorImpl validate
SEVERE: WSS1518: Failed to validate certificate
java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:195)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
at com.sun.xml.wss.impl