upload doesn't good work with https

Hello

In our forms, the user can upload a file. So we have an xpl file which copy the file in the good directories.

We have a client which use this form in an environnement https. All works good, except the file upload : the file is uploaded in the temp directories, but our xpl file doesn’t execute. There is an error on the orbeon log :

2010-12-20 16:42:51,000 ERROR XFormsServer  - xforms-submit-error - setting throwable {throwable: "sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)

                at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)

                at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)

                at sun.security.validator.Validator.validate(Validator.java:218)

                at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)

                at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)

                at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)

                at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)

                at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)

                at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)

                at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)

                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)

                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)

                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)

                at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)

                at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)

                at java.io.BufferedOutputStream.write(BufferedOutputStream.java:104)

                at java.io.FilterOutputStream.write(FilterOutputStream.java:80)

….

Orbeon 3 .8 is installed on tomcat, and there is an apache server on front that contains the certificat.

Before, we used orbeon 3.5.1 on the same architecture and there was no problem.

Have you an idea ?

Thank You.

Julien .

Thank you for your response.

There is a cert file in the apache conf, but when i try the « keytool … » command  with this file, it doesn’t work :

« keytool error: gnu.javax.crypto.keyring.MalformedKeyringException: incorrect magic »

I think I need to convert this certificat (open ssl) to use it with java. (I do not know anything in the certificate)

But I don’t understand why only the upload needs this certificate. All others actions of my form work well. And with the older version of orbeon, the upload worked well too.

Julien.

Probably you are using certificate in Apache that is not signed by one of the JDK default CA-s. You need to add certificate of your CA to cacerts file. Follow steps here:
http://www.devdaily.com/blog/post/java/keytool-cacerts-java-ssl

  Tambet

On 20.12.2010 18:19, Bittard, Julien wrote:

Hello

In our forms, the user can upload a file. So we have an xpl file which copy the file in the good directories.

We have a client which use this form in an environnement https. All works good, except the file upload : the file is uploaded in the temp directories, but our xpl file doesn’t execute. There is an error on the orbeon log :

2010-12-20 16:42:51,000 ERROR XFormsServer  - xforms-submit-error - setting throwable {throwable: "sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)

                at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)

                at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)

                at sun.security.validator.Validator.validate(Validator.java:218)

                at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)

                at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)

                at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)

                at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)

                at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)

                at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)

                at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)

                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)

                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)

                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)

                at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)

                at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)

                at java.io.BufferedOutputStream.write(BufferedOutputStream.java:104)

                at java.io.FilterOutputStream.write(FilterOutputStream.java:80)

….

Orbeon 3 .8 is installed on tomcat, and there is an apache server on front that contains the certificat.

Before, we used orbeon 3.5.1 on the same architecture and there was no problem.

Have you an idea ?

Thank You.

Julien .

Think green - keep it on the screen. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

Hello

Thank you for your answers.
I solved my problem: I could not add the existing certificate in the keystore of the tomcat jvm running. The problem was that I used the keytool server (under /usr/bin) and not the keytool of the tomcat jre !
Now that the certificate was added to the jre, I have no error during the upload.

thank you

Julien .

Hard to tell from remote why it is not working. The error indicates, that you are trying to connect to https host from Java, and the certificate for this host doesn't have it's CA stored in trusted keystore.

Maybe you could turn on some additional logging, to find out what host and URL it is trying to connect:
http://wiki.orbeon.com/forms/doc/developer-guide/xforms-logging

Upload shouldn't cause https request from Java. Maybe upload triggers some additional logic?

  Tambet

On 21.12.2010 11:33, Bittard, Julien wrote:

Thank you for your response.

There is a cert file in the apache conf, but when i try the « keytool … » command  with this file, it doesn’t work :

« keytool error: gnu.javax.crypto.keyring.MalformedKeyringException: incorrect magic »

I think I need to convert this certificat (open ssl) to use it with java. (I do not know anything in the certificate)

But I don’t understand why only the upload needs this certificate. All others actions of my form work well. And with the older version of orbeon, the upload worked well too.

Julien.

Probably you are using certificate in Apache that is not signed by one of the JDK default CA-s. You need to add certificate of your CA to cacerts file. Follow steps here:
http://www.devdaily.com/blog/post/java/keytool-cacerts-java-ssl

  Tambet

On 20.12.2010 18:19, Bittard, Julien wrote:

Hello

In our forms, the user can upload a file. So we have an xpl file which copy the file in the good directories.

We have a client which use this form in an environnement https. All works good, except the file upload : the file is uploaded in the temp directories, but our xpl file doesn’t execute. There is an error on the orbeon log :

2010-12-20 16:42:51,000 ERROR XFormsServer  - xforms-submit-error - setting throwable {throwable: "sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)

                at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)

                at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)

                at sun.security.validator.Validator.validate(Validator.java:218)

                at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)

                at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)

                at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)

                at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)

                at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)

                at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)

                at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)

                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)

                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)

                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)

                at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)

                at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)

                at java.io.BufferedOutputStream.write(BufferedOutputStream.java:104)

                at java.io.FilterOutputStream.write(FilterOutputStream.java:80)

….

Orbeon 3 .8 is installed on tomcat, and there is an apache server on front that contains the certificat.

Before, we used orbeon 3.5.1 on the same architecture and there was no problem.

Have you an idea ?

Thank You.

Julien .

Think green - keep it on the screen. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

Think green - keep it on the screen. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.