CXF keystore config - How to access keystore file from filesystem rather than within deployed jar ?

Solution Unverified - Updated -

Issue

  • We are adapting a prototyped camel route to work in our real environment.

In a blueprint route, we have the definition:

<http:conduit name="*.http-conduit"> <!-- set this to * from a to turn certs on -->
        <http:tlsClientParameters disableCNCheck="false"> <!-- not normally required secureSocketProtocol values TLS, TLSv1, SSL -->

            <!-- their certificate -->
            <sec:trustManagers> 
                <!--  sec:keyStore password="!£$%^" type="JKS" -->
                <sec:keyStore password="${bybox.their.tls.keystore.password}" type="JKS"
                    resource="${bybox.their.tls.keystore.file}" ></sec:keyStore>
            </sec:trustManagers>

            <!-- our certificate -->
            <!--  
            <sec:keyManagers keyPassword="!£$%^">
                <sec:keyStore type="JKS" password="!£$%^" resource="certs/DanStore.jks" ></sec:keyStore>
            </sec:keyManagers>
            -->
            <sec:cipherSuitesFilter>
                <sec:include>.*_EXPORT_.*</sec:include>
                <sec:include>.*_EXPORT1024_.*</sec:include>
                <sec:include>.*_WITH_DES_.*</sec:include>
                <sec:include>.*_WITH_AES_.*</sec:include>
                <sec:include>.*_WITH_NULL_.*</sec:include>
                <sec:exclude>.*_DH_anon_.*</sec:exclude>
            </sec:cipherSuitesFilter>
        </http:tlsClientParameters>
        <http:authorization>
            <sec:UserName>${bybox.username}</sec:UserName>
            <sec:Password>${bybox.password}</sec:Password>
            <sec:AuthorizationType>Basic</sec:AuthorizationType>
        </http:authorization>
    </http:conduit>

Everything works perfectly if we set the value of ${keystore.password} to point at a keystore included in the deployed jar file.

  • However, if we set this value to point to a file on the local hard disk, such as:
    C:/ar-work/project/eComFuse/env/bybox-ar.jks

or

    file:///C:/ar-work/project/eComFuse/env/bybox-ar.jks

we get the stack trace:

org.osgi.service.blueprint.container.ComponentDefinitionException: Error when instantiating bean #recipe-153 of class org.apache.cxf.configuration.jsse.TLSClientParametersConfig
        at org.apache.aries.blueprint.container.BeanRecipe.getInstance(BeanRecipe.java:315)
        at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:806)
        at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:787)
        at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:106)
        at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:933)
        at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:907)
        at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:888)
        at org.apache.aries.blueprint.container.BlueprintContainerImpl.injectBeanInstance(BlueprintContainerImpl.java:937)
        at org.apache.cxf.bus.blueprint.ConfigurerImpl.configureBean(ConfigurerImpl.java:121)
        at org.apache.cxf.bus.blueprint.ConfigurerImpl.configureWithWildCard(ConfigurerImpl.java:137)
        at org.apache.cxf.bus.blueprint.ConfigurerImpl.configureBean(ConfigurerImpl.java:110)
        at org.apache.cxf.bus.blueprint.ConfigurerImpl.configureBean(ConfigurerImpl.java:99)
        at org.apache.cxf.transport.http.HTTPTransportFactory.configure(HTTPTransportFactory.java:176)
        at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:241)
        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:222)
        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:229)
        at org.apache.cxf.endpoint.AbstractConduitSelector.createConduit(AbstractConduitSelector.java:145)
        at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:107)
        at org.apache.cxf.endpoint.UpfrontConduitSelector.prepare(UpfrontConduitSelector.java:63)
        at org.apache.cxf.endpoint.ClientImpl.prepareConduitSelector(ClientImpl.java:853)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:511)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:418)
        at org.apache.camel.component.cxf.CxfProducer.process(CxfProducer.java:116)
        at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:129)
        at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)
        at org.apache.camel.processor.interceptor.HandleFaultInterceptor.process(HandleFaultInterceptor.java:42)
        at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:91)
        at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:448)
        at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
        at org.apache.camel.processor.Pipeline.process(Pipeline.java:118)
        at org.apache.camel.processor.Pipeline.process(Pipeline.java:80)
        at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
        at org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:51)
        at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:129)
        at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)
        at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:448)
        at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
        at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
        at org.apache.camel.component.jetty.CamelContinuationServlet.service(CamelContinuationServlet.java:162)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
        at org.eclipse.jetty.servlets.MultiPartFilter.doFilter(MultiPartFilter.java:136)
        at org.apache.camel.component.jetty.CamelFilterWrapper.doFilter(CamelFilterWrapper.java:43)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
        at org.eclipse.jetty.server.Server.handle(Server.java:370)
        at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
        at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
        at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
        at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Could not load keystore resource file:///C:/user/keystore.jks
        at org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils.getKeyStore(TLSParameterJaxBUtils.java:140)
        at org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils.getTrustManagers(TLSParameterJaxBUtils.java:291)
        at org.apache.cxf.configuration.jsse.TLSClientParametersConfig.createTLSClientParametersFromType(TLSClientParametersConfig.java:115)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:297)
        at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:958)
        at org.apache.aries.blueprint.container.BeanRecipe.getInstance(BeanRecipe.java:313)
        ... 62 more

Environment

  • Red Hat JBoss Fuse
    • 6.x
  • Apache CXF

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content