Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-11830

Uploading FPR to 360 Server with HTTPS fails

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: fortify360-plugin
    • Labels:
    • Environment:
      Red Hat Enterprise Linux Server release 6.1 (Santiago), Fortify 360 3.1.0
    • Similar Issues:

      Description

      Uploading FPR to 360 Server with HTTPS fails, I am using a Server Certificate signed by a CA, that is signed by a CA who is signed its self. All of these certificates are stored in the Fortify 360 jre(64)/lib/security/cacerts java keystores - the cervers certificate (there is not need for it to be there). This is what enables the 'fortifyclient' program that ships with fortify to communicate and upload FPR's to the 360 server (this works for me). However the Jenkins plugin for fortify gives me

      Publishing Fortify 360 FPR Data
      Cannot locate sourceanalyzer, will skip plotting NVS chart

      Using FPR: file:

      {location_to_FPR_dir}/systems-test.fpr
      Local FPR: {location_to_FPR_dir}

      /systems-test.fpr
      Calculated NVS = 0.000000
      Saving FPR summary
      Uploading FPR to Fortify 360 Server at https://

      {360 Server Address}
      Error uploading to F360 Server: https://{360 Server Address}

      com.fortify.ws.client.FortifyWebServiceException: An internal error has occurred.
      (org.springframework.ws.soap.axiom.AxiomSoapMessageException: Could not write message to OutputStream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
      (sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
      (An internal error has occurred.
      (org.springframework.ws.soap.axiom.AxiomSoapMessageException: Could not write message to OutputStream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target))
      at com.fortify.ws.client.AbstractWSClient.transformException(AbstractWSClient.java:238)
      at com.fortify.ws.client.FPRTransferClient.uploadFPR(FPRTransferClient.java:108)
      at com.fortify.ws.client.FPRTransferClient.uploadFPR(FPRTransferClient.java:81)
      at org.jvnet.hudson.plugins.fortify360.fortifyclient.FortifyClient.uploadFPR(FortifyClient.java:103)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:616)
      at org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:281)
      at org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:225)
      at org.jvnet.hudson.plugins.fortify360.FPRPublisher.invokeFortifyClient(FPRPublisher.java:268)
      at org.jvnet.hudson.plugins.fortify360.FPRPublisher.perform(FPRPublisher.java:178)
      at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:19)
      at hudson.model.AbstractBuild$AbstractRunner.perform(AbstractBuild.java:695)
      at hudson.model.AbstractBuild$AbstractRunner.performAllBuildSteps(AbstractBuild.java:670)
      at hudson.model.AbstractBuild$AbstractRunner.performAllBuildSteps(AbstractBuild.java:648)
      at hudson.model.Build$RunnerImpl.post2(Build.java:162)
      at hudson.model.AbstractBuild$AbstractRunner.post(AbstractBuild.java:617)
      at hudson.model.Run.run(Run.java:1429)
      at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
      at hudson.model.ResourceController.execute(ResourceController.java:88)
      at hudson.model.Executor.run(Executor.java:230)
      Caused by: com.fortify.ws.client.FortifyWebServiceException: An internal error has occurred.
      (org.springframework.ws.soap.axiom.AxiomSoapMessageException: Could not write message to OutputStream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
      (sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
      at com.fortify.ws.client.AbstractWSClient.transformException(AbstractWSClient.java:238)
      at com.fortify.ws.client.AbstractWSClient.sendRequest(AbstractWSClient.java:141)
      at com.fortify.ws.client.AuthenticationTokenClient.getSingleUseFPRUploadToken(AuthenticationTokenClient.java:84)
      at com.fortify.ws.client.AuthenticationTokenClient.getSingleUseFPRUploadToken(AuthenticationTokenClient.java:68)
      at com.fortify.ws.core.util.FileTransferUtil.upload(FileTransferUtil.java:90)
      at com.fortify.ws.client.FPRTransferClient.uploadFPR(FPRTransferClient.java:105)
      ... 20 more
      Caused by: org.springframework.ws.soap.axiom.AxiomSoapMessageException: Could not write message to OutputStream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at org.springframework.ws.soap.axiom.AxiomSoapMessage.writeTo(AxiomSoapMessage.java:257)
      at org.springframework.ws.transport.AbstractWebServiceConnection.send(AbstractWebServiceConnection.java:42)
      at org.springframework.ws.client.core.WebServiceTemplate.sendRequest(WebServiceTemplate.java:586)
      at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:549)
      at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:502)
      at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:351)
      at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:345)
      at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:337)
      at com.fortify.ws.client.AbstractWSClient.sendRequest(AbstractWSClient.java:131)
      ... 24 more
      Caused by: com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
      at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:168)
      at org.apache.axiom.om.impl.llom.OMDocumentImpl.serialize(OMDocumentImpl.java:396)
      at org.springframework.ws.soap.axiom.AxiomSoapMessage.writeTo(AxiomSoapMessage.java:248)
      ... 32 more
      Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1665)
      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:258)
      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:252)
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1165)
      at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
      at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
      at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1185)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1169)
      at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
      at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:979)
      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
      at org.springframework.ws.transport.http.HttpUrlConnection.getRequestOutputStream(HttpUrlConnection.java:81)
      at org.springframework.ws.transport.AbstractSenderConnection$RequestTransportOutputStream.createOutputStream(AbstractSenderConnection.java:101)
      at org.springframework.ws.transport.TransportOutputStream.getOutputStream(TransportOutputStream.java:41)
      at org.springframework.ws.transport.TransportOutputStream.write(TransportOutputStream.java:60)
      at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
      at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
      at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
      ... 35 more
      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:324)
      at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:224)
      at sun.security.validator.Validator.validate(Validator.java:235)
      at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
      at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
      at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
      ... 53 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:197)
      at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:319)
      ... 59 more
      Finished: SUCCESS

      I have tried adding the servers certificate to the java keystores (no sucess, this is both fortify keystores), I have tried adding all 3 certifactes to the standard java kestore that jenkins uses (again no success). What am I missing?

      I have verified in all cases that the certifactes have the proper permissions and that the certifactes are in the keystores properly.

        Attachments

          Activity

          Hide
          sferich888 Eric RIch added a comment -

          I have reviewed the Source for the project and it seems to be using the Fortify client command to complete the upload task.

          This baffels me because I can use this exact command to upload to the server but the plugin can not?

          https://svn.jenkins-ci.org/trunk/hudson/plugins/fortify360/src/main/java/org/jvnet/hudson/plugins/fortify360/UploadFprService.java

          Am I looking at the wrong source or is there another issue?

          Show
          sferich888 Eric RIch added a comment - I have reviewed the Source for the project and it seems to be using the Fortify client command to complete the upload task. This baffels me because I can use this exact command to upload to the server but the plugin can not? https://svn.jenkins-ci.org/trunk/hudson/plugins/fortify360/src/main/java/org/jvnet/hudson/plugins/fortify360/UploadFprService.java Am I looking at the wrong source or is there another issue?
          Hide
          sferich888 Eric RIch added a comment -

          Does this plugin use the tool_finder application provided by fortify? /INSTALL_LOCATION/TOOLS/too_finder

          Show
          sferich888 Eric RIch added a comment - Does this plugin use the tool_finder application provided by fortify? /INSTALL_LOCATION/TOOLS/too_finder

            People

            • Assignee:
              samngms samngms
              Reporter:
              sferich888 Eric RIch
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: