Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-11830

Uploading FPR to 360 Server with HTTPS fails

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • fortify360-plugin
    • Red Hat Enterprise Linux Server release 6.1 (Santiago), Fortify 360 3.1.0

      Uploading FPR to 360 Server with HTTPS fails, I am using a Server Certificate signed by a CA, that is signed by a CA who is signed its self. All of these certificates are stored in the Fortify 360 jre(64)/lib/security/cacerts java keystores - the cervers certificate (there is not need for it to be there). This is what enables the 'fortifyclient' program that ships with fortify to communicate and upload FPR's to the 360 server (this works for me). However the Jenkins plugin for fortify gives me

      Publishing Fortify 360 FPR Data
      Cannot locate sourceanalyzer, will skip plotting NVS chart

      Using FPR: file:

      {location_to_FPR_dir}/systems-test.fpr
      Local FPR: {location_to_FPR_dir}

      /systems-test.fpr
      Calculated NVS = 0.000000
      Saving FPR summary
      Uploading FPR to Fortify 360 Server at https://

      {360 Server Address}
      Error uploading to F360 Server: https://{360 Server Address}

      com.fortify.ws.client.FortifyWebServiceException: An internal error has occurred.
      (org.springframework.ws.soap.axiom.AxiomSoapMessageException: Could not write message to OutputStream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
      (sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
      (An internal error has occurred.
      (org.springframework.ws.soap.axiom.AxiomSoapMessageException: Could not write message to OutputStream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target))
      at com.fortify.ws.client.AbstractWSClient.transformException(AbstractWSClient.java:238)
      at com.fortify.ws.client.FPRTransferClient.uploadFPR(FPRTransferClient.java:108)
      at com.fortify.ws.client.FPRTransferClient.uploadFPR(FPRTransferClient.java:81)
      at org.jvnet.hudson.plugins.fortify360.fortifyclient.FortifyClient.uploadFPR(FortifyClient.java:103)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:616)
      at org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:281)
      at org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:225)
      at org.jvnet.hudson.plugins.fortify360.FPRPublisher.invokeFortifyClient(FPRPublisher.java:268)
      at org.jvnet.hudson.plugins.fortify360.FPRPublisher.perform(FPRPublisher.java:178)
      at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:19)
      at hudson.model.AbstractBuild$AbstractRunner.perform(AbstractBuild.java:695)
      at hudson.model.AbstractBuild$AbstractRunner.performAllBuildSteps(AbstractBuild.java:670)
      at hudson.model.AbstractBuild$AbstractRunner.performAllBuildSteps(AbstractBuild.java:648)
      at hudson.model.Build$RunnerImpl.post2(Build.java:162)
      at hudson.model.AbstractBuild$AbstractRunner.post(AbstractBuild.java:617)
      at hudson.model.Run.run(Run.java:1429)
      at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
      at hudson.model.ResourceController.execute(ResourceController.java:88)
      at hudson.model.Executor.run(Executor.java:230)
      Caused by: com.fortify.ws.client.FortifyWebServiceException: An internal error has occurred.
      (org.springframework.ws.soap.axiom.AxiomSoapMessageException: Could not write message to OutputStream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
      (sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
      at com.fortify.ws.client.AbstractWSClient.transformException(AbstractWSClient.java:238)
      at com.fortify.ws.client.AbstractWSClient.sendRequest(AbstractWSClient.java:141)
      at com.fortify.ws.client.AuthenticationTokenClient.getSingleUseFPRUploadToken(AuthenticationTokenClient.java:84)
      at com.fortify.ws.client.AuthenticationTokenClient.getSingleUseFPRUploadToken(AuthenticationTokenClient.java:68)
      at com.fortify.ws.core.util.FileTransferUtil.upload(FileTransferUtil.java:90)
      at com.fortify.ws.client.FPRTransferClient.uploadFPR(FPRTransferClient.java:105)
      ... 20 more
      Caused by: org.springframework.ws.soap.axiom.AxiomSoapMessageException: Could not write message to OutputStream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at org.springframework.ws.soap.axiom.AxiomSoapMessage.writeTo(AxiomSoapMessage.java:257)
      at org.springframework.ws.transport.AbstractWebServiceConnection.send(AbstractWebServiceConnection.java:42)
      at org.springframework.ws.client.core.WebServiceTemplate.sendRequest(WebServiceTemplate.java:586)
      at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:549)
      at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:502)
      at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:351)
      at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:345)
      at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:337)
      at com.fortify.ws.client.AbstractWSClient.sendRequest(AbstractWSClient.java:131)
      ... 24 more
      Caused by: com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
      at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:168)
      at org.apache.axiom.om.impl.llom.OMDocumentImpl.serialize(OMDocumentImpl.java:396)
      at org.springframework.ws.soap.axiom.AxiomSoapMessage.writeTo(AxiomSoapMessage.java:248)
      ... 32 more
      Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1665)
      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:258)
      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:252)
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1165)
      at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
      at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
      at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1185)
      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1169)
      at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
      at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:979)
      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
      at org.springframework.ws.transport.http.HttpUrlConnection.getRequestOutputStream(HttpUrlConnection.java:81)
      at org.springframework.ws.transport.AbstractSenderConnection$RequestTransportOutputStream.createOutputStream(AbstractSenderConnection.java:101)
      at org.springframework.ws.transport.TransportOutputStream.getOutputStream(TransportOutputStream.java:41)
      at org.springframework.ws.transport.TransportOutputStream.write(TransportOutputStream.java:60)
      at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
      at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
      at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
      ... 35 more
      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:324)
      at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:224)
      at sun.security.validator.Validator.validate(Validator.java:235)
      at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
      at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
      at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
      ... 53 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:197)
      at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:319)
      ... 59 more
      Finished: SUCCESS

      I have tried adding the servers certificate to the java keystores (no sucess, this is both fortify keystores), I have tried adding all 3 certifactes to the standard java kestore that jenkins uses (again no success). What am I missing?

      I have verified in all cases that the certifactes have the proper permissions and that the certifactes are in the keystores properly.

            samngms samngms
            sferich888 Eric RIch
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: