Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Hie,

I wrote a java code which connects to Salesforce and updates a value in there, Its is working well and good when i run it from my local system as a standalone java application but my main goal is to take that as a java component in filenet BPM workflow , so when the workflow process gets to this java component then it throws a error as the title

the entire stack stack trace is as follows

com.sforce.ws.ConnectionException: Failed to send request to https://login.salesforce.com/services/Soap/c/24.0/0DF90000000PX8r
    at com.sforce.ws.transport.SoapConnection.send(SoapConnection.java:129)
    at com.sforce.soap.enterprise.EnterpriseConnection.login(EnterpriseConnection.java:1052)
    at com.sforce.soap.enterprise.EnterpriseConnection.<init>(EnterpriseConnection.java:399)
    at salesforceupdate.SalesForceUpdate.main(SalesForceUpdate.java:70)
    at salesforceupdate.Callin.UpdateSL(Callin.java:19)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
    at java.lang.reflect.Method.invoke(Method.java:611)
    at filenet.vw.integrator.adaptors.java.VWJavaAdaptor.execute(VWJavaAdaptor.java:426)
    at filenet.vw.integrator.base.VWAdaptorEx$AdaptorAction.run(VWAdaptorEx.java:120)
    at java.security.AccessController.doPrivileged(AccessController.java:284)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:727)
    at filenet.vw.integrator.base.VWAdaptorEx.run(VWAdaptorEx.java:360)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at com.ibm.jsse2.n.a(n.java:42)
    at com.ibm.jsse2.tc.a(tc.java:96)
    at com.ibm.jsse2.tc.a(tc.java:340)
    at com.ibm.jsse2.tc.a(tc.java:555)
    at com.ibm.jsse2.tc.a(tc.java:510)
    at com.ibm.jsse2.tc.startHandshake(tc.java:381)
    at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:151)
    at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:64)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1024)
    at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:51)
    at com.sforce.ws.transport.JdkHttpTransport.connectRaw(JdkHttpTransport.java:115)
    at com.sforce.ws.transport.JdkHttpTransport.connect(JdkHttpTransport.java:79)
    at com.sforce.ws.transport.SoapConnection.send(SoapConnection.java:107)
    ... 13 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at com.ibm.jsse2.util.e.<init>(e.java:117)
    at com.ibm.jsse2.util.d.a(d.java:20)
    at com.ibm.jsse2.hc.a(hc.java:58)
    at com.ibm.jsse2.hc.checkServerTrusted(hc.java:88)
    at filenet.ws.utils.jsse.FnTrustManager.checkServerTrusted(FnTrustManager.java:156)
    at com.ibm.jsse2.hb.a(hb.java:382)
    at com.ibm.jsse2.hb.a(hb.java:23)
    at com.ibm.jsse2.gb.n(gb.java:295)
    at com.ibm.jsse2.gb.a(gb.java:269)
    at com.ibm.jsse2.tc.a(tc.java:347)
    at com.ibm.jsse2.tc.g(tc.java:416)
    at com.ibm.jsse2.tc.a(tc.java:60)
    ... 21 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:287)
    at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:143)
    at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:101)
    at com.ibm.jsse2.util.e.<init>(e.java:17)
    ... 32 more

I have googled everything regarding this error and generated a .crt file of the domain and created a keystore file and mentioned that in my code

 System.setProperty("javax.net.ssl.trustStore","C:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\bin\\secure.ts");
 System.setProperty("javax.net.ssl.trustStorePassword", "xxxxx");

By the way i even modified key managemnet and certificates in WAS console

But I keep on getting the same error..Don't know what to do , Any help would be great

Thanks in Advance

like image 886
Bharath R Avatar asked Jan 23 '14 11:01

Bharath R


People also ask

Is the trustanchors parameter empty or empty?

Closed 6 years ago. When you google for this exception: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty, multiple results appear. However there is no definitive solution, only guesses.

Why is the trustanchors parameter not working in Tomcat?

The problem is due to the way that Tomcat deals with the trust store. If you happen to have specified your trust store location as the same as your keystore in the Spring Boot configuration, you'll likely get the trustAnchors parameter must be non-empty message when starting the application.

What happens when the truststore is not specified in the JRE?

It does when the Java cannot read for whatever reason the Truststore that was specified for it [1]. Take into account that if no Truststore was specified then it will default to the one in the JRE security dir. But, how can I certify if and what Truststore is my Java process using? That is the correct questions.

Do I need to tell Java about its own truststore?

And you don't need to tell Java about its own truststore at all, only about your own, if it's different. I'll add a twist: even when the truststore exists, is accessible, is in the right format, if it is COMPLETELY EMPTY, that's the error you can get with various libraries (including Apache HttpClient).


1 Answers

This error message usually means that your specified truststore can not be read. What I would check:

  • Is the path correct? (I'm sure you checked this...)
  • Has the user who started the JVM enough access privileges to read the trustore?
  • When do you set the system properties? Are they already set when the webservice is invoked?
  • Perhaps another component has overridden the values. Are the system properties still set when the webservice is invoked?
  • Does the trustore contains the Salesforce certificate and is the file not corrupt (e.g. check with keytool -list)?

Edit:

  • Don't use System.setProperty but set the options when starting the Java process with -Djavax.net.ssl.XXX. The reason for this advice is as follows: The IBM security framework may read the options before you set the property (e.g. in a static block of a class). Of course this is framework specific and may change from version to version.
like image 83
Peter Keller Avatar answered Oct 01 '22 11:10

Peter Keller