I built a CXF client to invoke a SOAP web service. I imported the server's certificates into my cacerts trust store (I understand that CXF uses cacerts by default) and i used the following code to implement the call. However, the following error is generated:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
QName serviceQName = new QName("Namespace", "ServiceName");
String urlString = "https:endpoint?wsdl";
QName portQName = new QName("Namespace", "PortName");
service = Service.create(serviceQName);
service.addPort(portQName, SOAPBinding.SOAP11HTTP_BINDING, urlString);
Dispatch<Source> sourceDispatch = service.createDispatch(portQName, Source.class, Service.Mode.PAYLOAD);
BindingProvider bindingProvider = sourceDispatch;
bindingProvider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, urlString);
Source result = sourceDispatch.invoke(new StreamSource(exchange.getIn().getBody(InputStream.class)));
The error was actually a CXF one and not a certificate one. Specifically, the Binding Provider actually ignores JAXWS properties and i had to pass the SSL context as shown below:
SSLContext sc = "your custom SSL Context"
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false);
tlsParams.setSSLSocketFactory(sc.getSocketFactory());