[JIRA] (JENKINS-11830) Error uploading FPR to Fortify 360
sferich888@gmail.com (JIRA)
-----------------------------------
Summary: Error uploading FPR to Fortify 360
Key: JENKINS-11830
URL: https://issues.jenkins-ci.org/browse/JENKINS-11830
Project: Jenkins
Issue Type: Bug
Components: fortify360
Affects Versions: current
Environment: Red Hat Enterprise Linux Server release 6.1 (Santiago), Fortify 360 3.1.0
Reporter: Eric RIch
Assignee: samngms
Fix For: current
Uploading FPR to 360 Server with HTTPS fails, I am using a Server Certificate signed by a CA, that is signed by a CA who is signed its self. All of these certificates are stored in the Fortify 360 jre(64)/lib/security/cacerts java keystores - the cervers certificate (there is not need for it to be there). This is what enables the 'fortifyclient' program that ships with fortify to communicate and upload FPR's to the 360 server (this works for me). However the Jenkins plugin for fortify gives me
Publishing Fortify 360 FPR Data
Cannot locate sourceanalyzer, will skip plotting NVS chart
Using FPR: file:{location_to_FPR_dir}/systems-test.fpr
Local FPR: {location_to_FPR_dir}/systems-test.fpr
Calculated NVS = 0.000000
Saving FPR summary
Uploading FPR to Fortify 360 Server at https://{360 Server Address}
Error uploading to F360 Server: https://{360 Server Address}
com.fortify.ws.client.FortifyWebServiceException: An internal error has occurred.
(org.springframework.ws.soap.axiom.AxiomSoapMessageException: Could not write message to OutputStream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
(sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
(An internal error has occurred.
(org.springframework.ws.soap.axiom.AxiomSoapMessageException: Could not write message to OutputStream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target))
at com.fortify.ws.client.AbstractWSClient.transformException(AbstractWSClient.java:238)
at com.fortify.ws.client.FPRTransferClient.uploadFPR(FPRTransferClient.java:108)
at com.fortify.ws.client.FPRTransferClient.uploadFPR(FPRTransferClient.java:81)
at org.jvnet.hudson.plugins.fortify360.fortifyclient.FortifyClient.uploadFPR(FortifyClient.java:103)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:281)
at org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:225)
at org.jvnet.hudson.plugins.fortify360.FPRPublisher.invokeFortifyClient(FPRPublisher.java:268)
at org.jvnet.hudson.plugins.fortify360.FPRPublisher.perform(FPRPublisher.java:178)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:19)
at hudson.model.AbstractBuild$AbstractRunner.perform(AbstractBuild.java:695)
at hudson.model.AbstractBuild$AbstractRunner.performAllBuildSteps(AbstractBuild.java:670)
at hudson.model.AbstractBuild$AbstractRunner.performAllBuildSteps(AbstractBuild.java:648)
at hudson.model.Build$RunnerImpl.post2(Build.java:162)
at hudson.model.AbstractBuild$AbstractRunner.post(AbstractBuild.java:617)
at hudson.model.Run.run(Run.java:1429)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:230)
Caused by: com.fortify.ws.client.FortifyWebServiceException: An internal error has occurred.
(org.springframework.ws.soap.axiom.AxiomSoapMessageException: Could not write message to OutputStream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
(sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
at com.fortify.ws.client.AbstractWSClient.transformException(AbstractWSClient.java:238)
at com.fortify.ws.client.AbstractWSClient.sendRequest(AbstractWSClient.java:141)
at com.fortify.ws.client.AuthenticationTokenClient.getSingleUseFPRUploadToken(AuthenticationTokenClient.java:84)
at com.fortify.ws.client.AuthenticationTokenClient.getSingleUseFPRUploadToken(AuthenticationTokenClient.java:68)
at com.fortify.ws.core.util.FileTransferUtil.upload(FileTransferUtil.java:90)
at com.fortify.ws.client.FPRTransferClient.uploadFPR(FPRTransferClient.java:105)
... 20 more
Caused by: org.springframework.ws.soap.axiom.AxiomSoapMessageException: Could not write message to OutputStream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.springframework.ws.soap.axiom.AxiomSoapMessage.writeTo(AxiomSoapMessage.java:257)
at org.springframework.ws.transport.AbstractWebServiceConnection.send(AbstractWebServiceConnection.java:42)
at org.springframework.ws.client.core.WebServiceTemplate.sendRequest(WebServiceTemplate.java:586)
at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:549)
at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:502)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:351)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:345)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:337)
at com.fortify.ws.client.AbstractWSClient.sendRequest(AbstractWSClient.java:131)
... 24 more
Caused by: com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:168)
at org.apache.axiom.om.impl.llom.OMDocumentImpl.serialize(OMDocumentImpl.java:396)
at org.springframework.ws.soap.axiom.AxiomSoapMessage.writeTo(AxiomSoapMessage.java:248)
... 32 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1665)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:258)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:252)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1165)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1185)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1169)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:979)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at org.springframework.ws.transport.http.HttpUrlConnection.getRequestOutputStream(HttpUrlConnection.java:81)
at org.springframework.ws.transport.AbstractSenderConnection$RequestTransportOutputStream.createOutputStream(AbstractSenderConnection.java:101)
at org.springframework.ws.transport.TransportOutputStream.getOutputStream(TransportOutputStream.java:41)
at org.springframework.ws.transport.TransportOutputStream.write(TransportOutputStream.java:60)
at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
... 35 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:324)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:224)
at sun.security.validator.Validator.validate(Validator.java:235)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
... 53 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:197)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:319)
... 59 more
Finished: SUCCESS
I have tried adding the servers certificate to the java keystores (no sucess, this is both fortify keystores), I have tried adding all 3 certifactes to the standard java kestore that jenkins uses (again no success). What am I missing?
I have verified in all cases that the certifactes have the proper permissions and that the certifactes are in the keystores properly.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
sferich888@gmail.com (JIRA)
[ https://issues.jenkins-ci.org/browse/JENKINS-11830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=155744#comment-155744 ]
Eric RIch commented on JENKINS-11830:
-------------------------------------
I have reviewed the Source for the project and it seems to be using the Fortify client command to complete the upload task.
This baffels me because I can use this exact command to upload to the server but the plugin can not?
Am I looking at the wrong source or is there another issue?
> Error uploading FPR to Fortify 360
> ----------------------------------
>
> Key: JENKINS-11830
> URL: https://issues.jenkins-ci.org/browse/JENKINS-11830
> Project: Jenkins
> Issue Type: Bug
> Components: fortify360
> Affects Versions: current
> Environment: Red Hat Enterprise Linux Server release 6.1 (Santiago), Fortify 360 3.1.0
> Reporter: Eric RIch
> Assignee: samngms
> Labels: jenkins, plugin
sferich888@gmail.com (JIRA)
[ https://issues.jenkins-ci.org/browse/JENKINS-11830?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on JENKINS-11830 started by samngms.
> Error uploading FPR to Fortify 360
> ----------------------------------
>
> Key: JENKINS-11830
> URL: https://issues.jenkins-ci.org/browse/JENKINS-11830
> Project: Jenkins
> Issue Type: Bug
> Components: fortify360
> Affects Versions: current
> Environment: Red Hat Enterprise Linux Server release 6.1 (Santiago), Fortify 360 3.1.0
> Reporter: Eric RIch
> Assignee: samngms
> Labels: jenkins, plugin
sferich888@gmail.com (JIRA)
[ https://issues.jenkins-ci.org/browse/JENKINS-11830?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on JENKINS-11830 stopped by Eric RIch.
> Error uploading FPR to Fortify 360
> ----------------------------------
>
> Key: JENKINS-11830
> URL: https://issues.jenkins-ci.org/browse/JENKINS-11830
> Project: Jenkins
> Issue Type: Bug
> Components: fortify360
> Affects Versions: current
> Environment: Red Hat Enterprise Linux Server release 6.1 (Santiago), Fortify 360 3.1.0
> Reporter: Eric RIch
> Assignee: samngms
> Labels: jenkins, plugin
sferich888@gmail.com (JIRA)
[ https://issues.jenkins-ci.org/browse/JENKINS-11830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=157193#comment-157193 ]
Eric RIch commented on JENKINS-11830:
-------------------------------------
Does this plugin use the tool_finder application provided by fortify? /INSTALL_LOCATION/TOOLS/too_finder
> Error uploading FPR to Fortify 360
> ----------------------------------
>
> Key: JENKINS-11830
> URL: https://issues.jenkins-ci.org/browse/JENKINS-11830
> Project: Jenkins
> Issue Type: Bug
> Components: fortify360
> Affects Versions: current
> Environment: Red Hat Enterprise Linux Server release 6.1 (Santiago), Fortify 360 3.1.0
> Reporter: Eric RIch
> Assignee: samngms
> Labels: jenkins, plugin
samngms@java.net (JIRA)
|
|
|||||||||
|
This message is automatically generated by JIRA. |
| If you think it was sent incorrectly, please contact your JIRA administrators. |