Testbed certificate not considered valid?

michielbdejong commented 3 years ago

I received a c2 and a c3 certificate for running the AS4 Conformance Testing with the CEF eDelivery AS4 Conformance Test service, and it seems I succesfully loaded it from the pondersource-c2.pfx file provided, but now the phase4-server-webapp throws this error in the logs - any advice?


13-Jul-2021 09:15:40.922 SEVERE [main] org.apache.catalina.core.StandardContext.listenerStart Exception sending context initialized event to listener instance of class [com.helger.phase4.peppol.server.servlet.Phase4PeppolWebAppListener]
    com.helger.commons.exception.InitializationException: The provided certificate is not a valid Peppol certificate. Check result: UNSUPPORTED_ISSUER
        at com.helger.phase4.peppol.server.servlet.Phase4PeppolWebAppListener._initPeppolAS4(Phase4PeppolWebAppListener.java:214)
        at com.helger.phase4.peppol.server.servlet.Phase4PeppolWebAppListener.initManagers(Phase4PeppolWebAppListener.java:238)
        at com.helger.photon.core.servlet.WebAppListener.contextInitialized(WebAppListener.java:688)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4768)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5230)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:728)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:700)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:696)
        at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1024)
        at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1911)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
        at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:118)
        at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:825)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:475)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1618)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:319)
        at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
        at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
        at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366)
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:948)
        at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:835)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1388)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
        at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:140)
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:921)
        at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:263)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
        at org.apache.catalina.core.StandardService.startInternal(StandardService.java:437)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
        at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:934)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:772)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:476)

michielbdejong commented 3 years ago

I guess I should find the CA Issuer cert for the testbed and add it to https://github.com/phax/peppol-commons/blob/dcda8cd74adc36f8f815db193687c949b9103426/peppol-commons/src/main/java/com/helger/peppol/utils/PeppolCertificateChecker.java#L86-L87

phax commented 3 years ago

Yes, you need to add the Peppol PKI where necessary. See https://github.com/phax/peppol-commons/tree/master/peppol-commons/src/main/resources/truststore for the "default" truststores available

phax commented 3 years ago

Ah now I got it. You cannot mix the CEF certificates with the Peppol certificates. CEF has it's own CA. And the Peppol web application is by default linked to the Peppol CA only (that's why there are "CEF" labeled components in the project).

phax commented 3 years ago

See application.properties for these properties to change:

org.apache.wss4j.crypto.merlin.truststore.type=JKS
org.apache.wss4j.crypto.merlin.truststore.file=truststore/complete-truststore.jks
org.apache.wss4j.crypto.merlin.truststore.password=peppol

# SMP Client
smpclient.truststore.type=JKS
smpclient.truststore.path=truststore/complete-truststore.jks
smpclient.truststore.password=peppol

michielbdejong commented 3 years ago

Ah right, of course. That answers it. Thanks a lot!

phax / phase4

Testbed certificate not considered valid? #56