Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Bharath R picture Bharath R · Jan 23, 2014 · Viewed 18k times · Source

Hie,

I wrote a java code which connects to Salesforce and updates a value in there, Its is working well and good when i run it from my local system as a standalone java application but my main goal is to take that as a java component in filenet BPM workflow , so when the workflow process gets to this java component then it throws a error as the title

the entire stack stack trace is as follows

com.sforce.ws.ConnectionException: Failed to send request to https://login.salesforce.com/services/Soap/c/24.0/0DF90000000PX8r
    at com.sforce.ws.transport.SoapConnection.send(SoapConnection.java:129)
    at com.sforce.soap.enterprise.EnterpriseConnection.login(EnterpriseConnection.java:1052)
    at com.sforce.soap.enterprise.EnterpriseConnection.<init>(EnterpriseConnection.java:399)
    at salesforceupdate.SalesForceUpdate.main(SalesForceUpdate.java:70)
    at salesforceupdate.Callin.UpdateSL(Callin.java:19)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
    at java.lang.reflect.Method.invoke(Method.java:611)
    at filenet.vw.integrator.adaptors.java.VWJavaAdaptor.execute(VWJavaAdaptor.java:426)
    at filenet.vw.integrator.base.VWAdaptorEx$AdaptorAction.run(VWAdaptorEx.java:120)
    at java.security.AccessController.doPrivileged(AccessController.java:284)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:727)
    at filenet.vw.integrator.base.VWAdaptorEx.run(VWAdaptorEx.java:360)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at com.ibm.jsse2.n.a(n.java:42)
    at com.ibm.jsse2.tc.a(tc.java:96)
    at com.ibm.jsse2.tc.a(tc.java:340)
    at com.ibm.jsse2.tc.a(tc.java:555)
    at com.ibm.jsse2.tc.a(tc.java:510)
    at com.ibm.jsse2.tc.startHandshake(tc.java:381)
    at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:151)
    at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:64)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1024)
    at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:51)
    at com.sforce.ws.transport.JdkHttpTransport.connectRaw(JdkHttpTransport.java:115)
    at com.sforce.ws.transport.JdkHttpTransport.connect(JdkHttpTransport.java:79)
    at com.sforce.ws.transport.SoapConnection.send(SoapConnection.java:107)
    ... 13 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at com.ibm.jsse2.util.e.<init>(e.java:117)
    at com.ibm.jsse2.util.d.a(d.java:20)
    at com.ibm.jsse2.hc.a(hc.java:58)
    at com.ibm.jsse2.hc.checkServerTrusted(hc.java:88)
    at filenet.ws.utils.jsse.FnTrustManager.checkServerTrusted(FnTrustManager.java:156)
    at com.ibm.jsse2.hb.a(hb.java:382)
    at com.ibm.jsse2.hb.a(hb.java:23)
    at com.ibm.jsse2.gb.n(gb.java:295)
    at com.ibm.jsse2.gb.a(gb.java:269)
    at com.ibm.jsse2.tc.a(tc.java:347)
    at com.ibm.jsse2.tc.g(tc.java:416)
    at com.ibm.jsse2.tc.a(tc.java:60)
    ... 21 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:287)
    at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:143)
    at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:101)
    at com.ibm.jsse2.util.e.<init>(e.java:17)
    ... 32 more

I have googled everything regarding this error and generated a .crt file of the domain and created a keystore file and mentioned that in my code

 System.setProperty("javax.net.ssl.trustStore","C:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\bin\\secure.ts");
 System.setProperty("javax.net.ssl.trustStorePassword", "xxxxx");

By the way i even modified key managemnet and certificates in WAS console

But I keep on getting the same error..Don't know what to do , Any help would be great

Thanks in Advance

Answer

Peter Keller picture Peter Keller · Feb 1, 2014

This error message usually means that your specified truststore can not be read. What I would check:

  • Is the path correct? (I'm sure you checked this...)
  • Has the user who started the JVM enough access privileges to read the trustore?
  • When do you set the system properties? Are they already set when the webservice is invoked?
  • Perhaps another component has overridden the values. Are the system properties still set when the webservice is invoked?
  • Does the trustore contains the Salesforce certificate and is the file not corrupt (e.g. check with keytool -list)?

Edit:

  • Don't use System.setProperty but set the options when starting the Java process with -Djavax.net.ssl.XXX. The reason for this advice is as follows: The IBM security framework may read the options before you set the property (e.g. in a static block of a class). Of course this is framework specific and may change from version to version.