What does "the trustAnchors parameter must be non-empty" mean?

Discussion in 'Java' started by laredotornado, Mar 17, 2009.

  1. Hi,

    I'm using Java 1.5 on Weblogic 9.2.2. I'm trying to securely connect
    to an LDAP getting the error below ..

    javax.naming.CommunicationException: simple bind failed:
    ZZZZYYYYLDP01.cable.myco.com:636 [Root exception is
    javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected
    error: java.security.InvalidAlgorithmParameterException: the
    trustAnchors parameter must be non-empty]

    Below is the code I'm using to connect to the LDAP server. Any ideas
    what the error above means? Thanks, - Dave

    Hashtable env = new Hashtable(5, 0.75f);
    env.put(Context.INITIAL_CONTEXT_FACTORY,
    "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    String ldapUser = name+"@" + this.domain;
    env.put(Context.SECURITY_PRINCIPAL, ldapUser);
    env.put(Context.SECURITY_CREDENTIALS, pass);
    String activeDirURLStr = this.ACTIVE_DIR_SERVER;
    try {
    URL activeDirURL = new URL(this.ACTIVE_DIR_SERVER);
    activeDirURLStr = activeDirURL.toString();
    } catch (MalformedURLException mfe) {
    log.error("Malformed URL Exception:" + this.ACTIVE_DIR_SERVER,
    mfe);
    } // catch
    env.put(Context.PROVIDER_URL, activeDirURLStr);
    env.put(Context.SECURITY_PROTOCOL, "ssl");

    System.setProperty("javax.net.ssl.trustStore",keyStore);

    env.put("com.sun.jndi.ldap.connect.timeout", this.ld_timeout);

    // Create and initialize variables
    InitialLdapContext context = null;
    boolean result = false;
    // try block to establish context and test username and password
    try
    {
    // Creates a context to the primary server
    context = new InitialLdapContext(env, null);
     
    laredotornado, Mar 17, 2009
    #1
    1. Advertisements

  2. laredotornado

    EJP Guest

    It usually means that JSSE couldn't find the truststore.
     
    EJP, Mar 17, 2009
    #2
    1. Advertisements

  3. I have verified that the path I'm using here ...

    System.setProperty("javax.net.ssl.trustStore",keyStore);

    exists. However, the JKS file I'm using is a file I copied from our
    Solaris servers to my local machine. Could that be a potential
    problem? - Dave
     
    laredotornado, Mar 18, 2009
    #3
  4. laredotornado

    EJP Guest

    In the current directory when you execute your Java code?
    Nope.
     
    EJP, Mar 18, 2009
    #4
  5. It is not in the current directory but "keyStore" is an absolute path
    on my file system. I even have this code before I set that system
    property ...

    File keyStoreFile = new File(keyStore);
    if (!keyStoreFile.exists()) {
    log.error("The keystore file " + keyStore + " does not
    exist.");
    } // if

    and no error gets printed in my log file, leading me to believe the
    file exists, but I could be overlooking something.

    Thanks for the continued help, -
     
    laredotornado, Mar 19, 2009
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.