Obas, dia!
Estou há alguns dias ‘quebrando a cuca’ para consumir WS da prefeitura SP com com nota-fiscal eletrônica.
Aqui temos um certificado do tipo A3 com um cartão e-CNPJ e um leitor USB.
Até buscar o certificado do cartão estou conseguindo com sucesso.
Fiz o procedimento para gerar o keystore do certificado e coloco as configurações abaixo antes de chamar o método da prefeitura:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump", "true");
System.setProperty("com.sun.xml.ws.transport.http.HttpAdapter.dump", "true");
System.setProperty("javax.net.debug", "ssl");
System.getProperties().setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStore", "C:\\wwNFe\\funfa\\nfe.keystore"); // -> Esse arquivo foi criado pelo keytool
System.setProperty("javax.net.ssl.trustStorePassword", "*****");
Através do WSDL eu criei as classes da WS da prefeitura. Quando eu chamo a rotina deles conforme abaixo.
EnvioLoteRPSRequest teste = new EnvioLoteRPSRequest( 1,
leArquivo( "XML_NFe_Assinado.XML" ) );
LoteNFe lote = new LoteNFeLocator();
LoteNFeSoap envioTeste = lote.getLoteNFeSoap(); // new LoteNFeSoapProxy();
// *** ATÉ AQUI OK ***
try {
// QUANDO EXECUTA A LINHA ABAIXO DÁ O ERRO
EnvioLoteRPSResponse objRetorno = envioTeste.envioLoteRPS(teste);
if(objRetorno != null) {
String typeretornoXML115 = objRetorno.getRetornoXML();
System.out.println( typeretornoXML115 );
}
} catch ( RemoteException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
Analisando no console, vejo que varias informacoes começam a surgir (dando a impressão de que a coisa vai…)
keyStore is :
keyStore type is : PKCS12
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\wwNFe\funfa\nfe.keystore
trustStore type is : JKS
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=NOME DO CLIENTE LTDA:00000000000000, OU=AR SERASA, OU=RFB e-CNPJ A3, OU=Secretaria da Receita Federal do Brasil - RFB, O=ICP-Brasil, L=SAO PAULO, ST=SP, C=BR
Issuer: CN=AC SERASA RFB v1, OU=Secretaria da Receita Federal do Brasil - RFB, O=ICP-Brasil, C=BR
Algorithm: RSA; Serial number: 0x262a969755268a7d
Valid from Mon May 31 18:00:00 BRT 2010 until Thu May 30 18:00:00 BRT 2013
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: [telefone removido] bytes = { 82, 233, 254, 250, 85, 75, 95, 219, 108, 100, 136, 202, 220, 30, 232, 157, 13, 125, 166, 194, 200, 167, 62, 198, 198, 6, 55, 86 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
... outras informacoes
Mas ao final, aparece a mensagem de erro abaixo
(Vou colocar uma parte da mensagem de erro - pois ela é um pouco grande)
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at br.gov.sp.prefeitura.www.nfe.LoteNFeSoapStub.envioLoteRPS(LoteNFeSoapStub.java:423)
at jvCert.Assinatura.Assina(Assinatura.java:148)
at jvCert.Leitura.main(Leitura.java:43)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 24 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 30 more
{http://xml.apache.org/axis/}hostname:maquinaCliente
Onde estou errando?