AnsweredAssumed Answered

Odd security exception with GET /alfresco/service/cmis/query

Question asked by probedb on Oct 9, 2012
Latest reply on Oct 9, 2012 by probedb
Hi all,

I'm new to Alfresco and I'm trying to figure out a bizarre security exception I'm getting using this service. The Alfresco server is on another machine (community edition) to my local machine and I'm using PHP with Curl. We're going to be using the full version of Alfresco however we're trying to get to grips with it.

First I authenticate using:

GET /alfresco/service/api/login?u={username}&pw={password?}

which works fine and I am returned a response of "TICKET_xxxx etc". I then attempt to call:

/alfresco/service/cmis/query?alf_ticket=TICKET_<ticketvaluehere>&q=SELECT+cmis%3Aname+FROM+cmis%3Adocument 

this returns a security error?

Alfresco    Web Script Status 500 - Internal Error

The Web Script /alfresco/service/cmis/query has responded with a status of 500 - Internal Error.

500 Description:   An error inside the HTTP server which prevented it from fulfilling the request.

Message:   09090029 Wrapped Exception (with status template): 090914717 Failed to execute script 'classpath*:alfresco/templates/webscripts/org/alfresco/cmis/query.get.js': 090914716
   
Exception:   java.security.cert.CertificateExpiredException - NotAfter: Fri Aug 17 13:04:11 BST 2012
   
   sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
   sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
   sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:157)
   sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:109)
   sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117)
   sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:328)
   sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
   java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
   sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:275)
   sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:263)
   sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:173)
   sun.security.validator.Validator.validate(Validator.java:218)
   com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
   com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
   com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
   com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
   com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
   com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
   com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
   com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
   com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
   com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
   com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
   java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
   java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
   org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506)
   org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
   org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
   org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
   org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
   org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
   org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
   org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.executeQuery(SolrQueryHTTPClient.java:318)
   org.alfresco.repo.search.impl.solr.SolrQueryLanguage.executeQuery(SolrQueryLanguage.java:49)
   org.alfresco.repo.search.impl.solr.SolrCMISQueryServiceImpl.query(SolrCMISQueryServiceImpl.java:93)
   sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   java.lang.reflect.Method.invoke(Method.java:597)
   org.alfresco.repo.management.subsystems.SubsystemProxyFactory$1.invoke(SubsystemProxyFactory.java:65)
   org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   $Proxy140.query(Unknown Source)
   org.alfresco.repo.cmis.rest.CMISScript.query(CMISScript.java:683)
   sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   java.lang.reflect.Method.invoke(Method.java:597)
   org.mozilla.javascript.MemberBox.invoke(MemberBox.java:155)
   org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:243)
   org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:76)
   org.mozilla.javascript.gen.c21._c0(file:/D:/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/cmis/query.get.js:42)
   org.mozilla.javascript.gen.c21.call(file:/D:/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/cmis/query.get.js)
   org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:393)
   org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:2834)
   org.mozilla.javascript.gen.c21.call(file:/D:/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/cmis/query.get.js)
   org.mozilla.javascript.gen.c21.exec(file:/D:/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/cmis/query.get.js)
   org.alfresco.repo.jscript.RhinoScriptProcessor.executeScriptImpl(RhinoScriptProcessor.java:483)
   org.alfresco.repo.jscript.RhinoScriptProcessor.execute(RhinoScriptProcessor.java:191)
   org.alfresco.repo.processor.ScriptServiceImpl.execute(ScriptServiceImpl.java:212)
   org.alfresco.repo.processor.ScriptServiceImpl.executeScript(ScriptServiceImpl.java:174)
   org.alfresco.repo.web.scripts.RepositoryScriptProcessor.executeScript(RepositoryScriptProcessor.java:102)
   org.springframework.extensions.webscripts.AbstractWebScript.executeScript(AbstractWebScript.java:1193)
   org.alfresco.repo.cmis.rest.CMISWebScript.executeScript(CMISWebScript.java:46)
   org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:86)
   org.alfresco.repo.web.scripts.RepositoryContainer$2.execute(RepositoryContainer.java:393)
   org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:388)
   org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:462)
   org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:500)
   org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:316)
   org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:372)
   org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:209)
   org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:118)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:58)
   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
   org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
   org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
   org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:861)
   org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
   org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1584)
   java.lang.Thread.run(Thread.java:662)
   
Exception:   java.security.cert.CertPathValidatorException - timestamp check failed
   
   sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
   
Exception:   sun.security.validator.ValidatorException - PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
   
   sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:289)
   
Exception:   javax.net.ssl.SSLHandshakeException - sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
   
   com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
   
Exception:   org.alfresco.repo.search.impl.lucene.LuceneQueryParserException - 090914716
   
   org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.executeQuery(SolrQueryHTTPClient.java:364)
   
Exception:   org.alfresco.scripts.ScriptException - 090914717 Failed to execute script 'classpath*:alfresco/templates/webscripts/org/alfresco/cmis/query.get.js': 090914716
   
   org.alfresco.repo.jscript.RhinoScriptProcessor.execute(RhinoScriptProcessor.java:195)
   
Exception:   org.springframework.extensions.webscripts.WebScriptException - 09090029 Wrapped Exception (with status template): 090914717 Failed to execute script 'classpath*:alfresco/templates/webscripts/org/alfresco/cmis/query.get.js': 090914716
   
   org.springframework.extensions.webscripts.AbstractWebScript.createStatusException(AbstractWebScript.java:970)
   
Server:   Community v4.0.0 (4003) schema 5,025
Time:   09-Oct-2012 14:39:48
   
Diagnostics:   Inspect Web Script (org/alfresco/cmis/query.get)

However using something like

/api/cmis?alf_ticket=TICKET_<ticketvaluehere>

is fine. Any thoughts?

Cheers,
Paul.

Outcomes