Versão atual:

javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca

Boa tarde!

Estou implementando a NFS-e (padrão Abrasf) para as cidades de Maringá e Belo Horizonte. Seguem as URLs dos respectivos serviços:

BH: https://bhisshomologa.pbh.gov.br/bhiss-ws/nfse?wsdl Maringá: https://isseteste.maringa.pr.gov.br/ws/?wsdl

Para a cidade de Belo Horizonte já está funcionando OK, mas para Maringá está ocorrendo erro ao tentar inicializar a conexão SSL.

    private void inicializa_ssl() {        
        java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
        System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
        System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");        
        System.setProperty("javax.net.ssl.keyStore", g_cert_cliente);
        System.setProperty("javax.net.ssl.keyStorePassword", g_senha_cliente);
        System.setProperty("javax.net.ssl.trustStoreType", "JKS");
        System.setProperty("javax.net.ssl.trustStore", g_path_trust);        
        System.setProperty("javax.net.ssl.trustStorePassword", g_senha_trust);
    }

  private void inicializaCertificado() throws Exception {
        InputStream entrada = new FileInputStream(g_cert_cliente);
        KeyStore ks = KeyStore.getInstance("pkcs12");
        try {
            ks.load(entrada, g_senha_cliente.toCharArray());
        } catch (IOException e) {
            throw new Exception(
                    "Senha do Certificado Digital esta incorreta ou Certificado inválido.");
        }

        /**
         * Resolve o problema do 403.7 Forbidden para Certificados A3 e A1 e
         * elimina o uso das cofigurações: -
         * System.setProperty("javax.net.ssl.keyStore", "NONE"); -
         * System.setProperty("javax.net.ssl.keyStoreType", "PKCS11"); -
         * System.setProperty("javax.net.ssl.keyStoreProvider",
         * "SunPKCS11-SmartCard"); -
         * System.setProperty("javax.net.ssl.trustStoreType", "JKS"); -
         * System.setProperty("javax.net.ssl.trustStore",
         * arquivoCacertsGeradoTodosOsEstados);
         */
        String alias = "";
        Enumeration<String> aliasesEnum = ks.aliases();
        while (aliasesEnum.hasMoreElements()) {
            alias = (String) aliasesEnum.nextElement();
            if (ks.isKeyEntry(alias))
                break;
        }
        X509Certificate certificate = (X509Certificate) ks.getCertificate(alias);
        PrivateKey privateKey = (PrivateKey) ks.getKey(alias, g_senha_cliente.toCharArray());
        SocketFactoryDinamicoAbrasf socketFactoryDinamico = new SocketFactoryDinamicoAbrasf(certificate, privateKey, g_senha_trust);
        socketFactoryDinamico.setFileCacerts(g_path_trust);

        Protocol protocol = new Protocol("https", socketFactoryDinamico, SSL_PORT);
        Protocol.registerProtocol("https", protocol);
    }

O erro não é ao inicializar o SSL e sim no Stub, ao executar a seguinte linha: _operationClient.execute(true);

Recebo o seguinte erro:

NFSeException:Erro no WebService de envio de lote de RPS Received fatal alert: unknown_ca328181 [http-bio-8086-exec-3] ERROR br.com.infoxnet.nfse.abrasf.webservice.NFSeAbrasfWS  - br.com.infoxnet.nfse.exception.NFSeException: Erro no envio de loteErro no WebService de envio de lote de RPS Received fatal alert: unknown_ca
    at br.com.infoxnet.nfse.abrasf.NFSeExcuta.enviarLote(NFSeExcuta.java:80)
    at br.com.infoxnet.nfse.abrasf.webservice.NFSeAbrasfWS.envioLote(NFSeAbrasfWS.java:24)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:194)
    at org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:102)
    at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
    at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:114)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:173)
    at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)
    at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:144)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: br.com.infoxnet.nfse.exception.NFSeException: Erro no WebService de envio de lote de RPS Received fatal alert: unknown_ca
    at br.com.infoxnet.nfse.abrasf.webservice.WebServiceClientAbrasf.enviaLoteHomologacaoMaringa(WebServiceClientAbrasf.java:75)
    at br.com.infoxnet.nfse.abrasf.webservice.WebServiceClientNFSe.enviarLoteRPS(WebServiceClientNFSe.java:45)
    at br.com.infoxnet.nfse.abrasf.NFSeExcuta.enviarLote(NFSeExcuta.java:61)
    ... 30 more
Caused by: org.apache.axis2.AxisFault: Received fatal alert: unknown_ca
    at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
    at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:203)
    at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:76)
    at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:400)
    at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:225)
    at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:438)
    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
    at br.com.infoxnet.nfse.abrasf.homologacao.Maringa.wsdl.NfseServicesServiceStub.enviarLoteRpsSincrono(NfseServicesServiceStub.java:1903)
    at br.com.infoxnet.nfse.abrasf.webservice.WebServiceClientAbrasf.enviaLoteHomologacaoMaringa(WebServiceClientAbrasf.java:72)
    ... 32 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
    at sun.security.ssl.AppInputStream.read(Unknown Source)
    at java.io.BufferedInputStream.fill(Unknown Source)
    at java.io.BufferedInputStream.read(Unknown Source)
    at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
    at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
    at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1116)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1413)
    at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1973)
    at org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1735)
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1098)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
    at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:557)
    at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199)

Aparentemente parece ser um problema com o certificado digital que eu baixei no serviço de Maringá, mas já procurei soluções para esse erro na internet e nada resolveu, é o mesmo processo que foi utilizando para o projeto de BH e funcionou perfeitamente. Poderia ser alguma peculiaridade do serviço de Maringá que eu não esteja tratando via código. Qualquer ajuda é bem-vinda!

Agradeço desde já a atenção de vocês. Obrigado!

Versões(4):

Ver a versão formatada

javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca

Comentário

new question