Call a SSL Secured Webservice
Hi,
I build service for call a webservice (BPEL). It works fine. Now, that webservice is secured with ssl Certification - https. (I have the certification documents).
I can't find useful information how to fix this.
- Must I enable or change settings from the Application Server (where the services are deployed), because we installed the SOA suite with standard settings?
- Changes or settings in our JDveloper / BPEL process / Partnerlink?
- Use of Wallet Manager?
I hope somebody can help me.
Regards
Hakan
I get still a error when I try to deploy the service after importing the certificates in the both JDK's (JDeveloper and SOA Suite):
Error:
[Error ORABPEL-10903]: failed to read wsdl
[Description]: in "bpel.xml", Failed to read wsdl.
Error happened when reading wsdl at "C:\SOAPTEST\SendHeaderProcess\SSLTesting\zoekCurs\JDev\bpel\PortalServicesUU.wsdl", because "Error reading import of file:/C:/SOAPTEST/SendHeaderProcess/SSLTesting/zoekCurs/JDev/bpel/PortalServicesUU.wsdl: WSDL-bestand op "https://www.osiriswebservices2.universiteitutrecht.nl:9443/osipuu_osts/PortalServicesUU?WSDL" kan niet worden gelezen. De oorzaak is: javax.net.ssl.SSLHandshakeException. : sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".
Make sure wsdl exists at that URL and is valid.
[Potential fix]: If your site has a proxy server, then you may need to configure your BPEL Server, designer and browser with your proxy server configuration settings (see tech note on http://otn.oracle.com/bpel for instructions).
Anybody nows what te problem is? Thanks
Similar Messages
-
Calling secured webservice from java
Hi Experts,
I am trying to call a secured webservice from java.
I got the code to call a non secured web service in java.
What changes do i need to do in this to call a secured webservice.
Please help me.
Thank you
Regards
Gayaz
calling unsecured webservice
package wscall1;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.StringBufferInputStream;
import java.io.StringReader;
import java.io.StringWriter;
import java.io.Writer;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.Permission;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.serialize.OutputFormat;
import org.apache.xml.serialize.XMLSerializer;
import org.w3c.css.sac.InputSource;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
public class WSCall2 {
public WSCall2() {
super();
public static void main(String[] args) {
try {
WSCall2 ss = new WSCall2();
System.out.println(ss.getWeather("Atlanta"));
} catch (Exception e) {
e.printStackTrace();
public String getWeather(String city) throws MalformedURLException, IOException {
//Code to make a webservice HTTP request
String responseString = "";
String outputString = "";
String wsURL = "https://ewm52rdv:25100/Saws/SawsService";
URL url = new URL(wsURL);
URLConnection connection = url.openConnection();
HttpURLConnection httpConn = (HttpURLConnection)connection;
ByteArrayOutputStream bout = new ByteArrayOutputStream();
//Permission p= httpConn.getPermission();
String xmlInput =
"<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ser=\"http://www.ventyx.com/ServiceSuite\">\n" +
" <soapenv:Header>\n" +
" <soapenv:Security>\n" +
" <soapenv:UsernameToken>\n" +
" <soapenv:Username>sawsuser</soapenv:Username>\n" +
" <soapenv:Password>sawsuser1</soapenv:Password>\n" +
" </soapenv:UsernameToken>\n" +
" </soapenv:Security>" + "</soapenv:Header>" + " <soapenv:Body>\n" +
" <ser:GetUser>\n" +
" <request><![CDATA[<?xml version=\"1.0\" encoding=\"UTF-8\"?> \n" +
" <GetUser xmlns=\"http://www.ventyx.com/ServiceSuite\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">\n" +
" <UserId>rs24363t</UserId>\n" +
" </GetUser>]]>\n" +
" </request>\n" +
" </ser:GetUser>\n" +
" </soapenv:Body>\n" +
"</soapenv:Envelope>";
byte[] buffer = new byte[xmlInput.length()];
buffer = xmlInput.getBytes();
bout.write(buffer);
byte[] b = bout.toByteArray();
String SOAPAction = "GetUser";
// Set the appropriate HTTP parameters.
httpConn.setRequestProperty("Content-Length", String.valueOf(b.length));
httpConn.setRequestProperty("Content-Type", "text/xml; charset=utf-8");
httpConn.setRequestProperty("SOAPAction", SOAPAction);
// System.out.println( "opening service for [" + httpConn.getURL() + "]" );
httpConn.setRequestMethod("POST");
httpConn.setDoOutput(true);
httpConn.setDoInput(true);
OutputStream out = httpConn.getOutputStream();
//Write the content of the request to the outputstream of the HTTP Connection.
out.write(b);
out.close();
//Ready with sending the request.
//Read the response.
InputStreamReader isr = new InputStreamReader(httpConn.getInputStream());
BufferedReader in = new BufferedReader(isr);
//Write the SOAP message response to a String.
while ((responseString = in.readLine()) != null) {
outputString = outputString + responseString;
//Parse the String output to a org.w3c.dom.Document and be able to reach every node with the org.w3c.dom API.
Document document = parseXmlFile(outputString);
NodeList nodeLst = document.getElementsByTagName("User");
String weatherResult = nodeLst.item(0).getTextContent();
System.out.println("Weather: " + weatherResult);
//Write the SOAP message formatted to the console.
String formattedSOAPResponse = formatXML(outputString);
System.out.println(formattedSOAPResponse);
return weatherResult;
public String formatXML(String unformattedXml) {
try {
Document document = parseXmlFile(unformattedXml);
OutputFormat format = new OutputFormat(document);
format.setIndenting(true);
format.setIndent(3);
format.setOmitXMLDeclaration(true);
Writer out = new StringWriter();
XMLSerializer serializer = new XMLSerializer(out, format);
serializer.serialize(document);
return out.toString();
} catch (IOException e) {
throw new RuntimeException(e);
private Document parseXmlFile(String in) {
try {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder db = dbf.newDocumentBuilder();
InputSource is = new InputSource(new StringReader(in));
InputStream ins = new StringBufferInputStream(in);
return db.parse(ins);
} catch (ParserConfigurationException e) {
throw new RuntimeException(e);
} catch (SAXException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
} catch (Exception e) {
throw new RuntimeException(e);
static {
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() {
public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
if (hostname.equals("ewm52rdv")) {
return true;
return false;
}Gayaz wrote:
What we are trying is we are invoking webservice by passing SOAP request and we will get soap response back.I understand what you're trying to do, the problem is with tools you're using it will take a while for you do anything a little away from the trivial... Using string concatenation and URL connection and HTTP post to call webservices is like to use a hand drill... It may work well to go through soft wood, but it will take a lot of effort against a concrete wall...
JAX-WS and JAXB and annotations will do everything for you in a couple of lines and IMHO you will take longer to figure out how to do everything by hand than to learn those technologies... they are standard java, no need to add any additional jars...
That's my thought, hope it helps...
Cheers,
Vlad -
SSLHandshake failure : Calling external SSL webservice from WL10.3
Hi ,
I need to call an external SSL enabled webservice XXX . I have the certificate from webservice provider.
My client is deployed on Weblogic 10.3 . This client works fine from standalone as am using java ssl settings . But it fails when deployed on WL. I have used standard java ssl setting ..javax.net.ssl.trustStore etc.
Weblogic probably overrides java ssl settings and thus am getting below exception. I have tried by setting java ssl in JAVA_OPTIONS but still get the same error. Am not well versed with trustore and keystore and thus unable to understand the problem fundamentally .. I have a dev.pem and dev.pfx file given by XXX . WL in my case acts as a client and I want it as one way SSL configuration ie. client(WL) should not check server (XXX) certification
I have imported the certificate in DemoTrust.jks and not sure what should be imported in DemoIdentiy.jks..
Can someone help me to understand how can I configure my application deployed in weblogic to use keystore and trustore. Its kind of urgent and am struggling it with quite some time ...
Caused by: javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from tseiod-dev.xxx.com - 62.109.62.19. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.
This one is from weblogic console with ssl debug on ..
May 19, 2010 11:49:13 AM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 9879252>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 SSL3/TLS MAC>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 received HANDSHAKE>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 SSL3/TLS MAC>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 received HANDSHAKE>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 72465856653933152398554388484605014177
Issuer:C=SE, O=XXX Server e-Invoice Test System, CN=XXX Server e-Invoice Test System XXX Server CA
Subject:C=SE, O=XXX Server e-Invoice Test System, CN=tseiod-dev.xxx.com
Not Valid Before:Wed Aug 26 18:01:33 IST 2009
Not Valid After:Fri Aug 26 18:21:33 IST 2011
Signature Algorithm:SHA1withRSA
>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 8156897441280436316327587821418687967
Issuer:C=SE, O=XXX Server e-Invoice Test System, CN=XXX Server e-Invoice Test System XXX Server CA
Subject:C=SE, O=XXX Server e-Invoice Test System, CN=XXX Server e-Invoice Test System XXX Server CA
Not Valid Before:Tue Oct 10 17:26:39 IST 2006
Not Valid After:Sun Oct 10 17:46:39 IST 2021
Signature Algorithm:SHA1withRSA
>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 0>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 72465856653933152398554388484605014177
Issuer:C=SE, O=XXX Server e-Invoice Test System, CN=XXX Server e-Invoice Test System XXX Server CA
Subject:C=SE, O=XXX Server e-Invoice Test System, CN=tseiod-dev.xxx.com
Not Valid Before:Wed Aug 26 18:01:33 IST 2009
Not Valid After:Fri Aug 26 18:21:33 IST 2011
Signature Algorithm:SHA1withRSA
>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 8156897441280436316327587821418687967
Issuer:C=SE, O=XXX Server e-Invoice Test System, CN=XXX Server e-Invoice Test System XXX Server CA
Subject:C=SE, O=XXX Server e-Invoice Test System, CN=XXX Server e-Invoice Test System XXX Server CA
Not Valid Before:Tue Oct 10 17:26:39 IST 2006
Not Valid After:Sun Oct 10 17:46:39 IST 2021
Signature Algorithm:SHA1withRSA
>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 0>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 0>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (0): NONE>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Performing hostname validation checks: tseiod-dev.xxx.com>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 SSL3/TLS MAC>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 received HANDSHAKE>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: CertificateRequest>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <No suitable identity certificate chain has been found.>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 7>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm SHA>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm AES/CBC/NoPadding>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 134>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm AES/CBC/NoPadding>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 16>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 SSL3/TLS MAC>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 received ALERT>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 40
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown SouNope same result .. sligtly trace changed to
May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 0>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 0>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (0): NONE>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Performing hostname validation checks: tseiod-dev.trustweaver.com>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <16021143 SSL3/TLS MAC>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <16021143 received HANDSHAKE>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: CertificateRequest>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <No suitable identity certificate chain has been found.>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 7>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm SHA>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm AES>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm RSA/ECB/PKCS1Padding>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 134>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm AES>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACSHA1>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 16>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <16021143 SSL3/TLS MAC>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <16021143 received ALERT>
<May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 40
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
What does this implies ----- "No suitable identity certificate chain has been found".
The console does show certificate is loaded from DemoTrust.jks and it prints the details also on console . Is there anything missing from admin console. Will importing certificate to jrockit BEA_HOME\JROCKI~1\jre\lib\security\cacerts help ? -
Securing webservice call from to siebel
Hi,
We have implemented OPA with siebel integration, where in we launch OPA from siebel.OPA calls a webservice on siebel which fetches data from siebel. We want that weservice call to be secured i.e. to use https and not http. Anybody have any idea in doing this. The url in siebel-data-adapter file has to be https and not http.Ecstasy wrote:
Hi,
We have implemented OPA with siebel integration, where in we launch OPA from siebel.OPA calls a webservice on siebel which fetches data from siebel. We want that weservice call to be secured i.e. to use https and not http. Anybody have any idea in doing this. The url in siebel-data-adapter file has to be https and not http.There are two parts to solving this problem.
Part 1: ( setting up the Siebel Inbound web service so it runs through HTTPS. You should consult the Siebel documentation for this and it will require running HTTPS with a certificate through something like apache or IIS (for windows).
Part 2: Once you have the inbound web services running under HTTPS, you can set the URL in the siebel-data-adapter properties to point to the HTTPS service, however, when you make a call from Web Determinations to Siebel. It will probably fail with a an exception. This will probably happen if you have used an self-signed or untrusted certificate.
The second part of this problem is setting up the java run-time environment to accept the certificate that the HTTPS service is using (set up under part 1). There are several different ways of doing this, but I found the following the easiest.
1. get the public part of the certificate.
2. create a keystore/truststore and add that certificate (or add to existing keystore).
3. point the jvm to that truststore , You do this through setting java system properties.
Example Java properties
In the example below, I have put the public certificate into a keystore called "siebel_wd_keystore" and I want to point my apache-tomcat to use that as a trust store. The system properties that need to be set are as follows.
-Djavax.net.ssl.trustStore="C:\trust_store\siebel_wd_keystore"
-Djavax.net.ssl.trustStorePassword=siebel Because this is tricky there is a very useful system property that you can set, that will give you lots of debugging information about SSL. If its not working, setting this property give you a lot more information in your logs.
-Djavax.net.debug=sslIf the setting above doesnt seem to give you more information, thats probably a sign that you aren't setting the system properties correctly for your application server. -
Secured webservice java net socketexception ssl implementation not avail
Hi all,
i am trying to call a secured webservice (which has authentication and trusted certificate) from plsql by using a java stub generated using JDeveloper 10.1.
I called the java method using a wrapper procedure for the java class in plsql.
While trying to call the webservice i am gettting the following exception
SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.net.SocketException: SSL >>implementation not available; targetException=java.lang.IllegalArgumentException: Error opening socket: >>java.net.SocketException: SSL implementation not available
*** 2010-02-06 18:32:14.155
at org.apache.soap.transport.http.SOAPHTTPConnection.send(SOAPHTTPConnection.java:436)
at org.apache.soap.messaging.Message.send(Message.java:125)
The problem happens only when i call a secured webservice, whereas i can able to call the certificate less common webservices. Please provide a way to proceed.
Thanks,
Ramesh.RThe name of this forum is "Database - General" not "Java and SOAP and stuff"
Please change the subject to "Please Ignore" and post in the correct Java group.
Thank you. -
Calling A Secured webservice using Username and password in the Soap header
I want to call a secured webservice.
The Username and password should be sent with the payload in the SOAP Header
as
<wsse:Security S:mustunderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="SecurityToken-XXXXXXXXXXXXXXXXXXXXXXXXX" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>uname</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
Can you please send me the steps?
I tried with giving the username and password under Service Account.
I tried to create a wspolicy under business service. But nothing works...
Please help me at the earliest.
Also please give me steps in sequence.Now i made sure that the endpoint is available!
Now am getting this error:
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>BEA-380002: localhost1</faultstring>
<detail>
<con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-380002</con:errorCode>
<con:reason>localhost1</con:reason>
<con:location>
<con:node>RouteNode1</con:node>
<con:path>request-pipeline</con:path>
</con:location>
</con:fault>
</detail>
</soapenv:Fault>
Also in the invocation trace i can observe the following things:
Under Invocation Trace:-
========================
Receiving request =====> Initial Message context
===============================================
under added header:-
==================
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
</soap:Header>
under RouteNode1
================
Route to "TargetMyService_BS"
$header (request):-
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
</soap:Header>
Under Message Context changes:-
*===============================*
I can find this element also:-
con:security>
*<con:doOutboundWss>false</con:doOutboundWss>*
*</con:security>*
eventhough we enabled ws security, how the above tag can be false?
I think its getting failed to populate the header with the required login credentials.
The other doubt i have is:-
=================
I have chosen the service account type is static...is this right? -
Firewall Setting NoRouteToHostException while calling secured webservice
Hi All,
I tried calling a secured webservice from oracle database. While calling the webservice i am getting the NoRouteToHostException exception. The possible cause for this exception is
"Signals that an error occurred while attempting to connect a socket to a remote address and port. Typically, the remote host cannot be reached because of an intervening firewall, or if an intermediate router is down. "
I found the ipaddress is correct.
I would like to know the cause "intervening firewall". Will any port has to be enable in oracle database to call secured webservice from the Database or where to check in the database for firewall setting
Thanks,
Ramesh.RRamesh_R wrote:
I tried calling a secured webservice from oracle database.
HTTPS protocol in other words?
While calling the webservice i am getting the NoRouteToHostException exception. The possible cause for this exception is "Signals that an error occurred while attempting to connect a socket to a remote address and port. Typically, the remote host cannot be reached because of an intervening firewall, or if an intermediate router is down. "Not an Oracle issue and not really relevant to this forum (or any other forum on OTN I think). This is a straightforward network issue dealing with routing tables it seems to me.
The error simply means that the application (PL/SQL in Oracle server when using UTL_HTTP) references an IP address that does not exist locally (different subnet/netmask) and that the IP packets need to be routed (via an "+intermediary+") in order to reach that IP address.
I would like to know the cause "intervening firewall". Will any port has to be enable in oracle database to call secured webservice from the Database or where to check in the database for firewall settingYou should look at the local routing table on the server. For example, your server is IP address +196.1.83.100+ and you need to reach IP address +165.147.45.30+.
The server's IP stack needs to know where to send traffic for +165.147.45.30+ to? Which interface on the server to use (there can be multiple)? What is the address of the router that will route the traffic to this IP?
Let's say we use the primary (first) interface and that the routing is done by +196.43.4.1+. The server's routing table on the should then look something as follows:
oracle@myserver ~> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
165.147.45.30 196.43.4.1 255.255.255.255 UGH 0 0 0 eth0
.. remaining entries..The "+route add+" command is used to add such a route to the routing table.
I suggest however that you discuss this first with the o/s or network administrator to ensure that the routing table is not only correctly updated, but that the server is configured to create this route automatically at boot time. -
Weblogic app server wsdl web service call with SSL Validation error = 16
Weblogic app server wsdl web service call with SSL Validation error = 16
I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
Cannot complete the certificate chain: No trusted cert found
Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
Validation error = 16
From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
Here is how I load trustStore and keyStore in my java program:
System.setProperty("javax.net.ssl.trustStore",”cacerts”);
System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
System.setProperty("javax.net.ssl.trustStoreType","JKS");
System.setProperty("javax.net.ssl.keyStoreType","JKS");
System.setProperty("javax.net.ssl.keyStore", keyStoreName);
System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd); System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
Here is how I create cacerts using verisign hierarchy certs (in this order)
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
Because my program is a weblogic app server, when I start the program, I have java command line options set as:
-Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.SSL.enforceConstraints=strong
That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
1. Do I create “cacerts” the correct order with right keeltool options?
2. Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
3. Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
4. Do I need to put the “cacerts” to some specific weblogic directory?
---------------------------------wsdl file
<wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
<wsp:Policy wsu:Id="TokenServices_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="true"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
<xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="ITokenServices_GetUserToken_InputMessage">
<wsdl:part name="parameters" element="tns:GetUserToken"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
<wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
<wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
<wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
</wsdl:message>
<wsdl:portType name="ITokenServices">
<wsdl:operation name="GetUserToken">
<wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
</wsdl:operation>
<wsdl:operation name="GetSSOUserToken">
<wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="TokenServices" type="tns:ITokenServices">
<wsp:PolicyReference URI="#TokenServices_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="GetUserToken">
<soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetSSOUserToken">
<soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="TokenServices">
<wsdl:port name="TokenServices" binding="tns:TokenServices">
<soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
<wsa10:EndpointReference>
<wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
----------------------------------application log
adding as trusted cert:
Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
at javax.xml.ws.Service.<init>(Service.java:56)
at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
at javax.xml.ws.Service.<init>(Service.java:56)
at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>I received a workaround by an internal message.
The how to guide is :
-Download the wsdl file (with bindings, not the one from ESR)
-Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
-Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
-Create a new logicial destination that point to the wsdl file modified
-Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
Then the received data is check by the metadata logical destination but the data is retrieved from the correct server. -
WL 7.0 Client Invoking a secure webservice
Hi
I am having trouble invoking a secure webservice(https) and I turned on the
debug mode and I see the following :
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLSocket will be Muxing>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLIOContextTable.findConte
xt(is): 6760150>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 readRecord()>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 received HANDSHAKE>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHel
lo>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 readRecord()>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 received HANDSHAKE>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certifica
te>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls
.record.alert.Alert@43af8c Severity: 2 Type: 42
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:241)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <write ALERT offset = 0 leng
th = 2>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <close(): 4648875>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <Exception during handshake,
stack trace follows
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unusea
ble certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls
.record.alert.Alert@3a191e Severity: 2 Type: 40
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:241)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
>
<Jun 7, 2004 3:03:49 PM CDT> <Debug> <TLS> <000000> <SSLIOContextTable.removeCon
text(ctx): 1346512>
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust fai
lure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
javax.xml.rpc.JAXRPCException: failed to create service
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:99)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
My Client is pretty straightword and follows the weblogic sample
'Dynamic client using WSDL'
Pls. help
-MaxC:\Aears>java -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
-Djavax.xml.rpc.ServiceFactory=weblogic.webservice.core.rpc.ServiceFactoryImpl
-Dweblogic.StdoutDebugEnabled=true -Dweblogic.webservice.security.verbose=true
Dweblogic.webservice.client.verbose=true -Dssl.debug=true TestClient
"Michael Wooten" <[email protected]> wrote:
>
Can you show us your command line?
"Max" <[email protected]> wrote:
Hi
I am having trouble invoking a secure webservice(https) and I turned
on the
debug mode and I see the following :
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLSocket willbe
Muxing>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLIOContextTable.findConte
xt(is): 6760150>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated:
fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <isMuxerActivated:
false>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated:
fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 readRecord()>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 received
HANDSHAKE>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE:
ServerHel
lo>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated:
fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <isMuxerActivated:
false>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated:
fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 readRecord()>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 received
HANDSHAKE>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE:
Certifica
te>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls
.record.alert.Alert@43af8c Severity: 2 Type: 42
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:241)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <write ALERT offset
= 0 leng
th = 2>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <close(): 4648875>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <Exception during
handshake,
stack trace follows
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt
or unusea
ble certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls
.record.alert.Alert@3a191e Severity: 2 Type: 40
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:241)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
>
<Jun 7, 2004 3:03:49 PM CDT> <Debug> <TLS> <000000> <SSLIOContextTable.removeCon
text(ctx): 1346512>
java.io.IOException: Write Channel Closed, possible SSL handshakingor
trust fai
lure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
javax.xml.rpc.JAXRPCException: failed to create service
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:99)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
My Client is pretty straightword and follows the weblogic sample
'Dynamic client using WSDL'
Pls. help
-Max -
Invoke the secured webservice from BPEL in Solaris environment
Hi All,
Can any one tell me how to invoke the secured webservice from BPEL in Solaris environment as i am able to invoke the secured web service from BPEL in windows platform(soa suite 10.1.3.4).
we have applied 10.1.3.4 patch on solaris environment but we are not able to invoke the same.
Thanks in advance
Regards,
Nagaraju .DHi Nagaraju,
Read your post.We've somewhat the similar problem as yours as we are facing some error while invoking a WS-Security secured web service from our BPEL Process on the windows platform(SOA 10.1.3.3.0).
For the BPEL process we are following the same steps as given in an AMIS blog : - [http://technology.amis.nl/blog/1607/how-to-call-a-ws-security-secured-web-service-from-oracle-bpel]
but sttill,after deploying it and passing values in it,we are getting the following error on the console :-
“Header [http://schemas.xmlsoap.org/ws/2004/08/addressing:Action] for ultimate recipient is required but not present in the message”
As you have wriiten that you've already called a secured web service in windows platform ,so if you can please help me out in this issue.
I've opened a separate thread for this to avoid confusion. :-
Error while invoking a WS-Security secured web service from Oracle BPEL..
Thanks,
Saurabh -
Oracle SOA Suite 10.1.3.1: Invoke a secure webservice
Hi,
How can i invoke a secure Webservice (the webservice is implemented as a Security Token Service that accepts RST messages and replies with RSTR messages [ws-trust]) using BPEL and OWSM (Oracle SOA Suite 10.1.3.1) .
The Service authenticates the user by verifying the validity of the user’s (client) X.509 certificate und return a saml assertion. This assertion confirms the user’s identity, and the successful authentication process.
Any approcahes or Ideas how to implement this?
thanks in advance
PatHi,
How can i invoke a secure Webservice (the webservice is implemented as a Security Token Service that accepts RST messages and replies with RSTR messages [ws-trust]) using BPEL and OWSM (Oracle SOA Suite 10.1.3.1) .
The Service authenticates the user by verifying the validity of the user’s (client) X.509 certificate und return a saml assertion. This assertion confirms the user’s identity, and the successful authentication process.
Any approcahes or Ideas how to implement this?
thanks in advance
Pat -
Greetings,
After spending some time searching the docs and several dev2dev newsgroups I haven't been able to find a clear cut answer to an urgent question:
I have a two webservices, the client (.jpd) and the server (.jws) which are installed on a separate weblogic 8.1 instances on different machines. The requirement is that the webservices must communicate with one another only over a 2-Way SSL connection.
My question is how to setup this 2-way SSL configuration between the client and sever webservices. Do I need to write code or can I configure it using the web.xml files of the two webservies? I don't think it would make sense to configure the two weblogic instances to always use 2-WaySSL (via the startup script or config.xml), in which case the webservies might not inherit the truststore and other SSL connfiguration of the respective instances.
If someone has already solved this problem, I would appreaciate to hear from you. This is an urgent problem and I am stumped. Any help would be appreciated!
RegardsHi,
I am trying to use 2 way ssl using webservices client , here is my code :
AxisProperties.setProperty("org.apache.axis.components.net.SecureSocketFactory","org.apache.axis.components.net.SunFakeTrustSocketFactory");
SSLAdapterFactory factory = SSLAdapterFactory.getDefaultFactory();
WLSSLAdapter adapter = (WLSSLAdapter) factory.getSSLAdapter();
// clientCredentialFile stores in PEM format the public key and
// all the CAs associated with it + then the private key. All this in // a concatenated manner
FileInputStream clientCredentialFile = new FileInputStream ("C:\\sslcert\\client-pub3.pem");
// private key password
String pwd = "password";
adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
adapter.setVerbose(true);
adapter.setTrustedCertificatesFile("C:\\certificate\\server\\server.jks");
adapter.setStrictCheckingDefault(false);
factory.setDefaultAdapter(adapter);
factory.setUseDefaultAdapter(true);
boolean idAvailability = false;
UNSLocator locator = new UNSLocator();
URL portAddress = new URL("https://localhost:7002/smuSSWeb/UNSResponse.xml");
UNSPort unsprt = locator.getUNSPort(portAddress);
idAvailability = unsprt.isIDAvailable("Yulin125", "C");
System.out.println("Got from method :"+idAvailability);
After runing this code i am getting the following exception :
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.net.SocketException: Software caused connection abort: socket write error
faultActor:
faultNode:
faultDetail:
I am using .pem (clientsigned,clientinter,clientroot, root-key) files for client authentication and i am using server.jks as a keystore for my server authentication.Once i run this code , i am able to present the server certificate chain to the client but i am not able to present the client certificate chain to server.
I am stuck with for quite sometime.
Some insight needed from the guru's -
Securing webservices with SAML
Hi everybody,
I'm trying to protect web services with SAML assertions using AM 7.1, I've alredy try to deploy some tutorials and samples provided by netbeans 6.0, AM7.1 and Java EE SDK, but I'm facing a lot of problems, I also found many contradictions between the tutorials and official Sun documentation and at this point I'm very confused
It's really possible to implement web services security with SAML using AM 7/7.1 +AppServer 8.1/8.2 in the way Securing Identity Web Services tutorial/lab (http://www.javapassion.com/handsonlabs/IdentityWebServices/) do it???
in many tutorials and official Sun documents I found the library amWebServicesProvider.jar that is supposed to be the Sun Java Access Manager Policy Agent 2.2, this library it's supposed to implement the JSR196(Java Authentication Service Provider Interface for Containers), using this library imply modifications to the server.policy and domain.xml files, in order to add support for SOAP and HttpServlet message security providers.
I've tryed to modify the server.policy in AppServer 8.1/8.2, but I found it's only possible to add support for SOAP message security providers, trying to add HttpServlet mesage security providers makes AppServer crash at the init. How can I add support for HttpServlet message security provider???
library amWebServicesProvider.jar its supposed to be the Policy Agent 2.2 and its currently bundled with Java EE SDK, but the currrent relese of the Policy Agent 2.2 for SJAS 8.1/8.2 does not includes this library. Does someone know where to download this release of Policy Agent and also at least an installation guide???
in the AM side, I'm refering to AM ( shall I say "THE HALF AM" ?) bundled with Java EE SDK I found that many agents are created at the installation time, this agents in combination with the library amWebServicesProvider.jar supposly protect the web services, these agents are not common agents, I'm refering to the agents usually we create following the Policy Agent installation guide where we only put agent name, password, a description (optional) and checkbox Device Status to true, the agents created in "THE HALF AM" are created with a lot of aditional properties despite the fact that Sun Java System Access Manager 7.1 Administration Guide(http://docs.sun.com/app/docs/doc/819-4670/gavwo?a=view)
says that only one property (agentRootURL) is valid and all other properties will be ignored
my real question is:
It's really possible_+ to implement web services security with SAML using AM 7/7.1 +AppServer 8.1/8.2, I mean, using REAL TECHNOLOGIES+_, in the way Securing Identity Web Services tutorial/lab (http://www.javapassion.com/handsonlabs/IdentityWebServices/) do it???
Any help is aprecciated
regardsHi,
I have installed Glashfish 9.1 and NetBeans 6.0 seperately on Windows XP, and want to configure the Access Manager 7.1 and Policy Agent 2.2 to run the Blue Prints for Secured WebServices.
If I install the Access Manager from jdk15 version of AccessManager7_1RTM from Sun site, AM gets installed properly, but StockQuoteService blueprint not deployed properly (throws exceptions even after configuring the amWebServicesProvider.jar and amclientsdk.jar manually). But the AM documentation refers to the installation for Solaris not for Windows platform. I am not sure my configuration of amWebServicesProvider.jar is valid or not.
I ran the blueprint StockQuoteService and StockQuoteClient successfully with all the variations of WSSecurities when I installed using the "java-tools-bundle-update3-beta-windows.exe" application which installs all the Glashfish, NetBeans, AM, OpenESB, Portal etc and configures automatically after installation and Start of Glasfish server.
I have even tried to install the AM and configure from the "access_manager-7_1-p1-ea-b5" download installer, but it throws "ClassNotFoundException: com.sun.identity.setup.AMSetupFilter" exception when i deployed the amserver.war file.
My requirement is, to run the AccessManager and have secured WebServices working properly when installed individually the Glashfish, AccessManager etc.
Can anyone point me where i get the AccessManager 7.1 for Windows XP, and integrate with Glashfish 9.1, and able to run the blueprints StockQuoteService and StockQuoteClient with SAML and LibertyBeareToken security pofiles.
Thanks in advance for the help,
krishna -
HELP - SSL Secure Server Issue (SSL_ERROR_NO_CYPHER_OVERLAP)
My attempts to enable SSL functionality on my app server has failed. When I hit the site from a browser using "https://servername", this error appears in the app server log:
[28/May/2003:11:19:55] SEVERE (11476): HTTP3068: Error receiving request from 10.147.82.44 (SSL_ERROR_NO_CYPHER_OVERLAP: no common encryption algorithm(s) with client)
I have already taken the following steps:
-generate request from web server
-obtain cert from CA
-install cert on web server
-create https listener on web server
-enable ssl on web server
-install CA cert on web browser
-lowered encryption level on app server (SSL2, SSL3 in addition to SSL3/TLS)
Anybody experience something similar? Any tips?You can check the <b>ssl</b> and <b>tls</b> prefs on the about:config page.
If any ssl or tls pref is bold (user set) then right-click that pref and choose "Reset" to reset the pref to the default value.
Paste this regular expression in the Search bar at the top of the about:config page:
*<b>/security.*ssl|security.*tls/</b>
You can open the <b>about:config</b> page via the location/address bar.
You can accept the warning and click "I'll be careful" to continue.
*http://kb.mozillazine.org/about:config
You can also try to delete the cert8.db file in the Firefox profile folder to remove all intermediate certificates that Firefox automatically stores when you visit a web server.
You can use this button to go to the currently used Firefox profile folder:
*Help > Troubleshooting Information > Profile Directory: Open Containing Folder
*http://kb.mozillazine.org/Profile_folder_-_Firefox -
SSL secured listener with Netweaver possible
Is it possible to use a ssl-secured listener (protocol=tcps) together with sap netweaver (abap and/or java)?
Is there significant loss of i/o throughput to be expected?
A notes search for SSL or TCPS on BC-DB-ORA did not show results.I believe it should be possible to use ssl connection. Never tried it, but I think it should work since it is a matter between Oracle Client and listener and has nothing to do with SAP application server.
If you security requirements are such that you must encrypt traffic, and if you do not want to mess with tnsnames.ora, wallet and stuff then you might consider using some generic tunneling techniques.
And it definitely will have some performance impact.
... just my two cents.
Maybe you are looking for
-
How do you sort your Photostream Events in iPhoto?
I have my photostream photos automatically imported to iPhoto on my iMac - so I have lots of "events" with names like March 2013 photostream or July 2014 photostream. In each of these events, there are often a whole group of photos that belong toget
-
Hi, Hope you're well. I'd like to create a few paragraphs that have the same treatment as the one I have attached. The key thing is to have the first letter of the first word of each line line-up under each other so that the left margin creates the a
-
How to get a replacement mounting materials for a A1347 Mac Mini HD
Hello, I have purchased two Unibody Mac Mini's (A1347) on eBay (one 2010 and one 2011) and both have had the hard drives removed. Now hard drives are easier to replace, but the Unibody Mac's require a rubber or plastic cover and two mounting screws.
-
Artwork Frustration! Anyone know a fix?
I've read many threads on this but cannot find a fix. I, too, have the same issue where I can't seem to manually add artwork to many full length albums, all singles, and full length albums with few songs (7 songs or less). I've tried the old way of j
-
Upgraded computer, found music files but not my playlists
I upgraded my computer recently and had to reinstall itunes. I found my music files and imported them back into itunes, apps included, but my playlists were not there. I also tried syncing my iphone, which has the playlists and it said it synced bu