Attach Certificate to Java Client
Hi
Need to attach a certificate to a java client but facing following error
java.lang.SecurityException: Can not find public key for alias: "lahoticlient"
at weblogic.wsee.security.util.CertUtils.getCertificate(CertUtils.java:106)
at weblogic.wsee.security.bst.ClientBSTCredentialProvider.<init>(ClientBSTCredentialProvider.java:47)
at weblogic.wsee.security.bst.ClientBSTCredentialProvider.<init>(ClientBSTCredentialProvider.java:30)
at
The same thing works fine if I use method given here: http://dev2dev.bea.com/pub/a/2007/06/securing-web-services.html?page=2
The difference between the above method & mine is that I already have a .cer file which i am using to generate .jks while in the example .jks is first generated
Am I doing something creepy..??
1) keytool -import -keystore lahotiClient.jks -storepass clientPass -alias lahoticlient -keypass clientKeyPass -file C:\lahotiCA.cer -trustcacerts
2)keytool -export -alias lahotiClient -file lahotiClientCert.der -keystore lahotiClient.jks -storepass clientPass
3)keytool -import -alias lahotiClient -file lahotiClientCert.der -keystore jre\lib\security\cacerts
In client Code it breaking here saying no public key found for alias lahoticlient
CredentialProvider cp = new ClientBSTCredentialProvider("C:\\lahotiClient.jks", "clientPass", "lahoticlient", "clientKeyPass");
How about this:
I create the keystore with alias ks_alias
C:\>keytool -genkey -keyalg RSA -keystore C:\ks1205a.jks -storepass kspass -alias ks_alias -keypass ks_keypass -dname "CN=Client, OU=WEB, C=US" -keysize 1024 -validity 1460 -sigalg MD5withRSAI create a celf signed certificate for that alias
C:\>keytool -selfcert -keyalg RSA -keystore C:\ks1205a.jks -storepass kspass -alias ks_alias -keypass ks_keypass -dname "CN=Client, OU=WEB, C=US" -keysize 1024 -validity 1460 -sigalg MD5withRSA -vI then assign this keystore to my server which in this case is weblogic.
I export that certificate from the keystore to ks1205b.cer
C:\keytool -export -alias ks_alias -file c:\ks1205b.cer -keystore c:\ks1205a.jks -storepass kspass -vI create a new keystore which is my client keystore by importing the ks1205b.cer file
C:\>keytool -import -alias ks_alias -file c:\ks1205b.cer -keypass ks_keypass -keystore c:\ks1205clienta.jks -storepass kspass -vNow I would think that the public key for the alias "ks_alias" would be found, but it still gives me the error "*Can not find public key for alias: "ks_alias"*"
If I am missing the point, could you let me know where I am going wrong?
Edited by: code4life on Dec 5, 2007 8:44 AM
Similar Messages
-
Connecting Java client to SSL server with existing certificates
I am currently trying to connect my Java client to an existing server application
written in C++. I have been provided the needed certificates (root.pem, server.pem,
and client.pem). My code simply creates a SSLSocket and then attempts to read
from it. Something goes wrong during the handshake process and I get a SSLHandshakeException. The certificates have been added to the keystore
I am using, and I do not know any other action to take.
Here is the debug output:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: keystore.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=test, O=company-USA, L=City, ST=AL, C=US
Issuer: [email protected], CN=company Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167aa
Valid from Tue Sep 12 09:42:01 CDT 2006 until Thu Oct 12 09:42:01 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Issuer: [email protected], CN=ISAC Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ab
Valid from Tue Sep 12 09:49:12 CDT 2006 until Thu Oct 12 09:49:12 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=company Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Issuer: [email protected], CN=company, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xf6e3ada87dc4004f
Valid from Tue Sep 12 09:40:32 CDT 2006 until Thu Oct 12 09:40:32 CDT 2006
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
SSL socket created
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1158089181 bytes = { 138, 112, 170, 91, 246, 86, 216, 146, 160, 188, 243, 154, 238, 132, 33, 219, 251, 3, 93, 25, 191, 247, 41, 14, 99, 135, 130, 23 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 79
0000: 01 00 00 4B 03 01 45 07 0A DD 8A 70 AA 5B F6 56 ...K..E....p.[.V
0010: D8 92 A0 BC F3 9A EE 84 21 DB FB 03 5D 19 BF F7 ........!...]...
0020: 29 0E 63 87 82 17 00 00 24 00 04 00 05 00 2F 00 ).c.....$...../.
0030: 35 00 33 00 39 00 32 00 38 00 0A 00 16 00 13 00 5.3.9.2.8.......
0040: 09 00 15 00 12 00 03 00 08 00 14 00 11 01 00 ...............
Client Thread, WRITE: TLSv1 Handshake, length = 79
[write] MD5 and SHA1 hashes: len = 107
0000: 01 03 01 00 42 00 00 00 20 00 00 04 01 00 80 00 ....B... .......
0010: 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 00 00 ..../..5..3..9..
0020: 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 00 13 2..8............
0030: 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02 .....@..........
0040: 00 80 00 00 08 00 00 14 00 00 11 45 07 0A DD 8A ...........E....
0050: 70 AA 5B F6 56 D8 92 A0 BC F3 9A EE 84 21 DB FB p.[.V........!..
0060: 03 5D 19 BF F7 29 0E 63 87 82 17 .]...).c...
Client Thread, WRITE: SSLv2 client hello message, length = 107
[Raw write]: length = 109
0000: 80 6B 01 03 01 00 42 00 00 00 20 00 00 04 01 00 .k....B... .....
0010: 80 00 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 ....../..5..3..9
0020: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 ..2..8..........
0030: 00 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00 .......@........
0040: 03 02 00 80 00 00 08 00 00 14 00 00 11 45 07 0A .............E..
0050: DD 8A 70 AA 5B F6 56 D8 92 A0 BC F3 9A EE 84 21 ..p.[.V........!
0060: DB FB 03 5D 19 BF F7 29 0E 63 87 82 17 ...]...).c...
Client Thread, received EOFException: error
Client Thread, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Client Thread, SEND TLSv1 ALERT: fatal, description = handshake_failure
Client Thread, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
Client Thread, called closeSocket()
Error: Remote host closed connection during handshake
Thread-4, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake(I am the original poster of this message, I had to create a new username though).
The original problem had to do with incompatibilities with the protocol and/or cipher suites
used. Now, the client and server perform most of the handshake process, but something
goes wrong as the server requests the client certificate. In other words, the server requires
mutual authentication, but for some reason it seems like my JSSE client won't send over
it's client certificate. I don't get any type of bad certificate exceptions, so I'm not sure
where the source of the error lies.
Updated output:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : keystore
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: truststore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=default, O="default Inc.", L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ab
Valid from Tue Sep 12 09:49:12 CDT 2006 until Thu Oct 12 09:49:12 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=default-Server, OU=HawkEye, O=default, L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ac
Valid from Tue Sep 12 14:42:28 CDT 2006 until Thu Oct 12 14:42:28 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xf6e3ada87dc4004f
Valid from Tue Sep 12 09:40:32 CDT 2006 until Thu Oct 12 09:40:32 CDT 2006
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1158242806 bytes = { 71, 195, 185, 44, 86, 96, 14, 11, 171, 76, 105, 135, 136, 114, 53, 54, 137, 75, 202, 254, 112, 208, 240, 91, 199, 246, 175, 207 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
Client Thread, WRITE: TLSv1 Handshake, length = 79
Client Thread, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1158242807 bytes = { 63, 93, 48, 73, 98, 251, 160, 215, 61, 110, 246, 12, 5, 209, 95, 194, 152, 193, 0, 181, 135, 26, 150, 174, 52, 92, 56, 250 }
Session ID: {83, 31, 134, 30, 76, 200, 183, 120, 7, 94, 26, 65, 186, 91, 197, 25, 10, 193, 94, 220, 198, 250, 162, 153, 6, 89, 12, 250, 66, 105, 249, 211}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
%% Created: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
Client Thread, READ: TLSv1 Handshake, length = 1903
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 164546130673614659100546464587508805401937082626997447139358150641653094778762702643605529386963945060462618417820295217144739538713137107756847225226998964727905246706969036839701385553183842454061172884072035749790213037240682893878786969498404371282074360019097248835858617183835587887295684928062301303789
public exponent: 65537
Validity: [From: Tue Sep 12 09:49:12 CDT 2006,
To: Thu Oct 12 09:49:12 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ b40b909f 74d167ab]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 EA 02 93 42 9E 44 D1 55 7D 2D 32 4B 9B 1C 6D ....B.D.U.-2K..m
0010: 63 6B 73 82 cks.
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: BF 60 5A 67 3E E6 F0 92 4F E4 81 6D 71 0A 2E E8 .`Zg>...O..mq...
0010: F3 59 A1 87 7B D1 3A 7A CB FF D6 39 63 79 B6 82 .Y....:z...9cy..
0020: 2A 22 D0 46 51 30 6B 2A 61 6B A0 4C F0 3B CE 5B *".FQ0k*ak.L.;.[
0030: 9C 1D 46 CB D7 C2 B2 23 E2 A5 06 CD 12 F8 A9 CB ..F....#........
0040: B5 A2 43 B1 06 4C 42 B5 67 F2 DF 50 6B BC 8A 5E ..C..LB.g..Pk..^
0050: 95 0D F3 2A 73 A8 5A C8 55 77 D7 36 74 16 9E 05 ...*s.Z.Uw.6t...
0060: 85 C6 DC 3C 44 D3 06 5E 47 0C 1F 80 40 30 C7 D8 ...<D..^G...@0..
0070: 8C 27 FF B9 0C 71 EB D4 31 5C 1F 15 A1 23 6F A2 .'...q..1\...#o.
chain [1] = [
Version: V3
Subject: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 140862286957037297158683104484469503810921697537964422595574798580128510755934413463045842414762254029728885690233847950678735782281077619629628663140568366247472189890316085560712610474766899389736269383565795688749374256479726939861138704211990111677657317335172626254520371267441364353295155431963634875809
public exponent: 65537
Validity: [From: Tue Sep 12 09:40:32 CDT 2006,
To: Thu Oct 12 09:40:32 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ f6e3ada8 7dc4004f]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: AB 84 38 1F 7B 71 D8 87 FF 24 DB C2 7E DC D0 0B ..8..q...$......
0010: 60 60 14 A8 F8 D5 46 AD 6B FC 33 90 6F 43 08 17 ``....F.k.3.oC..
0020: AE 2B EE 6C 2B 29 85 E2 A6 67 EE 5D A4 61 F3 9E .+.l+)...g.].a..
0030: E7 CA B1 27 F9 11 36 ED 93 05 7B E1 20 90 57 B5 ...'..6..... .W.
0040: C6 F9 8A 9D 50 CD B3 4A 54 DC 1B 52 EC EA 7A 0B ....P..JT..R..z.
0050: B6 E6 95 FD DD 80 BE 66 F0 77 F4 E7 9A 8A A3 EF .......f.w......
0060: 9B 68 57 0C 9C 4B 4C C0 24 C5 34 16 D3 8E 45 27 .hW..KL.$.4...E'
0070: CA 23 F1 E0 C5 5E FB FB AA 1C 21 6E CB 5B 57 D9 .#...^....!n.[W.
Found trusted certificate:
Version: V3
Subject: [email protected], CN=Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 164546130673614659100546464587508805401937082626997447139358150641653094778762702643605529386963945060462618417820295217144739538713137107756847225226998964727905246706969036839701385553183842454061172884072035749790213037240682893878786969498404371282074360019097248835858617183835587887295684928062301303789
public exponent: 65537
Validity: [From: Tue Sep 12 09:49:12 CDT 2006,
To: Thu Oct 12 09:49:12 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ b40b909f 74d167ab]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 EA 02 93 42 9E 44 D1 55 7D 2D 32 4B 9B 1C 6D ....B.D.U.-2K..m
0010: 63 6B 73 82 cks.
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: BF 60 5A 67 3E E6 F0 92 4F E4 81 6D 71 0A 2E E8 .`Zg>...O..mq...
0010: F3 59 A1 87 7B D1 3A 7A CB FF D6 39 63 79 B6 82 .Y....:z...9cy..
0020: 2A 22 D0 46 51 30 6B 2A 61 6B A0 4C F0 3B CE 5B *".FQ0k*ak.L.;.[
0030: 9C 1D 46 CB D7 C2 B2 23 E2 A5 06 CD 12 F8 A9 CB ..F....#........
0040: B5 A2 43 B1 06 4C 42 B5 67 F2 DF 50 6B BC 8A 5E ..C..LB.g..Pk..^
0050: 95 0D F3 2A 73 A8 5A C8 55 77 D7 36 74 16 9E 05 ...*s.Z.Uw.6t...
0060: 85 C6 DC 3C 44 D3 06 5E 47 0C 1F 80 40 30 C7 D8 ...<D..^G...@0..
0070: 8C 27 FF B9 0C 71 EB D4 31 5C 1F 15 A1 23 6F A2 .'...q..1\...#o.
Client Thread, READ: TLSv1 Handshake, length = 13
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
*** ServerHelloDone
*** Certificate chain
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 27, 159, 38, 131, 132, 24, 47, 148, 161, 90, 7, 39, 189, 28, 178, 156, 20, 151, 220, 192, 239, 182, 115, 234, 99, 225, 68, 250, 199, 173, 96, 181, 78, 180, 238, 37, 243, 72, 19, 91, 249, 11, 49, 83, 1, 150 }
Client Thread, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 1B 9F 26 83 84 18 2F 94 A1 5A 07 27 BD 1C ....&.../..Z.'..
0010: B2 9C 14 97 DC C0 EF B6 73 EA 63 E1 44 FA C7 AD ........s.c.D...
0020: 60 B5 4E B4 EE 25 F3 48 13 5B F9 0B 31 53 01 96 `.N..%.H.[..1S..
CONNECTION KEYGEN:
Client Nonce:
0000: 45 09 62 F6 47 C3 B9 2C 56 60 0E 0B AB 4C 69 87 E.b.G..,V`...Li.
0010: 88 72 35 36 89 4B CA FE 70 D0 F0 5B C7 F6 AF CF .r56.K..p..[....
Server Nonce:
0000: 45 09 62 F7 3F 5D 30 49 62 FB A0 D7 3D 6E F6 0C E.b.?]0Ib...=n..
0010: 05 D1 5F C2 98 C1 00 B5 87 1A 96 AE 34 5C 38 FA .._.........4\8.
Master Secret:
0000: 0E 63 38 16 86 A1 84 72 33 2C D7 07 D7 C3 AC E0 .c8....r3,......
0010: AD 5B CD 3B 2E 2A 02 91 1E FE 17 97 4E 3B 56 C3 .[.;.*......N;V.
0020: 5D 0F 7A 99 90 0D 3D 4E 5F 39 C5 EB 6E AD DA 71 ].z...=N_9..n..q
Client MAC write Secret:
0000: 99 32 FA 60 0B 88 36 CD 88 02 D5 4A CA D2 A6 49 .2.`..6....J...I
0010: 69 60 42 B6 i`B.
Server MAC write Secret:
0000: 43 3F 85 72 FB 6D 28 1C BA 1E 8A 26 56 DE 18 FB C?.r.m(....&V...
0010: 01 83 20 7F .. .
Client write key:
0000: 6F 58 29 AB B3 8C F5 75 3C 70 04 DF 9D 01 43 F5 oX)....u<p....C.
Server write key:
0000: 4A D7 E9 63 53 32 78 DF E0 99 89 60 A4 1A 3C E7 J..cS2x....`..<.
Client write IV:
0000: 24 FB 0E 12 AB D2 70 6D 80 B1 B2 BC 78 1A 55 88 $.....pm....x.U.
Server write IV:
0000: E4 75 62 25 46 95 0F 7A 44 16 E2 39 38 AD 29 CD .ub%F..zD..98.).
HawkEye Client Thread, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 98, 254, 245, 75, 252, 23, 91, 164, 67, 197, 69, 44 }
Client Thread, WRITE: TLSv1 Handshake, length = 48
Client Thread, READ: TLSv1 Alert, length = 2
Client Thread, RECV TLSv1 ALERT: fatal, handshake_failure
Client Thread, called closeSocket()
Client Thread, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Error: Received fatal alert: handshake_failure
Thread-4, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure -
Step by Step instructions importing Client Certificates on Java Engine
Hi All,
I am trying to configure a <b>Receiver</b> SOAP adapter with SSL, does anybody has step-by-step procedure on how to install the client certificates on Java Engine using Visual Administrator? and refer that keystore in SOAP adapter?
PI 7.0 SP 09
UNIX-Sun Soloris.
Thanks,
LaxmanHey Molugu,
you shouldn't have to install the client certificates on KeyStorage Service, for receiver adapters. The server's public certificate is sent just in the SSL handshaking. What you should have is the certificate authorization tree in your Trusted ACs Service (if the issuer of your client's certificate is not already there).
You need to install client certificates in sender adapters, when your client uses authentication through certificate. Then you need to install that authentication certificate for the authorized users.
Check the following link for SSL on J2EE: http://help.sap.com/saphelp_nw2004s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
Regards,
Henrique. -
How Server can read client side SSL certificates through java code?
My code will be running on server which will be a java class that should read any SSL certificates for the user that is logging in to the application.
Kindly let me know how it can be achieved ? I have very rare knowldge on Security. how i can read SSL certificates of the client machine.
Also let me know the possible solutions for above question.For my mud written in java, I used TCP/IP for the connections. When a client connects, he gets his own thread. Those threads are held in a vector in a manager class. each tick of the server does a quick run thru the vector and if the current thread/socket its on is null or !isAlive() its remove from the vector(which in turn removes it from getting any more game updates. This removal can be caused by two things. The clients disconnects by accident(kills his game, locks up has an internet connection hiccup, etc.) or he uses the games "quit" method. The quit method calls a method that does any player saving of data, etc then closes the socket, and sets it to null. thus the manager sees this and removes him frm the vecotr list on the next server tick. Seems to work great form a mud and worked really well in a multiplayer applet game I had up for a while.
-
Java Client AUthentication to IIS 5 server throwing no IV for Cipher error
I have trying to do Java client authentication. Got the Certificate from CA and loaded it in server. When I run the JavaClient program I get the
error no IV for Cipher.
I am using JDK 1.5.0_06 and JSSE 1.0.3_03.
Any help is greatly appreciated.
Thanks
Here is the debug report
trustStore is: C:\JTEST\cacerts
trustStore type is : JKS
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=devclient.test.com, OU=Mycompany, O=Second Data Corporation., L=San Francisco, ST=California, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x5b0bf
Valid from Thu Feb 16 06:23:37 PST 2006 until Sat Feb 17 06:23:37 PST 2007
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 17:19:54 PDT 1999 until Tue Jun 25 17:19:54 PDT 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 07:01:00 PDT 2000 until Sat May 17 16:59:00 PDT 2025
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 09:09:40 PDT 1999 until Sat May 25 09:39:40 PDT 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 11:46:00 PDT 2000 until Mon May 12 16:59:00 PDT 2025
adding as trusted cert:
Subject: CN=devclient.paymap.com, OU=First Data Corp, O=Paymap Inc, L=San Francisco, ST=California, C=USA
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Algorithm: RSA; Serial number: 0xe2501de73ac37428
Valid from Mon Feb 20 15:51:25 PST 2006 until Mon Mar 13 15:51:25 PST 2006
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 10:39:16 PDT 2004 until Thu Jun 29 10:39:16 PDT 2034
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 05:14:45 PDT 1999 until Sun Jun 23 05:14:45 PDT 2019
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 09:41:51 PDT 1998 until Wed Aug 22 09:41:51 PDT 2018
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1b6
Valid from Fri Aug 14 07:50:00 PDT 1998 until Wed Aug 14 16:59:00 PDT 2013
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a3
Valid from Fri Feb 23 15:01:00 PST 1996 until Thu Feb 23 15:59:00 PST 2006
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389b113c
Valid from Fri Feb 04 09:20:00 PST 2000 until Tue Feb 04 09:50:00 PST 2020
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 17:00:00 PDT 1996 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
Valid from Tue Nov 08 16:00:00 PST 1994 until Thu Jan 07 15:59:59 PST 2010
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x380391ee
Valid from Tue Oct 12 12:24:30 PDT 1999 until Sat Oct 12 12:54:30 PDT 2019
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389ef6e4
Valid from Mon Feb 07 08:16:40 PST 2000 until Fri Feb 07 08:46:40 PST 2020
adding as trusted cert:
Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Wed Aug 12 17:29:00 PDT 1998 until Mon Aug 13 16:59:00 PDT 2018
adding as trusted cert:
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 17:00:00 PDT 1996 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Mon May 20 21:00:00 PDT 2002 until Fri May 20 21:00:00 PDT 2022
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863b966
Valid from Fri Dec 24 09:50:51 PST 1999 until Tue Dec 24 10:20:51 PST 2019
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 10:06:20 PDT 2004 until Thu Jun 29 10:06:20 PDT 2034
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
trigger seeding of SecureRandom
done seeding SecureRandom
main, setSoTimeout(50000) called
TIMEOUT=50000
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1123703368 bytes = { 11, 7, 242, 147, 134, 10, 57, 192, 137, 131, 191, 249, 253, 146, 232, 223, 146, 195, 53, 255, 121, 236, 182, 158, 191, 94, 156, 190 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 873
*** ServerHello, TLSv1
RandomCookie: GMT: 1123703296 bytes = { 123, 165, 102, 102, 169, 196, 229, 241, 3, 49, 81, 239, 83, 155, 209, 243, 236, 229, 18, 193, 228, 104, 27, 152, 232, 193, 173, 11 }
Session ID: {147, 24, 0, 0, 22, 29, 124, 158, 177, 166, 96, 36, 217, 32, 191, 41, 36, 217, 54, 244, 11, 56, 214, 139, 133, 140, 38, 132, 157, 77, 87, 77}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=www.just-in-time-eft-paymap.com, OU=Paymap, O=First Data Corporation., L=San Francisco, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 115897801846480906504507305240934762652258285705294305856746227593079520228602278416768070978663757452626836382370415992468189745643687252249588163510925353035555192020212360325664657305599855674966873189987712512397233103225326014387972568754281141553272745093478026229567341632738641376167448499163118598699
public exponent: 65537
Validity: [From: Mon Sep 12 11:37:51 PDT 2005,
To: Sun Nov 12 11:37:51 PST 2006]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 057aa7]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FC 76 D2 8C C3 DE 0D 8F EA 32 26 60 83 C9 8B 9C .v.......2&`....
0010: C6 E6 BB 57 ...W
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.geotrust.com/crls/secureca.crl]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [SHA1withRSA]
Signature:
0000: 44 D7 B0 69 BF B0 AA 4D 5A 17 70 9C 37 BA 61 A2 D..i...MZ.p.7.a.
0010: 57 B4 34 85 6D 59 1F 82 72 34 9B 92 7D BD DF 27 W.4.mY..r4.....'
0020: CE 97 E3 CA AE 23 5D 85 3C 1A C6 19 D1 49 C2 3F .....#].<....I.?
0030: C6 E2 7E 97 8D 63 94 1E 04 AC 9F 5F 37 08 2A 96 .....c....._7.*.
0040: 1A 47 D1 9D 69 0C 71 6A F3 74 1C FF 7D 20 E1 CA .G..i.qj.t... ..
0050: 75 D0 45 84 2E 11 3C DD D4 73 25 38 76 27 E0 73 u.E...<..s%8v'.s
0060: 70 AC 70 0F A5 E3 5B 9D 7E 0E AB 6A 79 07 18 38 p.p...[....jy..8
0070: 5B A1 63 A2 89 8C 96 A1 50 36 4C D2 C6 D5 27 25 [.c.....P6L...'%
Found trusted certificate:
Version: V3
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
public exponent: 65537
Validity: [From: Sat Aug 22 09:41:51 PDT 1998,
To: Wed Aug 22 09:41:51 PDT 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
To: Wed Aug 22 09:41:51 PDT 2018]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 58 CE 29 EA FC F7 DE B5 CE 02 B9 17 B5 85 D1 B9 X.).............
0010: E3 E0 95 CC 25 31 0D 00 A6 92 6E 7F B6 92 63 9E ....%1....n...c.
0020: 50 95 D1 9A 6F E4 11 DE 63 85 6E 98 EE A8 FF 5A P...o...c.n....Z
0030: C8 D3 55 B2 66 71 57 DE C0 21 EB 3D 2A A7 23 49 ..U.fqW..!.=*.#I
0040: 01 04 86 42 7B FC EE 7F A2 16 52 B5 67 67 D3 40 ...B......R.gg.@
0050: DB 3B 26 58 B2 28 77 3D AE 14 77 61 D6 FA 2A 66 .;&X.(w=..wa..*f
0060: 27 A0 0D FA A7 73 5C EA 70 F1 94 21 65 44 5F FA '....s\.p..!eD_.
0070: FC EF 29 68 A9 A2 87 79 EF 79 EF 4F AC 07 77 38 ..)h...y.y.O..w8
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 82, 2, 69, 241, 210, 36, 175, 168, 76, 86, 170, 3, 158, 52, 89, 146, 84, 210, 223, 113, 212, 231, 129, 100, 177, 125, 116, 31, 97, 233, 150, 162, 161, 51, 168, 189, 14, 47, 83, 27, 67, 252, 172, 191, 102, 39 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 52 02 45 F1 D2 24 AF A8 4C 56 AA 03 9E 34 ..R.E..$..LV...4
0010: 59 92 54 D2 DF 71 D4 E7 81 64 B1 7D 74 1F 61 E9 Y.T..q...d..t.a.
0020: 96 A2 A1 33 A8 BD 0E 2F 53 1B 43 FC AC BF 66 27 ...3.../S.C...f'
CONNECTION KEYGEN:
Client Nonce:
0000: 43 FA 5A 48 0B 07 F2 93 86 0A 39 C0 89 83 BF F9 C.ZH......9.....
0010: FD 92 E8 DF 92 C3 35 FF 79 EC B6 9E BF 5E 9C BE ......5.y....^..
Server Nonce:
0000: 43 FA 5A 00 7B A5 66 66 A9 C4 E5 F1 03 31 51 EF C.Z...ff.....1Q.
0010: 53 9B D1 F3 EC E5 12 C1 E4 68 1B 98 E8 C1 AD 0B S........h......
Master Secret:
0000: 10 47 C2 16 13 58 4B 50 D3 D6 34 05 C8 C9 11 29 .G...XKP..4....)
0010: AD 90 0D 8F 9B BD C8 C1 FC CD BC 26 ED FB 26 84 ...........&..&.
0020: 04 0B 94 BC D2 4D 7D 71 E0 1E 08 10 59 38 B5 4E .....M.q....Y8.N
Client MAC write Secret:
0000: A5 66 C1 48 0E F1 18 2B 2B 7A F7 9B A4 6C D7 FA .f.H...++z...l..
Server MAC write Secret:
0000: 3B F5 04 FA AC 9C D7 ED 2E E7 36 44 80 FF 11 E2 ;.........6D....
Client write key:
0000: 7B 9F 56 A1 FC 3D BD 31 25 27 91 BB D0 66 66 0B ..V..=.1%'...ff.
Server write key:
0000: 2B 45 E2 19 E8 C8 61 5B 84 B8 94 76 A1 B4 9C 6E +E....a[...v...n
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 110, 253, 95, 109, 150, 89, 93, 140, 108, 186, 172, 188 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 70, 219, 18, 202, 105, 203, 83, 220, 151, 174, 102, 125 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, setSoTimeout(50000) called
main, WRITE: TLSv1 Application Data, length = 96
main, setSoTimeout(50000) called
main, READ: TLSv1 Handshake, length = 20
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 1130
*** ClientHello, TLSv1
RandomCookie: GMT: 1123703368 bytes = { 242, 6, 117, 127, 243, 197, 134, 82, 139, 54, 241, 243, 132, 22, 63, 136, 4, 180, 225, 8, 159, 55, 182, 105, 133, 226, 213, 167 }
Session ID: {147, 24, 0, 0, 22, 29, 124, 158, 177, 166, 96, 36, 217, 32, 191, 41, 36, 217, 54, 244, 11, 56, 214, 139, 133, 140, 38, 132, 157, 77, 87, 77}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 121
main, READ: TLSv1 Handshake, length = 11432
*** ServerHello, TLSv1
RandomCookie: GMT: 1123703296 bytes = { 168, 158, 224, 186, 230, 77, 9, 24, 237, 106, 203, 158, 176, 252, 249, 167, 73, 173, 69, 178, 115, 34, 96, 179, 191, 230, 178, 160 }
Session ID: {3, 27, 0, 0, 51, 252, 181, 131, 214, 28, 220, 247, 154, 175, 51, 237, 76, 111, 88, 78, 28, 105, 106, 114, 42, 51, 53, 144, 178, 93, 245, 127}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=www.just-in-time-eft-paymap.com, OU=Paymap, O=First Data Corporation., L=San Francisco, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 115897801846480906504507305240934762652258285705294305856746227593079520228602278416768070978663757452626836382370415992468189745643687252249588163510925353035555192020212360325664657305599855674966873189987712512397233103225326014387972568754281141553272745093478026229567341632738641376167448499163118598699
public exponent: 65537
Validity: [From: Mon Sep 12 11:37:51 PDT 2005,
To: Sun Nov 12 11:37:51 PST 2006]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 057aa7]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FC 76 D2 8C C3 DE 0D 8F EA 32 26 60 83 C9 8B 9C .v.......2&`....
0010: C6 E6 BB 57 ...W
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.geotrust.com/crls/secureca.crl]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [SHA1withRSA]
Signature:
0000: 44 D7 B0 69 BF B0 AA 4D 5A 17 70 9C 37 BA 61 A2 D..i...MZ.p.7.a.
0010: 57 B4 34 85 6D 59 1F 82 72 34 9B 92 7D BD DF 27 W.4.mY..r4.....'
0020: CE 97 E3 CA AE 23 5D 85 3C 1A C6 19 D1 49 C2 3F .....#].<....I.?
0030: C6 E2 7E 97 8D 63 94 1E 04 AC 9F 5F 37 08 2A 96 .....c....._7.*.
0040: 1A 47 D1 9D 69 0C 71 6A F3 74 1C FF 7D 20 E1 CA .G..i.qj.t... ..
0050: 75 D0 45 84 2E 11 3C DD D4 73 25 38 76 27 E0 73 u.E...<..s%8v'.s
0060: 70 AC 70 0F A5 E3 5B 9D 7E 0E AB 6A 79 07 18 38 p.p...[....jy..8
0070: 5B A1 63 A2 89 8C 96 A1 50 36 4C D2 C6 D5 27 25 [.c.....P6L...'%
Found trusted certificate:
Version: V3
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
public exponent: 65537
Validity: [From: Sat Aug 22 09:41:51 PDT 1998,
To: Wed Aug 22 09:41:51 PDT 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
To: Wed Aug 22 09:41:51 PDT 2018]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 58 CE 29 EA FC F7 DE B5 CE 02 B9 17 B5 85 D1 B9 X.).............
0010: E3 E0 95 CC 25 31 0D 00 A6 92 6E 7F B6 92 63 9E ....%1....n...c.
0020: 50 95 D1 9A 6F E4 11 DE 63 85 6E 98 EE A8 FF 5A P...o...c.n....Z
0030: C8 D3 55 B2 66 71 57 DE C0 21 EB 3D 2A A7 23 49 ..U.fqW..!.=*.#I
0040: 01 04 86 42 7B FC EE 7F A2 16 52 B5 67 67 D3 40 ...B......R.gg.@
0050: DB 3B 26 58 B2 28 77 3D AE 14 77 61 D6 FA 2A 66 .;&X.(w=..wa..*f
0060: 27 A0 0D FA A7 73 5C EA 70 F1 94 21 65 44 5F FA '....s\.p..!eD_.
0070: FC EF 29 68 A9 A2 87 79 EF 79 EF 4F AC 07 77 38 ..)h...y.y.O..w8
*** CertificateRequest
Cert Types: RSA,
Cert Authorities:
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<CN=Sonera Class1 CA, O=Sonera, C=FI>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 4 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL>
<CN=VeriSign Class 3I have the same problem. I�m turning crazy working with certificates in mutual athetication!!!
If someone has the solution to this problem, send a repy or at [email protected]
Thanks in advance -
SSLException : untrusted server cert chain in java client, but not getting that with weblogic.
Hi,
I am bit confused about what i am seeing,
a. i used java client to talk to talk to server, got "untrusted server cert chain"
, ressolved the exceptio by adding certificate to cacerts file.
b. tried to connect to server using another weblogic server and not getting "untrusted
server cert chain", even when the certificates are not installed.
i dont know why it is throwning the SSLException in (a) and not in (b).
thanks,
NirmalaStand alone client takes its trusted certificate from the JDK cacerts keystore
by default.
SSL client running on server uses server trust configuration. By default the server
is configured to trust the CAs with certificates in DemoTrust.jks keystore and
the JDK cacerts keystore.
Pavel.
"Nirmala" <[email protected]> wrote:
>
Hi,
I am bit confused about what i am seeing,
a. i used java client to talk to talk to server, got "untrusted server
cert chain"
, ressolved the exceptio by adding certificate to cacerts file.
b. tried to connect to server using another weblogic server and not getting
"untrusted
server cert chain", even when the certificates are not installed.
i dont know why it is throwning the SSLException in (a) and not in (b).
thanks,
Nirmala -
How to get user defined class in java client of a bpel prcoess?
I have written a simple bpel process which returns a bean class namely employee which has three String fields(name,id and email). From java client when I am invoking the prcoess the prcoess instance is starting and completing properly. From Bpel console when I check the audit of the instance, it shows everything as expected. But in client class instead of three strings I am getting only first string i.e email in response. I checked the mapping and all WSDL files but could not find a proper reason. I am attaching the wsdls of bpel prcoess and the client code:
BPELProcess5.wsdl
<?xml version="1.0" encoding="UTF-8"?>
<definitions name="BPELProcess5"
targetNamespace="http://xmlns.oracle.com/BPELProcess5"
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:client="http://xmlns.oracle.com/BPELProcess5"
xmlns:plnk="http://schemas.xmlsoap.org/ws/2003/05/partner-link/"
xmlns:sq="http://xmlns.oracle.com/BPELProcess5/bean">
<!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TYPE DEFINITION - List of services participating in this BPEL process
The default output of the BPEL designer uses strings as input and
output to the BPEL Process. But you can define or import any XML
Schema type and us them as part of the message types.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
<types>
<schema attributeFormDefault="qualified"
elementFormDefault="qualified"
targetNamespace="http://xmlns.oracle.com/BPELProcess5/bean"
xmlns="http://www.w3.org/2001/XMLSchema">
<complexType name="employeetype" >
<all>
<element name="fname" type="string"/>
<element name="lname" type="string"/>
<element name="id" type="string"/>
</all>
</complexType>
</schema>
<schema attributeFormDefault="qualified"
elementFormDefault="qualified"
targetNamespace="http://xmlns.oracle.com/BPELProcess5"
xmlns="http://www.w3.org/2001/XMLSchema">
<import namespace="http://xmlns.oracle.com/BPELProcess5/bean"/>
<element name="BPELProcess5ProcessRequest">
<complexType >
<sequence>
<element name="input" type="string"/>
</sequence>
</complexType>
</element>
<!--
<element name="BPELProcess5ProcessResponse">
<complexType >
<sequence>
<element name="output" type="sq:employeetype"/>
</sequence>
</complexType>
</element>
-->
</schema>
</types>
<!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MESSAGE TYPE DEFINITION - Definition of the message types used as
part of the port type defintions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
<message name="BPELProcess5RequestMessage">
<part name="payload" element="client:BPELProcess5ProcessRequest"/>
</message>
<message name="BPELProcess5ResponseMessage">
<part name="payload" type="sq:employeetype"/>
</message>
<!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PORT TYPE DEFINITION - A port type groups a set of operations into
a logical service unit.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
<!-- portType implemented by the BPELProcess5 BPEL process -->
<portType name="BPELProcess5">
<operation name="process">
<input message="client:BPELProcess5RequestMessage" />
<output message="client:BPELProcess5ResponseMessage"/>
</operation>
</portType>
<!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PARTNER LINK TYPE DEFINITION
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
<plnk:partnerLinkType name="BPELProcess5">
<plnk:role name="BPELProcess5Provider">
<plnk:portType name="client:BPELProcess5"/>
</plnk:role>
</plnk:partnerLinkType>
</definitions>
BPELPrcoess5.bpel
// Oracle JDeveloper BPEL Designer
// Created: Thu Jul 14 16:50:15 IST 2005
// Author: Arka
// Purpose: Synchronous BPEL Process
-->
<process name="BPELProcess5" targetNamespace="http://xmlns.oracle.com/BPELProcess5" xmlns="http://schemas.xmlsoap.org/ws/2003/03/business-process/" xmlns:xp20="http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.Xpath20" xmlns:bpws="http://schemas.xmlsoap.org/ws/2003/03/business-process/" xmlns:ns1="http://demows/handler/SessionEJB.wsdl" xmlns:ldap="http://schemas.oracle.com/xpath/extension/ldap" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://xmlns.oracle.com/BPELProcess5/bean" xmlns:client="http://xmlns.oracle.com/BPELProcess5" xmlns:bpelx="http://schemas.oracle.com/bpel/extension" xmlns:ora="http://schemas.oracle.com/xpath/extension" xmlns:orcl="http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.ExtFunc"><!-- ================================================================= --><!-- PARTNERLINKS --><!-- List of services participating in this BPEL process --><!-- ================================================================= -->
<partnerLinks><!--
The 'client' role represents the requester of this service. It is
used for callback. The location and correlation information associated
with the client role are automatically set using WS-Addressing.
-->
<partnerLink name="client" partnerLinkType="client:BPELProcess5" myRole="BPELProcess5Provider"/>
<partnerLink myRole="SessionEJBPortType_Role" name="PartnerLink_1" partnerRole="SessionEJBPortType_Role" partnerLinkType="ns1:SessionEJBPortType_PL"/>
</partnerLinks><!-- ================================================================= --><!-- VARIABLES --><!-- List of messages and XML documents used within this BPEL process --><!-- ================================================================= -->
<variables><!-- Reference to the message passed as input during initiation -->
<variable name="inputVariable" messageType="client:BPELProcess5RequestMessage"/><!--
Reference to the message that will be returned to the requester
-->
<variable name="outputVariable" messageType="client:BPELProcess5ResponseMessage"/>
<variable name="Invoke_1_getEmployee_InputVariable" messageType="ns1:getEmployee1Request"/>
<variable name="Invoke_1_getEmployee_OutputVariable" messageType="ns1:getEmployee1Response"/>
</variables><!-- ================================================================= --><!-- ORCHESTRATION LOGIC --><!-- Set of activities coordinating the flow of messages across the --><!-- services integrated within this business process --><!-- ================================================================= -->
<sequence name="main"><!-- Receive input from requestor.
Note: This maps to operation defined in BPELProcess5.wsdl
-->
<receive name="receiveInput" partnerLink="client" portType="client:BPELProcess5" operation="process" variable="inputVariable" createInstance="yes"/><!-- Generate reply to synchronous request -->
<assign name="Assign_1">
<copy>
<from variable="inputVariable" part="payload" query="/client:BPELProcess5ProcessRequest/client:input"/>
<to variable="Invoke_1_getEmployee_InputVariable" part="empid"/>
</copy>
</assign>
<invoke name="Invoke_1" partnerLink="PartnerLink_1" portType="ns1:SessionEJBPortType" operation="getEmployee" inputVariable="Invoke_1_getEmployee_InputVariable" outputVariable="Invoke_1_getEmployee_OutputVariable"/>
<assign name="Assign_2">
<copy>
<from variable="Invoke_1_getEmployee_OutputVariable" part="return" query="/return/fname"/>
<to variable="outputVariable" part="payload" query="/payload/ns2:fname"/>
</copy>
<copy>
<from variable="Invoke_1_getEmployee_OutputVariable" part="return" query="/return/lname"/>
<to variable="outputVariable" part="payload" query="/payload/ns2:lname"/>
</copy>
<copy>
<from variable="Invoke_1_getEmployee_OutputVariable" part="return" query="/return/id"/>
<to variable="outputVariable" part="payload" query="/payload/ns2:id"/>
</copy>
</assign>
<reply name="replyOutput" partnerLink="client" portType="client:BPELProcess5" operation="process" variable="outputVariable"/>
</sequence>
</process>
myClient.java
package mypackage2;
import bean.EmployeeBean;
import java.rmi.RemoteException;
import java.util.ArrayList;
import javax.xml.namespace.QName;
import javax.xml.rpc.JAXRPCException;
import javax.xml.rpc.ParameterMode;
import javax.xml.rpc.Service;
import javax.xml.rpc.ServiceException;
import javax.xml.rpc.ServiceFactory;
import javax.xml.rpc.encoding.XMLType;
import javax.xml.rpc.soap.SOAPFaultException;
import org.apache.axis.Constants;
import org.apache.axis.client.Call;
public class myClient
private static QName SERVICE_NAME;
private static QName PORT_TYPE;
private static QName OPERATION_NAME;
private static String SOAP_ACTION;
private static String STYLE;
private static String THIS_NAMESPACE = "http://xmlns.oracle.com/BPELProcess5";
private static String PARAMETER_NAMESPACE = "http://xmlns.oracle.com/BPELProcess5";
private String location;
static
SERVICE_NAME = new QName(THIS_NAMESPACE,"BPELProcess5");
PORT_TYPE = new QName(THIS_NAMESPACE,"BPELProcess5") ;
OPERATION_NAME = new QName(THIS_NAMESPACE,"BPELProcess5ProcessRequest");
SOAP_ACTION = "process";
STYLE = "wrapped";
public myClient()
public void setLocation(String location)
this.location = location;
public void initiate(String symbol)
try
DeserializerImpl des = new DeserializerImpl();
ServiceFactory serviceFactory = ServiceFactory.newInstance();
Service service = serviceFactory.createService( SERVICE_NAME );
Call call = (Call)service.createCall( PORT_TYPE );
call.setTargetEndpointAddress( location );
call.setProperty(Call.SOAPACTION_USE_PROPERTY, Boolean.TRUE);
call.setProperty(Call.SOAPACTION_URI_PROPERTY, SOAP_ACTION);
call.setOperationName(OPERATION_NAME);
call.addParameter(new QName(PARAMETER_NAMESPACE,"input"), XMLType.XSD_STRING, ParameterMode.IN);
Object[] params = new Object[1];
params[0] = "1";
call.setReturnType(new QName("http://xmlns.oracle.com/BPELProcess5", "BPELProcess5ProcessResponse"), EmployeeBean.class);
EmployeeBean response = (EmployeeBean)call.invoke(params);
System.out.println( " BPEL process initiated" );
catch (SOAPFaultException e)
System.err.println("Generated fault: ");
System.out.println (" Fault Code = " + e.getFaultCode());
System.out.println (" Fault String = " + e.getFaultString());
catch (JAXRPCException e)
System.err.println("JAXRPC Exception: " + e.getMessage());
catch (ServiceException e)
System.err.println("Service Exception: " + e.getMessage());
catch(RemoteException e)
System.err.println("Remote Exception: " + e.getMessage());
public static void main(String[] args)
String location = "http://localhost:9700/orabpel/default/BPELProcess5/1.0";
myClient client = new myClient();
client.setLocation( location );
client.initiate( "" );
}Hi Abdul,
From the document, we know that CONSTRAINED flag is used to reduce the risk of injection attacks via the specified string. If a string is provided that is not directly resolvable to qualified
or unqualified member names, the following error appears: "The restrictions imposed by the CONSTRAINED flag in the STRTOSET function were violated."
So you need to make sure the members are passed properly to the STRTOSET function. For more details, please see the following links:
http://ch1n2.wordpress.com/2010/02/21/the-restrictions-imposed-by-the-constrained-flag-in-the-strtoset-function-were-violated/
http://www.bp-msbi.com/2010/04/passing-unconstrained-set-and-member-parameters-between-reports-in-reporting-services/
Hope this helps.
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
XI 3.0 and external Java client/web service
Hello,
I'm desperately tryin' to get an external system to work together with XI 3.0.
The setup is quite simple:
The external system is nothing but a simple Java program sending SOAP-based requests to a webservice. It is based on AXIS and is running satisfyingly when connecting directly to an appropriate Tomcat/AXIS-based web service, see the following communication.
-- local request
POST /axis/VAPService.jws HTTP/1.0
Content-Type: text/xml; charset=utf-8
Accept: application/soap+xml, application/dime, multipart/related, text/*
User-Agent: Axis/1.1
Host: 192.168.1.2:8080
Cache-Control: no-cache
Pragma: no-cache
SOAPAction: "http://localhost/SOAPRequest"
Content-Length: 422
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<SOAPRequest soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAPDataIn xsi:type="xsd:string">890000001</SOAPDataIn>
</SOAPRequest>
</soapenv:Body>
</soapenv:Envelope>
-- local response
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=DFD7A00A244C18A058FCB52A8321A167; Path=/axis
Content-Type: text/xml;charset=utf-8
Date: Mon, 23 Aug 2004 06:52:47 GMT
Server: Apache-Coyote/1.1
Connection: close
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<SOAPRequestResponse soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAPRequestReturn xsi:type="xsd:int">1</SOAPRequestReturn>
</SOAPRequestResponse>
</soapenv:Body>
</soapenv:Envelope>
Now I have designed and configured simple business scenarios with XI 3.0 (synchronous as well as asynchronous). The only response I get from XI when the Java client connects ist the following:
-- remote request
POST /sap/xi/engine?type=entry HTTP/1.0
Content-Type: text/xml; charset=utf-8
Accept: application/soap+xml, application/dime, multipart/related, text/*
User-Agent: Axis/1.1
Host: <host>:<port>
Cache-Control: no-cache
Pragma: no-cache
SOAPAction: "http://soap.org/soap"
Content-Length: 424
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<SOAPRequest soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAPDataIn xsi:type="xsd:string">890000001</SOAPDataIn>
</SOAPRequest>
</soapenv:Body>
</soapenv:Envelope>
-- remote response
HTTP/1.0 500 HTTP standard status code
content-type: text/xml
content-length: 1493
content-id: <[email protected]>
server: SAP Web Application Server (1.0;640)
<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP:Header>
</SOAP:Header>
<SOAP:Body>
<SOAP:Fault xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP:mustUnderstand="1">
<SOAP:faultcode>Client</SOAP:faultcode>
<SOAP:faultstring></SOAP:faultstring>
<SOAP:faultactor>http://sap.com/xi/XI/Message/30</SOAP:faultactor>
<SOAP:faultdetail>
<SAP:Error xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP:mustUnderstand="1">
<SAP:Category>XIProtocol</SAP:Category>
<SAP:Code area="PARSER">UNEXSPECTED_VALUE</SAP:Code>
<SAP:P1>Main/@versionMajor</SAP:P1>
<SAP:P2>000</SAP:P2>
<SAP:P3>003</SAP:P3>
<SAP:P4></SAP:P4>
<SAP:AdditionalText></SAP:AdditionalText>
<SAP:ApplicationFaultMessage namespace=""></SAP:ApplicationFaultMessage>
<SAP:Stack>XML tag Main/@versionMajor has the incorrect value 000. Value 003 expected
</SAP:Stack>
</SAP:Error>
</SOAP:faultdetail>
</SOAP:Fault>
</SOAP:Body>
</SOAP:Envelope>
I made sure the business service in the integration directory is named SOAPRequest and is using SOAP as the communication channel. As the adapter engine I chose the integration server, since it is the only option, although the SOAP adapter framework is installed (according to the SLD) and deactivated any options like header and attachment.
Upon facing the above response I also tried any kind of derivative with inserting the described tag/attribute/element versionMajor, but to no avail.
My questions are:
What do I have to do additionally to get the whole thing running, i.e. configure my external systems in the SLD, providing proxy settings?
Do I have to create web services within the Web AS (which provide some kind of facade to the XI engine using the proxy generation) and connect to these instead of directly addressing the integration engine (I'm using the URL http://<host>:<port>/sap/xi/engine?type=entry, but I also tried http://<host>:<port>/XISOAPAdapter/MessageServlet?channel=:SOAPRequest:SOAPIn, this led to a 404 not found error)?
What settings do I have to provide to see the messages the client is sending, when looking into the runtime workbench it seems as if there are no messages at all - at least from my client?
Hopefully somebody might help me out or least provide some information to get me going.
Thanks in advance.
Best regards,
T.HrastnikHello Oliver,
all information I gathered so far derives from the online help for XI 3.0, to be found under http://help.sap.com/saphelp_nw04/helpdata/en/14/80243b4a66ae0ce10000000a11402f/frameset.htm. There You'll find - in the last quarter of the navigation bar on the left side - sections describing the adapter engine alonside the SOAP adapter.
Additionally I went through almost all postings in this forum.
This alonside the mandatory trial-and-error approach (I did a lot of it up to date) led me to my current status, i.e. so far I haven't found any kind of (simple) tutorial or demo saying "If You want to establish a web service based connection via SOAP between external applications and XI first do this, then that ...", sadly enough :-(.
Hope that helps, any questions are always welcome, I'll try my best to answer them ;-).
Best regards,
Tomaz -
Hi All,
We have to talk to OSB11g proxy service which is created as Any Soap service (url: http://myosb.firmname.com:7001/osb-ws)
I have java client applications which need to consume this proxy service built on top of OSB by providing the necessary inputs.
Typically we get wsdl url's and then we use Jdeveloper to create web service client proxies to generate client side web service artifacts and call the web service.
But I am confused here as to how can I get a handle to the OSB service from a java client. The OSB developers on the project tell me they don't have and cannot provide a WSDL based URL.
What are the general practices for consuming OSB proxy service from java client apps. Google search result did not yield much help.
Please let me know your thoughts.
Regards,Hi Anuj,
Thanks for reply. As u guys mentioned that about the URL I have rechecked the URL and realized the port number which I was using that was Admin Server Port while environment contains two servers Admin and Managed both. I have change the Port Number from Admin to Managed now its hitting the Service but now another problem I start facing that I need to pass a big XML as input request to that OSB Proxy Service. I have two different code where I am attaching the input request in two different ways but none of them is passing that request to URL and in both cases I am getting default response from URL.
Here is the Code, Code1 through Core Java:
===============================================================================================
package retriggerpsftorder;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
public class MyTest {
public MyTest() {
System.out.println("Constructor executing");
System.out.println("JAVA Version : " + System.getProperty("JAVA.VERSION"));
public static void main(String arga[]) {
try {
// Construct data
String data = URLEncoder.encode("key1", "UTF-8") + "=" + URLEncoder.encode("<migrateOrder>\n" +
" <migrateOrderId>51c797d61dd211b2818a</migrateOrderId>\n" +
" <createCustomer>false</createCustomer>\n" +
" <createBillingAccount>false</createBillingAccount>\n" +
" <Customer>\n" +
" <ID>\n" +
" </PIN>\n" +
" </customerAccountNumber\"></customerAccountNumber\">\n" +
" </externalIdentifier>\n" +
" </ID>\n" +
" <creditClass>W</creditClass>\n" +
" </Customer>\n" +
" <Account>\n" +
" <name>Gurwinder Singh</name>\n" +
" <ID>\n" +
" <PIN>1987</PIN>\n" +
" <billingAccountNumber>695909361</billingAccountNumber>\n" +
" </ID>\n" +
" </Account>\n" +
" <CustomerOrder>\n" +
" <customerOrderPartyReference>\n" +
" <MSISDN>61425265789</MSISDN>\n" +
" </customerOrderPartyReference>\n" +
" <orderSource>\n" +
" <templateName>AUP1057_AU10357_24_DATA_0113</templateName>\n" +
" </orderSource>\n" +
" <typeCode>Connect</typeCode>\n" +
" <futureSubmitDate>2011-02-28</futureSubmitDate>\n" +
" <cancelOpenOrdersIndicator>false</cancelOpenOrdersIndicator>\n" +
" <lineItem actionCode=\"Add\" priorityRanking=\"1\">\n" +
" <product ID=\"AUX221\" type=\"SAMID\" attributeCount=\"19\">\n" +
" <attribute>\n" +
" <name>Accept Code</name>\n" +
" <value>Accept 5</value>\n" +
" </attribute>\n" +
" </product>\n" +
" </lineItem>\n" +
" <lineItem actionCode=\"Add\" priorityRanking=\"2\">\n" +
" <product ID=\"OFF0018\" type=\"SAMID\" attributeCount=\"1\">\n" +
" <attribute>\n" +
" <name>Period Override</name>\n" +
" <value>24</value>\n" +
" </attribute>\n" +
" </product>\n" +
" </lineItem>\n" +
" <lineItem actionCode=\"Allocate\" priorityRanking=\"3\">\n" +
" <equipment ID=\"012645002053476\" type=\"Handset\" />\n" +
" </lineItem>\n" +
" <lineItem actionCode=\"Allocate\" priorityRanking=\"4\">\n" +
" <resource ID=\"89610300000905636996\" type=\"SIM\" />\n" +
" </lineItem>\n" +
" <externalOrderReference>\n" +
" <serviceID>75055433</serviceID>\n" +
" <customerID>921092224696621123154029260421</customerID>\n" +
" <serviceStartDate>2009-02-10</serviceStartDate>\n" +
" <serviceRatePlan>X3Cap $29 24m($29min-35cFF)</serviceRatePlan>\n" +
" <agreementNumber>VHU0029215</agreementNumber>\n" +
" <accountNumber>3382437469</accountNumber>\n" +
" <migrationType>Loyalty Handset Upgrade Acq</migrationType>\n" +
" <receiveMarketingInfoOverrideIndicator>false</receiveMarketingInfoOverrideIndicator>\n" +
" </externalOrderReference>\n" +
" <orderSalesReference>\n" +
" <dealerReferenceID>D3641</dealerReferenceID>\n" +
" <trailingCommissionRatePlan>MUPR9</trailingCommissionRatePlan>\n" +
" <trailingCommisionDealerReference>D3734</trailingCommisionDealerReference>\n" +
" </orderSalesReference>\n" +
" </CustomerOrder>\n" +
" <ContactManagementActivity>\n" +
" <activityCategory>Proof of Purchase - Mig from 3</activityCategory>\n" +
" <activityType>Migration from 3</activityType>\n" +
" <activityDescription>Proof of Purchase Information</activityDescription>\n" +
" <activityComment>MSISDN: 0425265789354610026170561</activityComment>\n" +
" </ContactManagementActivity>\n" +
"</migrateOrder>\n", "UTF-8");
//data += "&" + URLEncoder.encode("key2", "UTF-8") + "=" + URLEncoder.encode("value2", "UTF-8");
System.out.println("Data going for Request : "+data);
// Send data
URL url = new URL("http://172.22.161.101:8017/app/mig3/migrate/MigrateOrder");
URLConnection conn = url.openConnection();
conn.setDoOutput(true);
OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
wr.write(data);
wr.flush();
// Get the response
BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
int i=0;
while ((line = rd.readLine()) != null) {
System.out.println("Values of Line : "+ i + " : "+ line);// Process line...
i++;
wr.close();
rd.close();
} catch (Exception e) {
=========================================
Code 1 Response
Values of Line : 0 : <?xml version="1.0" encoding="UTF-8"?>
Values of Line : 1 : <migrateOrderReply><statusCode>Failed</statusCode><errorReturn><errorCode>CORE_SYS_GENERIC</errorCode><errorMessage>Unexpected System exception</errorMessage></errorReturn></migrateOrderReply>
Process exited with exit code 0.
Note: The above response message is the default response message, even if u not pass any input parameter then also the above message will come.
==========================================================================================================
Code 2 : Using Servlet
package retriggerpsftorder;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.Servlet;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.client.HttpClient;
import org.apache.commons.httpclient.HttpConnection;
import org.apache.commons.httpclient.HttpState;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.URI;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.RequestEntity;
import org.apache.http.client.HttpClient;
public class GIFTProcess extends HttpServlet implements Servlet {
private static final String CONTENT_TYPE =
"text/html; charset=windows-1252";
public void init(ServletConfig config) throws ServletException {
super.init(config);
public void doGet(HttpServletRequest req,
HttpServletResponse resp) throws ServletException,
IOException {
resp.setContentType(CONTENT_TYPE);
PrintWriter out = resp.getWriter();
try {
NameValuePair nvpRtn =
new NameValuePair("body", "<migrateOrder>\n" +
" <migrateOrderId>51c797d61dd211b2818a</migrateOrderId>\n" +
" <createCustomer>false</createCustomer>\n" +
" <createBillingAccount>false</createBillingAccount>\n" +
" <Customer>\n" + " <ID>\n" +
" </PIN>\n" +
" </customerAccountNumber\"></customerAccountNumber\">\n" +
" </externalIdentifier>\n" +
" </ID>\n" +
" <creditClass>W</creditClass>\n" +
" </Customer>\n" + " <Account>\n" +
" <name>Gurwinder Singh</name>\n" +
" <ID>\n" + " <PIN>1987</PIN>\n" +
" <billingAccountNumber>695909361</billingAccountNumber>\n" +
" </ID>\n" + " </Account>\n" +
" <CustomerOrder>\n" +
" <customerOrderPartyReference>\n" +
" <MSISDN>61425265789</MSISDN>\n" +
" </customerOrderPartyReference>\n" +
" <orderSource>\n" +
" <templateName>AUP1057_AU10357_24_DATA_0113</templateName>\n" +
" </orderSource>\n" +
" <typeCode>Connect</typeCode>\n" +
" <futureSubmitDate>2011-02-28</futureSubmitDate>\n" +
" <cancelOpenOrdersIndicator>false</cancelOpenOrdersIndicator>\n" +
" <lineItem actionCode=\"Add\" priorityRanking=\"1\">\n" +
" <product ID=\"AUX221\" type=\"SAMID\" attributeCount=\"19\">\n" +
" <attribute>\n" +
" <name>Accept Code</name>\n" +
" <value>Accept 5</value>\n" +
" </attribute>\n" +
" </product>\n" + " </lineItem>\n" +
" <lineItem actionCode=\"Add\" priorityRanking=\"2\">\n" +
" <product ID=\"OFF0018\" type=\"SAMID\" attributeCount=\"1\">\n" +
" <attribute>\n" +
" <name>Period Override</name>\n" +
" <value>24</value>\n" +
" </attribute>\n" +
" </product>\n" + " </lineItem>\n" +
" <lineItem actionCode=\"Allocate\" priorityRanking=\"3\">\n" +
" <equipment ID=\"012645002053476\" type=\"Handset\" />\n" +
" </lineItem>\n" +
" <lineItem actionCode=\"Allocate\" priorityRanking=\"4\">\n" +
" <resource ID=\"89610300000905636996\" type=\"SIM\" />\n" +
" </lineItem>\n" +
" <externalOrderReference>\n" +
" <serviceID>75055433</serviceID>\n" +
" <customerID>921092224696621123154029260421</customerID>\n" +
" <serviceStartDate>2009-02-10</serviceStartDate>\n" +
" <serviceRatePlan>X3Cap $29 24m($29min-35cFF)</serviceRatePlan>\n" +
" <agreementNumber>VHU0029215</agreementNumber>\n" +
" <accountNumber>3382437469</accountNumber>\n" +
" <migrationType>Loyalty Handset Upgrade Acq</migrationType>\n" +
" <receiveMarketingInfoOverrideIndicator>false</receiveMarketingInfoOverrideIndicator>\n" +
" </externalOrderReference>\n" +
" <orderSalesReference>\n" +
" <dealerReferenceID>D3641</dealerReferenceID>\n" +
" <trailingCommissionRatePlan>MUPR9</trailingCommissionRatePlan>\n" +
" <trailingCommisionDealerReference>D3734</trailingCommisionDealerReference>\n" +
" </orderSalesReference>\n" +
" </CustomerOrder>\n" +
" <ContactManagementActivity>\n" +
" <activityCategory>Proof of Purchase - Mig from 3</activityCategory>\n" +
" <activityType>Migration from 3</activityType>\n" +
" <activityDescription>Proof of Purchase Information</activityDescription>\n" +
" <activityComment>MSISDN: 0425265789354610026170561</activityComment>\n" +
" </ContactManagementActivity>\n" +
"</migrateOrder>\n");
NameValuePair[] nvpout = { nvpRtn };
HttpConnection httpConn = new HttpConnection("172.22.161.101", 8017);
System.out.println("httpConn : " + httpConn.getHost() + " getPost: " + httpConn.getPort());
httpConn.open();
System.out.println("Is Connection Open? --> " + httpConn.isOpen());
PostMethod postMethod = new PostMethod();
postMethod.setPath("http://172.22.161.101:8017/app/mig3/migrate/MigrateOrder");
System.out.println("postMethod.getPath() : " + postMethod.getPath());
//postMethod.setQueryString("http://172.22.161.101:8017/app/mig3/migrate/MigrateOrder");
//System.out.println("getQueryString : " + postMethod.getQueryString());
//System.out.println("postMethod.getParams() : " + postMethod.getParams());
postMethod.setRequestBody(nvpout);
System.out.println("validate--> " + postMethod.validate());
postMethod.execute(new HttpState(), httpConn);
System.out.println("isRequestSent --> " + postMethod.isRequestSent());
System.out.println("statusLine--> " + postMethod.getStatusLine());
String serviceResponse = postMethod.getResponseBodyAsString();
System.out.println("Response from Call : " + serviceResponse);
} catch (Exception e) {
out.println("Error Occured during the process.");
e.printStackTrace();
==========================================================================================
Code 2 Response -----
C:\Oracle\Middleware\SOASuite101351\jdk\bin\javaw.exe -jar C:\jdevstudio10135\j2ee\home\admin.jar ormi://10.161.1.169:23891 oc4jadmin **** -updateConfig
11/03/02 15:30:19 WARNING: Shared-library oracle.expression-evaluator:10.1.3.1 is closing, but is imported by adf.oracle.domain:10.1.3.1, adf.generic.domain:10.1.3.1.
2/03/2011 15:30:19 com.oracle.corba.ee.impl.orb.ORBServerExtensionProviderImpl preInitApplicationServer
WARNING: ORB ignoring configuration changes. Restart OC4J to apply new ORB configuration.
Ready message received from Oc4jNotifier.
Embedded OC4J startup time: 7765 ms.
Target URL -- http://10.161.1.169:8988/JAVAProject-RetriggerPSFTOrder-context-root/giftprocess
ERROR: Unable to connect to JQS service: connection refused
11/03/02 15:30:22 httpConn : 172.22.161.101 getPost: 8017
11/03/02 15:30:22 Is Connection Open? --> true
11/03/02 15:30:22 postMethod.getPath() : http://172.22.161.101:8017/app/mig3/migrate/MigrateOrder
11/03/02 15:30:22 validate--> true
11/03/02 15:30:22 isRequestSent --> true
11/03/02 15:30:22 statusLine--> HTTP/1.1 200 OK
2/03/2011 15:30:22 org.apache.commons.httpclient.HttpConnection releaseConnection
WARNING: HttpConnectionManager is null. Connection cannot be released.
11/03/02 15:30:22 Response from Call : <?xml version="1.0" encoding="UTF-8"?>
<migrateOrderReply><statusCode>Failed</statusCode><errorReturn><errorCode>CORE_SYS_GENERIC</errorCode><errorMessage>Unexpected System exception</errorMessage></errorReturn></migrateOrderReply>
==================================================================================
If u find any thing wrong then please let me know.
Any reply is highly appreciated.
Thanks Manish -
Problem while trying to get task payload in java client.
Hi,
I am working on worklist application in 10.1.3 and trying to get task payload in java client.
In BPEL proces, assigning a XML as following:
<copy>
<from expression="bpws:getVariableData('inputVariable','payload','/client:ErrorHandlerBPELProcessRequest/client:inputXML')"/>
<to variable="initiateTaskInput" part="payload"
query="/taskservice:initiateTask/task:task/task:payload"/>
</copy>
And in java client:
Element payload = (Element)task.getPayloadAsElement();
String xml = payload.getNodeValue();
Result is a null value for xml. I am able to see the input XML is assigned to task payload in BPEL console and payload object is as "oracle.xml.parser.v2.XMLElement@13ae670"
I also tried with getPayload() which returns oracle.bpel.services.workflow.task.model.AnyTypeImpl object.
Any help is appreciated.
Thanks,
-VidyaHi,
Thanks for the reply.
When I checked for childnodes also, it is showing zero childnodes.
I had tried with both getTaskQueryService().getTaskDetailsById() method and getTaskQueryService().getTaskVersionDetails() to get details about task.
I am able to fetch all other details except payload which has been assgined in BPEL process. I don't know why payload is not available.
Following is input for intiatetask:
<initiateTaskInput>
-<part xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="payload">
-<initiateTask xmlns="http://xmlns.oracle.com/bpel/workflow/taskService">
-<task xmlns="http://xmlns.oracle.com/bpel/workflow/task">
<title>OAG XML</title>
<payload>
<SyncPurchaseOrder releaseID="9.0" xmlns:ccf="http://www.oracle.com/XSL/Transform/java/com.myorg.integration.xpathfunctions.xsl.LookupFunctions" xmlns:ns1="http://www.openapplications.org/oagis/9" xmlns="http://www.openapplications.org/oagis/9">
<ns1:ApplicationArea>
<ns1:Sender>
<ns1:LogicalID>
LogicalID
OAG Server Name</ns1:LogicalID>
<ns1:ComponentID schemeAgencyName="'Jabil'">RR
</ns1:ComponentID>
<ns1:TaskID schemeAgencyName=" ">Inbound Order Event</ns1:TaskID>
<ns1:ReferenceID>129537</ns1:ReferenceID>
<ns1:ConfirmationCode>Never</ns1:ConfirmationCode>
</ns1:Sender>
<ns1:CreationDateTime>1969-12-31T18:59:50-05:00</ns1:CreationDateTime>
<ns1:BODID>RR~4556839~129537</ns1:BODID>
</ns1:ApplicationArea>
<ns1:DataArea>
<ns1:Sync/>
<ns1:PurchaseOrder>
<ns1:PurchaseOrderHeader>
<ns1:DocumentID>
<ns1:ID>4556839</ns1:ID>
<ns1:VariationID schemeName="Version" schemeID=""/>
</ns1:DocumentID>
<ns1:Note status="Comments">test Rr inbound header notes</ns1:Note>
<ns1:DocumentReference type="Contract">
<ns1:DocumentID>
<ns1:ID>OSS1</ns1:ID>
</ns1:DocumentID>
</ns1:DocumentReference>
<ns1:DocumentReference type="OrderProcessType">
<ns1:DocumentID>
<ns1:ID>POI</ns1:ID>
</ns1:DocumentID>
</ns1:DocumentReference>
<ns1:DocumentReference type="clientRefNo1">
<ns1:DocumentID>
<ns1:ID>TEST CLIENT REF1</ns1:ID>
</ns1:DocumentID>
</ns1:DocumentReference>
<ns1:DocumentReference type="clientRefNo2">
<ns1:DocumentID>
<ns1:ID>TEST CLIENT REF2</ns1:ID>
</ns1:DocumentID>
</ns1:DocumentReference>
<ns1:Status>
<ns1:Code>Released</ns1:Code>
</ns1:Status>
<ns1:Party role="TradingPartner">
<ns1:PartyIDs>
<ns1:ID schemeID="Primary">HPOSS</ns1:ID>
</ns1:PartyIDs>
</ns1:Party>
<ns1:SupplierParty>
<ns1:PartyIDs>
<ns1:ID schemeID="SupplierEBU"/>
</ns1:PartyIDs>
</ns1:SupplierParty>
<ns1:SupplierParty>
<ns1:PartyIDs>
<ns1:ID schemeID="SupplierEBU"/>
</ns1:PartyIDs>
</ns1:SupplierParty>
<ns1:ShipToParty>
<ns1:PartyIDs>
<ns1:ID schemeID="ShipToEBU">WMXAMS_HP KITTING</ns1:ID>
</ns1:PartyIDs>
</ns1:ShipToParty>
<ns1:PaymentTerm type="Primary">
<ns1:Term>
<ns1:ID schemeID="Primary"/>
</ns1:Term>
</ns1:PaymentTerm>
<ns1:UserArea/>
</ns1:PurchaseOrderHeader>
<ns1:PurchaseOrderLine>
<ns1:LineNumber>1</ns1:LineNumber>
<ns1:Note status="Comments">TEST LINE1 NOTES</ns1:Note>
<ns1:Status>
<ns1:Code/>
<ns1:ReasonCode>BACKLIGHT INOPERATIVE</ns1:ReasonCode>
<ns1:Reason>TEST LINE1 NOTES</ns1:Reason>
</ns1:Status>
<ns1:Item>
<ns1:ItemID agencyRole="Primary">
<ns1:ID>71BI2532101</ns1:ID>
</ns1:ItemID>
<ns1:Classification type="ShipFromOwnerEBU">
<ns1:Codes>
<ns1:Code listID="Primary" sequence="1">JGS AMSTERDAM</ns1:Code>
</ns1:Codes>
</ns1:Classification>
<ns1:Classification type="Priority">
<ns1:Codes>
<ns1:Code listID="Primary" sequence="1">High</ns1:Code>
</ns1:Codes>
</ns1:Classification>
<ns1:Specification type="Warehouse">
<ns1:Property sequence="1">
<ns1:NameValue name="esb"/>
</ns1:Property>
</ns1:Specification>
<ns1:Specification type="stkLoc">
<ns1:Property sequence="1">
<ns1:NameValue name="esb"/>
</ns1:Property>
</ns1:Specification>
<ns1:Specification type="Bin">
<ns1:Property sequence="1">
<ns1:NameValue name="esb"/>
</ns1:Property>
</ns1:Specification>
<ns1:Specification type="ItemsToAdd">
<ns1:Property>
<ns1:NameValue name="esb" type="SerialNumber">101</ns1:NameValue>
</ns1:Property>
</ns1:Specification>
</ns1:Item>
<ns1:Quantity>1</ns1:Quantity>
<ns1:UnitPrice>
<ns1:Amount currencyID="USD">2.3</ns1:Amount>
<ns1:PerQuantity>1</ns1:PerQuantity>
</ns1:UnitPrice>
<ns1:RequiredDeliveryDateTime>2007-02-22T18:00:00-05:00</ns1:RequiredDeliveryDateTime>
<ns1:ShipToParty>
<ns1:PartyIDs>
<ns1:ID schemeID="Primary">WMXAMS_HP KITTING</ns1:ID>
<ns1:ID schemeID="ShipToOwnerEBU">JGS AMSTERDAM</ns1:ID>
</ns1:PartyIDs>
<ns1:Location type="Warehouse">
<ns1:ID>WMXAMS_HP KITTING</ns1:ID>
</ns1:Location>
<ns1:Location type="StockLocation">
<ns1:ID>SL1</ns1:ID>
</ns1:Location>
<ns1:Location type="bin">
<ns1:ID>Bin1</ns1:ID>
</ns1:Location>
<ns1:Location type="Condition">
<ns1:ID>Workable</ns1:ID>
</ns1:Location>
</ns1:ShipToParty>
<ns1:UserArea>
<cl:myorg.SyncPurchaseOrder.PurchaseOrderLine.UserArea xmlns:cl="http://www.myorg.com/oagis">
<cl:Party role="ShipFrom">
<cl:ID/>
</cl:Party>
<cl:ShipByDate>2007-02-22T18:00:00-05:00</cl:ShipByDate>
<cl:ItemDetail>
<cl:SubInventory>
<cl:SubInventoryQuantity>1</cl:SubInventoryQuantity>
<cl:SubInventoryStatus>AVL</cl:SubInventoryStatus>
</cl:SubInventory>
</cl:ItemDetail>
<cl:Flex/>
</cl:myorg.SyncPurchaseOrder.PurchaseOrderLine.UserArea>
</ns1:UserArea>
</ns1:PurchaseOrderLine>
<ns1:PurchaseOrderLine>
<ns1:LineNumber>2</ns1:LineNumber>
<ns1:Note status="Comments">TEST LINE2 NOTES</ns1:Note>
<ns1:Status>
<ns1:Code/>
<ns1:ReasonCode>BATTERY DRAINS TOO QUICKLY</ns1:ReasonCode>
<ns1:Reason>TEST LINE2 NOTES</ns1:Reason>
</ns1:Status>
<ns1:Item>
<ns1:ItemID agencyRole="Primary">
<ns1:ID>71BI2532101</ns1:ID>
</ns1:ItemID>
<ns1:Classification type="ShipFromOwnerEBU">
<ns1:Codes>
<ns1:Code listID="Primary" sequence="1">JGS AMSTERDAM</ns1:Code>
</ns1:Codes>
</ns1:Classification>
<ns1:Classification type="Priority">
<ns1:Codes>
<ns1:Code listID="Primary" sequence="1">High</ns1:Code>
</ns1:Codes>
</ns1:Classification>
<ns1:Specification type="Warehouse">
<ns1:Property sequence="1">
<ns1:NameValue name="esb"/>
</ns1:Property>
</ns1:Specification>
<ns1:Specification type="stkLoc">
<ns1:Property sequence="1">
<ns1:NameValue name="esb"/>
</ns1:Property>
</ns1:Specification>
<ns1:Specification type="Bin">
<ns1:Property sequence="1">
<ns1:NameValue name="esb"/>
</ns1:Property>
</ns1:Specification>
<ns1:Specification type="ItemsToAdd">
<ns1:Property>
<ns1:NameValue name="esb" type="SerialNumber">101</ns1:NameValue>
</ns1:Property>
</ns1:Specification>
</ns1:Item>
<ns1:Quantity>1</ns1:Quantity>
<ns1:UnitPrice>
<ns1:Amount currencyID="USD">2.5</ns1:Amount>
<ns1:PerQuantity>1</ns1:PerQuantity>
</ns1:UnitPrice>
<ns1:RequiredDeliveryDateTime>2007-02-22T18:00:00-05:00</ns1:RequiredDeliveryDateTime>
<ns1:ShipToParty>
<ns1:PartyIDs>
<ns1:ID schemeID="Primary">WMXAMS_HP KITTING</ns1:ID>
<ns1:ID schemeID="ShipToOwnerEBU">JGS AMSTERDAM</ns1:ID>
</ns1:PartyIDs>
<ns1:Location type="Warehouse">
<ns1:ID>WMXAMS_HP KITTING</ns1:ID>
</ns1:Location>
<ns1:Location type="StockLocation">
<ns1:ID>SL1</ns1:ID>
</ns1:Location>
<ns1:Location type="bin">
<ns1:ID>Bin1</ns1:ID>
</ns1:Location>
<ns1:Location type="Condition">
<ns1:ID>Workable</ns1:ID>
</ns1:Location>
</ns1:ShipToParty>
<ns1:UserArea>
<cl:myorg.SyncPurchaseOrder.PurchaseOrderLine.UserArea xmlns:cl="http://www.myorg.com/oagis">
<cl:Party role="ShipFrom">
<cl:ID/>
</cl:Party>
<cl:ShipByDate>2007-02-22T18:00:00-05:00</cl:ShipByDate>
<cl:ItemDetail>
<cl:SubInventory>
<cl:SubInventoryQuantity>1</cl:SubInventoryQuantity>
<cl:SubInventoryStatus>AVL</cl:SubInventoryStatus>
</cl:SubInventory>
</cl:ItemDetail>
<cl:Flex/>
</cl:myorg.SyncPurchaseOrder.PurchaseOrderLine.UserArea>
</ns1:UserArea>
</ns1:PurchaseOrderLine>
</ns1:PurchaseOrder>
</ns1:DataArea>
</SyncPurchaseOrder>
</payload>
<taskDefinitionURI>http://localhost:80/orabpel/default/ErrorHandlerBPEL/1.0/SimpleUserActivity/SimpleUserActivity.task
</taskDefinitionURI>
<creator/>
<ownerUser/>
<ownerGroup/>
<priority>3
</priority>
<identityContext/>
<userComment/>
<attachment/>
-<processInfo>
<domainId>default
</domainId>
<instanceId>590085
</instanceId>
<processId>ErrorHandlerBPEL
</processId>
<processName>ErrorHandlerBPEL
</processName>
<processType>BPEL
</processType>
<processVersion>1.0
</processVersion>
</processInfo>
<systemAttributes/>
<systemMessageAttributes/>
<titleResourceKey/>
<callback/>
<identificationKey/>
</task>
</initiateTask>
</part>
</initiateTaskInput>
Thanks,
-Vidya -
Trying SAML sender-vouches, standalone Java client call to service bus.
I've built a standalone Java client using Jax-ws. It produces a wsse header containing both a SAMLAttribute and an optional SAMLAuthentication statement.
I've tried to configure a proxy service on the servicebus (10gR3) using ws-policy (weblogic version, not ws-1.2), configured a SAMLIdentityAsserter (v2), an identity provider partner and a SAMLIdentityNameMapper.
I get the message weblogic.xml.crypto.wss.SecurityTokenValidateResult@ca32f2[status: false][msg The SAML token is not valid.]
when sending SAML assertions which looks valid to me.
If you see something missing or invalid in the SAML, something missing in the configuration or something else, I would be really glad.
All examples are using a SAMLCredentialmapper, but I'm building a standalone client, so a weblogic SAMLCredentialMapper is out of the question (?).
request header:
<S:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" S:mustUnderstand="1">
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:xs="http://www.w3.org/2001/XMLSchema" AssertionID="1246342701761" IssueInstant="2009-06-30T06:18:21.683Z" Issuer="http://openuri.org/service/customer/contact/contactInformationService" MajorVersion="1" MinorVersion="1">
<saml:Conditions NotBefore="2009-06-30T06:17:21.683Z" NotOnOrAfter="2009-06-30T07:18:21.683Z"/>
<saml:AuthenticationStatement AuthenticationInstant="2009-06-30T06:18:21.683Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
<saml:Subject>
<saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" NameQualifier="sb1sk">uid=vsb,ou=smn</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
</saml:Assertion>
</wsse:Security>
response:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>wsse:InvalidSecurityToken</faultcode>
<faultstring>Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@1061c5e[status: false][msg The SAML token is not valid.]</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
If the client leaves out the wsse:security element in the header, the service complains
<faultstring>No Security header in message but required by policy.</faultstring>
The SAMLIdentity name mapper is never loaded at all (checked by logging at class loading)
The configuration in the Identity provider partner:
audience uri: target:*:/
issuer uri: /service/customer/contact/contactInformationService (also tried with a unique string equal to what the client sends)
virtual user: enabled
confirmation method: sender-vouches
I am not using any certificates (tryed both with and without)
Policy in use for the proxy service:
<?xml version="1.0"?>
<wsp:Policy
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wssp="http://www.bea.com/wls90/security/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wls="http://www.bea.com/wls90/security/policy/wsee#part"
wsu:Id="samlSV"
>
<wssp:Identity>
<wssp:SupportedTokens>
<wssp:SecurityToken TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-2004-01-saml-token-profile-1.0#SAMLAssertionID">
<wssp:Claims>
<wssp:ConfirmationMethod>sender-vouches</wssp:ConfirmationMethod>
</wssp:Claims>
</wssp:SecurityToken>
</wssp:SupportedTokens>
</wssp:Identity>
</wsp:Policy>
Stacktrace:
weblogic.xml.crypto.wss.WSSecurityException: Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenVal
idateResult@a4fc20[status: false][msg The SAML token is not valid.]
at weblogic.xml.crypto.wss.SecurityImpl.unmarshalAndProcessSecurityToken(SecurityImpl.java:630)
at weblogic.xml.crypto.wss.SecurityImpl.unmarshalChildren(SecurityImpl.java:556)
at weblogic.xml.crypto.wss.SecurityImpl.unmarshalInternal(SecurityImpl.java:448)
at weblogic.xml.crypto.wss.SecurityImpl.unmarshal(SecurityImpl.java:416)
at weblogic.xml.crypto.wss.api.WSSecurityFactory.unmarshalAndProcessSecurity(WSSecurityFactory.java:66)
at weblogic.wsee.security.WssServerHandler.processRequest(WssServerHandler.java:35)
at weblogic.wsee.security.WssHandler.handleRequest(WssHandler.java:74)
at com.bea.wli.sb.security.wss.WssInboundHandler.processRequest(WssInboundHandler.java:116)
at com.bea.wli.sb.security.wss.WssHandlerImpl.doInboundRequest(WssHandlerImpl.java:201)
at com.bea.wli.sb.context.BindingLayerImpl.addRequest(BindingLayerImpl.java:257)
at com.bea.wli.sb.pipeline.MessageProcessor.processRequest(MessageProcessor.java:66)
at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:508)
at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:506)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
Edited by: user6080617 on Jun 29, 2009 11:39 PMThank you for the tip. I've tried it, the result is below. It suspect something missing in my configuration, but I do not know what.
<WSEE:17>Class of cred is: class weblogic.xml.saaj.SOAPElementImpl<SAMLCredentialImpl.<init>:85>
<WSEE:17>Instantiating SAMLAssertionInfoFactory<SAMLCredentialImpl.<init>:87>
<WSEE:17>Getting SAMLAssertionInfo from DOM Element<SAMLCredentialImpl.<init>:97>
<WSEE:17>Got SAMLAssertionInfo<SAMLCredentialImpl.<init>:117>
<WSEE:17>Assertion ID: 1246358297862<SAMLCredentialImpl.verbose:69>
<WSEE:17>Assertion CM: urn:oasis:names:tc:SAML:1.0:cm:sender-vouches<SAMLCredentialImpl.verbose:70>
<WSEE:17>Assertion Subject: uid=vsb,ou=smn<SAMLCredentialImpl.verbose:71>
<WSEE:17>Assertion Version: 1.1<SAMLCredentialImpl.verbose:72>
<WSEE:17>Attempting assertIdentity<CSSUtils.assertIdentity:310>
<WSEE:17>SAML_TARGET_RESOURCE is: /service/customer/contact/contactInformationService<CSSUtils.assertIdentity:312>
<WSEE:17>Got Principal Authenticator<CSSUtils.assertIdentity:314>
<WSEE:17>Cred type is: SAML.Assertion.DOM, Node: [saml:Assertion: null]<CSSUtils.assertIdentity:320>
<WSEE:17>Exception while asserting identity: javax.security.auth.login.LoginException: [Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:090380]Identity Assertion Failed, Unsupported Token Type: SAML.Assertion.DOM<CSSUtils.assertIdentity:325>
<WSEE:17>javax.security.auth.login.LoginException: [Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:090380]Identity Assertion Failed, Unsupported Token Type: SAML.Assertion.DOM<CSSUtils.assertIdentity:326> -
How to install certificate in im client
i can't find the procedure for installing a certificate in the client - i did the server part:
http://docs.sun.com/app/docs/doc/819-4412/6n6ikpsut?a=view
but now i can't find how to do the client part - i'm just using the standard im client obtained from:
https://localhost/im
which does a jnlp activation.ok - woo hoo - tls encryption kicked in - so i found a parameter that i had not set that was mentioned in the reference section, but overlooked (by me?) in the procedure: iim_server.certnickname - i had wondered how it knew which cert to pull, so i had named the cert the same name as the host to compensate - and there was, after all, only one cert in the file. anyway that plus using the sun mozilla browser on the same host as the im server caused the lock to turn on in the im frame. unfortunately - when i used a mac to try and have a conversation - the mac lock did not turn on - the java version on the mac is:
java version "1.5.0_07"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_07-164)
Java HotSpot(TM) Client VM (build 1.5.0_07-87, mixed mode, sharing)
the version on the sun is: 1.5.0_09-b-3. i'll open a forum question about whether a mac is supported and then i'll try im with tls on a pc, then i'll use snoop to make sure the conversation is encrypted. i used the mac in all my testing yesterday - so i t could be that the sun mozilla browser may have been working all along - who knows? -
Sending a certificate form the client to the server... how to ?
how can I send a certificate from the client to the server trough a Java code ??
Short answer: You specify a keyStore.
Either via command line using the -Djavax.net.ssl.keyStore=keystorefile property,
or in Java code:
char[] passphrase = "password".toCharArray();
SSLContext ctx = SSLContext.getInstance("TLS", "SunJSSE");
// KeyStore for the SSL client certificate
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("client-cert.p12"), passphrase);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
keyManagerFactory.init(keyStore, passphrase);
// keyStore for trusted server certs or CAs
KeyStore trustedKeyStore = KeyStore.getInstance("JKS");
trustedKeyStore.load(new FileInputStream("verisign-test-cert"), passphrase);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
trustManagerFactory.init(trustedKeyStore);
ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
SSLSocketFactory sslSocketFactory = ctx.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
// open the http connection to the party
myConn = (HttpsURLConnection)myURL.openConnection(); -
Re: Cannot connect Java client to T3S
Timothy Lee wrote:
This should be in one of the FAQs for WLS7. I think this is the message you
get when you do not have a valid certificate, or you forgot to disable cert
validity/hostname checking via
-Dweblogic.security.SSL.IgnoreHostnameVerification=true
The WLS 6.1sp2 message might have been something like:
Failed to connect to t3s://localhost:7002 due to: [t3s://localhost:7002:
Destination unreachable; nested exception is:
java.io.IOException: Server Certificate SubjectDN CommonName
received does not match Server hostname; No available router to destination]
However, I've verified that the -D option (above) fails in 7.0, and using
the console to disable hostname verification also fails in 6.1sp2. This is
exactly what fails for me:
java -cp ~/weblogic6/wlserver6.1/lib/weblogic.jar weblogic.Admin -url
t3s://localhost:7002 PING
(with the error above).
I get the original poster's error (below) with 7.0 even if I disable
hostname verification. In 7.0, SSL isn't enabled by default and you have to
generate your own certs with utils.CertGen password...
I notice that the release notes for 6.1sp3 contain several t3s fixes.
Perhaps it is fixed there. I'm still waiting to be "approved" for the silly
new system bea has in place so I can download patches to test sp3.
(as a software developer, I want to download and test the software I am
thinking of purchasing and running in production. If I can not do that then
the system is broken.)
Hi
The same command works with Weblogic 6.0. Is it a bug of Weblogic
7.0?
Or it is a configuration issue (I use default value for everything for a
newly created domain).
Tim
Timothy Lee wrote:
Hi
I am trying to connect a Java JMS client to Weblogic 7.0 over SSL.
However, I am not able to connect any Java client using t3s (e.g. java
weblogic.Admin PING). The SSLClient from the example works fine in both
Weblogic and JSSE. Is anyone have idea what is wrong with my Weblogic
setting or anything? Here is the error message:
Failed to connect to t3s://localhost:7002 due to: [t3s://localhost:7002:
Destination unreachable; nested exception is:
java.io.IOException: Write Channel Closed, possible SSL handshaking or
trust failure; No available router to destination]
Regards,
Tim"Kiran" <[email protected]> wrote in message
news:3fafdf60$[email protected]..
I am also getting the same problem. Is there any solution for this?What is the exact error message that you are getting? -
Unable to get 'InitialContext' using Java Client in Oracle App 10.0.2.0
Scenario & Problem Description: Unable to get 'Initial Context' using Simple Java Client in Oracle Application Server 10.0.2.0
I'm having an issue while I try to initialize the Initial Context for an EJB lookup from a simple Java Client [local lookup], but the same code snippet works fine when I try from Servlet. I have enclosed the Exception Stack Trace and the Code Snippet for your reference.
1. .NET Client ---> Servlet --> LookupUtility --> EJB --> DB - Issue
2. .NET Client ---> Servlet --> EJB --> DB - Works
Exception: java.lang.InstantiationException: Error communicating with server: Lookup error: javax.naming.AuthenticationException: Invalid username/password for Config (guest); nested exception is: nested exception is: Exception in InitialContext: javax.naming.NamingException: Lookup error: javax.naming.AuthenticationException: Invalid username/password for Config (guest) at com.evermind.server.ApplicationClientInitialContextFactory.getInitialContext(ApplicationClientInitialContextFactory.java:149)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at com.seagate.edcs.config.util.LookupUtility.getInitialContext(LookupUtility.java:123)
at com.seagate.edcs.config.util.LookupUtility.getConfiguration (LookupUtility.java:69)
at com.seagate.edcs.config.util.LookupUtility.main(LookupUtility.java:135)
Code Snippet:
* This method returns the Configuration for the properties set.
public ArrayList getConfiguration ( ) throws Exception {
ArrayList arrayList = null;
try {
Context context = getInitialContext();
System.out.println("Context : " + context);
Object home = context.lookup("java:comp/env/ejb/com.seagate.edcs.config.ejb.ConfigSessionEJBHome");
System.out.println("Object home : " + home);
ConfigSessionEJBHome configSessionEJBHome = (ConfigSessionEJBHome)PortableRemoteObject.narrow(home, ConfigSessionEJBHome.class);
System.out.println("ConfigSessionEJBHome configSessionEJBHome : " + configSessionEJBHome);
ConfigSessionEJB configSessionEJB =(ConfigSessionEJB)PortableRemoteObject.narrow(configSessionEJBHome.create(), ConfigSessionEJB.class);
System.out.println("ConfigSessionEJB configSessionEJB : " + configSessionEJB);
arrayList = configSessionEJB.getAllConfig();
System.out.println("Context : " + context);
} catch (Exception ex) {
System.out.println("Exception Occured");
throw ex;
return arrayList;
* Get an initial context from the JNDI tree.
private Context getInitialContext() throws NamingException {
try {
Hashtable hashtable = new Hashtable();
hashtable.put("java.naming.factory.initial", "com.evermind.server.ApplicationClientInitialContextFactory");
hashtable.put("java.naming.provider.url", "ormi://seagate.mil-shivas-270.am.ad.seagate.com/home"); // if we won't specify the port, it considers the default port
hashtable.put("java.naming.security.principal","ias_admin");
hashtable.put("java.naming.security.credentials","ias123");
return new InitialContext(hashtable);
} catch (NamingException ne) {
System.out.println("Exception in InitialContext.");
throw ne;
Note:
1. The user "ias_admin" & password "ias123" are the credential provided for the 'Admin' while installing the Oracle App Server and using these credentials I'm able to bring the Admin Console. Also, added new user 'guest/guest' - assigned this user to the 'admin' group ...
2. Since its a local lookup, there is no need to specify the credentials, but at runtime a dialog box pops up prompting to enter the 'userid/password' and when I enter the crendtials, I get the exception as stated. [In case of Servlet - EJB lookup, I'm not specifying any credentials]
Are there are any configuration parameters which I need to provide in any of the .xml? Could you please let me know the fix for the same.
Regards,
Kafeel/-Please use the OS {forum:id=210}
Maybe you are looking for
-
Battery problems since upgrading to IOS 5.1.1
My battery which was workinng fine until the upgrade, discharges at an alarming rate since upgrading to IOS 5.1.1. I have to have a cord almost everywhere I go just to keep it with battery liife. I can lose at least 40% andd hour, I have a co-worke
-
Help with Java Memory Leak in URLConnection
Hi everyone, I can't seem to find the memory leak in the below code, if anyone could help, i would greatly appreciate it. The jist of the code is: I open up a URLConnection to update a ColdFusion page that takes in URL parameters passed in my URL. Th
-
How do you drawlines in java 1.3.1?
I want to make a applet and drawlines with a xstart, ystart, xend, yend varibles, I know how to declare instantiate and initialize the varibles, but what method from which package and class in java 1.3.1 do I use? and one last question, should I use
-
I want to put a drag and drop design interface on my site like this one: http://www.ezbeads.com/cgi-bin/design.htm I am new to Java. What is the best way to create something like this? Is it easily learned? Or is there an applet out there that might
-
Can't watch flash video in epiphany
I have epiphany, firefox, and flashplugin installed. Flash works perfectly in firefox, but not in epiphany. When I try to watch a flash video all I see is a black rectangle, and if I wait long enough I'll see what looks like a blue lego block with