TrustStorePassword
Hello,
I'm developing a web service client that makes calls to a server using SSL.
In passing the required system properties, two of them are passed unencrypted: javax.net.ssl.trustStorePassword and javax.net.ssl.keyStorePassword.
Is there a way I can pass them encrypted to my client program?
thanks,
Daniel.
Edited by: 893511 on Oct 27, 2011 7:09 AM
Since both are on the client why do you need them encrypted? Even if you did need to encrypt them, your client application would need to be able to decrypt them to use them so the key/password used to decrypt them would need to be available to the client to unencrypted them! You are then back to the same problem - what protects the keys/passwords that protects the SSL passwords?
Similar Messages
-
Error while invoking webservice throu https
Error while invoking webservice throu https://
can any one help me on this topic please:
CODE:
SOAPConnection con = null;
try{
String endpoint = "https://wks3089639:4565/Service.serviceagent/PortTypeEndpoint1";
//String endpoint = "http://wks3101999:5539/Service.serviceagent/PortTypeEndpoint1";
//String endpoint = args[0];
//String soapAction = args[1];
System.out.println("javax.net.ssl.keyStore-->"+System.getProperty("javax.net.ssl.trustStore"));
System.setProperty("javax.net.ssl.trustStore","C:/Documents and Settings/1067555/Desktop/certificates/cer.jks");
System.setProperty("javax.net.ssl.keyStore","C:/Documents and Settings/1067555/Desktop/certificates/server.keystore");
System.setProperty("javax.net.ssl.trustStorePassword","password");
System.setProperty("javax.net.ssl.keyStorePassword","password");
// use Sun's reference implementation of a URL handler for the "https" URL protocol type.
//System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
// dynamically register sun's ssl provider
System.setProperty("security.provider","com.sun.net.ssl.internal.ssl.Provider");
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.out.println("javax.net.ssl.trustStore-->"+System.getProperty("javax.net.ssl.trustStore"));
System.setProperty("javax.net.debug","ssl,handshake");
SOAPConnectionFactory connectionFactory = SOAPConnectionFactory.newInstance();
con = connectionFactory.createConnection();
MessageFactory messageFactory = MessageFactory.newInstance();
SOAPMessage message = messageFactory.createMessage();
SOAPPart soapPart = message.getSOAPPart();
SOAPEnvelope envelope = soapPart.getEnvelope();
SOAPBody body = envelope.getBody();
// MimeHeaders headers = message.getMimeHeaders();
// headers.addHeader("SOAPAction", soapAction);
// headers.addHeader("SOAPAction", "/Service.serviceagent/PortTypeEndpoint1/Operation");
// headers.addHeader("Content-Type","text/xml");
// headers.addHeader("charset","utf-8");
MimeHeaders headers = message.getMimeHeaders();
headers.addHeader("SOAPAction", "/Service.serviceagent/PortTypeEndpoint1/sampleOperation");
headers.addHeader("Content-Type","text/xml");
headers.addHeader("charset","utf-8");
StreamSource inputmsg = new StreamSource(new FileInputStream("client.wsdl"));
soapPart.setContent(inputmsg);
System.out.println("REQUEST:\n");
message.writeTo(System.out);
System.out.println();
message.saveChanges();
SOAPMessage reply = con.call(message, new URL(endpoint));
System.out.println("RESPONSE:\n"+reply.toString());
System.out.println("Header:::"+reply.getSOAPHeader());
System.out.println("Body:::"+reply.getSOAPBody());
System.out.println("RESPONSE:\n");
TransformerFactory transformerFactory = TransformerFactory.newInstance();
Transformer transformer = transformerFactory.newTransformer();
//Extract the content of the reply
Source responseContent = reply.getSOAPPart().getContent();
//Set the output for the transformation
StreamResult result = new StreamResult(System.out);
transformer.transform(responseContent, result);
System.out.println();
}catch(Exception e){
e.printStackTrace();
finally{
con.close();
Exception:
10-Nov-2008 11:55:04 com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection post
SEVERE: SAAJ0009: Message send failed
com.sun.xml.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:127)
at com.Sample.main(Sample.java:91)
Caused by: java.security.PrivilegedActionException: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:121)
... 1 more
Caused by: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:325)
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(HttpSOAPConnection.java:150)
... 3 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:282)
... 4 more
CAUSE:
java.security.PrivilegedActionException: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:121)
at com.Sample.main(Sample.java:91)
Caused by: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:325)
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(HttpSOAPConnection.java:150)
... 3 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:282)
... 4 more
CAUSE:
java.security.PrivilegedActionException: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:121)
at com.Sample.main(Sample.java:91)
Caused by: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:325)
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(HttpSOAPConnection.java:150)
... 3 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:282)
... 4 more
Edited by: javausers07 on Nov 10, 2008 11:58 AMI hope the sun forum can help for me. Lets see
-
Hi,
My project is on IBM websphere and the requirement is as follows.
I am new to Java and have no prior experience wrking in jave.
The requirement is as follows,
I need to establish a secure connection to a switch thru an url from jsp.
In return, i need to validate the response from the switch which is in XML format.
The application and the switch are on the same LAN.
Can some one help me out in this. Any sample code would also do.If you want to establish an ssl connection you'll need a client socket that enables communication between the client (your app) and the remote ssl server.
When an SSL client socket connects to an SSL server, it receives a certificate of authentication from the server. The client socket then validates the certificate against a set of certificates in its \meta{trust store}.
The default truststore is <java-home>/lib/security/cacerts. If the server's certificate cannot be validated with the certificates in the truststore, the server's certificate must be added to the truststore before the connection can be established.
try {
int port = 443;
String hostname = "hostname";
SocketFactory socketFactory = SSLSocketFactory.getDefault();
Socket socket = socketFactory.createSocket(hostname, port);
// Create streams to securely send and receive data to the server
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
// Read from in and write to out...
// Close the socket
in.close();
out.close();
} catch(IOException e) {
}A different truststore can be specified using the javax.net.ssl.trustStore system property :
java -Djavax.net.ssl.trustStore=truststore -Djavax.net.ssl.trustStorePassword=123456 MyApp -
Need help in creating a web application that runs on a stand alone sys.
I am planning a small java web application complete with database. I need to know if there are any ways to deploy that application on a stand alone system and that if there is any way to make an executable for that application so that the user need not go through the process of deploying the app and starting the server whenever he restarts the system. Can anyone help me in this regard? Thanks in advance.
Hi Alex,
Since I had a Gmail test servlet kicking around, I ran it on the latest V3 nightly build.
On the first run, I encountered the following nested exceptions:
javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465
--> java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
--> java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
--> java.security.UnrecoverableKeyException: Password must not be nullThe UnrecoverableKeyException is a manifestation of [https://glassfish.dev.java.net/issues/show_bug.cgi?id=6938|https://glassfish.dev.java.net/issues/show_bug.cgi?id=6938]
I worked around this by adding the following JVM config options to domain.xml
<jvm-options>-Djavax.net.ssl.keyStorePassword=changeit</jvm-options>
<jvm-options>-Djavax.net.ssl.trustStorePassword=changeit</jvm-options> (Note: the default master password is "changeit")
These lines are placed in /domain/configs/config/java-config of domain.xml for the particular server config you're using. There's only one server config in the default domain.xml shipped with V3. Then restart the server.
I retested the code on both port 465 and 587, with and without the above config changes. Without the change, they both fail the same way, and with the change, they both work. Let me know if this helps.
-Peter -
Weblogic app server wsdl web service call with SSL Validation error = 16
Weblogic app server wsdl web service call with SSL Validation error = 16
I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
Cannot complete the certificate chain: No trusted cert found
Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
Validation error = 16
From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
Here is how I load trustStore and keyStore in my java program:
System.setProperty("javax.net.ssl.trustStore",”cacerts”);
System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
System.setProperty("javax.net.ssl.trustStoreType","JKS");
System.setProperty("javax.net.ssl.keyStoreType","JKS");
System.setProperty("javax.net.ssl.keyStore", keyStoreName);
System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd); System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
Here is how I create cacerts using verisign hierarchy certs (in this order)
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
Because my program is a weblogic app server, when I start the program, I have java command line options set as:
-Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.SSL.enforceConstraints=strong
That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
1. Do I create “cacerts” the correct order with right keeltool options?
2. Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
3. Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
4. Do I need to put the “cacerts” to some specific weblogic directory?
---------------------------------wsdl file
<wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
<wsp:Policy wsu:Id="TokenServices_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="true"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
<xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="ITokenServices_GetUserToken_InputMessage">
<wsdl:part name="parameters" element="tns:GetUserToken"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
<wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
<wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
<wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
</wsdl:message>
<wsdl:portType name="ITokenServices">
<wsdl:operation name="GetUserToken">
<wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
</wsdl:operation>
<wsdl:operation name="GetSSOUserToken">
<wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="TokenServices" type="tns:ITokenServices">
<wsp:PolicyReference URI="#TokenServices_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="GetUserToken">
<soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetSSOUserToken">
<soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="TokenServices">
<wsdl:port name="TokenServices" binding="tns:TokenServices">
<soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
<wsa10:EndpointReference>
<wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
----------------------------------application log
adding as trusted cert:
Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
at javax.xml.ws.Service.<init>(Service.java:56)
at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
at javax.xml.ws.Service.<init>(Service.java:56)
at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>I received a workaround by an internal message.
The how to guide is :
-Download the wsdl file (with bindings, not the one from ESR)
-Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
-Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
-Create a new logicial destination that point to the wsdl file modified
-Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
Then the received data is check by the metadata logical destination but the data is retrieved from the correct server. -
Error while trying to run a secure web proxy client
Hi,
I was able to generate a secure proxy client using JDev10.1.3 and I'm able to open the jks file using the keytool gui client. The jks file does not appear to be corrupt or tampered with in anyway. However, when I try to run the secure proxy client, I'm getting the following error:
Nov 28, 2006 12:42:57 PM oracle.security.jazn.util.KeyStoreUtil loadKeystore
SEVERE: Error reading keystore data
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:768)
at java.security.KeyStore.load(KeyStore.java:1150)
at oracle.security.jazn.util.KeyStoreUtil.loadKeystore(KeyStoreUtil.java:260)
at oracle.security.wss.config.ConfigVisitor.validateKeyStore(ConfigVisitor.java:225)
at oracle.security.wss.config.ConfigVisitor.visitPortConfig(ConfigVisitor.java:116)
at oracle.security.wss.interceptors.SecurityPortDescriptor.validate(SecurityPortDescriptor.java:182)
at oracle.security.wss.interceptors.SecurityPortDescriptor.configure(SecurityPortDescriptor.java:156)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorPortRuntime.reconfigure(ClientInterceptorPortRuntime.java:57)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorPortRuntime.<init>(ClientInterceptorPortRuntime.java:34)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorRuntime.createInterceptorPort(ClientInterceptorRuntime.java:155)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorContainerImpl.setupPort(InterceptorContainerImpl.java:80)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorContainerImpl.handlePortChange(InterceptorContainerImpl.java:165)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorContainerImpl.handleChange(InterceptorContainerImpl.java:254)
at oracle.j2ee.ws.common.mgmt.runtime.AbstractInterceptorConfig.notifyConfigListeners(AbstractInterceptorConfig.java:47)
at oracle.j2ee.ws.common.mgmt.runtime.AbstractInterceptorConfig.notifyConfigListeners(AbstractInterceptorConfig.java:54)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorConfig.parsePortElement(ClientInterceptorConfig.java:88)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorConfig.load(ClientInterceptorConfig.java:56)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorContainerImpl.initializeContainer(InterceptorContainerImpl.java:41)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorPipeline.init(ClientInterceptorPipeline.java:76)
at oracle.j2ee.ws.client.StubBase.setupInterceptor(StubBase.java:333)
at oracle.j2ee.ws.client.StubBase.setupConfig(StubBase.java:300)
at sevissecuredirectclientv2.proxy.runtime.SevisServiceSoapBinding_Stub.<init>(SevisServiceSoapBinding_Stub.java:47)
at sevissecuredirectclientv2.proxy.runtime.ValidatingSevisServiceProxyService_Impl.getSevisService(ValidatingSevisServiceProxyService_Impl.java:60)
at sevissecuredirectclientv2.proxy.SevisServiceClient.<init>(SevisServiceClient.java:18)
at sevissecuredirectclientv2.proxy.SevisServiceClient.main(SevisServiceClient.java:26)
SEVERE: Invalid port config oracle.security.wss.config.SecurityPortImpl@1d10a5c
java.lang.RuntimeException: Invalid port config : Error reading keystore data
at oracle.security.wss.interceptors.SecurityPortDescriptor.configure(SecurityPortDescriptor.java:159)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorPortRuntime.reconfigure(ClientInterceptorPortRuntime.java:57)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorPortRuntime.<init>(ClientInterceptorPortRuntime.java:34)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorRuntime.createInterceptorPort(ClientInterceptorRuntime.java:155)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorContainerImpl.setupPort(InterceptorContainerImpl.java:80)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorContainerImpl.handlePortChange(InterceptorContainerImpl.java:165)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorContainerImpl.handleChange(InterceptorContainerImpl.java:254)
at oracle.j2ee.ws.common.mgmt.runtime.AbstractInterceptorConfig.notifyConfigListeners(AbstractInterceptorConfig.java:47)
at oracle.j2ee.ws.common.mgmt.runtime.AbstractInterceptorConfig.notifyConfigListeners(AbstractInterceptorConfig.java:54)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorConfig.parsePortElement(ClientInterceptorConfig.java:88)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorConfig.load(ClientInterceptorConfig.java:56)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorContainerImpl.initializeContainer(InterceptorContainerImpl.java:41)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorPipeline.init(ClientInterceptorPipeline.java:76)
at oracle.j2ee.ws.client.StubBase.setupInterceptor(StubBase.java:333)
at oracle.j2ee.ws.client.StubBase.setupConfig(StubBase.java:300)
at sevissecuredirectclientv2.proxy.runtime.SevisServiceSoapBinding_Stub.<init>(SevisServiceSoapBinding_Stub.java:47)
at sevissecuredirectclientv2.proxy.runtime.ValidatingSevisServiceProxyService_Impl.getSevisService(ValidatingSevisServiceProxyService_Impl.java:60)
at sevissecuredirectclientv2.proxy.SevisServiceClient.<init>(SevisServiceClient.java:18)
at sevissecuredirectclientv2.proxy.SevisServiceClient.main(SevisServiceClient.java:26)
SEVERE: Error reading keystore data
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:768)
at java.security.KeyStore.load(KeyStore.java:1150)
at oracle.security.jazn.util.KeyStoreUtil.loadKeystore(KeyStoreUtil.java:260)
at oracle.security.wss.config.ConfigVisitor.validateKeyStore(ConfigVisitor.java:225)
at oracle.security.wss.config.ConfigVisitor.visitPortConfig(ConfigVisitor.java:116)
at oracle.security.wss.interceptors.SecurityPortDescriptor.validate(SecurityPortDescriptor.java:182)
at oracle.security.wss.interceptors.SecurityPortDescriptor.configure(SecurityPortDescriptor.java:149)
at oracle.security.wss.interceptors.AbstractSecurityInterceptor.init(AbstractSecurityInterceptor.java:86)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.createInterceptor(InterceptorChainImpl.java:82)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.<init>(InterceptorChainImpl.java:46)
at oracle.j2ee.ws.client.mgmt.runtime.ClientPortRuntime.getInterceptorChain(ClientPortRuntime.java:146)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorPipeline.init(ClientInterceptorPipeline.java:79)
at oracle.j2ee.ws.client.StubBase.setupInterceptor(StubBase.java:333)
at oracle.j2ee.ws.client.StubBase.setupConfig(StubBase.java:300)
at sevissecuredirectclientv2.proxy.runtime.SevisServiceSoapBinding_Stub.<init>(SevisServiceSoapBinding_Stub.java:47)
at sevissecuredirectclientv2.proxy.runtime.ValidatingSevisServiceProxyService_Impl.getSevisService(ValidatingSevisServiceProxyService_Impl.java:60)
at sevissecuredirectclientv2.proxy.SevisServiceClient.<init>(SevisServiceClient.java:18)
at sevissecuredirectclientv2.proxy.SevisServiceClient.main(SevisServiceClient.java:26)
SEVERE: Invalid port config oracle.security.wss.config.SecurityPortImpl@1d10a5c
java.lang.RuntimeException: Invalid port config : Error reading keystore data
at oracle.security.wss.interceptors.SecurityPortDescriptor.configure(SecurityPortDescriptor.java:159)
at oracle.security.wss.interceptors.AbstractSecurityInterceptor.init(AbstractSecurityInterceptor.java:86)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.createInterceptor(InterceptorChainImpl.java:82)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.<init>(InterceptorChainImpl.java:46)
at oracle.j2ee.ws.client.mgmt.runtime.ClientPortRuntime.getInterceptorChain(ClientPortRuntime.java:146)
at oracle.j2ee.ws.client.mgmt.runtime.ClientInterceptorPipeline.init(ClientInterceptorPipeline.java:79)
at oracle.j2ee.ws.client.StubBase.setupInterceptor(StubBase.java:333)
at oracle.j2ee.ws.client.StubBase.setupConfig(StubBase.java:300)
at sevissecuredirectclientv2.proxy.runtime.SevisServiceSoapBinding_Stub.<init>(SevisServiceSoapBinding_Stub.java:47)
at sevissecuredirectclientv2.proxy.runtime.ValidatingSevisServiceProxyService_Impl.getSevisService(ValidatingSevisServiceProxyService_Impl.java:60)
at sevissecuredirectclientv2.proxy.SevisServiceClient.<init>(SevisServiceClient.java:18)
at sevissecuredirectclientv2.proxy.SevisServiceClient.main(SevisServiceClient.java:26)
Process exited with exit code 0.
I'm using X509 to authentic.
Please help.
Thanks in advance for your quick response.
Regards,
David RI am using a single self signed certificate created using keytool on both the client and server end.
Tried this sample code to fetch the WSDL of my webservice. Successfully did this.
===========================================================
import HTTPClient.HTTPConnection;
import HTTPClient.HTTPResponse;
import javax.security.cert.X509Certificate;
import oracle.security.ssl.OracleSSLCredential;
import java.io.IOException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
public class SSLSocketClientWithClientAuth {
public static void main(String[] args) {
if (args.length < 4) {
System.out.println("Usage: java HTTPSConnectionTest [host] [port] " +
"[wallet] [password]");
System.exit(-1);
String hostname = args[0].toLowerCase();
int port = Integer.decode(args[1]).intValue();
String walletPath = args[2];
String password = args[3];
HTTPConnection httpsConnection = null;
OracleSSLCredential credential = null;
try {
httpsConnection = new HTTPConnection("https", hostname, port);
} catch (IOException e) {
System.out.println("HTTPS Protocol not supported");
System.exit(-1);
try {
credential = new OracleSSLCredential();
credential.setWallet(walletPath, password);
} catch (IOException e) {
System.out.println("Could not open wallet");
System.exit(-1);
httpsConnection.setSSLEnabledCipherSuites(new String[]{"SSL_RSA_WITH_RC4_128_SHA","SSL_RSA_WITH_3DES_EDE_CBC_SHA","SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_DES_CBC_SHA","SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"});
// httpsConnection.setSSLCredential(credential);
System.out.println("Set credentials and cipher suite");
try {
httpsConnection.connect();
System.out.println("Connected!!!!!");
} catch (IOException e) {
System.out.println("Could not establish connection");
e.printStackTrace();
System.exit(-1);
//javax.servlet.request.
X509Certificate[] peerCerts = null;
/* try {
SSLSession sslSession = httpsConnection.getSSLSession();
System.out.println("Getting session.........");
httpsConnection.connect();
}catch(Exception e){
e.printStackTrace();
System.out.println("null Getting session.........");
System.exit(-1);
try{
peerCerts =
(httpsConnection.getSSLSession()).getPeerCertificateChain();
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
System.err.println("Unable to obtain peer credentials");
e.printStackTrace();
System.exit(-1);
String peerCertDN =
peerCerts[peerCerts.length - 1].getSubjectDN().getName();
peerCertDN = peerCertDN.toLowerCase();
if (peerCertDN.lastIndexOf("cn=" + hostname) == -1) {
System.out.println("Certificate for " + hostname +
" is issued to " + peerCertDN);
System.out.println("Aborting connection");
System.exit(-1);
try {
HTTPResponse rsp = httpsConnection.Get("/spmlws/HttpSoap11?wsdl");
System.out.println("Server Response: ");
System.out.println(rsp.getText());
System.out.println("Server Response: ");
System.out.println(rsp.getText());
} catch (Exception e) {
System.out.println("Exception occured during Get");
e.printStackTrace();
System.exit(-1);
=====================================================
But on using the client proxy generated for my webserice using JDeveloper and then setting the system properties such as
System.setProperty("javax.net.ssl.keyStore",keyStore);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword",trustStorePassword);
System.setProperty("javax.net.ssl.keyStoreType","JKS");
System.setProperty("javax.net.ssl.trustStoreType","JKS");
I get the following exception:
<MSG_TEXT>IOException in ServerSocketAcceptHandler$AcceptHandlerHorse:run</MSG_TEXT>
<SUPPL_DETAIL><![CDATA[javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
at com.sun.net.ssl.internal.ssl.ServerHandshaker.handshakeAlert(ServerHandshaker.java:1031)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1535)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
at oracle.oc4j.network.ServerSocketAcceptHandler.doSSLHandShaking(ServerSocketAcceptHandler.java:250)
at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:868)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
]]></SUPPL_DETAIL>
Please if anybody can help me with this!!!!
Thanks in advance
Nilesh -
Calling a web service through SSL via a stand alone java class
HI,
I am trying to call a web service through SSL via a simple stand alone java client.
I have imported the SSL certificate in my keystore by using the keytool -import command.
Basically I want to add a user to a group on the server. Say I add a user user 1 to group group 1 using an admin userid and password. All these values are set in an xml file which I send to the server while calling the server. I pass the web service URL, the soap action name and the xml to post as the command line arguments to the java client.
My xml file(Add.xml) that is posted looks like :
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:xsi = "http://www.w3.org/1999/XMLSchema-instance"
xmlns:SOAP-ENC = "http://schemas.xmlsoap.org/soap/encoding/"
xmlns:SOAP-ENV = "http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd = "http://www.w3.org/1999/XMLSchema"
SOAP-ENV:encodingStyle = "http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<namesp1:modifyGroupOperation xmlns:namesp1 = "/services/modifyGroup/modifyGroupOp">
<auth>
<user>adminUser</user>
<password>adminPassword</password>
</auth>
<operationType>ADD</operationType>
<groupName>group1</groupName>
<users>
<userName>user1</userName>
</users>
</namesp1:modifyGroupOperation>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I call the client as:
java PostXML https://com.webservice.com/services/modifyGroup "/services/modifyGroup/modifyGroupOp" Add.xml
I my client, I have set the following:
System.setProperty("javax.net.ssl.keyStore", "C:\\Program Files\\Java\\jre1.5.0_12\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\Java\\jre1.5.0_12\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
But when I try to execute the java client, I get the following error:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : C:\Program Files\Java\jre1.5.0_12\lib\security\cacerts
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\jre1.5.0_12\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
main, setSoTimeout(0) called
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: .....
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
main, WRITE: SSLv2 client hello message, length = 98
[Raw write]: length = 100
[Raw read]: length = 5
[Raw read]: length = 58
main, READ: TLSv1 Handshake, length = 58
*** ServerHello, TLSv1
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 58
[Raw read]: length = 5
[Raw read]: length = 5530
main, READ: TLSv1 Handshake, length = 5530
*** Certificate chain
chain [0] = ...
chain [1] = ...
chain [2] = ...
chain [3] = ...
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.c
ertpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2110)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1088)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at PostXML.main(PostXML.java:111)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find v
alid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 23 more
I do not know where I have gone wrong. Could someone point out my mistake.
Thanks In advance!Hi jazz123,
There's an example in the [*Java Web Services Tutorial*|http://java.sun.com/webservices/docs/2.0/tutorial/doc/] : see Chapter 1: Building Web Services with JAX-WS - A Simple JAX-WS Client. -
Applet(using SSL sockets) application in browser
hello everyone,
I am new to this forum, and this is my first forum in this site, please help me,
My problem is,
I have done an applet application which uses the SSL sockets, and it is working fine if i use the appletviewer tool, with the arguments of policy and URL, when i run this command "appletviewer -J-Djava.security.policy=mypolicy.policy URL of my html page" in the command mode its working fine.
I have wrote HTML file for running the applet, and when i used it in the browser i was not able to get output , i was getting the error "NoTrustedCertificates found", i have setted the properties of truststore and password in the program itself like,
System.setProperty("javax.net.ssl.trustStore", System.getProperty("java.home")+"cert");
System.setProperty("javax.net.ssl.trustStorePassword", "pwd");
and i also used the policy tool. I have stored my certificate along with the jar file, and i was getting this error
can anyone please help me, or suggest me the right way to reach my target.
Thanx in advanceHai,
I have made my client applet running from the remote system, and the client was establishing SSL sockets, and there is a problem in Handshake, NO TRUSTED CERTIFICATE found was the error, and i had loaded the certificates ( one is used for signing the certificate, and the other is used for the SSL sockets authentication ) in my applet client code i have setted the system properties like
System.setProperty("javax.net.ssl.trustStore", System.getProperty("java.home")+"\\lib\\security\\cert");
System.setProperty("javax.net.ssl.trustStorePassword", "pwd");
and this is the certificate which is used for SSL sockets authentication, and i stored the cert in the "jre\lib\security\" directory, and im using the jdk1.4.2_05 version.
At the client side the error is
Network Error: sun.security.validator.ValidatorException: No trusted certificate found.
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.OutputStream.write(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(Unknown Source)
at sun.security.validator.SimpleValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
At the server side the error is
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at com.ClientNeg.run(ClientNeg.java:76)
at java.lang.Thread.run(Unknown Source)
i was not able to understand what went wrong , so any one please help me in doing my work.
Thanx
dwurity -
Client certificate is not send
Hi
I have not much experience in Java, so thank you in advance for your help.
I have some piece of client code which setup the secure connection. Everything works fine until I use server authentication (in my certificate store I have trusted CA certificate and client certificate signed by this trusted CA). In mutual authentication handshake fails, because the cliend doesn't send any certificate (i checked it using network sniffer). I was looking for the way of enumerate the local certificates which are going to be send from client, but I can't understand how should I do it. There is my code below :
System.setProperty("-Djavax.net.ssl.trustStore","G:/Program Files/Java/jre1.5.0_07/lib/security/cacerts".replace('/', File.separatorChar));
System.setProperty("-Djavax.net.ssl.trustStorePassword","changeit");
System.setProperty("-Djavax.net.debug","all");
int port = 16993;
String hostname = "10.10.1.11";
SSLSocketFactory factory = null;
SSLSocket socket = null;
SSLSession session = null;
String[] proto = new String[1];
String[] ciphe = new String[1];
String[] all_ciphe_supp = new String[33];
System.out.println("Cipher Suite and Protocols test");
try {
factory = HttpsURLConnection.getDefaultSSLSocketFactory();
} catch (Exception e) {
System.out.println( e.toString());
if (factory != null) {
// Connect to the server
try {
socket = (SSLSocket)factory.createSocket(hostname,port);
all_ciphe_supp = socket.getSupportedCipherSuites();
System.out.println("All ciphersuites and protocol supported");
socket.startHandshake();
session = socket.getSession();
System.out.println("Connection established using " + session.getProtocol() + " and " + session.getCipherSuite());
socket.close();
} catch (SSLPeerUnverifiedException e) {
System.out.println("Connection not established : " + e.toString());
} catch (IOException e) {
System.out.println("Connection not established : " + e.toString());
}Thanks a lot, it is a little bit better, I can see debug messages at the output :)
However the main problem still exists. In debug window I can see that client and CA certificates are added as trusted certificates, but no certificate is sent to server. Is it something wrong with certificate?
I have the certificate in following formats: .der .p12 .pem
I could only import .der using keytool (trying to import .p12 or .pem got Input not an X.509 certificate error), but using web browser I can use this certificate and mutual authentication goes ok. -
Client certificate not being presented by Sun JDK
I have a requirement to connect to an external service provider (SP) using an https get.
The SP has a server certificate that I have imported to my trust store.
The SP issued a private key and an intermediate certificate that I have included in my keystore.
On running the application with IBM JDK1.5 the server responds with the error HTTP Error 403.7 - Forbidden: SSL client certificate is required"
However on running the same test application with IBM JDK1.4.2 I get the expected response from the client.
I have attached the contents of the keystore, the contents of thejava class that I am trying to connect with and and the command line options that I am using below.
Has any one encountered anything similiar?
{code}contents of Keystore:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: testinter
Creation date: Mar 6, 2008
Entry type: trustedCertEntry
Owner: CN=test Solutions CA, OU=Class 2 OnSite Individual Subscriber C
A, OU=Terms of use at https://www.verisign.com/rpa (c)06, OU=VeriSign Trust Netw
ork, O=test Solutions, C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized
use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign,
Inc.", C=US
Serial number: 98da226f38da2ce29c65e35d505ec36
Valid from: Tue Jan 24 16:00:00 PST 2006 until: Mon Jan 24 15:59:59 PST 2011
Certificate fingerprints:
MD5: D1:7D:C2:B2:30:3E:26:9B:AE:5D:4C:8C:C7:10:B0:E0
SHA1: 4C:3B:59:67:F4:DE:08:0B:8C:70:AE:0D:05:1E:D1:18:46:00:FC:2D
Alias name: testclient
Creation date: Mar 6, 2008
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: [email protected], CN=BHN AST, T=Programmer, OU="
Security Phrase - 1111+!", OU=Company - Test Networks, OU="www.verisign.c
om/repository/CPS Incorp. by Ref.,LIAB.LTD(c)99", OU=Data Center, O=test Prepa
id Solutions
Issuer: CN=test Solutions CA, OU=Class 2 OnSite Individual Subscriber
CA, OU=Terms of use at https://www.verisign.com/rpa (c)06, OU=VeriSign Trust Net
work, O=test Solutions, C=US
Serial number: 769ed3a8a02a78a45ba2ce46e974f444
Valid from: Wed Mar 05 16:00:00 PST 2008 until: Fri Mar 06 15:59:59 PST 2009
Certificate fingerprints:
MD5: 2D:6E:37:83:BD:B8:FB:32:0E:08:B7:C5:F9:52:F3:C6
SHA1: B9:61:D9:D9:F2:B5:9B:5E:9D:73:D2:FB:7A:B6:04:BE:0A:4F:E5:27
*******************************************{code}
I am providing the following JVM arguments in my command line:
{code}-Djavax.net.ssl.keyStore
-Djavax.net.ssl.keyStorePassword
-Djavax.net.ssl.trustStore
-Djavax.net.ssl.trustStorePassword{code}
I use org.apache.commons.httpclient.HttpClient. I have pasted the code below, though this might not be relevant.
{code}
public class MySimpleTest {
public static void main(String[] args) {
HttpClient client = new HttpClient();
String url = "https://sample.domain.com:443/a2a/CO_TestCall.asp?userid=me&password=hello"
String url = null;
GetMethod getMethod;
try {
// start- Proxy authentication changes
client.setTimeout(30000);
client.getParams().setParameter("http.useragent", "X-HTTP-UserAgent: Mozilla/4.0 (compatible; MMozilla/4.0SIE 6.0");
client.getParams().setSoTimeout(3000);
client.getParams().setParameter("http.socket.timeout", new Integer(30000));
client.getHttpConnectionManager().getParams().setConnectionTimeout(30000);
getMethod = new GetMethod(url);
client.executeMethod(getMethod);
String xmlString = getMethod.getResponseBodyAsString();
System.out.println("Response from SP - \n" + xmlString);
} catch (HttpException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}{code}
Edited by: dhanyakairali on Nov 26, 2008 2:24 PMWhat do you mean by the following:
That's probably because it can't find a certificate that matches the cipher suites and CAs specified in the Certificate Request message
Is there some way this can be resolved?
Following is the debug output using IBM JDK1.4. The response from the server is as expected.
Dec 2, 2008 10:56:58 AM org.apache.commons.httpclient.auth.AuthChallengeProcesso
r selectAuthScheme
INFO: basic authentication scheme selected
IBMJSSEProvider Build-Level: -20050926
trustStore is: C:/test/telecom.ks
trustStore type is : jks
init truststore
This is a cert =[
Version: V3
Subject: [email protected], CN=TestAST, T=Programmer,
OU="Security Phrase - 1111+!", OU=Company - Test Networks, OU="www.verisi
gn.com/repository/CPS Incorp. by Ref.,LIAB.LTD(c)99", OU=Data Center, O=test P
repaid Solutions, ST=CA, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: IBMJCE RSA Public Key:
modulus:
13700328555797653992422405008895136799144702421032746442303924045960508846129827
37401767169101170952814528896263872577201854818466933232859315777147275637960851
92040201921570983415043931612942054809265710771489792766258003906198481883302677
501158985042407358121382552144568843482651891301118466381829467239017
public exponent:
65537
Validity: [From: Sun Mar 11 16:00:00 PST 2007,
To: Tue Mar 11 15:59:59 PST 2008]
Issuer: CN=test Prepaid Solutions CA, OU=Class 2 OnSite Individual Subscribe
r CA, OU=Terms of use at https://www.verisign.com/rpa (c)06, OU=VeriSign Trust N
etwork, O=test Prepaid Solutions, C=US
SerialNumber: [116300044034181362695735633430106044869]
Certificate Extensions: 5
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
[3]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
PolicyInformation: [
CertPolicyId: 2.16.840.1.113733.1.7.23.2
PolicyQualifiers: [PolicyQualifierInfo: [
CPSuri: [
object identifier: 1.3.6.1.5.5.7.2.1
uri: https://www.verisign.com/rpa]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
1 CRL Distribution Points:
Distribution Point: [
Distribution Point Name: [URIName: http://onsitecrl.verisign.com/testP
repaidSolutionsDataCenter/LatestCRL.crl]
Reason Flags: null
Issuer: null
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: a9 9a de a4 8a 63 6c d1 c4 a6 cd e1 28 13 90 e5 .....cl.........
0010: 0f bd ff 08 08 aa 45 05 a7 f0 a2 ea ed a7 82 77 ......E........w
0020: 9a 59 c1 5a 55 f9 d9 60 fe ff b9 bf 5e ac ae be .Y.ZU...........
0030: 6b 0f 12 b9 de 63 d2 34 90 6a 2d 43 6b 16 eb 22 k....c.4.j.Ck...
0040: f5 6e 2a c0 dc 95 75 7e 2f fe 5e a4 4d 76 0e ca .n....u.....Mv..
0050: 56 7f 20 d4 88 9b d9 00 0e b0 63 3a 62 2e da e1 V.........c.b...
0060: d8 a3 0c da 16 0e eb 3a c8 39 e4 23 b7 59 f9 03 .........9...Y..
0070: 68 e6 1c 6a 7f ce 89 ba e8 f1 02 87 7e 19 80 7e h..j............
0080: 33 8b 17 66 33 28 ce 5f f6 12 03 ba 48 60 06 4f 3..f3.......H..O
0090: b4 56 af 8d 0c 59 c3 0e ec 7f 76 37 82 03 30 70 .V...Y....v7..0p
00a0: 6d 7e de 9b 06 2b 41 13 19 e2 ca 2c 98 c6 82 7c m.....A.........
00b0: 5d dc d0 2d 23 27 24 28 08 a5 2d 24 1a 1e 20 44 ...............D
00c0: 63 cd b0 04 97 ac 71 97 04 12 f7 fe 79 40 d2 95 c.....q.....y...
00d0: 0c ea 3e 96 06 3d 28 04 a2 6d ec ef d1 61 17 19 .........m...a..
00e0: d0 bc 7d a9 a8 d7 86 28 68 cd 8c bd 88 02 48 76 ........h.....Hv
00f0: ac f8 58 9e 5a f6 12 22 7a 3d c1 77 52 e4 4a 1c ..X.Z...z..wR.J.
This is a cert =[
Version: V3
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.ne
t Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O
=Entrust.net, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: IBMJCE RSA Public Key:
modulus:
14060551710975481933679958427775412995993933516866022052634173307104123356793897
86029054872741136587347742365042373051727361425820266702866562193067033437895460
98897297163835299300640686715935681464440623967085658420014139658593602796229395
160423430303106875229776994060540049647635218875669343075088279205771
public exponent:
3
Validity: [From: Tue Oct 12 12:24:30 PDT 1999,
To: Sat Oct 12 12:54:30 PDT 2019]
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net
Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=
Entrust.net, C=US
SerialNumber: [939758062]
Certificate Extensions: 8
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: c4 fb 9c 29 7b 97 cd 4c 96 fc ee 5b b3 ca 99 74 .......L.......t
0010: 8b 95 ea 4c ...L
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0c 30 0a 1b 04 56 34 2e 30 03 02 04 90 ..0...V4.0....
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
2 CRL Distribution Points:
Distribution Point: [
Distribution Point Name: [CN=CRL1, CN=Entrust.net Client Certification A
uthority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS
incorp. by ref. limits liab., O=Entrust.net, C=US]
Reason Flags: null
Issuer: null
Distribution Point: [
Distribution Point Name: [URIName: http://www.entrust.net/CRL/Client1.cr
l]
Reason Flags: null
Issuer: null
[6]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
From: Tue Oct 12 12:24:30 PDT 1999, To: Sat Oct 12 12:24:30 PDT 2019]
[7]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: c4 fb 9c 29 7b 97 cd 4c 96 fc ee 5b b3 ca 99 74 .......L.......t
0010: 8b 95 ea 4c ...L
Algorithm: [MD5withRSA]
Signature:
0000: 3f ae 8a f1 d7 66 03 05 9e 3e fa ea 1c 46 bb a4 .....f.......F..
0010: 5b 8f 78 9a 12 48 99 f9 f4 35 de 0c 36 07 02 6b ..x..H...5..6..k
0020: 10 3a 89 14 81 9c 31 a6 7c b2 41 b2 6a e7 07 01 ......1...A.j...
0030: a1 4b f9 9f 25 3b 96 ca 99 c3 3e a1 51 1c f3 c3 .K..........Q...
0040: 2e 44 f7 b0 67 46 aa 92 e5 3b da 1c 19 14 38 30 .D..gF........80
0050: d5 e2 a2 31 25 2e f1 ec 45 38 ed f8 06 58 03 73 ...1....E8...X.s
0060: 62 b0 10 31 8f 40 bf 64 e0 5c 3e c5 4f 1f da 12 b..1...d....O...
0070: 43 ff 4c e6 06 26 a8 9b 19 aa 44 3c 76 b2 5c ec C.L.......D.v...
This is a cert =[
Version: V1
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authoriz
ed use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSig
n, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: IBMJCE RSA Public Key:
modulus:
14351375969537625669855198831991651295191487241251642784842741254494712862136652
49865861338724286276052570119645627384360370149490030232076841237655805776438569
02490012206184342797701338702212847300700510904054461415882447323962515420981673
690656531522653631627254509600778128478935206940338665570318609767527
public exponent:
65537
Validity: [From: Sun May 17 17:00:00 PDT 1998,
To: Tue Aug 01 16:59:59 PDT 2028]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorize
d use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign
, Inc.", C=US
SerialNumber: [167285380242319648451154478808036881606]
Algorithm: [SHA1withRSA]
Signature:
0000: 51 4d cd be 5c cb 98 19 9c 15 b2 01 39 78 2e 4d QM..........9x.M
0010: 0f 67 70 70 99 c6 10 5a 94 a4 53 4d 54 6d 2b af .gpp...Z..SMTm..
0020: 0d 5d 40 8b 64 d3 d7 ee de 56 61 92 5f a6 c4 1d ....d....Va.....
0030: 10 61 36 d3 2c 27 3c e8 29 09 b9 11 64 74 cc b5 .a6.........dt..
0040: 73 9f 1c 48 a9 bc 61 01 ee e2 17 a6 0c e3 40 08 s..H..a.........
0050: 3b 0e e7 eb 44 73 2a 9a f1 69 92 ef 71 14 c3 39 ....Ds...i..q..9
0060: ac 71 a7 91 09 6f e4 71 06 b3 ba 59 57 26 79 00 .q...o.q...YW.y.
0070: f6 f8 0d a2 33 30 28 d4 aa 58 a0 9d 9d 69 91 fd ....30...X...i..
This is a cert =[
Version: V3
Subject: [email protected], CN=Thawte Personal Basic CA,
OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western
Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: IBMJCE RSA Public Key:
modulus:
13253536386354654913138758702689025560687846640885974128606081482411288972669674
09593694394214448269934071264255335350958443035659786636087648033000633904576847
89299407573545577463510566656987897345834861794576009248121771398416136278226650
196253637652406375166996828928456019641867231766265750548967038620449
public exponent:
65537
Validity: [From: Sun Dec 31 16:00:00 PST 1995,
To: Thu Dec 31 15:59:59 PST 2020]
Issuer: [email protected], CN=Thawte Personal Basic CA, O
U=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western
Cape, C=ZA
SerialNumber: [0]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 2d e2 99 6b b0 3d 7a 89 d7 59 a2 94 01 1f 2b dd ...k..z..Y......
0010: 12 4b 53 c2 ad 7f aa a7 00 5c 91 40 57 25 4a 38 .KS.........W.J8
0020: aa 84 70 b9 d9 80 0f a5 7b 5c fb 73 c6 bd d7 8a ..p........s....
0030: 61 5c 03 e3 2d 27 a8 17 e0 84 85 42 dc 5e 9b c6 a..........B....
0040: b7 b2 6d bb 74 af e4 3f cb a7 b7 b0 e0 5d be 78 ..m.t..........x
0050: 83 25 94 d2 db 81 0f 79 07 6d 4f f4 39 15 5a 52 .......y.mO.9.ZR
0060: 01 7b de 32 d6 4d 38 f6 12 5c 06 50 df 05 5b bd ...2.M8....P....
0070: 14 4b a1 df 29 ba 3b 41 8d f7 63 56 a1 df 22 b1 .K.....A..cV....
This is a cert =[
Version: V3
Subject: CN=*.mercurypay.com, OU=Comodo PremiumSSL Wildcard, OU=Information Te
chnology, O=Mercury Payment Systems, STREET="72 Suttle Street, Suite M", L=Duran
go, ST=Colorado, POSTALCODE=81303, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: IBMJCE RSA Public Key:
modulus:
12552582405364904122368800557136600883426046147697390022111207038948008845421116
97612139262756746187884552197255250066841576447434719408180546101657839553295002
41981704931093809205287106190471023650551952772636758926085360687310943371751673
005150920927008661377022502832804963301450995642354061325253865423063
public exponent:
65537
Validity: [From: Thu Feb 01 16:00:00 PST 2007,
To: Wed Mar 12 15:59:59 PST 2008]
Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUS
T Network, L=Salt Lake City, ST=UT, C=US
SerialNumber: [69293248245822231088475549727641695166]
Certificate Extensions: 9
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://crt.comodoca.com/UTNAddTrustServerCA.crt, access
Method: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://crt.comodo.net/UTNAddTrustServerCA.crt]]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: c6 3a 32 8e d4 44 8f 6f 46 ff d9 db a7 48 6d 45 ..2..D.oF....HmE
0010: 62 78 25 a2 bx..
[5]: ObjectId: 2.5.29.37 Criticality=false
ExtKeyUsage [
1.3.6.1.5.5.7.3.1 1.3.6.1.5.5.7.3.2]
[6]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: a1 72 5f 26 1b 28 98 43 95 5d 07 37 d5 85 96 9d .r.....C...7....
0010: 4b d2 c3 45 K..E
[7]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
[8]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
PolicyInformation: [
CertPolicyId: 1.3.6.1.4.1.6449.1.2.1.3.4
PolicyQualifiers: [PolicyQualifierInfo: [
CPSuri: [
object identifier: 1.3.6.1.5.5.7.2.1
uri: https://secure.comodo.net/CPS]
[9]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
2 CRL Distribution Points:
Distribution Point: [
Distribution Point Name: [URIName: http://crl.comodoca.com/UTN-USERFirst
-Hardware.crl]
Reason Flags: null
Issuer: null
Distribution Point: [
Distribution Point Name: [URIName: http://crl.comodo.net/UTN-USERFirst-H
ardware.crl]
Reason Flags: null
Issuer: null
Algorithm: [SHA1withRSA]
Signature:
0000: 40 b2 e3 1d 81 d4 74 9b 1d cb ca c3 e9 6e 4f 5b ......t......nO.
0010: 54 9a 86 bf 53 4a d6 72 8d 88 e6 ff a9 03 ea 0a T...SJ.r........
0020: dd a4 f7 fc 21 ed 6a 4f f9 a1 d4 7a b2 da fc fb ......jO...z....
0030: bb a3 ab 8a a7 54 00 2a 12 dd e3 d6 29 96 42 d5 .....T........B.
0040: 9a e0 3e 1b 4e da 0e b6 5b 56 51 bd 63 f6 fe 62 ....N....VQ.c..b
0050: eb d3 5e 9f fb 71 7b 09 d0 ef 98 06 55 76 56 8b .....q......UvV.
0060: 9b a0 d9 c8 8a c3 fd df f9 81 39 16 65 1e 2e ac ..........9.e...
0070: 1c e5 b8 a6 76 ef 7b 18 50 d9 cd a1 cc 31 f3 d4 ....v...P....1..
0080: 79 f0 63 95 e7 97 15 28 c3 c6 2a 23 9d 62 08 f4 y.c..........b..
0090: 4b bd 23 eb 8d 72 7d 4b a9 49 83 63 fb 65 b7 b8 K....r.K.I.c.e..
00a0: 96 d8 13 2c 54 f2 11 7c 7d 30 55 f4 0e aa 13 eb ....T....0U.....
00b0: 83 bf ea 22 86 2a d8 4c db a6 21 b4 ce fd 0a 7d .......L........
00c0: bb 65 a5 a7 8f eb 84 1d 8c 3b c7 11 87 e2 06 ab .e..............
00d0: 64 24 ae 48 7c 28 77 db 78 0e a8 b4 a9 32 ff 15 d..H..w.x....2..
00e0: a0 64 65 18 f3 a3 30 3d 9e ed 8d 29 a4 a0 a1 61 .de...0........a
00f0: 3b 86 e2 36 dd 4b fc c9 92 36 e4 be 20 89 cc ab ...6.K...6......
This is a cert =[
Version: V3
Subject: CN=*.pinsprepaid.com, OU=PayGo Web Certificate, O=Test Network,
L=San Diego, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: IBMJCE RSA Public Key:
modulus:
16285445822297696212633924794811890815794019787240551300464692045229173045293235
50230392745826419206436177596443014635997679083703668232616210082740759395739089
19454275822427538242285978316988871614402763162307764241796571858989037339686419
365958906689885958381857638860003924094925916555184457276424623285201
public exponent:
65537
Validity: [From: Sat Dec 29 20:23:42 PST 2007,
To: Fri Dec 24 20:23:42 PST 2027]
Issuer: CN=*.pinsprepaid.com, OU=PayGo Web Certificate, O=Test Network, L
=San Diego, ST=California, C=US
SerialNumber: [10665365584614926415]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: a0 28 c8 12 0d dd 40 13 f5 22 d7 b6 c9 eb 42 ae ..............B.
0010: e1 14 66 94 ..f.
[CN=*.pinsprepaid.com, OU=PayGo Web Certificate, O=Test Network, L=San Dieg
o, ST=California, C=US]
SerialNumber: [10665365584614926415]
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: a0 28 c8 12 0d dd 40 13 f5 22 d7 b6 c9 eb 42 ae ..............B.
0010: e1 14 66 94 ..f.
Algorithm: [SHA1withRSA]
Signature:
0000: 9c 44 24 18 34 24 f7 74 87 24 96 60 44 83 e8 db .D..4..t....D...
0010: 1b ee 83 e9 e1 c3 56 7b 26 2f e3 5a 61 47 89 08 ......V....ZaG..
0020: ba 90 53 93 bd fa 4b bf d4 8e d3 f4 73 33 25 88 ..S...K.....s3..
0030: f1 03 33 03 b8 58 51 7f d0 e3 6c e5 52 6a 7e 13 ..3..XQ...l.Rj..
0040: b1 a6 fc 0a 35 0f c1 0f 5f cd 98 e3 15 34 3b 01 ....5........4..
0050: 4d 97 c4 46 f7 dc 4a 88 ac f8 9a a1 ed d7 2d 62 M..F..J........b
0060: d8 1b af 22 3c 80 af f1 d5 11 b0 b4 05 c8 31 71 ..............1q
0070: d5 dd 4a 42 d1 4c 97 f3 18 74 77 5f 0b 9b 10 7d ..JB.L...tw.....
This is a cert =[
Version: V3
Subject: CN=secure1.galileoprocessing.com, OU=Production, O=Galileo Processing
Inc., L=West Bountiful, ST=Utah, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: IBMJCE RSA Public Key:
modulus:
16585272136129690466708620936482853429710701504038078236367586054432000828333691
71917574804367890152416144664864739837342571709183400677965661645849511638944496
97747864586117452849688436666474856963873439961969030395107131294137520076094597
149589721904600686262918653808018055505396653031945227384584896096387
public exponent:
65537
Validity: [From: Mon Jan 14 16:00:00 PST 2008,
To: Mon Feb 28 15:59:59 PST 2011]
Issuer: [email protected], CN=Thawte Premium Server CA, O
U=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Weste
rn Cape, C=ZA
SerialNumber: [165265921466827562370348155546990963259]
Certificate Extensions: 4
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.thawte.com]]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
1 CRL Distribution Points:
Distribution Point: [
Distribution Point Name: [URIName: http://crl.thawte.com/ThawteServerPre
miumCA.crl]
Reason Flags: null
Issuer: null
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtKeyUsage [
1.3.6.1.5.5.7.3.1 1.3.6.1.5.5.7.3.2]
Algorithm: [SHA1withRSA]
Signature:
0000: 81 c0 8d bd d5 b7 6f 7f eb fc 93 33 c3 aa 0d 6f ......o....3...o
0010: d9 36 30 c9 af a0 01 a9 dd 75 1a 45 34 60 47 6f .60......u.E4.Go
0020: cb 52 65 8c 91 e6 f8 38 91 91 46 00 9f 4d 78 42 .Re....8..F..MxB
0030: 9f bf 4a 4e ff 63 cb 18 6f 6e 88 26 4e da e0 73 ..JN.c..on..N..s
0040: ed 49 4a e2 ab dc 01 db 3d fe 4c d7 99 1c 23 23 .IJ.......L.....
0050: f8 24 54 5b a0 bf 27 57 4c 0a f0 8e 3e 58 3f 5c ..T....WL....X..
0060: 03 da 09 0a 29 f2 f5 99 2b b0 da 0e 82 5b 18 cb ................
0070: 39 bd 14 91 62 ac 83 8a b9 b6 8c a4 e0 d9 fd e3 9...b...........
This is a cert =[
Version: V3
Subject: CN=*.questps.com.au, OU=Operations, O=Quest Payment Systems, L=Hawtho
rn, ST=Victoria, C=AU
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: IBMJCE RSA Public Key:
modulus:
13927401538401051481741625165099229029681926680820373629686880750356955603275739
35404946995026390516720126110345930925847480302939279377134754082062263865742071
20957396443715719965192780351342785833080978234789409963603439531488192089117237
143472365458965132391280159287801210635522967328773863585549974229739
public exponent:
65537
Validity: [From: Sun Jul 15 23:15:18 PDT 2007,
To: Tue Jul 15 23:15:18 PDT 2008]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [506317]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 e6 68 f9 2b d2 b2 95 d7 47 d8 23 20 10 4f 33 H.h......G....O3
0010: 98 90 9f d4 ....
[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
1 CRL Distribution Points:
Distribution Point: [
Distribution Point Name: [URIName: http://crl.geotrust.com/crls/secureca
.crl]
Reason Flags: null
Issuer: null
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0a 69 ce 61 f9 da 96 c8 b5 f9 36 81 43 f6 75 fb .i.a......6.C.u.
0010: e4 14 2f 0e ....
[5]: ObjectId: 2.5.29.37 Criticality=false
ExtKeyUsage [
1.3.6.1.5.5.7.3.1 1.3.6.1.5.5.7.3.2]
Algorithm: [SHA1withRSA]
Signature:
0000: 45 66 89 34 af 71 dc b1 fe 20 54 15 54 e8 9e b4 Ef.4.q....T.T...
0010: 75 da 1c 64 c3 9d e9 d7 91 99 a5 e6 50 88 2f 83 u..d........P...
0020: cb 14 e5 e1 5a 66 21 68 f3 2b 23 54 61 8e 88 95 ....Zf.h...Ta...
0030: ec b1 f3 86 d4 c3 3e c2 ee 09 25 78 fa f1 74 dc ...........x..t.
0040: a4 d2 73 14 7a 51 f0 82 9e 1f 93 00 f3 f0 94 b5 ..s.zQ..........
0050: c0 ba 48 9c 86 5f 5b 74 fd 8c 81 83 a7 35 27 cb ..H....t.....5..
0060: 31 3b e6 e8 3b b7 3c 26 fb 4e 4d 30 5e 32 e5 da 1........NM0.2..
0070: 83 e8 8c f9 3e 84 09 04 6d 61 40 ea 08 e7 ff c7 ........ma......
This is a cert =[
Version: V1
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="
(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O
="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: IBMJCE RSA Public Key:
modulus:
22096661060012873855689347974161418916763510073523357926358326864792592503123173
99490819292635395781267090128441774779218884243225403432375392329269925111338044
19877348645492891283661498502893173840787837475108926513618176408123228217171508
48579148188498107741752990085073340007737937361627542392633585717193577428778849
70689954598075001332363158305018470088291940060537606809254674162830802015825390
73549038990262947134158436810352799408298755647856794057801047782628775050960576
78977556854174242282489588564651152454691261263722936464927601734981930340276221
549179112855447214959676835981467313741947570713364283017
public exponent:
65537
Validity: [From: Thu Sep 30 17:00:00 PDT 1999,
To: Wed Jul 16 16:59:59 PDT 2036]
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(
c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O=
"VeriSign, Inc.", C=US
SerialNumber: [129520775995541613599859419027715677050]
Algorithm: [SHA1withRSA]
Signature:
0000: 34 26 15 3c c0 8d 4d 43 49 1d bd e9 21 92 d7 66 4.....MCI......f
0010: 9c b7 de c5 b8 d0 e4 5d 5f 76 22 c0 26 f9 84 3a .........v......
0020: 3a f9 8c b5 fb ec 60 f1 e8 ce 04 b0 c8 dd a7 03 ................
0030: 8f 30 f3 98 df a4 e6 a4 31 df d3 1c 0b 46 dc 72 .0......1....F.r
0040: 20 3f ae ee 05 3c a4 33 3f 0b 39 ac 70 78 73 4b .......3..9.pxsK
0050: 99 2b df 30 c2 54 b0 a8 3b 55 a1 fe 16 28 cd 42 ...0.T...U.....B
0060: bd 74 6e 80 db 27 44 a7 ce 44 5d d4 1b 90 98 0d .tn...D..D......
0070: 1e 42 94 b1 00 2c 04 d0 74 a3 02 05 22 63 63 cd .B......t....cc.
0080: 83 b5 fb c1 6d 62 6b 69 75 fd 5d 70 41 b9 f5 bf ....mbkiu..pA...
0090: 7c df be c1 32 73 22 21 8b 58 81 7b 15 91 7a ba ....2s...X....z.
00a0: e3 64 48 b0 7f fb 36 25 da 95 d0 f1 24 14 17 dd .dH...6.........
00b0: 18 80 6b 46 23 39 54 f5 8e 62 09 04 1d 94 90 a6 ..kF.9T..b......
00c0: 9b e6 25 e2 42 45 aa b8 90 ad be 08 8f a9 0b 42 ....BE.........B
00d0: 18 94 cf 72 39 e1 b1 43 e0 28 cf b7 e7 5a 6c 13 ...r9..C.....Zl.
00e0: 6b 49 b3 ff e3 18 7c 89 8b 33 5d ac 33 d7 a7 f9 kI.......3..3...
00f0: da 3a 55 c9 58 10 f9 aa ef 5a b6 cf 4b 4b df 2a ..U.X....Z..KK..
This is a cert =[
Version: V3
Subject: [email protected], CN=Thawte Personal Premium
CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Wes
tern Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: IBMJCE RSA Public Key:
modulus:
14142912792453816926684060849225594563491048166366460724276985519259966555971678
52869379882523038078369899938721755934187919620921836179968420049065941827306142
30211575508893419840570952601082644441415731845520305432484883710755881614381726
656557001768827822997905802020222847103928452492333928687906770815093
public exponent:
65537
Validity: [From: Sun Dec 31 16:00:00 PST 1995,
To: Thu Dec 31 15:59:59 PST 2020]
Issuer: [email protected], CN=Thawte Personal Premium C
A, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=West
ern Cape, C=ZA
SerialNumber: [0]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 69 36 89 f7 34 2a 33 72 2f 6d 3b d4 22 b2 b8 6f i6..4.3r.m.....o
0010: 9a c5 36 66 0e 1b 3c a1 b1 75 5a e6 fd 35 d3 f8 ..6f.....uZ..5..
0020: a8 f2 07 6f 85 67 8e de 2b b9 e2 17 b0 3a a0 f0 ...o.g..........
0030: 0e a2 00 9a df f3 14 15 6e bb c8 85 5a 98 80 f9 ........n...Z...
0040: ff be 74 1d 3d f3 fe 30 25 d1 37 34 67 fa a5 71 ..t....0..74g..q
0050: 79 30 61 29 72 c0 e0 2c 4c fb 56 e4 3a a8 6f e5 y0a.r...L.V...o.
0060: 32 59 52 db 75 28 50 59 0c f8 0b 19 e4 ac d9 af 2YR.u.PY........
0070: 96 8d 2f 50 db 07 c3 ea 1f ab 33 e0 f5 2b 31 89 ...P......3...1.
This is a cert =[
Version: V3
Subject: CN=*.backuppay.com, OU=Comodo PremiumSSL Wildcard, OU=Information Tec
hnology, O=Mercury Payment Systems, STREET="72 Suttle, Suite 'M'", L=Durango, ST
=Colorado, POSTALCODE=81303, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: IBMJCE RSA Public Key:
modulus:
13600061469090500423648422271274026009793773824200084939450792307466414518281905
78915137508617752173548436692455079898861149850144087985398167558687604694824219
94042711833635299385450526613233517165581563624887506491771190814673785574365279
979908619877143128523889569350716633683176043911091941941182416621337
public exponent:
65537
Validity: [From: Thu Feb 01 16:00:00 PST 2007,
To: Wed Mar 12 15:59:59 PST 2008]
Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUS
T Network, L=Salt Lake City, ST=UT, C=US
SerialNumber: [291946271077116231447010286015885314245]
Certificate Extensions: 9
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://crt.comodoca.com/UTNAddTrustServerCA.crt, access
Method: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://crt.comodo.net/UTNAddTrustServerCA.crt]]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: c1 a6 cc 48 48 b5 ed 73 ef 0a cd 2c 29 4c 62 b4 ...HH..s.....Lb.
0010: d0 ab bf 6e ...n
[5]: ObjectId: 2.5.29.37 Criticality=false
ExtKeyUsage [
1.3.6.1.5.5.7.3.1 1.3.6.1.5.5.7.3.2]
[6]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: a1 72 5f 26 1b 28 98 43 95 5d 07 37 d5 85 96 9d .r.....C...7....
0010: 4b d2 c3 45 K..E
[7]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
[8]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
PolicyInformation: [
CertPolicyId: 1.3.6.1.4.1.6449.1.2.1.3.4
PolicyQualifiers: [PolicyQualifierInfo: [
CPSuri: [
object identifier: 1.3.6.1.5.5.7.2.1
uri: https://secure.comodo.net/CPS]
[9]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
2 CRL Distribution Points:
Distribution Point: [
Distribution Point Name: [URIName: http://crl.comodoca.com/UTN-USERFirst
-Hardware.crl]
Reason Flags: null
Issuer: null
Distribution Point: [
Distribution Point Name: [URIName: http://crl.comodo.net/UTN-USERFirst-H
ardware.crl]
Reason Flags: null
Issuer: null
Algorithm: [SHA1withRSA]
Signature:
0000: a6 e4 56 7a 01 79 c3 28 2a b5 ad ae 58 0c 7c de ..Vz.y......X...
0010: bc a2 b7 85 e2 98 e1 18 c5 53 9e 20 bf e8 8f f2 .........S......
0020: 5e cc 1b 8c 86 47 e4 9d 4e 18 16 91 77 c6 05 7f .....G..N...w...
0030: d8 50 4b 94 09 8b ff 64 4b 90 8c 64 4a 78 b3 cb .PK....dK..dJx..
0040: d0 3f 46 65 e2 38 a3 0f c5 31 d1 2a c4 37 51 a7 ..Fe.8...1...7Q.
0050: 9a 47 d6 03 0b 48 50 6c 5a a2 5d 4f af 8f 6a 77 .G...HPlZ..O..jw
0060: 78 9f 71 a9 c7 8c ae e2 23 f4 2a 4b 48 e0 05 46 x.q........KH..F
0070: 4a 88 99 5f ca ef 09 95 f7 d4 37 6f 4a 4a 13 86 J.........7oJJ..
0080: 41 15 74 80 02 a8 02 80 29 fc 6d d6 e0 d3 a2 ad A.t.......m.....
0090: d9 4d ec 25 c3 a0 83 26 0f 7f b5 3d 7d 6f 0d 9a .M...........o..
00a0: 2e ab f3 cb 8b 5c d0 18 e3 20 bc 22 97 b6 a0 45 ...............E
00b0: 8a d0 0c f9 d9 1c 77 6e 17 ee 30 8f 5e 9e 7d c1 ......wn..0.....
00c0: d4 77 44 8e 3a 3a 7f ee ee e1 7b 1b 32 81 01 a8 .wD.........2...
00d0: 62 7e 82 55 be 6c 73 d3 12 a4 23 ab b9 ef ad 5a b..U.ls........Z
00e0: 73 7b 28 05 37 d9 69 13 8a 7a d4 31 e8 02 39 6f s...7.i..z.1..9o
00f0: ac f9 aa 5f b4 ea bd de 87 03 ee fb b0 80 16 49 ...............I
This is a cert =[
Version: V3
Subject: [email protected], CN=64.47.55.17, OU=MI
S, O=Cabelas Inc, L=Sidney, ST=Nebraska, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: IBMJCE RSA Public Key:
modulus:
13768870705676032884943158948133086707130963695630252713762741898658183420051882
41914160772118669025761340096644368492520897452521291473029710155067231617758619
45693847182035381145540493930157142197837425711697611478316115600616533780363229
520298453203636612811789291165305298410647569530743837859826680773901
public exponent:
65537
Validity: [From: Thu Oct 05 08:36:55 PDT 2006,
To: Su -
Client Code not connecting to WebLogic 8.1 with Mutual Authentication
I am trying to connect to a WebLogic 8.1 web services application. The weblogic instance has mutual authentication enabled, so the client needs to send a certificate when it does an SSL handshake with the server. I am trying to connect with standalone Java JUnit tests. Both the web services and the JUnit tests are using Apache Axis 1.4.0. I've obtained what I believe to be the appropriate certificates from the weblogic administrator that configured the mutual authentication. There is a certificate for the machine I'm trying to connect to, and two other certificates in the chain (three certificates all together, including the root). I've tried several different methods of putting those three certificates in keystores and trust keystores, reading in those keystores in my java code, and connecting to the web services, and I always end up with the same error in the WebLogic server logs. "Certificate chain receved from <ip address> was incomplete."
Here is an example of my code:
I initialize like so:
Properties tempProperties = // (here is where I obtain my properties from a properties file... code removed for security reasons)
System.setProperty("javax.net.ssl.trustStore", tempProperties.getProperty("trust.keystore.file"));
System.setProperty("javax.net.ssl.trustStorePassword", tempProperties.getProperty("trust.keystore.password"));
System.setProperty("javax.net.ssl.trustStoreType", "jks");
System.setProperty("javax.net.ssl.keyStore", tempProperties.getProperty("keystore.file"));
System.setProperty("javax.net.ssl.keyStorePassword", tempProperties.getProperty("keystore.password")); System.setProperty("javax.net.ssl.keyStoreType", "jks");
System.setProperty ( "java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol" );
Security.addProvider ( new com.sun.net.ssl.internal.ssl.Provider ( ) );
I bind to the appropriate port and locate the service, etc. using auto-generated methods descendant from Apache Axis. No matter what I try, I get the same results. The client says: main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
The server log says: Certificate chain received from <ip address> was incomplete.
I've even tried implementing a custom SSL handler as described here http://alweb.homeip.net/dw0rm/dblog/?p=38, and I can verify by stepping into my code that everything gets initialized and set up correctly, and that all three certificates in the chain that I need are obtained from my keystore, but I still get the same error on the client and the server. I've enabled ssl handshake debugging on my client and I can see the whole certificate chain being output to the debug console.
Any idea what I might be doing wrong?My guess would be that the server is not able to validate your certificate. Make sure that the CA for your certificate is trusted by WLS.
I always like to debug something like this by add -Djavax.net.debug=ssl to both the client and server. It should give you a complete picture of what is going on.
Edited by: joshbregmanoracle on May 20, 2009 8:49 PM -
Error when invoking webservice on https (unable to find valid certification
I have a webservice which run on https..
When I made a simple test (jsp) page on my local computer all works fine (jdeveloper 10g) ..
When I deploy the ear file to remote oc4j and run the test page I get the error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
My test page is just simple jsp page with some system parameters like this:
================
String dir = request.getRealPath("/cert");
System.getProperties().put("javax.net.ssl.keyStore", dir + "/adriatic.p12");
System.getProperties().put("javax.net.ssl.keyStorePassword", "as-p4ss");
System.getProperties().put("javax.net.ssl.keyStoreType", "PKCS12");
System.getProperties().put("javax.net.ssl.trustStore", dir + "/service.megapos.si.jks");
System.getProperties().put("javax.net.ssl.trustStorePassword", "megapos");
System.getProperties().put("javax.net.ssl.trustStoreType", "JKS");
================
why this works on windows and doesn't work on linux?
All paths to my certificare and truststore are correct.
On my local pc (windows) there is a Jdeveloper Oc4j version (10.1.2.0.2) and works fine
On linux there is a oc4j version 10.1.3.4.0 and doesn't work..
thank you for any helpPeter,
Apparently the linux jdk/jre doesn't have the ability to validate the certificate being used.
I dunno if [url http://www.java-samples.com/showtutorial.php?tutorialid=210]this might help you?
John -
Certificate error while connecting to multiple web service
I am having a web service test client through which I can connects and get reports from multiple web services.
In Development unix box, we are using "self-signed certificate" using keystore type JKS. In Production server, we are using certificate from CA.
The web service is running in Development and in Production.
Now I have developed single test client with a drop down selection for different web services. For example, if we select "Development", the request will go the development web service and if we select "Production", the request will go to Production web service.
Now while connecting to Develpment service, we are settings the below certificates details Because we are using the self signed certificate.
System.setProperty("javax.net.ssl.keyStore",keyStoreFileLocation);
System.setProperty("javax.net.ssl.keyStorePassword",keyStorePassword);
System.setProperty("javax.net.ssl.keyStoreType", keyStoreType);
System.setProperty("javax.net.ssl.trustStoreType",trustStoreType);
System.setProperty("javax.net.ssl.trustStore",trustStoreFileLocation);
System.setProperty("javax.net.ssl.trustStorePassword",trustStorePassword);
I am clearing the System properties using the System.clearProperty() while pointing to Production service. because in Production we are using the CA certificate from Thawte so these details are not required at all and our JRE (java 5) is pre configured to support that CA certificate.
I am using Resin-2.1.12, axis1.2 and java5.
Now the problem is
(1) for the first time, when I send the request to Production Service URL, the report gets generated. For the next time when we are running against Development, it's giving below certificate error.
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
(2) Now restart resin and run the test client against Developemnt service URL, here report gets generated and for the next time, run the test client against Production, it's giving the certificate error.
So for the 2nd request, it always gives the error irrespective of the web service instance selected.
Please suggest ....thanks in advance.Hi ,
No, due to the issue is happening only on one computer.
The error "(401) Unauthorized" usually indicates that the connection has been established but the permission check fails. InfoPath Form Services uses the application pool identity of the web
application to connect to resources.
Does the account which login the computer have permission to connect to User Profile Service Application?
For a workaround, you can go to IIS Manager , set the User Profile Application Pool to Anonymous Access and try again.
Also you can have a look at the blog:
http://sharepointconnoisseur.blogspot.in/2011/04/how-to-resolve-401-unauthorized-error.html
Best Regards,
Eric
Eric Tao
TechNet Community Support -
How to invoke secure web service from BPEL in SOA 11g
In SOA 11g I have a simple bpel process in which I am invoking a secured webservice as partnerlink. The webservice which is used in bpel process is deployed in weblogic and the SSL port is enabled on weblogic server. The wsdl url starts with "https:\\hostname:port\servicename?wsdl"
But I am getting compilation errors when i compiled the BPEL code
Error(16,65): Load of wsdl "AddressBookManager.wsdl" failed
Error(19,30): Load of wsdl "https://hostname:port/DV900/AddressBookManager?wsdl" failed
Error(35,102): Cannot find Port Type "{http://oracle.e1.bssv.JP010000/}Oracle_E1_SBF_SEI_PkgBldFile_AddressBookManager" for "AddressBookManager" in WSDL Manager
Can anyone please help me out in resolving this.
Thanks,
Shameem banu.Solution is you need to import the keystore into Jdeveloper jdk first.
keytool -import -alias <name> -file <name>.pem -keystore <name>.jks -storepass <passwd>
All details in <> are your specific keystore,pwd details.
Then go to Jdeveloper/jdev/bin
add the following to
jdev.conf file
AddVMOption -Djavax.net.ssl.trustStore=path_to_keystore\keystorename.jks
AddVMOption -Djavax.net.ssl.trustStorePassword=password
Then you can create partner link for https based wsdl
Good Luck -
Save Attachment from exchange server 2010 from oracle using java mail API
Hello,
I want to read email from microsoft exchangeserver 2010 and save attachement into a folder.I created an Java program to import attachments from a exchange server mailbox using "POP3S".It works fine when run as a java application.But when i put this inside Oracle11g R2 using load java and while executing from a procedure it gives an error at parsing message into Multipart
Error at line : Multipart mp = (Multipart)m.getContent();
Error:
Content-Type: multipart/mixed;
boundary="_002_A0C2E09A..................................."
java.lang.ClassCastException
at mailPop3.checkmail(mailPop3:71)
My Java Class is as follows,
import java.io.*;
import java.util.Properties;
import javax.mail.*;
import javax.mail.internet.*;
import java.util.Date;
The function i used to check for attachments is given below.
public static boolean hasAttachments(Message m) throws java.io.IOException, MessagingException
Boolean hasAttachments = false;
try
// if it is a plain/html text - no attachements
if (m.isMimeType("text/*"))
return hasAttachments;
else if (m.isMimeType("multipart/alternative"))
return hasAttachments;
else if (m.isMimeType("multipart/*"))
Multipart mp = (Multipart)m.getContent();
if (mp.getCount() > 1)
hasAttachments = true;
return hasAttachments;
catch (Exception e) {
e.printStackTrace();
} finally {
return hasAttachments;
My Java Details as follows
java Version :1.5.0_10
java.vm.specification.version:1.0
java.vm.version :1.5.0_01
java.specification.version:1.5
java.class.version:48.0
Java mail API:javamail-1.4.4
Used Jars:mail.jar
Could someone explain why I am getting this error? What can I do to resolve this error?
Is any other Jar need other than mail.jar?
Any help would be much appreciated.
Regards,
NisanthHai EJP,
Thanks for your reply,
My full java class as follows,
import java.util.Properties;
import javax.mail.Authenticator;
import javax.mail.Folder;
import javax.mail.Message;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import javax.mail.Store;
import javax.mail.Part;
import javax.mail.Multipart;
import javax.mail.internet.MimeMultipart;
import javax.mail.internet.MimeMessage;
public class Newmail
public Newmail()
super();
public static int mailPOP3(String phost,
String pusername,
String ppassword)
Folder inbox =null;
Store store =null;
int result = 1;
try
String host=phost;
final String username=pusername;
final String password=ppassword;
System.out.println("Authenticator");
Authenticator auth=new Authenticator()
protected PasswordAuthentication getPasswordAuthentication()
return new PasswordAuthentication(username, password);
System.out.println("Certificate");
String filename="D:\\Certi\\jssecacerts";
String password2 = "changeit";
System.setProperty("javax.net.ssl.trustStore",filename);
System.setProperty("javax.net.ssl.trustStorePassword",password2);
Properties props = System.getProperties();
System.out.println("host-----"+props);
props.setProperty("mail.pop3s.port", "993");
props.setProperty("mail.pop3s.starttls.enable","true");
props.setProperty("mail.pop3s.ssl.trust", "*");
Session session = Session.getInstance(props,auth);
session.setDebug(true);
store = session.getStore("pop3s");
System.out.println("store------"+store);
store.connect(host,username,password);
System.out.println("Connected...");
inbox = store.getDefaultFolder().getFolder("INBOX");
inbox.open(Folder.READ_ONLY);
Message[] msgs = inbox.getMessages();
System.out.println("msgs.length-----"+msgs.length);
result = 0;
int no_of_messages = msgs.length;
for ( int i=0; i < no_of_messages; i++)
System.out.println("msgs.count-----"+i);
System.out.println("Attachment....>"+msgs.getContentType());
Multipart mp = (Multipart)msgs[i].getContent();
System.out.println("Casting Success" + mp.getContentType());
catch(Exception e)
e.printStackTrace();
finally
try
if(inbox!=null)
inbox.close(false);
if(store!=null)
store.close();
return result;
catch(Exception e)
e.printStackTrace();
return result;
Please check it
Regards,
Nisanth
Maybe you are looking for
-
ICloud mail never stops trying to get new mail
Running 10.7.2 on my MacBook Air, the whirling symbol indicates that the iCloud account never stops looking for new mail. Other accounts do not do this. This does not occur on my MacPro, my I pad or my iphone, either. Is there anything I can do to st
-
I backed up my database on old Notebook SQLSTRINGCONNECT worked all day for any database in SQL SERVR I created have brand new computer Notebook installed SQL SERVER 2008 THE EXACT SAME WAY I RESTORED THE DATABASE However, I cannot connect to
-
Hello, I am trying to use CARO_ROUTING_READ FM to get the routing details related to PLNNR number. I am providing the following input as datuv : 01.01.2010 PLNNR :50093636 PLNTY: N PLNAL : 1 When i call the FM using my sample report it is giving sy
-
I cannot open files- whether my own or from another source
Every time I go to open a file from the documents I edited in Photoshop Elements 10, this error message shows up: What in the world is going on here? I also cannot open up PDF links -- another error message comes up. I originally started a similar di
-
Cosuming webservice+ 500 error
Hi all, I have a question. I am trying to consume SAP Web Services via proxy. Certain things I should make clear. 1. I am not using SAP NetWeaver Developer Studio to create the proxy. I used apache axis wsdl2java tool to create the proxy from the wsd