Andrea, on a long shot, are you perhaps using OpenSSL 0.9.8j on the client? This particular version of OpenSSL is known to have SSL/TLS handshake issues.
Tom On Tue, Feb 24, 2009 at 10:53 AM, Andrea Turli <[email protected]> wrote: > Hi all, > > I'm trying to consume a secure Axis Web service (the voms server in > https) but I've many problems. In particular, I'm using this code in a > -nosec container (GT4.1) > > static { > Util.registerTransport(); > } > .... > VOMSAdminServiceLocator locator = new VOMSAdminServiceLocator(); > URL vomsAdminURL = new > URL("https://my_server:8443/voms/myVO/services/VOMSAdmin";); > > VOMSAdmin stub = locator.getVOMSAdmin(vomsAdminURL); > > // credentials > stub._setProperty(GSIConstants.GSI_CREDENTIALS, credentials); > > // Authentication method > stub._setProperty(Constants.GSI_SEC_CONV, > Constants.ENCRYPTION); > > // delegation > stub._setProperty(GSIConstants.GSI_MODE, > GSIConstants.GSI_MODE_NO_DELEG); > > // set Context lifetime > stub._setProperty(Constants.CONTEXT_LIFETIME, 300); > > > try { > stub.createUser(user); > logger.info("User created with CN " + username + " with DN " + dn > + " with CA " + ca + " with mail " + email); > } catch (Exception e) { > e.printStackTrace(); > throw e; > } > > and I get this fault: > AxisFault > faultCode: > {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}General > faultSubcode: > faultString: ; nested exception is: > org.globus.common.ChainedIOException: Authentication failed [Caused > by: Failure unspecified at GSS-API level [Caused by: Handshake > failure]] > faultActor: > faultNode: > faultDetail: > {http://xml.apache.org/axis/}stackTrace:AxisFault > faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException > faultSubcode: > faultString: org.globus.common.ChainedIOException: Authentication > failed [Caused by: Failure unspecified at GSS-API level [Caused by: > Handshake failure]] > faultActor: > faultNode: > faultDetail: > {http://xml.apache.org/axis/}stackTrace:Authentication failed. Caused > by Failure unspecified at GSS-API level. Caused by > COM.claymoresystems.ptls.SSLCaughtAlertException: Handshake failure > at > COM.claymoresystems.ptls.SSLRecordReader.processAlert(SSLRecordReader.java:153) > at > COM.claymoresystems.ptls.SSLRecordReader.readRecord(SSLRecordReader.java:90) > at > COM.claymoresystems.ptls.SSLHandshake.recvHandshakeToken(SSLHandshake.java:177) > at > COM.claymoresystems.ptls.SSLHandshakeClient.processTokens(SSLHandshakeClient.java:108) > at > COM.claymoresystems.ptls.SSLHandshake.processHandshake(SSLHandshake.java:135) > at > org.globus.gsi.gssapi.GlobusGSSContextImpl.initSecContext(GlobusGSSContextImpl.java:483) > at > org.globus.gsi.gssapi.net.GssSocket.authenticateClient(GssSocket.java:102) > at > org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:140) > at > org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:161) > at > org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:433) > at > org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:135) > at > org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) > at org.apache.axis.client.Call.invokeEngine(Call.java:2727) > at org.apache.axis.client.Call.invoke(Call.java:2710) > at org.apache.axis.client.Call.invoke(Call.java:2386) > at org.apache.axis.client.Call.invoke(Call.java:2309) > at org.apache.axis.client.Call.invoke(Call.java:1766) > at > org.globus.wsrf.security.impl.secconv.SecureConversationSOAPBindingStub.requestSecurityToken(SecureConversationSOAPBindingStub.java:1153) > at > org.globus.wsrf.impl.security.authentication.secureconv.Authenticator.authenticate(Authenticator.java:95) > at > org.globus.wsrf.impl.security.authentication.secureconv.SecContextHandler.handleRequest(SecContextHandler.java:265) > at > org.apache.axis.handlers.HandlerChainImpl.handleRequest(HandlerChainImpl.java:105) > at org.apache.axis.handlers.JAXRPCHandler.invoke(JAXRPCHandler.java:52) > at > org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127) > at org.apache.axis.client.Call.invokeEngine(Call.java:2727) > at org.apache.axis.client.Call.invoke(Call.java:2710) > at org.apache.axis.client.Call.invoke(Call.java:2386) > at org.apache.axis.client.Call.invoke(Call.java:2309) > at org.apache.axis.client.Call.invoke(Call.java:1766) > at > org.glite.wsdl.services.org_glite_security_voms_service_admin.VOMSAdminSoapBindingStub.createUser(VOMSAdminSoapBindingStub.java:905) > at > org.gcube.vomanagement.credentialsrenewal.impl.Delegator.addVOMSUser(Delegator.java:415) > at > org.gcube.vomanagement.credentialsrenewal.impl.CredentialsAccountResource.initialise(CredentialsAccountResource.java:694) > at > org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:91) > at > org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:34) > at > org.gcube.common.core.state.GCUBEResourceHome._create(GCUBEResourceHome.java:279) > at > org.gcube.common.core.state.GCUBEResourceHome.create(GCUBEResourceHome.java:250) > at org.gcube.common.core.state.GCUBEWSHome.create(GCUBEWSHome.java:164) > at > org.gcube.vomanagement.credentialsrenewal.impl.CredentialsRenewalService.createCAAccountOperation(CredentialsRenewalService.java:84) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at > org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:384) > at > org.globus.axis.providers.RPCProvider.invokeMethodSub(RPCProvider.java:107) > at > org.globus.axis.providers.PrivilegedInvokeMethodAction.run(PrivilegedInvokeMethodAction.java:42) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:396) > at org.globus.gsi.jaas.GlobusSubject.runAs(GlobusSubject.java:55) > at org.globus.gsi.jaas.JaasSubject.doAs(JaasSubject.java:90) > at > org.globus.axis.providers.RPCProvider.invokeMethod(RPCProvider.java:97) > at > org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:281) > at > org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:319) > at > org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > at > org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:450) > at org.apache.axis.server.AxisServer.invoke(AxisServer.java:285) > at > org.globus.wsrf.container.ServiceThread.doPost(ServiceThread.java:664) > at > org.globus.wsrf.container.ServiceThread.process(ServiceThread.java:382) > at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291) > > {http://xml.apache.org/axis/}hostname:grids16.eng.it > > org.globus.common.ChainedIOException: Authentication failed [Caused > by: Failure unspecified at GSS-API level [Caused by: Handshake > failure]] > at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) > at > org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144) > at > org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) > at org.apache.axis.client.Call.invokeEngine(Call.java:2727) > at org.apache.axis.client.Call.invoke(Call.java:2710) > at org.apache.axis.client.Call.invoke(Call.java:2386) > at org.apache.axis.client.Call.invoke(Call.java:2309) > at org.apache.axis.client.Call.invoke(Call.java:1766) > at > org.globus.wsrf.security.impl.secconv.SecureConversationSOAPBindingStub.requestSecurityToken(SecureConversationSOAPBindingStub.java:1153) > at > org.globus.wsrf.impl.security.authentication.secureconv.Authenticator.authenticate(Authenticator.java:95) > at > org.globus.wsrf.impl.security.authentication.secureconv.SecContextHandler.handleRequest(SecContextHandler.java:265) > at > org.apache.axis.handlers.HandlerChainImpl.handleRequest(HandlerChainImpl.java:105) > at org.apache.axis.handlers.JAXRPCHandler.invoke(JAXRPCHandler.java:52) > at > org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127) > at org.apache.axis.client.Call.invokeEngine(Call.java:2727) > at org.apache.axis.client.Call.invoke(Call.java:2710) > at org.apache.axis.client.Call.invoke(Call.java:2386) > at org.apache.axis.client.Call.invoke(Call.java:2309) > at org.apache.axis.client.Call.invoke(Call.java:1766) > at > org.glite.wsdl.services.org_glite_security_voms_service_admin.VOMSAdminSoapBindingStub.createUser(VOMSAdminSoapBindingStub.java:905) > at > org.gcube.vomanagement.credentialsrenewal.impl.Delegator.addVOMSUser(Delegator.java:415) > at > org.gcube.vomanagement.credentialsrenewal.impl.CredentialsAccountResource.initialise(CredentialsAccountResource.java:694) > at > org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:91) > at > org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:34) > at > org.gcube.common.core.state.GCUBEResourceHome._create(GCUBEResourceHome.java:279) > at > org.gcube.common.core.state.GCUBEResourceHome.create(GCUBEResourceHome.java:250) > at org.gcube.common.core.state.GCUBEWSHome.create(GCUBEWSHome.java:164) > at > org.gcube.vomanagement.credentialsrenewal.impl.CredentialsRenewalService.createCAAccountOperation(CredentialsRenewalService.java:84) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at > org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:384) > at > org.globus.axis.providers.RPCProvider.invokeMethodSub(RPCProvider.java:107) > at > org.globus.axis.providers.PrivilegedInvokeMethodAction.run(PrivilegedInvokeMethodAction.java:42) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:396) > at org.globus.gsi.jaas.GlobusSubject.runAs(GlobusSubject.java:55) > at org.globus.gsi.jaas.JaasSubject.doAs(JaasSubject.java:90) > at > org.globus.axis.providers.RPCProvider.invokeMethod(RPCProvider.java:97) > at > org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:281) > at > org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:319) > at > org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > at > org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:450) > at org.apache.axis.server.AxisServer.invoke(AxisServer.java:285) > at > org.globus.wsrf.container.ServiceThread.doPost(ServiceThread.java:664) > at > org.globus.wsrf.container.ServiceThread.process(ServiceThread.java:382) > at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291) > Caused by: org.globus.common.ChainedIOException: Authentication failed > [Caused by: Failure unspecified at GSS-API level [Caused by: Handshake > failure]] > at > org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:145) > at > org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:161) > at > org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:433) > at > org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:135) > ... 54 more > > {http://xml.apache.org/axis/}hostname:grids16.eng.it > > ; nested exception is: > org.globus.common.ChainedIOException: Authentication failed [Caused > by: Failure unspecified at GSS-API level [Caused by: Handshake > failure]] > at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) > at org.apache.axis.client.AxisClient.invoke(AxisClient.java:216) > at org.apache.axis.client.Call.invokeEngine(Call.java:2727) > at org.apache.axis.client.Call.invoke(Call.java:2710) > at org.apache.axis.client.Call.invoke(Call.java:2386) > at org.apache.axis.client.Call.invoke(Call.java:2309) > at org.apache.axis.client.Call.invoke(Call.java:1766) > at > org.glite.wsdl.services.org_glite_security_voms_service_admin.VOMSAdminSoapBindingStub.createUser(VOMSAdminSoapBindingStub.java:905) > at > org.gcube.vomanagement.credentialsrenewal.impl.Delegator.addVOMSUser(Delegator.java:415) > at > org.gcube.vomanagement.credentialsrenewal.impl.CredentialsAccountResource.initialise(CredentialsAccountResource.java:694) > at > org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:91) > at > org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:34) > at > org.gcube.common.core.state.GCUBEResourceHome._create(GCUBEResourceHome.java:279) > at > org.gcube.common.core.state.GCUBEResourceHome.create(GCUBEResourceHome.java:250) > at org.gcube.common.core.state.GCUBEWSHome.create(GCUBEWSHome.java:164) > at > org.gcube.vomanagement.credentialsrenewal.impl.CredentialsRenewalService.createCAAccountOperation(CredentialsRenewalService.java:84) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at > org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:384) > at > org.globus.axis.providers.RPCProvider.invokeMethodSub(RPCProvider.java:107) > at > org.globus.axis.providers.PrivilegedInvokeMethodAction.run(PrivilegedInvokeMethodAction.java:42) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:396) > at org.globus.gsi.jaas.GlobusSubject.runAs(GlobusSubject.java:55) > at org.globus.gsi.jaas.JaasSubject.doAs(JaasSubject.java:90) > at > org.globus.axis.providers.RPCProvider.invokeMethod(RPCProvider.java:97) > at > org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:281) > at > org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:319) > at > org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > at > org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:450) > at org.apache.axis.server.AxisServer.invoke(AxisServer.java:285) > at > org.globus.wsrf.container.ServiceThread.doPost(ServiceThread.java:664) > at > org.globus.wsrf.container.ServiceThread.process(ServiceThread.java:382) > at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291) > Caused by: javax.xml.rpc.soap.SOAPFaultException: ; nested exception is: > org.globus.common.ChainedIOException: Authentication failed [Caused > by: Failure unspecified at GSS-API level [Caused by: Handshake > failure]] > at > org.globus.wsrf.impl.security.authentication.wssec.WSSecurityFault.makeFault(WSSecurityFault.java:105) > at > org.globus.wsrf.impl.security.authentication.secureconv.SecContextHandler.handleRequest(SecContextHandler.java:273) > at > org.apache.axis.handlers.HandlerChainImpl.handleRequest(HandlerChainImpl.java:105) > at org.apache.axis.handlers.JAXRPCHandler.invoke(JAXRPCHandler.java:52) > at > org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127) > ... 36 more > > > I've tried to invoke the same voms server from a java client and I've > no problem. > Could you give me any kind of support? > > Thank you, > Andrea >
