I've checked the version installed in the server
$ rpm -qa | grep openssl
openssl-0.9.7a-33.24
Does also this version have known issues?
Btw, could it be a problem related to the "stubs format"?
I've generated these stubs starting from wsdl distributed by voms
developers (in attachment) with this ant command:
<java classname="org.apache.axis.wsdl.WSDL2Java" fork="true">
<arg line="-o ${build.stubs.src.dir} --noWrapped
glite-security-voms-admin-2.0.2.wsdl"/>
<classpath>
<fileset dir="${container.dir}/lib">
<include name="*.jar" />
</fileset>
</classpath>
</java>
Did I make any mistakes?
Andrea
On Tue, Feb 24, 2009 at 10:31 PM, Tom Scavo <[email protected]> wrote:
> Andrea, on a long shot, are you perhaps using OpenSSL 0.9.8j on the
> client? This particular version of OpenSSL is known to have SSL/TLS
> handshake issues.
>
> Tom
>
> On Tue, Feb 24, 2009 at 10:53 AM, Andrea Turli <[email protected]> wrote:
>> Hi all,
>>
>> I'm trying to consume a secure Axis Web service (the voms server in
>> https) but I've many problems. In particular, I'm using this code in a
>> -nosec container (GT4.1)
>>
>> static {
>> Util.registerTransport();
>> }
>> ....
>> VOMSAdminServiceLocator locator = new VOMSAdminServiceLocator();
>> URL vomsAdminURL = new
>> URL("https://my_server:8443/voms/myVO/services/VOMSAdmin";);
>>
>> VOMSAdmin stub = locator.getVOMSAdmin(vomsAdminURL);
>>
>> // credentials
>> stub._setProperty(GSIConstants.GSI_CREDENTIALS, credentials);
>>
>> // Authentication method
>> stub._setProperty(Constants.GSI_SEC_CONV,
>> Constants.ENCRYPTION);
>>
>> // delegation
>> stub._setProperty(GSIConstants.GSI_MODE,
>> GSIConstants.GSI_MODE_NO_DELEG);
>>
>> // set Context lifetime
>> stub._setProperty(Constants.CONTEXT_LIFETIME, 300);
>>
>>
>> try {
>> stub.createUser(user);
>> logger.info("User created with CN " + username + " with DN " + dn
>> + " with CA " + ca + " with mail " + email);
>> } catch (Exception e) {
>> e.printStackTrace();
>> throw e;
>> }
>>
>> and I get this fault:
>> AxisFault
>> faultCode:
>> {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}General
>> faultSubcode:
>> faultString: ; nested exception is:
>> org.globus.common.ChainedIOException: Authentication failed [Caused
>> by: Failure unspecified at GSS-API level [Caused by: Handshake
>> failure]]
>> faultActor:
>> faultNode:
>> faultDetail:
>> {http://xml.apache.org/axis/}stackTrace:AxisFault
>> faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
>> faultSubcode:
>> faultString: org.globus.common.ChainedIOException: Authentication
>> failed [Caused by: Failure unspecified at GSS-API level [Caused by:
>> Handshake failure]]
>> faultActor:
>> faultNode:
>> faultDetail:
>> {http://xml.apache.org/axis/}stackTrace:Authentication failed. Caused
>> by Failure unspecified at GSS-API level. Caused by
>> COM.claymoresystems.ptls.SSLCaughtAlertException: Handshake failure
>> at
>> COM.claymoresystems.ptls.SSLRecordReader.processAlert(SSLRecordReader.java:153)
>> at
>> COM.claymoresystems.ptls.SSLRecordReader.readRecord(SSLRecordReader.java:90)
>> at
>> COM.claymoresystems.ptls.SSLHandshake.recvHandshakeToken(SSLHandshake.java:177)
>> at
>> COM.claymoresystems.ptls.SSLHandshakeClient.processTokens(SSLHandshakeClient.java:108)
>> at
>> COM.claymoresystems.ptls.SSLHandshake.processHandshake(SSLHandshake.java:135)
>> at
>> org.globus.gsi.gssapi.GlobusGSSContextImpl.initSecContext(GlobusGSSContextImpl.java:483)
>> at
>> org.globus.gsi.gssapi.net.GssSocket.authenticateClient(GssSocket.java:102)
>> at
>> org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:140)
>> at
>> org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:161)
>> at
>> org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:433)
>> at
>> org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:135)
>> at
>> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
>> at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
>> at org.apache.axis.client.Call.invoke(Call.java:2710)
>> at org.apache.axis.client.Call.invoke(Call.java:2386)
>> at org.apache.axis.client.Call.invoke(Call.java:2309)
>> at org.apache.axis.client.Call.invoke(Call.java:1766)
>> at
>> org.globus.wsrf.security.impl.secconv.SecureConversationSOAPBindingStub.requestSecurityToken(SecureConversationSOAPBindingStub.java:1153)
>> at
>> org.globus.wsrf.impl.security.authentication.secureconv.Authenticator.authenticate(Authenticator.java:95)
>> at
>> org.globus.wsrf.impl.security.authentication.secureconv.SecContextHandler.handleRequest(SecContextHandler.java:265)
>> at
>> org.apache.axis.handlers.HandlerChainImpl.handleRequest(HandlerChainImpl.java:105)
>> at
>> org.apache.axis.handlers.JAXRPCHandler.invoke(JAXRPCHandler.java:52)
>> at
>> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
>> at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
>> at org.apache.axis.client.Call.invoke(Call.java:2710)
>> at org.apache.axis.client.Call.invoke(Call.java:2386)
>> at org.apache.axis.client.Call.invoke(Call.java:2309)
>> at org.apache.axis.client.Call.invoke(Call.java:1766)
>> at
>> org.glite.wsdl.services.org_glite_security_voms_service_admin.VOMSAdminSoapBindingStub.createUser(VOMSAdminSoapBindingStub.java:905)
>> at
>> org.gcube.vomanagement.credentialsrenewal.impl.Delegator.addVOMSUser(Delegator.java:415)
>> at
>> org.gcube.vomanagement.credentialsrenewal.impl.CredentialsAccountResource.initialise(CredentialsAccountResource.java:694)
>> at
>> org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:91)
>> at
>> org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:34)
>> at
>> org.gcube.common.core.state.GCUBEResourceHome._create(GCUBEResourceHome.java:279)
>> at
>> org.gcube.common.core.state.GCUBEResourceHome.create(GCUBEResourceHome.java:250)
>> at
>> org.gcube.common.core.state.GCUBEWSHome.create(GCUBEWSHome.java:164)
>> at
>> org.gcube.vomanagement.credentialsrenewal.impl.CredentialsRenewalService.createCAAccountOperation(CredentialsRenewalService.java:84)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:585)
>> at
>> org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:384)
>> at
>> org.globus.axis.providers.RPCProvider.invokeMethodSub(RPCProvider.java:107)
>> at
>> org.globus.axis.providers.PrivilegedInvokeMethodAction.run(PrivilegedInvokeMethodAction.java:42)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at javax.security.auth.Subject.doAs(Subject.java:396)
>> at org.globus.gsi.jaas.GlobusSubject.runAs(GlobusSubject.java:55)
>> at org.globus.gsi.jaas.JaasSubject.doAs(JaasSubject.java:90)
>> at
>> org.globus.axis.providers.RPCProvider.invokeMethod(RPCProvider.java:97)
>> at
>> org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:281)
>> at
>> org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:319)
>> at
>> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>> at
>> org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:450)
>> at org.apache.axis.server.AxisServer.invoke(AxisServer.java:285)
>> at
>> org.globus.wsrf.container.ServiceThread.doPost(ServiceThread.java:664)
>> at
>> org.globus.wsrf.container.ServiceThread.process(ServiceThread.java:382)
>> at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
>>
>> {http://xml.apache.org/axis/}hostname:grids16.eng.it
>>
>> org.globus.common.ChainedIOException: Authentication failed [Caused
>> by: Failure unspecified at GSS-API level [Caused by: Handshake
>> failure]]
>> at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
>> at
>> org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
>> at
>> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
>> at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
>> at org.apache.axis.client.Call.invoke(Call.java:2710)
>> at org.apache.axis.client.Call.invoke(Call.java:2386)
>> at org.apache.axis.client.Call.invoke(Call.java:2309)
>> at org.apache.axis.client.Call.invoke(Call.java:1766)
>> at
>> org.globus.wsrf.security.impl.secconv.SecureConversationSOAPBindingStub.requestSecurityToken(SecureConversationSOAPBindingStub.java:1153)
>> at
>> org.globus.wsrf.impl.security.authentication.secureconv.Authenticator.authenticate(Authenticator.java:95)
>> at
>> org.globus.wsrf.impl.security.authentication.secureconv.SecContextHandler.handleRequest(SecContextHandler.java:265)
>> at
>> org.apache.axis.handlers.HandlerChainImpl.handleRequest(HandlerChainImpl.java:105)
>> at
>> org.apache.axis.handlers.JAXRPCHandler.invoke(JAXRPCHandler.java:52)
>> at
>> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
>> at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
>> at org.apache.axis.client.Call.invoke(Call.java:2710)
>> at org.apache.axis.client.Call.invoke(Call.java:2386)
>> at org.apache.axis.client.Call.invoke(Call.java:2309)
>> at org.apache.axis.client.Call.invoke(Call.java:1766)
>> at
>> org.glite.wsdl.services.org_glite_security_voms_service_admin.VOMSAdminSoapBindingStub.createUser(VOMSAdminSoapBindingStub.java:905)
>> at
>> org.gcube.vomanagement.credentialsrenewal.impl.Delegator.addVOMSUser(Delegator.java:415)
>> at
>> org.gcube.vomanagement.credentialsrenewal.impl.CredentialsAccountResource.initialise(CredentialsAccountResource.java:694)
>> at
>> org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:91)
>> at
>> org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:34)
>> at
>> org.gcube.common.core.state.GCUBEResourceHome._create(GCUBEResourceHome.java:279)
>> at
>> org.gcube.common.core.state.GCUBEResourceHome.create(GCUBEResourceHome.java:250)
>> at
>> org.gcube.common.core.state.GCUBEWSHome.create(GCUBEWSHome.java:164)
>> at
>> org.gcube.vomanagement.credentialsrenewal.impl.CredentialsRenewalService.createCAAccountOperation(CredentialsRenewalService.java:84)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:585)
>> at
>> org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:384)
>> at
>> org.globus.axis.providers.RPCProvider.invokeMethodSub(RPCProvider.java:107)
>> at
>> org.globus.axis.providers.PrivilegedInvokeMethodAction.run(PrivilegedInvokeMethodAction.java:42)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at javax.security.auth.Subject.doAs(Subject.java:396)
>> at org.globus.gsi.jaas.GlobusSubject.runAs(GlobusSubject.java:55)
>> at org.globus.gsi.jaas.JaasSubject.doAs(JaasSubject.java:90)
>> at
>> org.globus.axis.providers.RPCProvider.invokeMethod(RPCProvider.java:97)
>> at
>> org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:281)
>> at
>> org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:319)
>> at
>> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>> at
>> org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:450)
>> at org.apache.axis.server.AxisServer.invoke(AxisServer.java:285)
>> at
>> org.globus.wsrf.container.ServiceThread.doPost(ServiceThread.java:664)
>> at
>> org.globus.wsrf.container.ServiceThread.process(ServiceThread.java:382)
>> at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
>> Caused by: org.globus.common.ChainedIOException: Authentication failed
>> [Caused by: Failure unspecified at GSS-API level [Caused by: Handshake
>> failure]]
>> at
>> org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:145)
>> at
>> org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:161)
>> at
>> org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:433)
>> at
>> org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:135)
>> ... 54 more
>>
>> {http://xml.apache.org/axis/}hostname:grids16.eng.it
>>
>> ; nested exception is:
>> org.globus.common.ChainedIOException: Authentication failed [Caused
>> by: Failure unspecified at GSS-API level [Caused by: Handshake
>> failure]]
>> at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
>> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:216)
>> at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
>> at org.apache.axis.client.Call.invoke(Call.java:2710)
>> at org.apache.axis.client.Call.invoke(Call.java:2386)
>> at org.apache.axis.client.Call.invoke(Call.java:2309)
>> at org.apache.axis.client.Call.invoke(Call.java:1766)
>> at
>> org.glite.wsdl.services.org_glite_security_voms_service_admin.VOMSAdminSoapBindingStub.createUser(VOMSAdminSoapBindingStub.java:905)
>> at
>> org.gcube.vomanagement.credentialsrenewal.impl.Delegator.addVOMSUser(Delegator.java:415)
>> at
>> org.gcube.vomanagement.credentialsrenewal.impl.CredentialsAccountResource.initialise(CredentialsAccountResource.java:694)
>> at
>> org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:91)
>> at
>> org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:34)
>> at
>> org.gcube.common.core.state.GCUBEResourceHome._create(GCUBEResourceHome.java:279)
>> at
>> org.gcube.common.core.state.GCUBEResourceHome.create(GCUBEResourceHome.java:250)
>> at
>> org.gcube.common.core.state.GCUBEWSHome.create(GCUBEWSHome.java:164)
>> at
>> org.gcube.vomanagement.credentialsrenewal.impl.CredentialsRenewalService.createCAAccountOperation(CredentialsRenewalService.java:84)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:585)
>> at
>> org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:384)
>> at
>> org.globus.axis.providers.RPCProvider.invokeMethodSub(RPCProvider.java:107)
>> at
>> org.globus.axis.providers.PrivilegedInvokeMethodAction.run(PrivilegedInvokeMethodAction.java:42)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at javax.security.auth.Subject.doAs(Subject.java:396)
>> at org.globus.gsi.jaas.GlobusSubject.runAs(GlobusSubject.java:55)
>> at org.globus.gsi.jaas.JaasSubject.doAs(JaasSubject.java:90)
>> at
>> org.globus.axis.providers.RPCProvider.invokeMethod(RPCProvider.java:97)
>> at
>> org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:281)
>> at
>> org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:319)
>> at
>> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>> at
>> org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:450)
>> at org.apache.axis.server.AxisServer.invoke(AxisServer.java:285)
>> at
>> org.globus.wsrf.container.ServiceThread.doPost(ServiceThread.java:664)
>> at
>> org.globus.wsrf.container.ServiceThread.process(ServiceThread.java:382)
>> at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
>> Caused by: javax.xml.rpc.soap.SOAPFaultException: ; nested exception is:
>> org.globus.common.ChainedIOException: Authentication failed [Caused
>> by: Failure unspecified at GSS-API level [Caused by: Handshake
>> failure]]
>> at
>> org.globus.wsrf.impl.security.authentication.wssec.WSSecurityFault.makeFault(WSSecurityFault.java:105)
>> at
>> org.globus.wsrf.impl.security.authentication.secureconv.SecContextHandler.handleRequest(SecContextHandler.java:273)
>> at
>> org.apache.axis.handlers.HandlerChainImpl.handleRequest(HandlerChainImpl.java:105)
>> at
>> org.apache.axis.handlers.JAXRPCHandler.invoke(JAXRPCHandler.java:52)
>> at
>> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
>> ... 36 more
>>
>>
>> I've tried to invoke the same voms server from a java client and I've
>> no problem.
>> Could you give me any kind of support?
>>
>> Thank you,
>> Andrea
>>
>
>
