[
https://issues.apache.org/jira/browse/CXF-2403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12747852#action_12747852
]
Eamonn Dwyer commented on CXF-2403:
-----------------------------------
Hi Wolfgang
I tried your keystore in my test client and I got the following exception. This
exception is different to yours and my exception is what i would expect because
I do not have your truststore file, I am using my own truststore file so the
handshake fails as expected.
Could you attach your truststore (and also server certs) and I can try doing a
quick check using them too?
Regards,
Eamonn
org.apache.cxf.interceptor.Fault: Could not send Message.
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInter
ceptor.handleMessage(MessageSenderInterceptor.java:64)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain
.java:236)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:472)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:302)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:123)
at $Proxy39.greetMe(Unknown Source)
at
com.progress.fuse.management.cxf.samples.soaphttps.client.Client.main(Client
.java:36)
Caused by: java.net.SocketException: Software caused connection abort: recv fail
ed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at
com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:284)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:319)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:720
)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1
345)
at
com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.jav
a:103)
at
com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java
:590)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Clie
ntHandshaker.java:697)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshak
er.java:623)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshake
r.java:160)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815
)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket
Impl.java:1025)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java
:1038)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abstra
ctDelegateHttpsURLConnection.java:170)
at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnectio
n.java:836)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLCo
nnectionImpl.java:230)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersT
rustCaching(HTTPConduit.java:1914)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(H
TTPConduit.java:1869)
at
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStr
eam.java:42)
at
org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutpu
tStream.java:69)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCond
uit.java:1932)
at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStr
eam.java:47)
at
org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:627)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInter
ceptor.handleMessage(MessageSenderInterceptor.java:62)
... 8 more
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Could not send
Message.
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:143)
at $Proxy39.greetMe(Unknown Source)
at
com.progress.fuse.management.cxf.samples.soaphttps.client.Client.main(Client
.java:36)
Caused by: java.net.SocketException: Software caused connection abort: recv fail
ed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at
com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:284)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:319)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:720
)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1
345)
at
com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.jav
a:103)
at
com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java
:590)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Clie
ntHandshaker.java:697)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshak
er.java:623)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshake
r.java:160)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815
)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket
Impl.java:1025)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java
:1038)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abstra
ctDelegateHttpsURLConnection.java:170)
at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnectio
n.java:836)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLCo
nnectionImpl.java:230)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersT
rustCaching(HTTPConduit.java:1914)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(H
TTPConduit.java:1869)
at
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStr
eam.java:42)
at
org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutpu
tStream.java:69)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCond
uit.java:1932)
at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStr
eam.java:47)
at
org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:627)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInter
ceptor.handleMessage(MessageSenderInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain
.java:236)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:472)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:302)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:123)
... 2 more
> Use of client certificates via http conduit configuration broken
> ----------------------------------------------------------------
>
> Key: CXF-2403
> URL: https://issues.apache.org/jira/browse/CXF-2403
> Project: CXF
> Issue Type: Bug
> Components: Configuration
> Reporter: Wolfgang Nagele
> Attachments: client.crt, client.key, client.p12, keystore
>
>
> To use standard SSL client certificates for authentication the following
> configuration should work:
> <http:conduit name="*.http-conduit">
> <http:tlsClientParameters>
> <sec:keyManagers keyPassword="password">
> <sec:keyStore type="JKS" password="password" file="keystore" />
> </sec:keyManagers>
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="password" file="truststore" />
> </sec:trustManagers>
> </http:tlsClientParameters>
> </http:conduit>
> In this configuration we would have the public certificate of the server we
> want to connect to in the truststore and the private key and certificate in
> the keystore.
> With the current CXF implementation this results in the following exception:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> [na:1.6.0_13]
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> [na:1.6.0_13]
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
> [na:1.6.0_13]
> ... 39 common frames omitted
> Once we additionally define the following properties it works:
> * javax.net.ssl.keyStore=keystore
> * javax.net.ssl.keyStorePassword=password
> * javax.net.ssl.trustStore=truststore
> * javax.net.ssl.trustStorePassword=password
> This however results in very ugly setups where we have to define the same
> data twice. Also we miss out on CXF's option of defining specific keystores
> and truststores per webservice.
> For further information also see: http://www.quendor.org/archiv/428
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
