[jira] [Created] (CXF-5525) Client - UntrustedURLConnectionIOException even the HTTPS established with client certificate auth

Mon, 27 Jan 2014 01:53:56 -0800 

Jakub Neubauer created CXF-5525:
-----------------------------------

             Summary: Client - UntrustedURLConnectionIOException even the HTTPS 
established with client certificate auth
                 Key: CXF-5525
                 URL: https://issues.apache.org/jira/browse/CXF-5525
             Project: CXF
          Issue Type: Bug
         Environment: java 1.6.0_45 and 1.7.0_45 on Windows 8, CXF version 2.7.6
            Reporter: Jakub Neubauer


Hi,
I'm facing issue with CXF client. I have a Java client generated from WSDL. The 
WSDL contains RequireClientCertificate="true" in the Policy. I'm calling a web 
service over HTTPS with client certificate authentication. Although HTTPS 
connection is established and with client certificate authentication (ensured 
with -Djavax.net.debug=all), calling a WS method throws exception.
The strange thing is, that the first call succeeded and the second and all 
other calls, fail with this exception (!). The other calls can be done with the 
same client object or can create new, no matter. The client object is created 
as follows:
{code}
// our custom ssl settings, with client cert auth in this case.
SSLSocketFactory sslSockF =
createSSLSocketFactoryFromProperties(_properties);
ProductionService service = new ProductionService(
         new URL(myURL),
         new QName("http://portalbuilder.gmc.net/api/productionService";,
"ProductionService"));
port = service.getBasicHttpBindingIProductionService();
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setDisableCNCheck(true);
tlsParams.setSSLSocketFactory(sslSockF);
http.setTlsClientParameters(tlsParams);
return port;
{code}

The exception:
{noformat}
-----------------------------
etc...
Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException: 
UntrustedURLConnectionIOException invoking 
https://192.168.101.14/storefront90_cert/services/ProductionService.svc: 
RequireClientCertificate is set, but no local certificates were negotiated.  Is 
the server set to ask for client authorization?
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
 at java.lang.reflect.Constructor.newInstance(Unknown Source)
 at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1334)
 at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1318)
 at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
 at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
 at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
 at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
 at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
 at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
 at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
 at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
 at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
 at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
 ... 14 more
Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException: 
RequireClientCertificate is set, but no local certificates were negotiated.  Is 
the server set to ask for client authorization?
 at 
org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenInterceptorProvider.java:117)
 at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTrustDecision(HTTPConduit.java:1680)
 at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1264)
 at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1234)
 at 
org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
 at 
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
 at 
org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
 at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1291)
 ... 24 more
-----------------------------
{noformat}



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to