[jira] [Updated] (CXF-5525) Client - UntrustedURLConnectionIOException even the HTTPS established with client certificate auth

Fri, 24 Mar 2017 08:49:16 -0700 

     [ 
https://issues.apache.org/jira/browse/CXF-5525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Daniel Kulp updated CXF-5525:
-----------------------------
    Component/s: Transports

> Client - UntrustedURLConnectionIOException even the HTTPS established with 
> client certificate auth
> --------------------------------------------------------------------------------------------------
>
>                 Key: CXF-5525
>                 URL: https://issues.apache.org/jira/browse/CXF-5525
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>         Environment: java 1.6.0_45 and 1.7.0_45 on Windows 8, CXF version 
> 2.7.6
>            Reporter: Jakub Neubauer
>
> Hi,
> I'm facing issue with CXF client. I have a Java client generated from WSDL. 
> The WSDL contains RequireClientCertificate="true" in the Policy. I'm calling 
> a web service over HTTPS with client certificate authentication. Although 
> HTTPS connection is established and with client certificate authentication 
> (ensured with -Djavax.net.debug=all), calling a WS method throws exception.
> The strange thing is, that the first call succeeded and the second and all 
> other calls, fail with this exception (!). The other calls can be done with 
> the same client object or can create new, no matter. The client object is 
> created as follows:
> {code}
> // our custom ssl settings, with client cert auth in this case.
> SSLSocketFactory sslSockF =
> createSSLSocketFactoryFromProperties(_properties);
> ProductionService service = new ProductionService(
>          new URL(myURL),
>          new QName("http://mycompany.com/api/productionService";,
> "ProductionService"));
> port = service.getBasicHttpBindingIProductionService();
> Client client = ClientProxy.getClient(port);
> HTTPConduit http = (HTTPConduit) client.getConduit();
> TLSClientParameters tlsParams = new TLSClientParameters();
> tlsParams.setDisableCNCheck(true);
> tlsParams.setSSLSocketFactory(sslSockF);
> http.setTlsClientParameters(tlsParams);
> return port;
> {code}
> The exception:
> {noformat}
> -----------------------------
> etc...
> Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException: 
> UntrustedURLConnectionIOException invoking 
> https://192.168.101.14/myApplication/services/ProductionService.svc: 
> RequireClientCertificate is set, but no local certificates were negotiated.  
> Is the server set to ask for client authorization?
>  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>  at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
>  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
>  at java.lang.reflect.Constructor.newInstance(Unknown Source)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1334)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1318)
>  at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
>  at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
>  at 
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
>  at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
>  at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
>  at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>  at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>  at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>  at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>  at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
>  ... 14 more
> Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException: 
> RequireClientCertificate is set, but no local certificates were negotiated.  
> Is the server set to ask for client authorization?
>  at 
> org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenInterceptorProvider.java:117)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTrustDecision(HTTPConduit.java:1680)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1264)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1234)
>  at 
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
>  at 
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
>  at 
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1291)
>  ... 24 more
> -----------------------------
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to