Re[2]: Axis2 , 2 Way SSL and Fiddler
I solved it, it was not a Axis2 problem.
When I produced the PKCS7 signature I reinitialized my PKCS11 object and
lost the connection to the token.
-- Original Message --
From: "Martin Gainty" <mgai...@hotmail.com>
To: "java-user@axis.apache.org" <java-user@axis.apache.org>; "Sterpu
Victor" <vic...@caido.ro>
Sent: 14/11/2016 6:36:40 PM
Subject: Re: Axis2 , 2 Way SSL and Fiddler
verify you have PKCS7 Cryptography libraries installed in your OS *you
didnt mention your OS
so I am unable to guide you in the PKCS7 Cryptography libraries you
may/may not have*
verify you have unlimited strength JCE jars installed
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
Java Cryptography Extension (JCE) Unlimited Strength ...
www.oracle.com
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction
Policy Files for JDK/JRE 8 Download
export your certificate to pem format
openssl x509 -in -inform der -outform pem -out
deskcheck certificate input pem and validate attributes with your
Security Admin
openssl x509 -in NameOfPem.pem -text
display cert in pem format inline here or attach pem in reply
Martin
__
From: Sterpu Victor <vic...@caido.ro>
Sent: Sunday, November 13, 2016 7:36 PM
To: java-user
Subject: Axis2 , 2 Way SSL and Fiddler
Hello
I'm testing Axis2 with 2 way SSL for a few weeks and in my tests I
always used Fiddler to debug.
Everything went fine but now I must move to production and I stopped
fiddler and removed these lines:
System.setProperty("https.proxyHost", "127.0.0.1");
System.setProperty("https.proxyPort", "");
An I almost got a heat attack, I'm in a big time crisis and I can't
make Axis2 work without Fiddler, I receive the error:
"org.apache.axis2.AxisFault: Connection has been shutdown:
javax.net.ssl.SSLHandshakeException: Error signing certificate verify".
And somewere at the end: "java.security.InvalidKeyException:
Unsupported key type: SunPKCS11-SmartCard RSA private key, 2048 bits
(id 65541, token object, sensitive, unextractable)"
At the end of the mail I pasted all the trace.
Some services are working, but the service that doesn't work sends a
PKCS7 signature to the server. I create the PKCS7 signature using the
same PKCS11 token that I use to comunicate 2 way SSL to the server.
This is reproductible behaviour, always when I activate Fiddler, Axis2
works. And only services where I use PKCS7 signature don't work.
Do you have any advice? I have no idea what to do.
I attached the whole stub that I generated with the command
"wsdl2java.bat -uri tmp\StoreClinicalDocument.wsdl -p
stubs.StoreClinicalDocument.client -s -sd -ssi -o
tmp\build_StoreClinicalDocument\client" and I attached the wsdl file.
Thank you.
SEVERE: null
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
SoapUtils.Axis2ReflectionBuilder.executeMethod(Axis2ReflectionBuilder.java:295)
at SoapUtils.Soap.executeMethod(Soap.java:225)
at Util.DES.ExportDES.FOCG_TransmiteDES(ExportDES.java:193)
at
GenericDBCarier.CustomFunctions$44$15.call(CustomFunctions.java:5346)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.axis2.AxisFault: Connection has been shutdown:
javax.net.ssl.SSLHandshakeException: Error signing certificate verify
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at
org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78)
at
org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:85)
at
org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at
org.apache.axis2.transport.http.impl.httpclient3.HTTPSender
Re: Axis2 , 2 Way SSL and Fiddler
verify you have PKCS7 Cryptography libraries installed in your OS *you didnt
mention your OS
so I am unable to guide you in the PKCS7 Cryptography libraries you may/may not
have*
verify you have unlimited strength JCE jars installed
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
Java Cryptography Extension (JCE) Unlimited Strength
...<http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html>
www.oracle.com
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files
for JDK/JRE 8 Download
export your certificate to pem format
openssl x509 -in -inform der -outform pem -out
deskcheck certificate input pem and validate attributes with your Security Admin
openssl x509 -in NameOfPem.pem -text
display cert in pem format inline here or attach pem in reply
Martin
__
From: Sterpu Victor <vic...@caido.ro>
Sent: Sunday, November 13, 2016 7:36 PM
To: java-user
Subject: Axis2 , 2 Way SSL and Fiddler
Hello
I'm testing Axis2 with 2 way SSL for a few weeks and in my tests I always used
Fiddler to debug.
Everything went fine but now I must move to production and I stopped fiddler
and removed these lines:
System.setProperty("https.proxyHost", "127.0.0.1");
System.setProperty("https.proxyPort", "");
An I almost got a heat attack, I'm in a big time crisis and I can't make Axis2
work without Fiddler, I receive the error: "org.apache.axis2.AxisFault:
Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Error
signing certificate verify".
And somewere at the end: "java.security.InvalidKeyException: Unsupported key
type: SunPKCS11-SmartCard RSA private key, 2048 bits (id 65541, token object,
sensitive, unextractable)"
At the end of the mail I pasted all the trace.
Some services are working, but the service that doesn't work sends a PKCS7
signature to the server. I create the PKCS7 signature using the same PKCS11
token that I use to comunicate 2 way SSL to the server.
This is reproductible behaviour, always when I activate Fiddler, Axis2 works.
And only services where I use PKCS7 signature don't work.
Do you have any advice? I have no idea what to do.
I attached the whole stub that I generated with the command "wsdl2java.bat -uri
tmp\StoreClinicalDocument.wsdl -p stubs.StoreClinicalDocument.client -s -sd
-ssi -o tmp\build_StoreClinicalDocument\client" and I attached the wsdl file.
Thank you.
SEVERE: null
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
SoapUtils.Axis2ReflectionBuilder.executeMethod(Axis2ReflectionBuilder.java:295)
at SoapUtils.Soap.executeMethod(Soap.java:225)
at Util.DES.ExportDES.FOCG_TransmiteDES(ExportDES.java:193)
at GenericDBCarier.CustomFunctions$44$15.call(CustomFunctions.java:5346)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.axis2.AxisFault: Connection has been shutdown:
javax.net.ssl.SSLHandshakeException: Error signing certificate verify
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at
org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78)
at
org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:85)
at
org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at
org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.executeMethod(HTTPSenderImpl.java:872)
at
org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.sendViaPost(HTTPSenderImpl.java:212)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:121)
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:403)
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTranspo
