Re[2]: Axis2 , 2 Way SSL and Fiddler
I solved it, it was not a Axis2 problem. When I produced the PKCS7 signature I reinitialized my PKCS11 object and lost the connection to the token. -- Original Message -- From: "Martin Gainty" <mgai...@hotmail.com> To: "java-user@axis.apache.org" <java-user@axis.apache.org>; "Sterpu Victor" <vic...@caido.ro> Sent: 14/11/2016 6:36:40 PM Subject: Re: Axis2 , 2 Way SSL and Fiddler verify you have PKCS7 Cryptography libraries installed in your OS *you didnt mention your OS so I am unable to guide you in the PKCS7 Cryptography libraries you may/may not have* verify you have unlimited strength JCE jars installed http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html Java Cryptography Extension (JCE) Unlimited Strength ... www.oracle.com Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE 8 Download export your certificate to pem format openssl x509 -in -inform der -outform pem -out deskcheck certificate input pem and validate attributes with your Security Admin openssl x509 -in NameOfPem.pem -text display cert in pem format inline here or attach pem in reply Martin __ From: Sterpu Victor <vic...@caido.ro> Sent: Sunday, November 13, 2016 7:36 PM To: java-user Subject: Axis2 , 2 Way SSL and Fiddler Hello I'm testing Axis2 with 2 way SSL for a few weeks and in my tests I always used Fiddler to debug. Everything went fine but now I must move to production and I stopped fiddler and removed these lines: System.setProperty("https.proxyHost", "127.0.0.1"); System.setProperty("https.proxyPort", ""); An I almost got a heat attack, I'm in a big time crisis and I can't make Axis2 work without Fiddler, I receive the error: "org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Error signing certificate verify". And somewere at the end: "java.security.InvalidKeyException: Unsupported key type: SunPKCS11-SmartCard RSA private key, 2048 bits (id 65541, token object, sensitive, unextractable)" At the end of the mail I pasted all the trace. Some services are working, but the service that doesn't work sends a PKCS7 signature to the server. I create the PKCS7 signature using the same PKCS11 token that I use to comunicate 2 way SSL to the server. This is reproductible behaviour, always when I activate Fiddler, Axis2 works. And only services where I use PKCS7 signature don't work. Do you have any advice? I have no idea what to do. I attached the whole stub that I generated with the command "wsdl2java.bat -uri tmp\StoreClinicalDocument.wsdl -p stubs.StoreClinicalDocument.client -s -sd -ssi -o tmp\build_StoreClinicalDocument\client" and I attached the wsdl file. Thank you. SEVERE: null java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at SoapUtils.Axis2ReflectionBuilder.executeMethod(Axis2ReflectionBuilder.java:295) at SoapUtils.Soap.executeMethod(Soap.java:225) at Util.DES.ExportDES.FOCG_TransmiteDES(ExportDES.java:193) at GenericDBCarier.CustomFunctions$44$15.call(CustomFunctions.java:5346) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Error signing certificate verify at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430) at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78) at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:85) at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499) at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114) at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) at org.apache.axis2.transport.http.impl.httpclient3.HTTPSender
Re: Axis2 , 2 Way SSL and Fiddler
verify you have PKCS7 Cryptography libraries installed in your OS *you didnt mention your OS so I am unable to guide you in the PKCS7 Cryptography libraries you may/may not have* verify you have unlimited strength JCE jars installed http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html Java Cryptography Extension (JCE) Unlimited Strength ...<http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html> www.oracle.com Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE 8 Download export your certificate to pem format openssl x509 -in -inform der -outform pem -out deskcheck certificate input pem and validate attributes with your Security Admin openssl x509 -in NameOfPem.pem -text display cert in pem format inline here or attach pem in reply Martin __ From: Sterpu Victor <vic...@caido.ro> Sent: Sunday, November 13, 2016 7:36 PM To: java-user Subject: Axis2 , 2 Way SSL and Fiddler Hello I'm testing Axis2 with 2 way SSL for a few weeks and in my tests I always used Fiddler to debug. Everything went fine but now I must move to production and I stopped fiddler and removed these lines: System.setProperty("https.proxyHost", "127.0.0.1"); System.setProperty("https.proxyPort", ""); An I almost got a heat attack, I'm in a big time crisis and I can't make Axis2 work without Fiddler, I receive the error: "org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Error signing certificate verify". And somewere at the end: "java.security.InvalidKeyException: Unsupported key type: SunPKCS11-SmartCard RSA private key, 2048 bits (id 65541, token object, sensitive, unextractable)" At the end of the mail I pasted all the trace. Some services are working, but the service that doesn't work sends a PKCS7 signature to the server. I create the PKCS7 signature using the same PKCS11 token that I use to comunicate 2 way SSL to the server. This is reproductible behaviour, always when I activate Fiddler, Axis2 works. And only services where I use PKCS7 signature don't work. Do you have any advice? I have no idea what to do. I attached the whole stub that I generated with the command "wsdl2java.bat -uri tmp\StoreClinicalDocument.wsdl -p stubs.StoreClinicalDocument.client -s -sd -ssi -o tmp\build_StoreClinicalDocument\client" and I attached the wsdl file. Thank you. SEVERE: null java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at SoapUtils.Axis2ReflectionBuilder.executeMethod(Axis2ReflectionBuilder.java:295) at SoapUtils.Soap.executeMethod(Soap.java:225) at Util.DES.ExportDES.FOCG_TransmiteDES(ExportDES.java:193) at GenericDBCarier.CustomFunctions$44$15.call(CustomFunctions.java:5346) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Error signing certificate verify at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430) at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78) at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:85) at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499) at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114) at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) at org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.executeMethod(HTTPSenderImpl.java:872) at org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.sendViaPost(HTTPSenderImpl.java:212) at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:121) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:403) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTranspo