On Thursday 13 November 2008 11:52:39 am Harry van Rijn wrote:
> Hi,
>
> Wenn I run this code with CXF 2.1.3, then I get an Exception (see below)
> The weird thing is that with CXF 2.1 I have not this Exception.
> So, my question: Why is SSL not accepted anymore?
Well, the issue was that even if you select SSL that way, we never told the
SSLSocket itself to actually use SSL. This, it would use any of the
protocols that it would support (including the various TLS, etc...). This
was causing some issues with interop where SSLv3 was explicitly required and
it couldn't go to the various TLS things.
Looks like the code isn't right though. We don't go through the "supported
protocols" to find the the real names for what we want. The workaround
would be to use the real names. Like:
tlsParams.setSecureSocketProtocol("SSLv3");
or
tlsParams.setSecureSocketProtocol("SSLv2Hello");
depending on which one you want.
I have a fix that I'll try and test a bit tomorrow and get committed.
Dan
>
> With kind regards,
>
> Harry van Rijn
>
> private ModelPortType getSSLPort() {
> TLSClientParameters tlsParams = new TLSClientParameters();
> tlsParams.setSecureSocketProtocol("SSL");
> tlsParams.setDisableCNCheck(true);
>
> String truststorePassword =
> modelProperties.getProperty(MODEL_CLIENT_TRUSTSTORE_PASSWORD);
> System.out.println("Model Truststore Password = ********");
>
> String truststoreFilename =
> modelProperties.getProperty(MODEL_CLIENT_TRUSTSTORE_FILENAME); String
> truststorePath = clientPropertiesDir + truststoreFilename;
> System.out.println("Model Truststore Path = " + truststorePath);
>
> File truststoreFile = new File(truststorePath);
>
> try {
> // Set Truststore
> KeyStore truststore = KeyStore.getInstance("JKS");
> truststore.load(new FileInputStream(truststoreFile),
> truststorePassword.toCharArray()); TrustManagerFactory trustManagerFactory
> =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> trustManagerFactory.init(truststore);
> TrustManager[] trustManager =
> trustManagerFactory.getTrustManagers();
> tlsParams.setTrustManagers(trustManager);
>
> } catch (NoSuchAlgorithmException e) {
> e.printStackTrace();
> } catch (CertificateException e) {
> e.printStackTrace();
> } catch (FileNotFoundException e) {
> e.printStackTrace();
> } catch (IOException e) {
> e.printStackTrace();
> } catch (KeyStoreException e) {
> e.printStackTrace();
> }
>
> String keystorePassword =
> modelProperties.getProperty(MODEL_CLIENT_KEYSTORE_PASSWORD);
> System.out.println("Model Keystore Password = ********");
>
> String keystoreFilename =
> modelProperties.getProperty(MODEL_CLIENT_KEYSTORE_FILENAME); String
> keystorePath = clientPropertiesDir + keystoreFilename;
> System.out.println("Model Keystore Path = " + keystorePath);
>
> File keystoreFile = new File(keystorePath);
>
> try {
> // Set Keystore
> KeyStore keystore = KeyStore.getInstance("JKS");
> keystore.load(new FileInputStream(keystoreFile),
> keystorePassword.toCharArray()); KeyManagerFactory keyManagerFactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> keyManagerFactory.init(keystore, keystorePassword.toCharArray());
> KeyManager[] keyManager = keyManagerFactory.getKeyManagers();
> tlsParams.setKeyManagers(keyManager);
>
> } catch (NoSuchAlgorithmException e) {
> e.printStackTrace();
> } catch (CertificateException e) {
> e.printStackTrace();
> } catch (FileNotFoundException e) {
> e.printStackTrace();
> } catch (IOException e) {
> e.printStackTrace();
> } catch (KeyStoreException e) {
> e.printStackTrace();
> } catch (UnrecoverableKeyException e) {
> e.printStackTrace();
> }
>
> // Set Filters
> FiltersType filter = new FiltersType();
> filter.getInclude().add("SSL_RSA_WITH_RC4_128_MD5");
> filter.getInclude().add("SSL_RSA_WITH_RC4_128_SHA");
> filter.getInclude().add(".*_EXPORT_.*");
> filter.getInclude().add(".*_EXPORT1024_.*");
> filter.getInclude().add(".*_WITH_DES_.*");
> filter.getInclude().add(".*_WITH_NULL_.*");
> filter.getExclude().add(".*_DH_anon_.*");
> tlsParams.setCipherSuitesFilter(filter);
>
> JaxWsProxyFactoryBean proxyFactory = new JaxWsProxyFactoryBean();
> proxyFactory.setServiceClass(ModelPortType.class);
> proxyFactory.setAddress(getModelSSLLocation());
> ModelPortType port = (ModelPortType) proxyFactory.create();
> System.out.println("SSL Url = " + getModelSSLLocation() + ", SSL Client = "
> + port);
>
> // Add HttpConduit
> Client cxfClient = ClientProxy.getClient(port);
> HTTPConduit httpConduit = (HTTPConduit)cxfClient.getConduit();
> httpConduit.setTlsClientParameters(tlsParams);
>
> return port;
> }
>
>
> Model Truststore Password = ********
> Model Truststore Path =
> D:/opt/jboss-4.2.3.GA/server/default/conf/props/tpay/model/model-client.tru
>ststore Model Keystore Password = ********
> Model Keystore Path =
> D:/opt/jboss-4.2.3.GA/server/default/conf/props/tpay/model/model-client.key
>store log4j:WARN No appenders could be found for logger
> (org.apache.cxf.bus.spring.BusApplicationContext). log4j:WARN Please
> initialize the log4j system properly.
> 13.11.2008 17:47:00 org.apache.cxf.bus.spring.BusApplicationContext
> getConfigResources INFO: No cxf.xml configuration file detected, relying on
> defaults. SSL Url =
> https://localhost:8443/ModelWebServiceSSL/services/Model, SSL Client =
> [EMAIL PROTECTED]
> Aufruf Model WebService über SSL...
> 13.11.2008 17:47:03 org.apache.cxf.transport.https.SSLUtils getCiphersuites
> INFO: The cipher suites have not been configured, falling back to cipher
> suite filters. 13.11.2008 17:47:03 org.apache.cxf.transport.https.SSLUtils
> getCiphersFromList INFO: The cipher suites have been set to
> SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_NULL_MD5,
> SSL_RSA_WITH_NULL_SHA, TLS_KRB5_WITH_DES_CBC_SHA,
> TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
> TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.
> 13.11.2008 17:47:04 org.apache.cxf.phase.PhaseInterceptorChain doIntercept
> INFO: Interceptor has thrown exception, unwinding now
> java.lang.IllegalArgumentException: SSL
> at
> com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:1
>33) at
> com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38) at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.setEnabledProtocols(SSLSocketImp
>l.java:2027) at
> org.apache.cxf.transport.https.SSLSocketFactoryWrapper.enableCipherSuites(S
>SLSocketFactoryWrapper.java:102) at
> org.apache.cxf.transport.https.SSLSocketFactoryWrapper.createSocket(SSLSock
>etFactoryWrapper.java:69) at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:365)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abstr
>actDelegateHttpsURLConnection.java:166) at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnecti
>on.java:832) at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLC
>onnectionImpl.java:230) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeaders
>TrustCaching(HTTPConduit.java:1836) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(
>HTTPConduit.java:1794) at
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputSt
>ream.java:42) at
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutp
>utStream.java:69) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
>duit.java:1854) at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:595) at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
>rceptor.handleMessage(MessageSenderInterceptor.java:62) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>n.java:220) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:466) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124) at
> $Proxy46.status(Unknown Source) at
> com.tsystems.tpay.model.client.ModelPortType_ModelPort_Client.listStatusSSL
>(ModelPortType_ModelPort_Client.java:321) at
> com.tsystems.tpay.model.client.ModelPortType_ModelPort_Client.main(ModelPor
>tType_ModelPort_Client.java:371) Exception in thread "main"
> javax.xml.ws.soap.SOAPFaultException: SSL at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145) at
> $Proxy46.status(Unknown Source) at
> com.tsystems.tpay.model.client.ModelPortType_ModelPort_Client.listStatusSSL
>(ModelPortType_ModelPort_Client.java:321) at
> com.tsystems.tpay.model.client.ModelPortType_ModelPort_Client.main(ModelPor
>tType_ModelPort_Client.java:371) Caused by:
> java.lang.IllegalArgumentException: SSL
> at
> com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:1
>33) at
> com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38) at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.setEnabledProtocols(SSLSocketImp
>l.java:2027) at
> org.apache.cxf.transport.https.SSLSocketFactoryWrapper.enableCipherSuites(S
>SLSocketFactoryWrapper.java:102) at
> org.apache.cxf.transport.https.SSLSocketFactoryWrapper.createSocket(SSLSock
>etFactoryWrapper.java:69) at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:365)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abstr
>actDelegateHttpsURLConnection.java:166) at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnecti
>on.java:832) at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLC
>onnectionImpl.java:230) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeaders
>TrustCaching(HTTPConduit.java:1836) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(
>HTTPConduit.java:1794) at
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputSt
>ream.java:42) at
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutp
>utStream.java:69) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
>duit.java:1854) at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:595) at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
>rceptor.handleMessage(MessageSenderInterceptor.java:62) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>n.java:220) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:466) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124) ...
> 3 more
--
Daniel Kulp
[EMAIL PROTECTED]
http://dankulp.com/blog
