Hi Ahmad, it's kind of like looking for a needle in a haystack right
now, more detective work seems needed. You may wish to try another SSL
example (maybe http://www.jroller.com/gmazza/entry/ssl_for_web_services
or
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/
-- the latter available in the CXF download), that we know works, just
to see if you can get it working on your machine. If so, the next thing
to look at is what is different about your sample that is causing it not
to work. Your error might not even be SSL-related (problem with the CXF
jars on your machine, for example), you may wish to first confirm
whether you can get any of the simple CXF samples like wsdl_first or
java_first_jaxws
(http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/
again) to run on your machine.
HTH,
Glen
On 03/20/2013 12:13 PM, Ahmad Alhaj Hussein wrote:
Dears,
I used the following steps to connect my code to secure web service through
https with client certificate with apache-cxf-2.6.1,
1- Convert the .p12 file to key store by using this command :-
keytool -importkeystore -srckeystore /u01/cap01.p12 -srcstoretype
PKCS12 -deststoretype JKS
-destkeystore /u01/keystorep12.jks
Enter destination keystore password:changeit
Re-enter new password:changeit
Enter source keystore password:123
Note :- The changeit default password for cacerts and 123 is the
private password for cap01.p12
2- Register the root.cer and client.cer into cacerts using the following
commands:-
keytool -import -trustcacerts -file /u01/cap01.cer -alias client
-keystore /usr/java/jdk1.7.0_17/jre/lib/security/cacerts
Enter keystore password:changeit
keytool -import -trustcacerts -file /u01/root.cer -alias root
-keystore /usr/java/jdk1.7.0_17/jre/lib/security/cacerts
Enter keystore password:changeit
3- Add the client-bean.xml as below
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:sec="http://cxf.apache.org/configuration/security";
xmlns:http-conf="http://cxf.apache.org/transports/http/configuration";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xsi:schemaLocation="
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>
<jaxws:client id="integrationClient" serviceClass="com.araqa.Palestine"
address="https://10.0.1.101:8443/orderappssl/Palestine"; />
<http-conf:conduit name="*.http-conduit">
<http-conf:tlsClientParameters secureSocketProtocol="SSL"
disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="JKS" password="changeit"
file="/usr/java/jdk1.7.0_17/jre/lib/security/cacerts" />
</sec:trustManagers>
<sec:keyManagers keyPassword="123">
<sec:keyStore type="JKS" password="changeit"
file="u01/keystorep12.jks"
/>
</sec:keyManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http-conf:tlsClientParameters>
</http-conf:conduit>
</beans>
4- The code I call the client-bean.xml and invoke the certain class and
method at runtime
logger.debug("Begin send message");
ClassPathXmlApplicationContext context = new
ClassPathXmlApplicationContext("/config/client-bean.xml");
char SEP = File.separatorChar;
System.setProperty("javax.net.ssl.keyStore", System.getProperty("java.home")
+ SEP + "lib" + SEP + "security" + SEP + "cacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
System.setProperty("javax.net.debug", "ssl, handshake");
Palestine client = (Palestine) context.getBean("integrationClient");
{
logger.debug("requetMsg :" + request);
Method method =
client.getClass().getDeclaredMethod(getInterfaceMethod(),
new Class[] { Class.forName(getFactoryName())
});
((BindingProvider)
client).getRequestContext().put(CONNECTION_ESTABLISHED, getTimeOut());
Response resposne = method.invoke(client, request);
}
but I face this exception :-
%% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
http-bio-8081-exec-5, WRITE: SSLv3 Application Data, length = 416
http-bio-8081-exec-5, WRITE: SSLv3 Application Data, length = 32
http-bio-8081-exec-5, WRITE: SSLv3 Application Data, length = 1184
http-bio-8081-exec-5, READ: SSLv3 Application Data, length = 128
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
Caused by: javax.xml.stream.XMLStreamException: ParseError at
[row,col]:[1,1]
Message: Premature end of file.
at
com.sun.org.apache.xerces.internal.impl.XMLStreamReaderImpl.next(XMLStreamReaderImpl.java:598)
at
com.sun.org.apache.xerces.internal.impl.XMLStreamReaderImpl.nextTag(XMLStreamReaderImpl.java:1238)
at
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:139)
at
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:61)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1667)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1520)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1428)
at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:658)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
... 42 more
Keep-Alive-Timer, called close()
Keep-Alive-Timer, called closeInternal(true)
Keep-Alive-Timer, SEND SSLv3 ALERT: warning, description = close_notify
Keep-Alive-Timer, WRITE: SSLv3 Alert, length = 32
Keep-Alive-Timer, called closeSocket(selfInitiated)
Finalizer, called close()
Finalizer, called closeInternal(true)
Regards,
--
View this message in
context:http://cxf.547215.n5.nabble.com/web-service-client-authorization-cer-and-p12-under-Https-SSL-CXF-SOAP-tp5724876.html
Sent from the cxf-user mailing list archive at Nabble.com.
