Thanx! At the end the name of the conduit "https://.*"; and its look like working.
Thanx Csaba On 2018.03.26. 17:13, Colm O hEigeartaigh wrote: > You could try using "depends-on" on the jaxws:client to refer to the > id/name of the HTTP Conduit. > > Colm. > > On Wed, Mar 21, 2018 at 6:01 AM, Tóth Csaba <[email protected]> wrote: > >> Hello! >> I turn on the ssl log already. and I dont find any other keystore. >> >> I try to debug the system, and before I call the client, check the proxy >> bean. It has a conduitSelector class what is empty. >> (the conduits list is empty, the endpoint is empty) >> and the endpoint in the proxy class empty too. >> (but in the proxy, in the currentRequestContext there is a string for >> the endpoint.) >> >> my settings: >> <jaxws:client id="LDAPRequesterBean" >> >> serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType" >> address=" ...address... "> >> <jaxws:binding> >> <soap:soapBinding version="1.2" mtomEnabled="true" /> >> </jaxws:binding> >> </jaxws:client> >> >> <bean id="LDAPClientBean" class="myclass.LDAPClient" > >> <property name="lDapRequesterBean" ref="LDAPRequesterBean"/> >> </bean> >> maybe need to connect somehow the conduit to the proxy bean? >> >> Thanx >> Csaba >> >> >> On 2018.03.20. 16:25, Colm O hEigeartaigh wrote: >>> I think it will read the global CA configuration anyway first, but then >> use >>> the conduit keystore configuration. If you enable SSL debug logging can >> you >>> see the certs stored in your truststore being loaded? Do you still see >> the >>> same error? >>> >>> Colm. >>> >>> On Tue, Mar 20, 2018 at 1:42 PM, Tóth Csaba <[email protected]> wrote: >>> >>>> Hello! >>>> the >>>> <http:conduit name="https://localhost:.*";> >>>> not worked (same error), so I try to dig deeper, and find out, the >>>> keystore definition was wrong. I fix it, and its read the >>>> "*.http-conduit" >>>> too, but when I try to test, its read the global keystore again and not >>>> what I defined in the conduit: >>>> ------------ >>>> ... >>>> Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_ >> GCM_SHA384 >>>> trustStore is: C:\Program Files\Java\jre1.8.0_144\lib\security\cacerts >>>> trustStore type is : jks >>>> trustStore provider is : >>>> init truststore >>>> .... >>>> ----------------- >>>> >>>> Csaba >>>> >>>> On 2018.03.20. 11:26, Colm O hEigeartaigh wrote: >>>>> What if you use something like this instead? >>>>> >>>>> <http:conduit name="https://localhost:.*";> >>>>> >>>>> If that doesn't work (with the correct domain name) then it looks like >>>> the >>>>> config is not getting picked up properly. >>>>> >>>>> Colm. >>>>> >>>>> On Mon, Mar 19, 2018 at 4:56 PM, Tóth Csaba <[email protected]> wrote: >>>>> >>>>>> Hello! >>>>>> >>>>>> I'd like call webservice from a server. I created everything, jut I >> need >>>>>> help to config the conduit proper: >>>>>> <http:conduit >>>>>> name="{urn:ihe:iti:hpd:2010}ProviderInformationDirectory_ >>>>>> Port_Soap12.http-conduit"> >>>>>> <http:tlsClientParameters> >>>>>> <sec:keyManagers keyPassword="password"> >>>>>> <sec:keyStore type="JKS" password="password" >>>>>> file="key/ldapClient.jks"/> >>>>>> </sec:keyManagers> >>>>>> <sec:trustManagers> >>>>>> <sec:keyStore type="JKS" password="password" >>>>>> file="key/ldapClient.jks"/> >>>>>> </sec:trustManagers> >>>>>> <sec:cipherSuitesFilter> >>>>>> <!-- these filters ensure that a ciphersuite with >>>>>> export-suitable or null encryption is used, >>>>>> but exclude anonymous Diffie-Hellman key change as >>>>>> this is vulnerable to man-in-the-middle attacks --> >>>>>> <sec:include>.*_EXPORT_.*</sec:include> >>>>>> <sec:include>.*_EXPORT1024_.*</sec:include> >>>>>> <sec:include>.*_WITH_DES_.*</sec:include> >>>>>> <sec:include>.*_WITH_AES_.*</sec:include> >>>>>> <sec:include>.*_WITH_NULL_.*</sec:include> >>>>>> <sec:exclude>.*_DH_anon_.*</sec:exclude> >>>>>> </sec:cipherSuitesFilter> >>>>>> </http:tlsClientParameters> >>>>>> >>>>>> </http:conduit> >>>>>> the port name in the wsdl: >>>>>> <port name="ProviderInformationDirectory_Port_Soap12" >>>>>> and the >>>>>> targetNamespace="urn:ihe:iti:hpd:2010" >>>>>> >>>>>> and its look like not working (the ssl log search the cert in the >> global >>>>>> java keystore and not in the conduit defined one) >>>>>> I try with: >>>>>> {urn:ihe:iti:hpd:2010}ProviderInformationDirectory_ >>>>>> Port_Soap12.http-conduit >>>>>> {urn:ihe:iti:hpd:2010}*.http-conduit >>>>>> *ProviderInformationDirectory_Port_Soap12.http-conduit >>>>>> with the same result. >>>>>> if I try with "*.http-conduit" I get an error: >>>>>> Error creating bean with name '*.http-conduit': Cannot create inner >> bean >>>>>> '(inner bean)#7a90b2df' of type >>>>>> [org.apache.cxf.configuration.jsse.TLSClientParametersConfig] while >>>>>> setting bean property 'tlsClientParameters' >>>>>> >>>>>> thanx for any help >>>>>> >>>>>> Csaba >>>>>> >>>>>> >> >
