axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r1c4r60 <rha...@gmail.com>
Subject RE: WSDL2Java for HTTPS
Date Mon, 25 Jun 2007 19:48:01 GMT

Hi,

"Certificates for IP addresses will not work

Quite simply, issuing and using certificates that authenticate IP addresses
rather than host names will not work. Don't do it. For anything larger than
a trivial installation, your CAS server and its clients need real hostnames
and certificates that authenticate those hostnames (for proxy ticket
functionality). In particular, if you get an error like ("unable to find
valid certification path to requested target") in the CAS server log, it
means that the SSL callback was specified in terms of an IP address rather
than a hostname."

Quoted from: http://www.ja-sig.org/products/cas/server/ssl/index.html

Does this seem to be your case?

Regards,
Ricardo


Mark Babcock-3 wrote:
> 
> I did everything you listed step by step and this is the stack trace I
> get:
> 
> [axis-wsdl2java] javax.net.ssl.SSLHandshakeException:
> sun.security.validator.Val
> idatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCe
> rtPathBuilderException: unable to find valid certification path to
> requested tar
> get
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(A
> lerts.java:174)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLS
> ocketImpl.java:1520)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Hands
> haker.java:182)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Hands
> haker.java:176)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverC
> ertificate(ClientHandshaker.java:975)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.process
> Message(ClientHandshaker.java:123)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(H
> andshaker.java:511)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.Handshaker.process_recor
> d(Handshaker.java:449)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord
> (SSLSocketImpl.java:817)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performIni
> tialHandshake(SSLSocketImpl.java:1029)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHands
> hake(SSLSocketImpl.java:1056)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHands
> hake(SSLSocketImpl.java:1040)
> [axis-wsdl2java]        at
> sun.net.www.protocol.https.HttpsClient.afterConnect(H
> ttpsClient.java:405)
> [axis-wsdl2java]        at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLCo
> nnection.connect(AbstractDelegateHttpsURLConnection.java:170)
> [axis-wsdl2java]        at
> sun.net.www.protocol.http.HttpURLConnection.getInputS
> tream(HttpURLConnection.java:981)
> [axis-wsdl2java]        at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.get
> InputStream(HttpsURLConnectionImpl.java:234)
> [axis-wsdl2java]        at
> org.apache.xerces.impl.XMLEntityManager.setupCurrentE
> ntity(Unknown Source)
> [axis-wsdl2java]        at
> org.apache.xerces.impl.XMLVersionDetector.determineDo
> cVersion(Unknown Source)
> [axis-wsdl2java]        at
> org.apache.xerces.parsers.XML11Configuration.parse(Un
> known Source)
> [axis-wsdl2java]        at
> org.apache.xerces.parsers.XML11Configuration.parse(Un
> known Source)
> [axis-wsdl2java]        at
> org.apache.xerces.parsers.XMLParser.parse(Unknown Sou
> rce)
> [axis-wsdl2java]        at
> org.apache.xerces.parsers.DOMParser.parse(Unknown Sou
> rce)
> [axis-wsdl2java]        at
> org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unkn
> own Source)
> [axis-wsdl2java]        at
> org.apache.axis.utils.XMLUtils.newDocument(XMLUtils.j
> ava:369)
> [axis-wsdl2java]        at
> org.apache.axis.utils.XMLUtils.newDocument(XMLUtils.j
> ava:420)
> [axis-wsdl2java]        at
> org.apache.axis.wsdl.symbolTable.SymbolTable.populate
> (SymbolTable.java:482)
> [axis-wsdl2java]        at
> org.apache.axis.wsdl.gen.Parser$WSDLRunnable.run(Pars
> er.java:361)
> [axis-wsdl2java]        at java.lang.Thread.run(Thread.java:619)
> [axis-wsdl2java] Caused by: sun.security.validator.ValidatorException:
> PKIX path
>  building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: un
> able to find valid certification path to requested target
> [axis-wsdl2java]        at
> sun.security.validator.PKIXValidator.doBuild(PKIXVali
> dator.java:285)
> [axis-wsdl2java]        at
> sun.security.validator.PKIXValidator.engineValidate(P
> KIXValidator.java:191)
> [axis-wsdl2java]        at
> sun.security.validator.Validator.validate(Validator.j
> ava:218)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.val
> idate(X509TrustManagerImpl.java:126)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.che
> ckServerTrusted(X509TrustManagerImpl.java:209)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.che
> ckServerTrusted(X509TrustManagerImpl.java:249)
> [axis-wsdl2java]        at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverC
> ertificate(ClientHandshaker.java:954)
> [axis-wsdl2java]        ... 23 more
> [axis-wsdl2java] Caused by:
> sun.security.provider.certpath.SunCertPathBuilderExc
> eption: unable to find valid certification path to requested target
> [axis-wsdl2java]        at
> sun.security.provider.certpath.SunCertPathBuilder.eng
> ineBuild(SunCertPathBuilder.java:174)
> [axis-wsdl2java]        at
> java.security.cert.CertPathBuilder.build(CertPathBuil
> der.java:238)
> [axis-wsdl2java]        at
> sun.security.validator.PKIXValidator.doBuild(PKIXVali
> dator.java:280)
> [axis-wsdl2java]        ... 29 more
> -----Original Message-----
> From: r1c4r60 [mailto:rhazan@gmail.com] 
> Sent: Monday, June 25, 2007 10:57 AM
> To: axis-user@ws.apache.org
> Subject: RE: WSDL2Java for HTTPS
> 
> 
> Hi Mark,
> 
> Most likely you haven't set the Axis Classpath. It could be done in
> several
> different ways as for example the one described at the Axis Installation
> page: 
> 
> http://ws.apache.org/axis/java/install.html#ClasspathSetup
> 
> ---- 
> Or just follow the instruction below:
> 
> Add these lines to your build.xml and it should start working.
> 
> <property name="axis.home" value="C:\axis-1_4" /> <!--The value should
> be
> your AXIS home directory-->
>   
> <path id="axis.classpath">
> <fileset dir="${axis.home}/lib">
> <include name="**/*.jar" />
> </fileset>
> </path>
> 	
> <taskdef resource="axis-tasks.properties" classpathref="axis.classpath"
> />	
> 
> PS. This is a refence to http://ws.apache.org/axis/java/ant/ant.html
> 
> Best Regards,
> Ricardo
>  
> 
> 
> Mark Babcock-3 wrote:
>> 
>> Ricardo,
>> 
>> Thank you for that amazing help.  However, I'm having problems with
> the
>> ant tag axis-wsdl2java.  Getting the name is undefined.
>> 
>> -----Original Message-----
>> From: r1c4r60 [mailto:rhazan@gmail.com] 
>> Sent: Monday, June 25, 2007 9:22 AM
>> To: axis-user@ws.apache.org
>> Subject: Re: WSDL2Java for HTTPS
>> 
>> 
>> Hi,
>> 
>> This is a way to solve the WSDL over HTTPS issue reported by so many
>> resulting in "No Trusted Certificate".
>> 
>> 1 - Export Certificate from Internet Explorer
>> 
>> 1.1 -> Access the service WSDL location (Ex. https://foo.com/bar?wsdl)
>> 1.2 -> Internet explorer will prompt a security alert
>> 1.3 -> Select the "View Certificate" button
>> 1.4 -> Navigate to the tab "Details" 
>> 1.5 -> Select the "Copy to File.." button
>> 1.6 -> Certificate Export Wizard will be displayed. Select "NEXT"
>> button.
>> 1.7 -> The option "DER encoded binary X.509 (.CER) will by default be
>> selected. Select "Next"
>> 1.8 -> Place the file where it suits you better. (Ex. foobar) PS.
> Don't
>> add
>> an extension. It will be store as: [given name].cer
>> 1.9 -> Select "Next" 
>> 1.10 -> The "Completing Certificate Export Wizard" will be displayed. 
>> 1.11 -> Select "Finish"
>> 1.12 -> The will be a pop-up saying "The export was successful"
>> 
>> 2 - Importing the certificate signature into the keystore
>> 
>> 2.1 -> Find out which keystore is being used by ANT by using the
>> command:
>> ant -diagnostics
>> 2.2 -> Lots of information will be displayed. Find the key "java.home"
>> (Ex.
>> "java.home : C:\j2sdk1.4.2_14\jre") 
>> 2.3 -> Thereby the truststore being used by ANT is in:
>> C:\j2sdk1.4.2_14\jre\lib\security\cacerts 
>> 2.4 -> Now you have to import the certificate into the keystore:
>> "keytool
>> -import -trustcacerts -keystore
>> "C:\j2sdk1.4.2_14\jre\lib\security\cacerts"
>> -storepass changeit -alias [foo bar] -file [the name you gave in step
>> 1.8].cer"
>> 2.5 -> Verify if the entry was created correctly.
>> "C:\j2sdk1.4.2_14\jre\lib\security>keytool -keystore cacerts
> -storepass
>> changeit -list -alias [foo bar]"
>> 
>> 3 - Run the Ant task
>> 
>> <target name="wsdl2java">
>> <mkdir dir="src/main/java-generated"/>
>> <axis-wsdl2java 
>> output="src/main/java-generated"
>> testcase="false"
>> verbose="true"
>> serverside="false"
>> url="https://foo.com/bar?wsdl"/>
>> </target>
>> 
>> Best Regards,
>> Ricardo
>> 
>> 
>> Mark Babcock-3 wrote:
>>> 
>>> I am trying to generate stubs with the WSDL2Java tool
>>> 
>>> I imported my certificate into my keystore (cacerts) using 
>>> 
>>> The keytool.  
>>> 
>>>  
>>> 
>>> When I run my build file I get the following exception:
>>> 
>>>  
>>> 
>>>      [java] javax.net.ssl.SSLHandshakeException:
>>> sun.security.validator.Validato
>>> 
>>> rException: PKIX path building failed:
>>> sun.security.provider.certpath.SunCertPat
>>> 
>>> hBuilderException: unable to find valid certification path to
>> requested
>>> target
>>> 
>>>  
>>> 
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> 
>>>  
>>> 
>>> <!-- ========================================= -->
>>> 
>>> <!-- xxx wsdl2java                             -->
>>> 
>>> <!-- ========================================= -->
>>> 
>>>  
>>> 
>>> <project name="xxxWSDL2Java" default="main" basedir=".">
>>> 
>>>  
>>> 
>>>  
>>> 
>>> <!--
>>> ====================================================================
>> -->
>>> 
>>> <!-- creates axis stubs for webservices
>>> -->
>>> 
>>> <!--
>>> ====================================================================
>> -->
>>> 
>>>       <target  name="generateWebServiceStubs" depends="">
>> 
>>> 
>>>             <java  classname="org.apache.axis.wsdl.WSDL2Java"
>>> fork="true">
>>> 
>>>                   <classpath>
>>> 
>>>                         <pathelement location="axis.jar"/>
>>> 
>>>                         <pathelement location="axis-ant.jar" />
>>> 
>>>                         <pathelement location="jaxrpc.jar" />
>>> 
>>>                         <pathelement
>>> location="commons-logging-1.0.4.jar" />
>>> 
>>>                         <pathelement
>>> location="commons-discovery-0.2.jar" />
>>> 
>>>                         <pathelement location="wsdl4j-1.5.1.jar" />
>>> 
>>>                   </classpath>
>>> 
>>>                   <arg value="https://URL/"/>
>>> 
>>>                   <arg value="-o" />
>>> 
>>>                   <arg value="-Djavax.net.ssl.trustStore=c:/program
>>> files/javajre1.6.0_01/lib/security/cacerts" />
>>> 
>>>             </java>
>>> 
>>>       </target>
>>> 
>>>  
>>> 
>>>       <target name="main" depends="generateWebServiceStubs">
>>> 
>>>             <echo>
>>> 
>>>                   Building xxx WSDL 2 Java\par
>>> 
>>>             </echo>
>>> 
>>>       </target>
>>> 
>>> </project>
>>> 
>>>  
>>> 
>>>  
>>> 
>>> 
>>> 
>> 
>> -- 
>> View this message in context:
>> http://www.nabble.com/WSDL2Java-for-HTTPS-tf3965233.html#a11286558
>> Sent from the Axis - User mailing list archive at Nabble.com.
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-user-help@ws.apache.org
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-user-help@ws.apache.org
>> 
>> 
>> 
> 
> -- 
> View this message in context:
> http://www.nabble.com/WSDL2Java-for-HTTPS-tf3965233.html#a11288117
> Sent from the Axis - User mailing list archive at Nabble.com.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/WSDL2Java-for-HTTPS-tf3965233.html#a11294269
Sent from the Axis - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message