cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eamonn Dwyer (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CXF-2403) Use of client certificates via http conduit configuration broken
Date Wed, 26 Aug 2009 09:23:59 GMT

    [ https://issues.apache.org/jira/browse/CXF-2403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12747852#action_12747852
] 

Eamonn Dwyer commented on CXF-2403:
-----------------------------------

Hi Wolfgang
I tried your keystore in my test client and I got the following exception. This exception
is different to yours and my exception is what i would expect because I do not have your truststore
file, I am using my own truststore file so the handshake fails as expected.

Could you attach your truststore (and also server certs) and I can try doing a quick check
using them too?

Regards,
Eamonn

org.apache.cxf.interceptor.Fault: Could not send Message.
	at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInter
ceptor.handleMessage(MessageSenderInterceptor.java:64)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain
.java:236)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:472)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:302)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254)
	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:123)
	at $Proxy39.greetMe(Unknown Source)
	at com.progress.fuse.management.cxf.samples.soaphttps.client.Client.main(Client
.java:36)
Caused by: java.net.SocketException: Software caused connection abort: recv fail
ed
	at java.net.SocketInputStream.socketRead0(Native Method)
	at java.net.SocketInputStream.read(SocketInputStream.java:129)
	at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:284)
	at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:319)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:720
)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1
345)
	at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.jav
a:103)
	at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java
:590)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Clie
ntHandshaker.java:697)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshak
er.java:623)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshake
r.java:160)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815
)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket
Impl.java:1025)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java
:1038)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abstra
ctDelegateHttpsURLConnection.java:170)
	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnectio
n.java:836)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLCo
nnectionImpl.java:230)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersT
rustCaching(HTTPConduit.java:1914)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(H
TTPConduit.java:1869)
	at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStr
eam.java:42)
	at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutpu
tStream.java:69)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCond
uit.java:1932)
	at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStr
eam.java:47)
	at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
	at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
	at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:627)
	at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInter
ceptor.handleMessage(MessageSenderInterceptor.java:62)
	... 8 more
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Could not send 
Message.
	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:143)
	at $Proxy39.greetMe(Unknown Source)
	at com.progress.fuse.management.cxf.samples.soaphttps.client.Client.main(Client
.java:36)
Caused by: java.net.SocketException: Software caused connection abort: recv fail
ed
	at java.net.SocketInputStream.socketRead0(Native Method)
	at java.net.SocketInputStream.read(SocketInputStream.java:129)
	at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:284)
	at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:319)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:720
)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1
345)
	at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.jav
a:103)
	at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java
:590)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Clie
ntHandshaker.java:697)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshak
er.java:623)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshake
r.java:160)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815
)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket
Impl.java:1025)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java
:1038)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abstra
ctDelegateHttpsURLConnection.java:170)
	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnectio
n.java:836)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLCo
nnectionImpl.java:230)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersT
rustCaching(HTTPConduit.java:1914)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(H
TTPConduit.java:1869)
	at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStr
eam.java:42)
	at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutpu
tStream.java:69)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCond
uit.java:1932)
	at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStr
eam.java:47)
	at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
	at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
	at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:627)
	at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInter
ceptor.handleMessage(MessageSenderInterceptor.java:62)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain
.java:236)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:472)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:302)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254)
	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:123)
	... 2 more

> Use of client certificates via http conduit configuration broken
> ----------------------------------------------------------------
>
>                 Key: CXF-2403
>                 URL: https://issues.apache.org/jira/browse/CXF-2403
>             Project: CXF
>          Issue Type: Bug
>          Components: Configuration
>            Reporter: Wolfgang Nagele
>         Attachments: client.crt, client.key, client.p12, keystore
>
>
> To use standard SSL client certificates for authentication the following configuration
should work:
> <http:conduit name="*.http-conduit">
>   <http:tlsClientParameters>
>     <sec:keyManagers keyPassword="password">
>       <sec:keyStore type="JKS" password="password" file="keystore" />
>     </sec:keyManagers>
>     <sec:trustManagers>
>       <sec:keyStore type="JKS" password="password" file="truststore" />
>     </sec:trustManagers>
>   </http:tlsClientParameters>
> </http:conduit>
> In this configuration we would have the public certificate of the server we want to connect
to in the truststore and the private key and certificate in the keystore.
> With the current CXF implementation this results in the following exception:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target
> 	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
[na:1.6.0_13]
> 	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) [na:1.6.0_13]
> 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) [na:1.6.0_13]
> 	... 39 common frames omitted
> Once we additionally define the following properties it works:
> * javax.net.ssl.keyStore=keystore
> * javax.net.ssl.keyStorePassword=password
> * javax.net.ssl.trustStore=truststore
> * javax.net.ssl.trustStorePassword=password
> This however results in very ugly setups where we have to define the same data twice.
Also we miss out on CXF's option of defining specific keystores and truststores per webservice.
> For further information also see: http://www.quendor.org/archiv/428

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message