Mailing-List: contact users-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@cxf.apache.org
Received-SPF: pass (athena.apache.org: local policy)
Message-ID: <49428.192.166.56.36.1221120890.squirrel@localhost>
In-Reply-To: <59430.192.166.56.36.1221062844.squirrel@localhost>
References: <54206.192.166.56.36.1221050154.squirrel@localhost>   
    <19414334.post@talk.nabble.com>
    <59430.192.166.56.36.1221062844.squirrel@localhost>
Date: Thu, 11 Sep 2008 10:14:50 +0200 (CEST)
Subject: Re: java.io.IOException: Illegal Protocol http for HTTPS      
     URLConnection  Factory
From: harry@raceeend-2.demon.nl
To: users@cxf.apache.org
User-Agent: SquirrelMail/1.4.6 [CVS]-0.cvs20050812.1.fc4
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Importance: Normal

My SOAP Client still gets the same Exception:
Illegal Protocol http for HTTPS      URLConnection  Factory

I have left the config solution (http-conduit in cxf.xml) and did all programmatically:
same result: Illegal Protocol http for HTTPS      URLConnection  Factory

What am I doing wrong?
I created a Webservice, derived the port and the client.
Then I created a TLSClientParameters object, added TrustManagers, and CipherSuitesFilter.
Finally I took the HTTPConduit from the client and added the TLSClientParameters object.
Everything as described in the examples.
Is it impossible to use HTTPS with cxf 2.1?

Here is the code, please give some hint...

......................... code .....................................
	private EconomyEndpoint getSSLPort() {
		TLSClientParameters tlsParams = new TLSClientParameters();
		tlsParams.setSecureSocketProtocol("SSL");
		tlsParams.setDisableCNCheck(true);

		String truststorePassword = micromoneyProperties.getProperty("economy.truststore.password");
		log.info("MicroMoney Keystore Password = ********");

		String microMoneyPropertiesDir = System.getProperty("catalina.home") + "/conf/tpay/micromoney/";
		String truststoreFilename = micromoneyProperties.getProperty("economy.truststore.filename");
		String truststorePath = microMoneyPropertiesDir + truststoreFilename;
		log.info("MicroMoney Truststore Filename = " + truststorePath);

		File truststoreFile = new File(truststorePath);

		try {
			// Set Truststore
			KeyStore truststore = KeyStore.getInstance("JKS");
			truststore.load(new FileInputStream(truststoreFile), truststorePassword.toCharArray());
			TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
			trustManagerFactory.init(truststore);
			TrustManager[] trustManager = trustManagerFactory.getTrustManagers();
			tlsParams.setTrustManagers(trustManager);

		} catch (NoSuchAlgorithmException e) {
			log.debug(e);
		} catch (CertificateException e) {
			log.debug(e);
		} catch (FileNotFoundException e) {
			log.debug(e);
		} catch (IOException e) {
			log.debug(e);
		} catch (KeyStoreException e) {
			log.debug(e);
		}

		// Set Filters
		FiltersType filter = new FiltersType();
		filter.getInclude().add(".*_EXPORT_.*");
		filter.getInclude().add(".*_EXPORT1024_.*");
		filter.getInclude().add(".*_WITH_DES_.*");
		filter.getInclude().add(".*_WITH_NULL_.*");
		filter.getExclude().add(".*_DH_anon_.*");
		tlsParams.setCipherSuitesFilter(filter);

		// Create Service
		String externeMicroMoneyUrl = micromoneyProperties.getProperty("economy.externe.url");
		log.info("Externe MicroMoney Url = " + externeMicroMoneyUrl);

		URL wsdlURL = null;

		try {
			wsdlURL = new URL(externeMicroMoneyUrl + "?wsdl");
		} catch (MalformedURLException e) {
			log.debug(e);
		}
		EconomyService economyService = new EconomyService(wsdlURL, economyServiceName);
		EconomyEndpoint port = economyService.getEconomyPort();
		Client cxfClient = ClientProxy.getClient(port);

        log.debug("economy Service = " + economyService);
        log.debug("economy Port = " + port);

		// Add HttpConduit
		HTTPConduit httpConduit = (HTTPConduit)cxfClient.getConduit();
		httpConduit.setTlsClientParameters(tlsParams);

		return port;
	}

.................................

Then when doing this:

EconomyEndpoint port = getSSLPort();

port.create(); <<<<< Re: java.io.IOException: Illegal Protocol http for HTTPS      URLConnection  Factory


> Hi Glenn,
>
> Sorry but the SOAP Client (Webservice Client) is INSIDE of the servlet.
> The servlet itself is accessed over normal HTTP, whereas this SOAP Client
> tries to communicate with some WebService over HTTPS.
>
> For the sake of clarity, here is (partly) the servlet code:
>
> ................ servlet ...........................................
>
> public class MyWebServiceClient extends HttpServlet { <<<< communicates over HTTP
>
>   public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
>     .
>     .
>     .
>     MyPort port;
>
>     try {
>       URL wsdlURL = null;
>       try {
>         wsdlURL = new URL(externeMicroMoneyUrl + "?wsdl");
>       } catch (MalformedURLException e) {
>         e.printStackTrace();
>       }
>       MyWebService ss = new MyWebService(wsdlURL, myWebServiceName); <<<< communicates over HTTPS
>       port = ss.getMyPort();
>     } catch (Exception e) {
>       log.debug(e);
>     }
> // I put this extra logging, because I suspected the cxf.xml is not read
>     String config = System.getProperty("cxf.config.file");
>     log.debug("Credentials from " + (config != null ? config : "cxf.config.file NOT set") + " will be used for the invocation.");
>>>>    // Here the logging says "cxf.config.file NOT set" during execution.
>
>     port.create();
>     .
>     .
>     .
>   }
>
> }
>
> To my opinion the cxf.xml file is not read, all be it in the classpath (beneath .../WEB-INF/classes).
> So the problem remains that I have a SOAP Client (standalone or in a servlet, whatever) that refuses to
> communicate over HTTPS. After all I do not understand why the cxf.xml is not read.
>
> The other point(#5), 'using https://', is something that I cannot change, because the WSDL is read from
> the remote server anytime when I create myWebService.
>
> But I used a  copy of the WSDL in order to generate my client stubs etc..
> In fact it is a bit weird that I use the remote wsdl again in creating the service:
> I have allready generated the stubs, so I only have to supply the actual endpoint at execution time.
>
>
>>
>> http://www.jroller.com/gmazza/entry/setting_up_ssl_and_basic ?
>>
>> I would update your web.xml to require SSL (see step #4 above, and alter the
>> WSDL that your client is reading to use https:// instead of http:// -- step
>> #5 above).
>>
>> HTH,
>> Glen
>>
>>
>> harryvanrijn wrote:
>>>
>>> Hallo,
>>>
>>> I want to access a Webservice over HTTPS.
>>>
>>> In order to do so I configured the 'http:conduit' element in my cxf.xml.
>>>
>>> This cxf.xml is used by a webservice client inside of a servlet, so
>>> I put the cxf.xml beneath the .../WEB-INF/classes directory.
>>>
>>> The Service en port Object can be created without any problems.
>>> But as soon as I call a method in the webservice, I get an Exception
>>> concerning the use of 'http' protocol (see below).
>>>
>>> Here are my web.xml and the cxf.xml
>>>
>>> ............... web.xml ...............................................
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <web-app
>>> 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>> 	xmlns="http://java.sun.com/xml/ns/javaee"
>>> 	xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
>>> 	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
>>> 			    http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
>>> 	id="MyClient"
>>> 	version="2.5">
>>>
>>> 	<display-name>MyClient</display-name>
>>>
>>> 	<context-param>
>>> 		<param-name>webAppRootKey</param-name>
>>> 		<param-value>MyClient</param-value>
>>> 	</context-param>
>>>
>>> 	<listener>
>>> 		<listener-class>
>>> 			org.springframework.web.util.Log4jConfigListener
>>> 		</listener-class>
>>> 	</listener>
>>>
>>> 	<servlet>
>>> 		<servlet-name>SomeServlet</servlet-name>
>>> 		<servlet-class>
>>> 			some.other.example.SomeServlet
>>> 		</servlet-class>
>>> 	</servlet>
>>> 	<servlet-mapping>
>>> 		<servlet-name>SomeServlet</servlet-name>
>>> 		<url-pattern>/SomeServlet</url-pattern>
>>> 	</servlet-mapping>
>>>
>>> </web-app>
>>>
>>> ............... cxf.xml ...............................................
>>>
>>> <beans
>>> 	xmlns="http://www.springframework.org/schema/beans"
>>>   	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>   	xmlns:sec="http://cxf.apache.org/configuration/security"
>>>   	xmlns:http="http://cxf.apache.org/transports/http/configuration"
>>>   	xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
>>> 	xmlns:cxf="http://cxf.apache.org/core"
>>>   	xsi:schemaLocation="
>>> 		http://cxf.apache.org/core
>>> 		http://cxf.apache.org/schemas/core.xsd
>>> 		http://cxf.apache.org/configuration/security
>>> 		http://cxf.apache.org/schemas/configuration/security.xsd
>>> 		http://cxf.apache.org/transports/http/configuration
>>> 		http://cxf.apache.org/schemas/configuration/http-conf.xsd
>>> 		http://www.springframework.org/schema/beans
>>> 		http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
>>>
>>> 	<http:conduit name="{http://this.is.my.namespace}MyPort.http-conduit">
>>>
>>> 		<http:tlsClientParameters secureSocketProtocol="SSL">
>>> 			<sec:keyManagers keyPassword="topsecret">
>>> 				<sec:keyStore type="JKS" password="topsecret"
>>> file="/opt/tomcat/conf/tpay/mykeystore.keystore"/>
>>> 			</sec:keyManagers>
>>> 			<sec:trustManagers>
>>> 				<sec:keyStore type="JKS" password="changeit"
>>> file="/opt/tomcat/conf/tpay/mytruststore.keystore"/>
>>> 			</sec:trustManagers>
>>>
>>> 			<sec:cipherSuitesFilter>
>>> 				<!-- these filters ensure that a ciphersuite with
>>> 	          export-suitable or null encryption is used,
>>> 	          but exclude anonymous Diffie-Hellman key change as
>>> 	          this is vulnerable to man-in-the-middle attacks -->
>>> 				<sec:include>.*_EXPORT_.*</sec:include>
>>> 				<sec:include>.*_EXPORT1024_.*</sec:include>
>>> 				<sec:include>.*_WITH_DES_.*</sec:include>
>>> 				<sec:include>.*_WITH_NULL_.*</sec:include>
>>> 				<sec:exclude>.*_DH_anon_.*</sec:exclude>
>>> 			</sec:cipherSuitesFilter>
>>> 		</http:tlsClientParameters>
>>>
>>> 		<http:client ContentType="text/xml"/>
>>>
>>> 	</http:conduit>
>>>
>>> </beans>
>>>
>>> ............... the code with the webservice call
>>> ...............................................
>>>
>>>    QName myWebServiceName =
>>>       new QName("http://this.is.my.namespace", "MyWebService");
>>>    wsdlURL = new URL("https://this.is.my.namespace/services/MyService" +
>>> "?wsdl");
>>>
>>>    myWebService = new WebService(wsdlURL, myWebServiceName );
>>>    port = myWebService .getMyPort();
>>>
>>> ............... the Exception
>>> ...............................................
>>>
>>> INFO: Interceptor has thrown exception, unwinding now
>>> org.apache.cxf.interceptor.Fault: Could not send Message.
>>> 	at
>>> org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:48)
>>> 	at
>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
>>> 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
>>> 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
>>> 	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>>> 	at
>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:177)
>>> 	at $Proxy35.delete(Unknown Source)
>>> 	at com.tsystems.tpay.micromoney.ws.MicroMoneyWsClient.delete(Unknown
>>> Source)
>>> 	at com.tsystems.tpay.micromoney.ws.MicroMoneyWsClient.doPost(Unknown
>>> Source)
>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>>> 	at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>> 	at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> 	at
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>> 	at
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>>> 	at
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>> 	at
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>> 	at
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>> 	at
>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>> 	at
>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>>> 	at
>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>> 	at
>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>> 	at java.lang.Thread.run(Thread.java:619)
>>> Caused by: java.io.IOException: Illegal Protocol http for HTTPS
>>> URLConnection Factory.
>>> 	at
>>> org.apache.cxf.transport.https.HttpsURLConnectionFactory.createConnection(HttpsURLConnectionFactory.java:124)
>>> 	at
>>> org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:480)
>>> 	at
>>> org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46)
>>> 	... 22 more
>>>
>>> I have tried to add i.e. 'secureSocketProtocol="SSL"' to the
>>> 'http:tlsClientParameters' element in the cxf file, but nothings helps.
>>> The problem is somewhere in my configuration, but I cannot solve it due to
>>> lack of sensible documentation.
>>> Also I cannot verify (in logs) of the cxf.xml is really evaluated.
>>> Any Help would be welcome.
>>>
>>> Harry
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/java.io.IOException%3A-Illegal-Protocol-http-for-HTTPS-URLConnection--Factory-tp19412659p19414334.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>>
>
>