servicemix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jlbarrera <jlbarr...@sadiel.es>
Subject Re: WebServices and SSL
Date Fri, 09 Mar 2007 11:07:27 GMT

first to all, thank you for your help, it's beging very useful for me.

Ok this is my provider configuration at this moment, because i changed it
many times:

<!-- PROVIDER -->

                <http:endpoint service="firma:VerificarFirmasService"                 
                               targetService="firma:VerificarFirmasService" 
                               endpoint="endpointProviderFirma2"                 
                               interfaceName="firma:InterfazVerificarFirma"
                               soapVersion="1.1"
                               soap="true"
                               role="provider"                   
                              
locationURI="https://172.19.1.75/axis/services/VerificarFirmas"                          
        
                              
defaultMep="http://www.w3.org/2004/08/wsdl/in-out" 
                              
wsdlResource="https://172.19.1.75/axis/services/VerificarFirmas?wsdl">
                   <http:ssl>
                    <http:sslParameters trustStore="classpath:keystore_jl"
                                        trustStorePassword="pass"
                                        />
                    </http:ssl>

                    <http:basicAuthentication>
                        <http:basicAuthCredentials username="user"
password="pass" />
                    </http:basicAuthentication>

                </http:endpoint>

keystore_jl is generated by:

keytool -import -alias jlbarreracert -keypass pass -file vmw2000.cer
-storepass pass -trustcacerts

The certificate (vmw200.cer) is self signed, i export it by internet
explorer to a file.

Thnaks!


tterm wrote:
> 
> jlbarrera wrote:
>> ok, i think that the error can be because the keystore isn't found!,
>> because
>> i write a badly route and i received the same error.
>> 
>> I have seen in the documentation:
>> keyStore="classpath:org/apache/servicemix/http/server.keystore"
>> But...Where i should place my keystore file?
> as i said before put it under $SERVICMIX_HOME/conf/ as an example
> 
> 
> 
>> 
>> thanks!
>> 
>> 
>> 
>> jlbarrera wrote:
>>> I try to expose a external webservices (SSL+auth basic) in ServiceMix.
>>>
>>> External WebServices <----->ServiceMix <--------> Client
>>>
>>> for this, i'm using servicemix-http (xbean). Documentation 
>>> http://incubator.apache.org/servicemix/servicemix-http.html here 
>>> I already get expose a Webservices in ServiceMix, but now i'm trying do
>>> it
>>> with SSL, and then with Auth Basic.
>>>
>>> External WS (SSL)<---->
>>> provider(SM)<--->NMR<---->consumer(SM)<---->Client
>>>
>>> And i get the same error with all configurations:
>>>
>>> unable to find valid certification path to requested target...
>>>
>>> I have exported the certificate (vmw200.cer) and the next steps for
>>> create
>>> the keystore and truststore are confused for my.
>>>
>>> I try to do this: keytool -import -keypass leidas -file vmw2000.cer
>>> -storepass pass -trustcacerts
>>>
>>> But i get the same error
>>>
>>> Thanks!
>>>
>>>
>>> tterm wrote:
>>>> I'M still don't know what exactly you are doing. Is the webservice on a
>>>> remote host and servicemix local or whatever. I don't know.
>>>>
>>>> You should generate your key as you already did, export the certificate
>>>> and import it in the truststore. This is the way for a self signed
>>>> certificate. In your client application you also have to import your
>>>> certificate so that the client trusts your server (web service whatever
>>>> else). If your client is a commandline java application you have to set
>>>> the keystore and truststore otherwise the truststore from the jdk will
>>>> be used. Is the webservice deployed in servicemix?
>>>>
>>>>
>>>> jlbarrera wrote:
>>>>> I'm using ServiceMix 3.1, 
>>>>> What could be the problem?  The keystore and truststore generated?
>>>>> I have make this:
>>>>>
>>>>> keytool -genkey -keypass password -keystore keystoredemo -storepass
>>>>> password
>>>>> keytool -import -trustcacerts -keystore keystoretrust -file
>>>>> somename.cer
>>>>> -v 
>>>>>
>>>>> And i following the next guide for solved this problem:
>>>>> http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get
>>>>> the
>>>>> same error.
>>>>>
>>>>> Thanks!
>>>>>
>>>>>
>>>>> tterm wrote:
>>>>>> Which servicemix version do you use?
>>>>>>
>>>>>> You should enable the java property for ssl so that you can see which
>>>>>> truststore and keystore is used.
>>>>>>
>>>>>> jlbarrera wrote:
>>>>>>> Well i put the keystore and the truststore in the conf directory,
>>>>>>> and
>>>>>>> in
>>>>>>> the
>>>>>>> xbean.xml:
>>>>>>>
>>>>>>> <http:ssl>
>>>>>>>                     <http:sslParameters
>>>>>>> keyStore="file:conf/jlbarrera"
>>>>>>>                                         keyStorePassword="leidas"
>>>>>>>                                        
>>>>>>> trustStore="file:conf/arrobafirma"
>>>>>>>                                        
>>>>>>> trustStorePassword="leidas"/>
>>>>>>>                     </http:ssl>
>>>>>>>
>>>>>>> But i received the next error: What happened? 
>>>>>>>
>>>>>>> INFO  - ServiceUnitLifeCycle           - Starting service unit:
SU
>>>>>>> WARN  - HttpComponent                  - Could not load description
>>>>>>> from
>>>>>>> resource
>>>>>>> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported
>>>>>>> document
>>>>>>> at
>>>>>>> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.:
>>>>>>> sun.security.validator.ValidatorException: PKIX path building
>>>>>>> failed:
>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable
>>>>>>> to
>>>>>>> find
>>>>>>> valid certification path to requested target:
>>>>>>> javax.net.ssl.SSLHandshakeException:
>>>>>>> sun.security.validator.ValidatorException: PKIX path building
>>>>>>> failed:
>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable
>>>>>>> to
>>>>>>> find
>>>>>>> valid certification path to requested target
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
>>>>>>>         at
>>>>>>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
>>>>>>>         at
>>>>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
      
>>>>>>> at
>>>>>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913)
>>>>>>>         at java.net.URLConnection.getContent(URLConnection.java:682)
>>>>>>>         at
>>>>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:406)
>>>>>>>         at java.net.URL.getContent(URL.java:1021)
>>>>>>>         at
>>>>>>> com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown
>>>>>>> Source)
>>>>>>>         at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>>>>>>>         at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>>>>>>>         at
>>>>>>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229)
>>>>>>>         at
>>>>>>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339)
>>>>>>>         at
>>>>>>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55)
>>>>>>>         at
>>>>>>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555)
>>>>>>>         at java.util.TimerThread.mainLoop(Timer.java:512)
>>>>>>>         at java.util.TimerThread.run(Timer.java:462)
>>>>>>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>>>>>> building
>>>>>>> failed: sun.security.provider.certpath.SunCertPathBuilderException:
>>>>>>> unable
>>>>>>> to find valid certification path to requested target
>>>>>>>         at
>>>>>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
>>>>>>>         at
>>>>>>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
>>>>>>>         at
>>>>>>> sun.security.validator.Validator.validate(Validator.java:203)
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
>>>>>>>         at
>>>>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840)
>>>>>>>         ... 28 more
>>>>>>> Caused by:
>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException:
>>>>>>> unable to find valid certification path to requested target
>>>>>>>         at
>>>>>>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
>>>>>>>         at
>>>>>>> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
>>>>>>>         at
>>>>>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
>>>>>>>         ... 33 more
>>>>>>>
>>>>>>>         at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>>>>>>>         at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>>>>>>>         at
>>>>>>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229)
>>>>>>>         at
>>>>>>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339)
>>>>>>>         at
>>>>>>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55)
>>>>>>>         at
>>>>>>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60)
>>>>>>>         at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555)
>>>>>>>         at java.util.TimerThread.mainLoop(Timer.java:512)
>>>>>>>         at java.util.TimerThread.run(Timer.java:462)
>>>>>>> INFO  - jetty                          - jetty-6.0.1
>>>>>>> INFO  - jetty                          - Started
>>>>>>> SelectChannelConnector @
>>>>>>> 0.0.0.0:8989
>>>>>>> INFO  - AutoDeploymentService          - Directory: deploy: Finished
>>>>>>> installation of archive:  SA.zip
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> tterm wrote:
>>>>>>>> jlbarrera wrote:
>>>>>>>>> I try to create a BC with the role "provider" that connect
with a
>>>>>>>>> Web
>>>>>>>>> Services by SSL and auth basic. But in the documentation
said that
>>>>>>>>> the
>>>>>>>>> basic
>>>>>>>>> auth only has enabled for role "consumer" .. it's right?
>>>>>>>> I never tested basic auth. I used just ssl for authentication
with
>>>>>>>> certificates.
>>>>>>>>
>>>>>>>>> But the keystore and truststore not found, i think that
the path
>>>>>>>>> can
>>>>>>>>> be
>>>>>>>>> mistaken.
>>>>>>>> The truststore and keystore will be found. You might try
to put
>>>>>>>> both
>>>>>>>> into the conf directory of servicemix and specify in the
config
>>>>>>>> file
>>>>>>>> file:con/your.truststore.jks or something. That works.
>>>>>>>>
>>>>>>>> This is also a big help sometimes:
>>>>>>>> -Djavax.net.debug=ssl
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>> Thomas
>>>>>>>>
>>>>>>>>> regards
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> tterm wrote:
>>>>>>>>>> set it with "file:" (keystore , truststore)
>>>>>>>>>>
>>>>>>>>>> You should provide more information on what you are
want to do.
>>>>>>>>>>
>>>>>>>>>> jlbarrera wrote:
>>>>>>>>>>> Hello
>>>>>>>>>>>
>>>>>>>>>>> I'm using servicemix-http with SSL. 
>>>>>>>>>>>
>>>>>>>>>>> I have generated the keyStore:
>>>>>>>>>>>     keytool -genkey -keypass password -keystore
keystoredemo
>>>>>>>>>>> -storepass
>>>>>>>>>>> password
>>>>>>>>>>> And i generated the trustStore:
>>>>>>>>>>>     keytool -import -trustcacerts -keystore keystoretrust
-file
>>>>>>>>>>> somename.cer
>>>>>>>>>>> -v
>>>>>>>>>>>
>>>>>>>>>>> In the xbean.xml configuration file:
>>>>>>>>>>>
>>>>>>>>>>> <http:ssl>
>>>>>>>>>>>                     <http:sslParameters
>>>>>>>>>>> keyStore="/home/jlbarrera/keystoredemo"
>>>>>>>>>>>                                        
>>>>>>>>>>> keyStorePassword="password"
>>>>>>>>>>>                                        
>>>>>>>>>>> trustStore="/home/jlbarrera/keystoretrust"
>>>>>>>>>>>                                        
>>>>>>>>>>> trustStorePassword="password"/>
>>>>>>>>>>>                     </http:ssl>
>>>>>>>>>>>  
>>>>>>>>>>> But i get the next error:
>>>>>>>>>>>
>>>>>>>>>>>    "No trusted certificate found"
>>>>>>>>>>>
>>>>>>>>>>> Somebody know the problem? The route of files
it's mistaken? I
>>>>>>>>>>> try
>>>>>>>>>>> with
>>>>>>>>>>> file:///route... too. I'm using Linux filesystem..
>>>>>>>>>>>
>>>>>>>>>>> Thanks!
>>>>>>>> -- 
>>>>>>>> Thomas Termin
>>>>>>>> _______________________________
>>>>>>>> blue elephant systems GmbH
>>>>>>>> Wollgrasweg 49
>>>>>>>> D-70599 Stuttgart
>>>>>>>>
>>>>>>>> Tel    :  (+49) 0711 - 45 10 17 676
>>>>>>>> Fax    :  (+49) 0711 - 45 10 17 573
>>>>>>>> WWW    :  http://www.blue-elephant-systems.com
>>>>>>>> Email  :  Thomas.Termin@blue-elephant-systems.com
>>>>>>>>
>>>>>>>> blue elephant systems GmbH
>>>>>>>> Firmensitz      : Wollgrasweg 49, D-70599 Stuttgart
>>>>>>>> Registergericht : Amtsgericht Stuttgart, HRB 24106
>>>>>>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim
Hoernle
>>>>>>>>
>>>>>>>> Thanks! 
>>>>>>>>
>>>>>> -- 
>>>>>> Thomas Termin
>>>>>> _______________________________
>>>>>> blue elephant systems GmbH
>>>>>> Wollgrasweg 49
>>>>>> D-70599 Stuttgart
>>>>>>
>>>>>> Tel    :  (+49) 0711 - 45 10 17 676
>>>>>> Fax    :  (+49) 0711 - 45 10 17 573
>>>>>> WWW    :  http://www.blue-elephant-systems.com
>>>>>> Email  :  Thomas.Termin@blue-elephant-systems.com
>>>>>>
>>>>>> blue elephant systems GmbH
>>>>>> Firmensitz      : Wollgrasweg 49, D-70599 Stuttgart
>>>>>> Registergericht : Amtsgericht Stuttgart, HRB 24106
>>>>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>> -- 
>>>> Thomas Termin
>>>> _______________________________
>>>> blue elephant systems GmbH
>>>> Wollgrasweg 49
>>>> D-70599 Stuttgart
>>>>
>>>> Tel    :  (+49) 0711 - 45 10 17 676
>>>> Fax    :  (+49) 0711 - 45 10 17 573
>>>> WWW    :  http://www.blue-elephant-systems.com
>>>> Email  :  Thomas.Termin@blue-elephant-systems.com
>>>>
>>>> blue elephant systems GmbH
>>>> Firmensitz      : Wollgrasweg 49, D-70599 Stuttgart
>>>> Registergericht : Amtsgericht Stuttgart, HRB 24106
>>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle
>>>>
>>>>
>>>>
>>>
>> 
> 
> 
> -- 
> Thomas Termin
> _______________________________
> blue elephant systems GmbH
> Wollgrasweg 49
> D-70599 Stuttgart
> 
> Tel    :  (+49) 0711 - 45 10 17 676
> Fax    :  (+49) 0711 - 45 10 17 573
> WWW    :  http://www.blue-elephant-systems.com
> Email  :  Thomas.Termin@blue-elephant-systems.com
> 
> blue elephant systems GmbH
> Firmensitz      : Wollgrasweg 49, D-70599 Stuttgart
> Registergericht : Amtsgericht Stuttgart, HRB 24106
> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/WebServices-and-SSL-tf3333637s12049.html#a9392447
Sent from the ServiceMix - User mailing list archive at Nabble.com.


Mime
View raw message