You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Sterpu Victor <vi...@caido.ro> on 2016/11/14 20:01:43 UTC
Re[2]: Axis2 , 2 Way SSL and Fiddler
I solved it, it was not a Axis2 problem.
When I produced the PKCS7 signature I reinitialized my PKCS11 object and
lost the connection to the token.
------ Original Message ------
From: "Martin Gainty" <mg...@hotmail.com>
To: "java-user@axis.apache.org" <ja...@axis.apache.org>; "Sterpu
Victor" <vi...@caido.ro>
Sent: 14/11/2016 6:36:40 PM
Subject: Re: Axis2 , 2 Way SSL and Fiddler
>
>
>verify you have PKCS7 Cryptography libraries installed in your OS *you
>didnt mention your OS
>so I am unable to guide you in the PKCS7 Cryptography libraries you
>may/may not have*
>
>
>
>verify you have unlimited strength JCE jars installed
>
>
>
>http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
>
>Java Cryptography Extension (JCE) Unlimited Strength ...
>www.oracle.com
>Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction
>Policy Files for JDK/JRE 8 Download
>
>
>
>
>
>export your certificate to pem format
>
>
>
>openssl x509 -in <certificate_filename> -inform der -outform pem -out
><pem-filename>
>
>
>deskcheck certificate input pem and validate attributes with your
>Security Admin
>
>
>openssl x509 -in NameOfPem.pem -text
>display cert in pem format inline here or attach pem in reply
>
>
>
>Martin
>______________________________________________
>
>
>
>--------------------------------------------------------------------------------
>From: Sterpu Victor <vi...@caido.ro>
>Sent: Sunday, November 13, 2016 7:36 PM
>To: java-user
>Subject: Axis2 , 2 Way SSL and Fiddler
>
>Hello
>
>I'm testing Axis2 with 2 way SSL for a few weeks and in my tests I
>always used Fiddler to debug.
>Everything went fine but now I must move to production and I stopped
>fiddler and removed these lines:
> System.setProperty("https.proxyHost", "127.0.0.1");
> System.setProperty("https.proxyPort", "8888");
>
>An I almost got a heat attack, I'm in a big time crisis and I can't
>make Axis2 work without Fiddler, I receive the error:
>"org.apache.axis2.AxisFault: Connection has been shutdown:
>javax.net.ssl.SSLHandshakeException: Error signing certificate verify".
>And somewere at the end: "java.security.InvalidKeyException:
>Unsupported key type: SunPKCS11-SmartCard RSA private key, 2048 bits
>(id 65541, token object, sensitive, unextractable)"
>At the end of the mail I pasted all the trace.
>
>Some services are working, but the service that doesn't work sends a
>PKCS7 signature to the server. I create the PKCS7 signature using the
>same PKCS11 token that I use to comunicate 2 way SSL to the server.
>This is reproductible behaviour, always when I activate Fiddler, Axis2
>works. And only services where I use PKCS7 signature don't work.
>
>Do you have any advice? I have no idea what to do.
>I attached the whole stub that I generated with the command
>"wsdl2java.bat -uri tmp\StoreClinicalDocument.wsdl -p
>stubs.StoreClinicalDocument.client -s -sd -ssi -o
>tmp\build_StoreClinicalDocument\client" and I attached the wsdl file.
>
>Thank you.
>
>
>
>SEVERE: null
>java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
>SoapUtils.Axis2ReflectionBuilder.executeMethod(Axis2ReflectionBuilder.java:295)
> at SoapUtils.Soap.executeMethod(Soap.java:225)
> at Util.DES.ExportDES.FOCG_TransmiteDES(ExportDES.java:193)
> at
>GenericDBCarier.CustomFunctions$44$15.call(CustomFunctions.java:5346)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
>java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
>java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
>Caused by: org.apache.axis2.AxisFault: Connection has been shutdown:
>javax.net.ssl.SSLHandshakeException: Error signing certificate verify
> at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
> at
>org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78)
> at
>org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:85)
> at
>org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
> at
>org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
> at
>org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at
>org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at
>org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at
>org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at
>org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.executeMethod(HTTPSenderImpl.java:872)
> at
>org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.sendViaPost(HTTPSenderImpl.java:212)
> at
>org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:121)
> at
>org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:403)
> at
>org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:234)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:431)
> at
>org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:399)
> at
>org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
> at
>org.apache.axis2.client.OperationClient.execute(OperationClient.java:150)
> at
>stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub.storeClinicalDocumentS(StoreClinicalDocumentStub.java:377)
> ... 12 more
>Caused by: com.ctc.wstx.exc.WstxIOException: Connection has been
>shutdown: javax.net.ssl.SSLHandshakeException: Error signing
>certificate verify
> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:261)
> at
>org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50)
> at
>org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:231)
> at
>org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:223)
> at
>org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeAndConsume(AxiomContainerSupport.aj:324)
> at
>org.apache.axiom.om.impl.llom.OMElementImpl.serializeAndConsume(OMElementImpl.java:1)
> at
>org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74)
> ... 29 more
>Caused by: javax.net.ssl.SSLException: Connection has been shutdown:
>javax.net.ssl.SSLHandshakeException: Error signing certificate verify
> at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1541)
> at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1553)
> at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:71)
> at
>java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
> at java.io.BufferedOutputStream.write(BufferedOutputStream.java:121)
> at
>org.apache.commons.httpclient.WireLogOutputStream.write(WireLogOutputStream.java:68)
> at
>org.apache.commons.httpclient.ChunkedOutputStream.flushCacheWithAppend(ChunkedOutputStream.java:121)
> at
>org.apache.commons.httpclient.ChunkedOutputStream.write(ChunkedOutputStream.java:179)
> at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100)
> at
>com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:225)
> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:259)
> ... 35 more
>Caused by: javax.net.ssl.SSLHandshakeException: Error signing
>certificate verify
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
> at
>sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1119)
> at
>sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
> at
>sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
> at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
> at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
> at
>java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
> at java.io.BufferedOutputStream.write(BufferedOutputStream.java:121)
> at
>org.apache.commons.httpclient.WireLogOutputStream.write(WireLogOutputStream.java:68)
> at
>org.apache.commons.httpclient.ChunkedOutputStream.flushCacheWithAppend(ChunkedOutputStream.java:121)
> at
>org.apache.commons.httpclient.ChunkedOutputStream.write(ChunkedOutputStream.java:179)
> at com.ctc.wstx.io.UTF8Writer.write(UTF8Writer.java:143)
> at
>com.ctc.wstx.sw.BufferingXmlWriter.writeRaw(BufferingXmlWriter.java:269)
> at
>com.ctc.wstx.sw.BufferingXmlWriter.writeCharacters(BufferingXmlWriter.java:568)
> at
>com.ctc.wstx.sw.BaseStreamWriter.writeCharacters(BaseStreamWriter.java:385)
> at
>org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.writeCharacters(XMLStreamWriterWrapper.java:96)
> at
>org.apache.axiom.om.impl.MTOMXMLStreamWriter.writeCharacters(MTOMXMLStreamWriter.java:330)
> at
>org.apache.axiom.util.stax.XMLStreamWriterWriter.write(XMLStreamWriterWriter.java:54)
> at
>org.apache.axiom.util.base64.Base64EncodingWriterOutputStream.flushBuffer(Base64EncodingWriterOutputStream.java:82)
> at
>org.apache.axiom.util.base64.Base64EncodingWriterOutputStream.doWrite(Base64EncodingWriterOutputStream.java:74)
> at
>org.apache.axiom.util.base64.AbstractBase64EncodingOutputStream.encode(AbstractBase64EncodingOutputStream.java:132)
> at
>org.apache.axiom.util.base64.AbstractBase64EncodingOutputStream.write(AbstractBase64EncodingOutputStream.java:77)
> at javax.activation.DataHandler.writeTo(DataHandler.java:309)
> at
>org.apache.axiom.util.stax.XMLStreamWriterUtils.writeBase64(XMLStreamWriterUtils.java:62)
> at
>org.apache.axiom.util.stax.XMLStreamWriterUtils.writeDataHandler(XMLStreamWriterUtils.java:138)
> at
>stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub$StoreClinicalDocumentRequest.serialize(StoreClinicalDocumentStub.java:4586)
> at
>stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub$StoreClinicalDocumentRequest.serialize(StoreClinicalDocumentStub.java:4535)
> at
>stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub$StoreClinicalDocumentS.serialize(StoreClinicalDocumentStub.java:2924)
> at
>stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub$StoreClinicalDocumentS.serialize(StoreClinicalDocumentStub.java:2887)
> at
>stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub$StoreClinicalDocumentSE.serialize(StoreClinicalDocumentStub.java:7727)
> at
>stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub$StoreClinicalDocumentSE.serialize(StoreClinicalDocumentStub.java:7714)
> at
>org.apache.axis2.databinding.ADBDataSource.serialize(ADBDataSource.java:49)
> at
>org.apache.axiom.om.impl.common.serializer.push.stax.StAXSerializer.serializePushOMDataSource(StAXSerializer.java:53)
> at
>org.apache.axiom.om.impl.common.serializer.push.Serializer.serialize(Serializer.java:293)
> at
>org.apache.axiom.om.impl.common.AxiomSourcedElementSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomSourcedElementSupport$org_apache_axiom_om_impl_intf_AxiomSourcedElement$internalSerialize(AxiomSourcedElementSupport.aj:434)
> at
>org.apache.axiom.om.impl.llom.OMSourcedElementImpl.internalSerialize(OMSourcedElementImpl.java:1)
> at
>org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeChildren(AxiomContainerSupport.aj:362)
> at
>org.apache.axiom.om.impl.llom.OMElementImpl.ajc$interMethodDispatch2$org_apache_axiom_om_impl_common$serializeChildren(OMElementImpl.java:1)
> at
>org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethodDispatch1$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeChildren(AxiomContainerSupport.aj)
> at
>org.apache.axiom.om.impl.common.AxiomElementSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomElementSupport$org_apache_axiom_om_impl_intf_AxiomElement$defaultInternalSerialize(AxiomElementSupport.aj:519)
> at
>org.apache.axiom.om.impl.llom.OMElementImpl.defaultInternalSerialize(OMElementImpl.java:1)
> at
>org.apache.axiom.om.impl.common.AxiomElementSupport.ajc$interMethodDispatch1$org_apache_axiom_om_impl_common_AxiomElementSupport$org_apache_axiom_om_impl_intf_AxiomElement$defaultInternalSerialize(AxiomElementSupport.aj)
> at
>org.apache.axiom.om.impl.common.AxiomElementSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomElementSupport$org_apache_axiom_om_impl_intf_AxiomElement$internalSerialize(AxiomElementSupport.aj:513)
> at
>org.apache.axiom.om.impl.llom.OMElementImpl.internalSerialize(OMElementImpl.java:1)
> at
>org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeChildren(AxiomContainerSupport.aj:362)
> at
>org.apache.axiom.om.impl.llom.OMElementImpl.ajc$interMethodDispatch2$org_apache_axiom_om_impl_common$serializeChildren(OMElementImpl.java:1)
> at
>org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethodDispatch1$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeChildren(AxiomContainerSupport.aj)
> at
>org.apache.axiom.om.impl.common.AxiomElementSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomElementSupport$org_apache_axiom_om_impl_intf_AxiomElement$defaultInternalSerialize(AxiomElementSupport.aj:519)
> at
>org.apache.axiom.om.impl.llom.OMElementImpl.defaultInternalSerialize(OMElementImpl.java:1)
> at
>org.apache.axiom.om.impl.common.AxiomElementSupport.ajc$interMethodDispatch1$org_apache_axiom_om_impl_common_AxiomElementSupport$org_apache_axiom_om_impl_intf_AxiomElement$defaultInternalSerialize(AxiomElementSupport.aj)
> at
>org.apache.axiom.om.impl.common.AxiomElementSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomElementSupport$org_apache_axiom_om_impl_intf_AxiomElement$internalSerialize(AxiomElementSupport.aj:513)
> at
>org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl.internalSerialize(SOAPEnvelopeImpl.java:159)
> at
>org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeAndConsume(AxiomContainerSupport.aj:319)
> ... 31 more
>Caused by: java.security.InvalidKeyException: Unsupported key type:
>SunPKCS11-SmartCard RSA private key, 2048 bits (id 65541, token object,
>sensitive, unextractable)
> at sun.security.mscapi.RSACipher.init(RSACipher.java:243)
> at sun.security.mscapi.RSACipher.engineInit(RSACipher.java:158)
> at javax.crypto.Cipher.init(Cipher.java:1246)
> at
>java.security.Signature$CipherAdapter.engineInitSign(Signature.java:1282)
> at java.security.Signature$Delegate.init(Signature.java:1155)
> at
>java.security.Signature$Delegate.chooseProvider(Signature.java:1112)
> at
>java.security.Signature$Delegate.engineInitSign(Signature.java:1185)
> at java.security.Signature.initSign(Signature.java:550)
> at sun.security.ssl.RSASignature.engineInitSign(RSASignature.java:126)
> at
>java.security.Signature$Delegate.engineInitSign(Signature.java:1183)
> at java.security.Signature.initSign(Signature.java:550)
> at
>sun.security.ssl.HandshakeMessage$CertificateVerify.<init>(HandshakeMessage.java:1585)
> at
>sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1116)
> ... 85 more