You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by contactreji <co...@gmail.com> on 2013/08/22 09:02:10 UTC
Using SSL Certificates and connecting to https:// port -Truststore
files provided
Hi all
Hope you all having good time riding the camel! :-p
Well, I am kinda working upon security part in web service.
- I have a webservice exposing a port address enabled with HTTPS.
- They have given me the keystore along with all relevant passwords.
Now I need to call the webservice with https transport.
Could you help me in understanding how do I make a call using cxf component.
My code looks like
<cxf:cxfEndpoint id="abc_zyz"
address="http://16.143.96.184:8181/blah/blah/blah"
serviceClass="xyz.ab.asdf.id52.qwerty.AXQMaterialConsumptionAsyncOut"
wsdlURL="wsdl/abc.wsdl" serviceName="p1:Service_ID52"
endpointName="p1:HTTP_Port" xmlns:p1="urn:somecompany:pi:asd:id52:QWSD"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" />
Please note that I want to call endpointName="p1:HTTPS_Port" in place of
endpointName="p1:HTTP_Port"
The endpointName="p1:HTTPS_Port" has been defined in the the WSDL
If someone could post a piece of code illustrating the above task , it would
really make my day!!!!!
Cheers
Reji
--
View this message in context: http://camel.465427.n5.nabble.com/Using-SSL-Certificates-and-connecting-to-https-port-Truststore-files-provided-tp5737735.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Using SSL Certificates and connecting to https:// port
-Truststore files provided
Posted by Willem jiang <wi...@gmail.com>.
Hi,
I can tell your configuration didn't has the part of http-conduit setting, and the stack trace shows that HTTPConduit didn't configured rightly.
Can you go through the example[1] I showed you before?
[1]http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-ConfiguringSSLSupport
--
Willem Jiang
Red Hat, Inc.
Web: http://www.redhat.com
Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English)
http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem
On Saturday, August 24, 2013 at 3:16 PM, contactreji wrote:
> Hi William
>
> I am getting a HANDSHAKE exception in the case now. I gave the proper path
> to the jks file still its showing the following exception.
> "unable to find valid certification path to requested target"
>
> Please find my error log
>
>
> Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException
> invoking
> https://ascsq14:8105/XISOAPAdapter/MessageServlet?senderParty=&senderService=BS_Q_MES_Miheevsky&receiverParty=&receiverService=&interface=SI_ID56_CopperRecovery_async_out&interfaceNamespace=urn:outotec:pi:mes:id56:CopperRecovery:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)[:1.6.0_45]
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown
> Source)[:1.6.0_45]
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
> Source)[:1.6.0_45]
> at java.lang.reflect.Constructor.newInstance(Unknown Source)[:1.6.0_45]
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
> at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
> at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
> ... 65 more
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
> Source)[:1.6]
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)[:1.6]
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6]
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6]
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> Source)[:1.6]
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> Source)[:1.6]
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
> Source)[:1.6]
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> Source)[:1.6]
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> Source)[:1.6]
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source)[:1.6]
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)[:1.6]
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)[:1.6]
> at sun.net.www.protocol.https.HttpsClient.afterConnect (http://www.protocol.https.HttpsClient.afterConnect)(Unknown
> Source)[:1.6]
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (http://www.protocol.https.AbstractDelegateHttpsURLConnection.connect)(Unknown
> Source)[:1.6]
> at sun.net.www.protocol.http.HttpURLConnection.getOutputStream (http://www.protocol.http.HttpURLConnection.getOutputStream)(Unknown
> Source)[:1.6.0_45]
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream (http://www.protocol.https.HttpsURLConnectionImpl.getOutputStream)(Unknown
> Source)[:1.6]
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1410)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1351)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
> at
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
> at
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1424)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
> ... 68 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)[:1.6.0_45]
> at sun.security.validator.PKIXValidator.engineValidate(Unknown
> Source)[:1.6.0_45]
> at sun.security.validator.Validator.validate(Unknown Source)[:1.6.0_45]
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
> Source)[:1.6]
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)[:1.6]
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)[:1.6]
> ... 85 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> Source)[:1.6.0_45]
> at java.security.cert.CertPathBuilder.build(Unknown Source)[:1.6.0_45]
>
>
>
> Can I do the same using JETTY?
> I have configured the jetty as follows
>
>
> <bean id="jetty"
> class="org.apache.camel.component.jetty.JettyHttpComponent">
> <property name="sslSocketConnectorProperties">
> <map>
> <entry key="password" value="keystorepassword" />
> <entry key="keyPassword" value="keystorepassword" />
> <entry key="keystore" value="src/main/resources/certs/keystore.jks" />
> <entry key="truststore" value="src/main/resources/certs/truststore.jks"
> />
> <entry key="trustPassword" value="truststorepassword" />
> <entry key="needClientAuth" value="true" />
> </map>
> </property>
> </bean>
>
> and configured jax:ws client as
>
> <jaxws:client id="PIServiceProxy"
>
> address="jetty:https://server1:8105/XISOAPAdapter/MessageServlet?senderParty=&senderService=BS_Q_MES_Miheevsky&receiverParty=&receiverService=&interface=SI_ID56_CopperRecovery_async_out&interfaceNamespace=urn:server:pi:mes:id56:CopperRecovery"
>
> serviceClass="outotec.pi.mes.id56.copperrecovery.SIID56CopperRecoveryAsyncOut"
>
> username="userid" password="pwd" />
>
>
> Please let me know in case anything is wrong in the above configuration
> settings.
>
> Reji
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/Using-SSL-Certificates-and-connecting-to-https-port-Truststore-files-provided-tp5737735p5737849.html
> Sent from the Camel - Users mailing list archive at Nabble.com (http://Nabble.com).
Re: Using SSL Certificates and connecting to https:// port
-Truststore files provided
Posted by contactreji <co...@gmail.com>.
Hi William
I am getting a HANDSHAKE exception in the case now. I gave the proper path
to the jks file still its showing the following exception.
"unable to find valid certification path to requested target"
Please find my error log
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException
invoking
https://ascsq14:8105/XISOAPAdapter/MessageServlet?senderParty=&senderService=BS_Q_MES_Miheevsky&receiverParty=&receiverService=&interface=SI_ID56_CopperRecovery_async_out&interfaceNamespace=urn:outotec:pi:mes:id56:CopperRecovery:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)[:1.6.0_45]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown
Source)[:1.6.0_45]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
Source)[:1.6.0_45]
at java.lang.reflect.Constructor.newInstance(Unknown Source)[:1.6.0_45]
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
at
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
... 65 more
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)[:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)[:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)[:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)[:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
Source)[:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)[:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)[:1.6]
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)[:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)[:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)[:1.6]
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
Source)[:1.6]
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)[:1.6]
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
Source)[:1.6.0_45]
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown
Source)[:1.6]
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1410)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1351)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
at
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
at
org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1424)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
... 68 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)[:1.6.0_45]
at sun.security.validator.PKIXValidator.engineValidate(Unknown
Source)[:1.6.0_45]
at sun.security.validator.Validator.validate(Unknown Source)[:1.6.0_45]
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
Source)[:1.6]
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)[:1.6]
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)[:1.6]
... 85 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)[:1.6.0_45]
at java.security.cert.CertPathBuilder.build(Unknown Source)[:1.6.0_45]
Can I do the same using JETTY?
I have configured the jetty as follows
<bean id="jetty"
class="org.apache.camel.component.jetty.JettyHttpComponent">
<property name="sslSocketConnectorProperties">
<map>
<entry key="password" value="keystorepassword" />
<entry key="keyPassword" value="keystorepassword" />
<entry key="keystore" value="src/main/resources/certs/keystore.jks" />
<entry key="truststore" value="src/main/resources/certs/truststore.jks"
/>
<entry key="trustPassword" value="truststorepassword" />
<entry key="needClientAuth" value="true" />
</map>
</property>
</bean>
and configured jax:ws client as
<jaxws:client id="PIServiceProxy"
address="jetty:https://server1:8105/XISOAPAdapter/MessageServlet?senderParty=&senderService=BS_Q_MES_Miheevsky&receiverParty=&receiverService=&interface=SI_ID56_CopperRecovery_async_out&interfaceNamespace=urn:server:pi:mes:id56:CopperRecovery"
serviceClass="outotec.pi.mes.id56.copperrecovery.SIID56CopperRecoveryAsyncOut"
username="userid" password="pwd" />
Please let me know in case anything is wrong in the above configuration
settings.
Reji
--
View this message in context: http://camel.465427.n5.nabble.com/Using-SSL-Certificates-and-connecting-to-https-port-Truststore-files-provided-tp5737735p5737849.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Using SSL Certificates and connecting to https:// port
-Truststore files provided
Posted by Willem jiang <wi...@gmail.com>.
Hi,
You can take a look at the CXF example[1], and apply the configuration of http-conduit configure on the camel configuration file.
[1]http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-ConfiguringSSLSupport
--
Willem Jiang
Red Hat, Inc.
Web: http://www.redhat.com
Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English)
http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem
On Thursday, August 22, 2013 at 3:02 PM, contactreji wrote:
> Hi all
> Hope you all having good time riding the camel! :-p
>
> Well, I am kinda working upon security part in web service.
>
> - I have a webservice exposing a port address enabled with HTTPS.
> - They have given me the keystore along with all relevant passwords.
>
> Now I need to call the webservice with https transport.
> Could you help me in understanding how do I make a call using cxf component.
>
>
> My code looks like
>
> <cxf:cxfEndpoint id="abc_zyz"
> address="http://16.143.96.184:8181/blah/blah/blah"
> serviceClass="xyz.ab.asdf.id52.qwerty.AXQMaterialConsumptionAsyncOut"
> wsdlURL="wsdl/abc.wsdl" serviceName="p1:Service_ID52"
> endpointName="p1:HTTP_Port" xmlns:p1="urn:somecompany:pi:asd:id52:QWSD"
> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" />
>
> Please note that I want to call endpointName="p1:HTTPS_Port" in place of
> endpointName="p1:HTTP_Port"
> The endpointName="p1:HTTPS_Port" has been defined in the the WSDL
>
> If someone could post a piece of code illustrating the above task , it would
> really make my day!!!!!
>
> Cheers
> Reji
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/Using-SSL-Certificates-and-connecting-to-https-port-Truststore-files-provided-tp5737735.html
> Sent from the Camel - Users mailing list archive at Nabble.com (http://Nabble.com).