[jira] [Created] (CXF-4037) Problem creating dynamic client when WSDL is hosted with secured transport (https)

Tue, 17 Jan 2012 07:40:06 -0800 

Problem creating dynamic client when WSDL is hosted with secured transport 
(https)
----------------------------------------------------------------------------------

                 Key: CXF-4037
                 URL: https://issues.apache.org/jira/browse/CXF-4037
             Project: CXF
          Issue Type: Bug
          Components: JAX-WS Runtime
    Affects Versions: 2.4.5, 2.4.3, 2.4.2
            Reporter: Harsha Devireddy
            Priority: Critical



I am trying to call a create a client dynamically to invoke the WebService(see 
below). Notice my WSDL URL is https. 
Also, with a minor modification(to add the spring config file to the bus) to 
the client generated using the wsdl2java utility I am able to call the secured 
webservice. 
But my requirement is to dynamically generate clients and call the webservice 
provided the wsdlUrl, method name and method arguments.

CLIENT CODE
------------
 
SpringBusFactory bf = new SpringBusFactory();

bus = bf.createBus(securityConfigFile);

BusFactory.setDefaultBus(bus);

 

JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance(bus);

dcf.setSimpleBindingEnabled(false);

List<String> bindingFiles = new ArrayList<String>();

File bindingFile = generateCustomBindingFile(fileLocationURL);

try {

bindingFiles.add(bindingFile.getCanonicalPath().toString());

} catch (IOException e) {

throw new LVOException(Level.SEVERE, "WSDL_INVALID_BINDINGFILE",

bindingFile.toString());

}

Client client = dcf.createClient(new 
URL(https://localhost:9999/getAccount?wsdl), bindingFiles);

 

 
EXCEPTION
----------
 

I get the below Exception while trying to create the client. 

 

log4j:WARN No appenders could be found for logger 
(org.apache.cxf.bus.spring.BusApplicationContext).

log4j:WARN Please initialize the log4j system properly.

Jan 14, 2012 4:44:59 PM org.apache.cxf.bus.spring.BusApplicationContext 
getConfigResources

INFO: Loaded configuration file ./test/resources/wsdl/WibbleClient.xml.

Exception in thread "main" 
org.apache.cxf.service.factory.ServiceConstructionException: Failed to create 
service.

at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:80)

at 
org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:261)

at 
org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:235)

at 
org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:170)

at 
com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.generateClient(WSDLDataModelerImpl.java:82)

at 
com.convergys.lvo.integration.WebServiceDataModeler.getServiceClient(WebServiceDataModeler.java:414)

at 
com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.getEntityData(WSDLDataModelerImpl.java:139)

at 
com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.main(WSDLDataModelerImpl.java:302)

Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: 
Problem parsing 'https://localhost:9999/getCustomer?wsdl'.: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target

at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2111)

at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2303)

at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2335)

at 
org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:239)

at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:186)

at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:78)

... 7 more

Caused by: javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)

at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)

at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)

at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)

at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)

at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)

at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)

at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)

at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)

at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)

at 
com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)

at 
com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)

at 
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)

at 
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)

at 
com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)

at 
com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)

at 
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)

at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2101)

... 12 more

Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)

at sun.security.validator.Validator.validate(Validator.java:218)

at 
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)

at 
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)

at 
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)

at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)

... 31 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable 
to find valid certification path to requested target

at 
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)

... 37 more

 

 
SPRING CONFIG FILE
------------------

Below is my spring config file for my client.

 

<beans xmlns="http://www.springframework.org/schema/beans";

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";

xmlns:sec="http://cxf.apache.org/configuration/security";

xmlns:http="http://cxf.apache.org/transports/http/configuration";

xsi:schemaLocation="

http://cxf.apache.org/configuration/security

http://cxf.apache.org/schemas/configuration/security.xsd

http://cxf.apache.org/transports/http/configuration

http://cxf.apache.org/schemas/configuration/http-conf.xsd

http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans.xsd";>


<http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit";>

<http:tlsClientParameters disableCNCheck="true">

<sec:trustManagers>

<sec:keyStore type="JKS" password="password"

file="test/resources/wsdl/truststore.jks"/>

</sec:trustManagers>

<sec:keyManagers keyPassword="password">

<sec:keyStore type="JKS" password="password" 

file="test/resources/wsdl/wibble.jks"/>

</sec:keyManagers>

<sec:cipherSuitesFilter>

<!-- these filters ensure that a ciphersuite with

export-suitable or null encryption is used,

but exclude anonymous Diffie-Hellman key change as

this is vulnerable to man-in-the-middle attacks -->

<sec:include>.*_EXPORT_.*</sec:include>

<sec:include>.*_EXPORT1024_.*</sec:include>

<sec:include>.*_WITH_DES_.*</sec:include>

<sec:include>.*_WITH_NULL_.*</sec:include>

<sec:exclude>.*_DH_anon_.*</sec:exclude>

</sec:cipherSuitesFilter>

</http:tlsClientParameters>

<http:authorization>

<sec:UserName>admin</sec:UserName>

<sec:Password>admin</sec:Password>

</http:authorization>

</http:conduit>

</beans> 


 

Really appreciate your comments and feedback.


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to