Discussion :

[cameleon2002]

Bonjour,

J'aimerais créer un webservice ssl 2 ways, malheureusement je manque un peu de connaissance dans le domaine et je suis pour l'instant bloqué.(Le webservice fonctionne en http)

Ce que j'ai déjà fait c'est un server keystore et server truststore dans lesquel j'ai ajouté la clé publique du client :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
 
Keystore type: jks
Keystore provider: SUN
 
Your keystore contains 2 entries
 
client, Jun 15, 2009, trustedCertEntry,
Certificate fingerprint (MD5): 8B:FE:FD:92:26:F3:6B:3B:AB:51:01:1E:B2:2F:19:64
server, Jun 15, 2009, keyEntry,
Certificate fingerprint (MD5): E7:1B:0C:88:0E:30:33:A7:EA:96:C5:58:E5:F0:95:97

En démarrant mon serveur jboss, j'ai bien donné la référence vers mon truststore : -Djavax.net.ssl.trustStore=...

Au niveau de mon fichier server.config, j'ai ajouté ceci :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
 
	<Connector port="8443" address="${jboss.bind.address}"
        maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
        scheme="https" secure="true" clientAuth="want"
        keystoreFile="${jboss.server.home.dir}/conf/certificates/server.keystore"
        keystorePass="********"
        truststoreFile="${jboss.server.home.dir}/conf/certificates/server.keystore"
        truststorePass="********"
        sslProtocol = "TLS" />

Je pense qu'au niveau du server, je ne dois rien faire d'autre.
Au niveau de mon application voici le code de mon webservice :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
package ejb;
 
import java.rmi.RemoteException;
 
import javax.ejb.EJB;
import javax.ejb.Remote;
import javax.ejb.Stateless;
import javax.jws.WebMethod;
import javax.jws.WebService;
import javax.jws.soap.SOAPBinding;
import javax.jws.soap.SOAPBinding.Style;
 
import org.jboss.wsf.spi.annotation.WebContext;
 
import repositories.XMLReceiverRepository;
import service.XMLReceiverService;
 
 
@Stateless
@WebContext
(
  contextRoot="/pd-xmlloading-core-1",
  urlPattern="/SecureXMLReceiverServiceBean",
  authMethod="CLIENT-CERT",
  transportGuarantee="CONFIDENTIAL"
 
)
@WebService(endpointInterface = "service.XMLReceiverService")
@Remote(XMLReceiverService.class)
@SOAPBinding(style=Style.RPC)
 
public class SecureXMLReceiverServiceBean{
	@EJB
	private XMLReceiverRepository xmlReceiverRepository;
 
	public XMLReceiverRepository getXMLReceiverRepository() {
		return xmlReceiverRepository;
	}
	public void setXMLReceiverRepository(final XMLReceiverRepository xmlRecRepository) {
		xmlReceiverRepository = xmlRecRepository;
	}		
 
	@WebMethod
	public String receiveXML(String XMLDoc) throws RemoteException{
		String response="OK";
		response = loaddata(XMLDoc);
		return response;		
	}
 
	private String loaddata(String XMLDoc){
		String status="OK";
		//create the instance of RepositoryBean and call the persistMethod();
		try{
			xmlReceiverRepository=getXMLReceiverRepository();
			status=xmlReceiverRepository.persistXML(XMLDoc);
		}	
		catch(Exception ex){
			status="FAIL";
		}
		return status;
	}
}

Au niveau de mon client qui essaie de se connecter j'ai ceci :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
 
package service.xmlreceiverclient;
 
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.StringWriter;
import java.net.URL;
import java.util.Properties;
 
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.rpc.Service;
import javax.xml.rpc.ServiceFactory;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
 
import jaws.XMLReceiverService;
import org.jboss.ws.annotation.EndpointConfig;
 
@EndpointConfig(configName="Standard WSSecurity Endpoint")
public class XMLReceiverClient {
 
	String xmlReceiverServiceURL="";
	String xmlReceiverServiceQName="";
	String xmlReceiverServiceName="";
	static String xmlFilesDirName="";
 
	public XMLReceiverClient(){
		Properties prp = new Properties();
		try{
			InputStream is = getClass().getResourceAsStream("/pandora.properties");			
			prp.load(is);
    		xmlReceiverServiceURL = prp.getProperty("XMLRECEIVER_WSDL_URL");
    		xmlReceiverServiceQName = prp.getProperty("XMLRECEIVER_QNAME_URL");
    		xmlReceiverServiceName = prp.getProperty("XMLRECEIVER_SERVICE_NAME");
    		xmlFilesDirName = prp.getProperty("XML_FILES_DIRECTORY");
		}
		catch(Exception pl){
			System.out.println("UNABLE TO LOAD PROPERTIES");
		}				
	}
 
    public String callXMLReceiverWebservice(String XMLDoc){
    	String status="";
 
        try{
        	if(xmlReceiverServiceURL.equalsIgnoreCase("")){
        		xmlReceiverServiceURL="http://localhost:8090/pd-xmlloading-core/XMLReceiverServiceBean?wsdl";
        	}
    		System.out.println("RECEIVER SERVICE WEBSERVICE URL: "+xmlReceiverServiceURL);
        	URL url = new URL(xmlReceiverServiceURL);
        	//URL url = new URL("http://localhost:8080/pd-xmlloading-core/XMLReceiverServiceBean?wsdl");
        	QName qname = new QName(xmlReceiverServiceQName,xmlReceiverServiceName);
        	//QName qname = new QName("http://service.xmlloader.pandora.ccff.minfin.fgov.be/jaws","XMLReceiverServiceService");
        	System.out.println("Getting Qualified Name: "+xmlReceiverServiceQName);
        	ServiceFactory factory = ServiceFactory.newInstance();
        	System.out.println("Getting Service Factory: "+xmlReceiverServiceName);
 
        	Service remote = factory.createService(url, qname);
        	System.out.println("Obtaining reference to a proxy object");
        	XMLReceiverService xmlReceiverService = (XMLReceiverService)remote.getPort(XMLReceiverService.class);
        	System.out.println("Accessed local proxy: " + xmlReceiverService);
        	//status=xmlReceiverService.receiveXML("STORE40 XMLFile AS STRING IN PANDORA DATABASE BY XMLReceiverWebservice");
        	status=xmlReceiverService.receiveXML(XMLDoc);
 
        	//System.out.println("Accessed local proxy: " + xmlReceiverService);
        	System.out.println("Status FROM : receiveXML Service: " + status);
 
        }
        catch(Exception ex){
        	status="FAIL";
        	System.out.println("EXCEPTION          FOUND "+ex.getMessage());
        	ex.printStackTrace();
        }
        return status;
    }    
 
    public static String getProxy(){
    	String status="success";        
    	return status;
    }
    public String convertXMLFileToString(String fileName) 
    { 
      try{ 
        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();                
        InputStream inputStream = new FileInputStream(new File(fileName));
        org.w3c.dom.Document doc = documentBuilderFactory.newDocumentBuilder().parse(inputStream); 
        StringWriter stw = new StringWriter(); 
        Transformer serializer = TransformerFactory.newInstance().newTransformer(); 
        serializer.setOutputProperty(OutputKeys.ENCODING,"ISO-8859-1");
        serializer.transform(new DOMSource(doc), new StreamResult(stw));
        System.out.println("Converted xml file to string: "+stw);
        return stw.toString();
      } 
      catch (Exception e) { 
        e.printStackTrace(); 
      }      
      return null; 
    }
    public static void main(String[] args) throws Exception {      
        System.out.println("Starting Main XMLReceiver process");
        XMLReceiverClient xmlreceiverClient = new XMLReceiverClient();
        XMLFileFilter xmlFilter = new XMLFileFilter(); 
        File directory = new File(xmlFilesDirName);
        File[] files = directory.listFiles(xmlFilter);            
        for (int index = 0; index < files.length; index++)  
        {           
        	String fileName=files[index].toString();
        	if(files[index].isFile() && (fileName.endsWith("xml") || fileName.endsWith("XML"))){
        		System.out.println("LOADING XML FILE: "+fileName);
                String XMLDoc = xmlreceiverClient.convertXMLFileToString(fileName);
                String status = xmlreceiverClient.callXMLReceiverWebservice(XMLDoc);
                System.out.println("LOADING STATUS OF XML FILE: "+status);
        	}
        	else{
        		continue;
        	}
        }  
        System.out.println("End Main XMLReceiver process");                
    }    
}
class XMLFileFilter implements FileFilter{
	public boolean accept (File file){
		return file.getName().endsWith("xml");  
	}
}

je démarre le client avec les parametres suivant :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
 
-Djavax.net.ssl.keyStore="C:\JBoss\server\pandora\conf\certificates\client.keystore" -Djavax.net.ssl.trustStore="C:\JBoss\server\pandora\conf\certificates\client.truststore"
-Djavax.net.ssl.keyStorePassword="*********"
-Djavax.net.ssl.trustStorePassword="********"
-Djavax.net.ssl.keyStoreType="jks"
-Djavax.net.ssl.trustStoreType="jks"

j'obtiens cette Exception :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
org.jboss.ws.metadata.wsdl.WSDLException: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
EXCEPTION          FOUND javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
	at org.jboss.ws.metadata.wsdl.WSDLDefinitionsFactory.getDocument(WSDLDefinitionsFactory.java:198)
	at org.jboss.ws.metadata.wsdl.WSDLDefinitionsFactory.parse(WSDLDefinitionsFactory.java:106)
	at org.jboss.ws.metadata.ServiceMetaData.getWsdlDefinitions(ServiceMetaData.java:273)
	at org.jboss.ws.deployment.JSR109ClientMetaDataBuilder.buildMetaData(JSR109ClientMetaDataBuilder.java:110)
	at org.jboss.ws.deployment.JSR109ClientMetaDataBuilder.buildMetaData(JSR109ClientMetaDataBuilder.java:82)
	at org.jboss.ws.jaxrpc.ServiceImpl.<init>(ServiceImpl.java:96)
	at org.jboss.ws.jaxrpc.ServiceFactoryImpl.createService(ServiceFactoryImpl.java:157)
	at org.jboss.ws.jaxrpc.ServiceFactoryImpl.createService(ServiceFactoryImpl.java:128)
	at be.fgov.minfin.ccff.pandora.xmlloader.service.xmlreceiverclient.XMLReceiverClient.callXMLReceiverWebservice(XMLReceiverClient.java:65)
	at be.fgov.minfin.ccff.pandora.xmlloader.service.xmlreceiverclient.XMLReceiverClient.main(XMLReceiverClient.java:118)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:801)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1116)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1100)
	at sun.net.<a href="http://www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402" target="_blank">http://www.protocol.https.HttpsClien...lient.java:402</a>)
	at sun.net.<a href="http://www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166" target="_blank">http://www.protocol.https.AbstractDe...ction.java:166</a>)
	at sun.net.<a href="http://www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:949" target="_blank">http://www.protocol.http.HttpURLConn...ction.java:949</a>)
	at sun.net.<a href="http://www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234" target="_blank">http://www.protocol.https.HttpsURLCo...nImpl.java:234</a>)
	at java.net.URL.openStream(URL.java:1007)
	at org.jboss.ws.metadata.wsdl.WSDLDefinitionsFactory.getDocument(WSDLDefinitionsFactory.java:181)
	... 9 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
	at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)LOADING STATUS OF XML FILE: FAIL
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:782)
	... 18 more

Pouvez-vous m'aider sachant que le webservice sans ssl 2 ways fonctionne très bien ?

Merci d'avance

[cameleon2002]

Je remarque que j'ai oublié de donné certaines information. J'utilise JAX_WS.

Voila je ne sais pas si j'ai réelement avancé dans mon periple, mais j'ai maintenant l'exception suivante :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetorg.jboss.ws.metadata.wsdl.WSDLException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
	at org.jboss.ws.metadata.wsdl.WSDLDefinitionsFactory.getDocument(WSDLDefinitionsFactory.java:198)
	at org.jboss.ws.metadata.wsdl.WSDLDefinitionsFactory.parse(WSDLDefinitionsFactory.java:106)
	at org.jboss.ws.metadata.ServiceMetaData.getWsdlDefinitions(ServiceMetaData.java:273)
	at org.jboss.ws.deployment.JSR109ClientMetaDataBuilder.buildMetaData(JSR109ClientMetaDataBuilder.java:110)
	at org.jboss.ws.deployment.JSR109ClientMetaDataBuilder.buildMetaData(JSR109ClientMetaDataBuilder.java:82)
	at org.jboss.ws.jaxrpc.ServiceImpl.<init>(ServiceImpl.java:96)
	at org.jboss.ws.jaxrpc.ServiceFactoryImpl.createService(ServiceFactoryImpl.java:157)
	at org.jboss.ws.jaxrpc.ServiceFactoryImpl.createService(ServiceFactoryImpl.java:128)
	at be.fgov.minfin.ccff.pandora.xmlloader.service.xmlreceiverclient.XMLReceiverClient.callXMLReceiverWebservice(XMLReceiverClient.java:61)
	at be.fgov.minfin.ccff.pandora.xmlloader.service.xmlreceiverclient.XMLReceiverClient.main(XMLReceiverClient.java:114)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1584)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1116)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1100)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:949)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
	at java.net.URL.openStream(URL.java:1007)
	at org.jboss.ws.metadata.wsdl.WSDLDefinitionsFactory.getDocument(WSDLDefinitionsFactory.java:181)
	... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
	at sun.security.validator.Validator.validate(Validator.java:203)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
	at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
	... 22 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
	... 27 more

Ext ce que quelqu'un peut m'aider svp ?