Discussion :

[Yves Remord]

Bonjour,

Je me suis arraché une quantité très importante de cheveux ces derniers jours sur un problème d'accès à un webservice en SSL à l'aide de CxF.

Voici le code incriminé nettoyé :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
public class TestClient {
 
    private static final QName SERVICE_NAME = 
        new QName("https://endpointsecure/axis/servicescure", "ServiceSecure");
 
    private static void configureSSLOnTheClient(Object c) {  
        Client client = ClientProxy.getClient(c);  
        HTTPConduit httpConduit = (HTTPConduit) client.getConduit();  
 
        try {  
            TLSClientParameters tlsParams = new TLSClientParameters();  
            tlsParams.setDisableCNCheck(true);  
 
            KeyStore keyStore = KeyStore.getInstance("PKCS12");  
            String trustpass = "lemotdepassequivabien";  
 
            File truststore = new File("C:\\un\\certificat\\fonctionnel.p12");  
            keyStore.load(new FileInputStream(truststore), trustpass.toCharArray());  
            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());  
            keyFactory.init(keyStore, trustpass.toCharArray());  
            KeyManager[] km = (KeyManager[]) keyFactory.getKeyManagers();  
            tlsParams.setKeyManagers(km);
 
            FiltersType filter = new FiltersType();  
            filter.getInclude().add(".*_EXPORT_.*");  
            filter.getInclude().add(".*_EXPORT1024_.*");  
            filter.getInclude().add(".*_WITH_DES_.*");  
            filter.getInclude().add(".*_WITH_NULL_.*");  
            filter.getExclude().add(".*_DH_anon_.*");  
            tlsParams.setCipherSuitesFilter(filter);  
 
            httpConduit.setTlsClientParameters(tlsParams);  
        } catch (KeyStoreException kse) {  
            System.out.println("Security configuration failed with the following: " + kse.getCause());  
        } catch (NoSuchAlgorithmException nsa) {  
            System.out.println("Security configuration failed with the following: " + nsa.getCause());  
        } catch (FileNotFoundException fnfe) {  
            System.out.println("Security configuration failed with the following: " + fnfe.getCause());  
        } catch (CertificateException ce) {  
            System.out.println("Security configuration failed with the following: " + ce.getCause());  
        } catch (GeneralSecurityException gse) {  
            System.out.println("Security configuration failed with the following: " + gse.getCause());  
        } catch (IOException ioe) {  
            System.out.println("Security configuration failed with the following: " + ioe.getCause());  
        }  
    }  
 
    public static void main(String[] args){
 
        System.out.println("Initializing test");
 
        LeWebService ws = new LeWebService();
 
        ILeWebService port = ws.getDestSivServicePort();
        configureSSLOnTheClient(port);
 
        // [...] Paramétrage de l'objet
 
        Response resp = port.methode(parametre, attachmentNullPourLeMoment);
        System.out.println("Server responded with: " + ticket.toString());
    }
}

et l'exception tant redoutée :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
ATTENTION: Interceptor for {http://Namespace}NomDuService#{http://Namespace}Methode has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.
	at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:487)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
	at $Proxy38.methode(Unknown Source)
	at com.sopragroup.siv.TestClient.main(TestClient.java:128)
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://endpointsecure/axis/servicescure: Received fatal alert: handshake_failure
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
	at java.lang.reflect.Constructor.newInstance(Unknown Source)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:2058)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:2043)
	at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
	at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639)
	at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
	... 8 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1955)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1907)
	at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42)
	at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1974)
	... 11 more
Exception in thread "main" javax.xml.ws.WebServiceException: Could not send Message.
	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
	at $Proxy38.methode(Unknown Source)
	at com.sopragroup.siv.TestClient.main(TestClient.java:128)
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://endpointsecure/axis/servicescure: Received fatal alert: handshake_failure
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
	at java.lang.reflect.Constructor.newInstance(Unknown Source)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:2058)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:2043)
	at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
	at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639)
	at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:487)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
	... 2 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1955)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1907)
	at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42)
	at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1974)
	... 11 more

Le keystore au format p12 est bien sûr valide et marche tout à fait dans mes navigateurs, dans SoapUI, et avec Axis2.

Je suis à la recherche de toute aide potentielle. Accessoirement, je recherche un emploi de n'importe quoi sauf développeur.

Merci d'avance!

[sjachym]

As tu trouvé au final ? ton nouveau poste en dehors de l'informatique ou ta solution ?

Pour ma part ton code fonctionne correctement (sans l'utilisation de tlsParams.setCipherSuitesFilter).

[maxiplay]

Un petit up car j'ai exactement le même problème que je n'arrive pas à résoudre.
J'ai essayé pas mal de chose et je désespère. Si une âme charitable pouvait illuminé ma vie ce serait sympa !

[Sceener]

Bonjour ,

Y a t-il quelqu'un qui peut nous avancer sur ce sujet , j'ai le même souci , j'arrive pas a communiquer avec des WebServices en SSL.

Merci