I found the problem... here's a summary :
- System.setProperty("javax.net.ssl.trustStore", "my_truststore"); has no
effect on CXF (not that I was counting on it but I wasn't sure since no
one said if it would work or not). You need to set it in the
TLSClientParameters.
- tslClientParameters.setDisableCNCheck(true);
TrustAllManager[] tam = { new TrustAllManager() };
tslClientParameters.setTrustManagers(tam);
works fine, previous examples I found posted online for the trust all
manager were missing the disableCNCheck.
The above were easy problems to diagnose and fix after you get past the
big problem (probably documented some where and I managed to miss) ...
CXF + SSL doesn't work with the latest jdk1.6.0_10, I downloaded jdk 1.5
and it all worked fine, and then I tried jdk1.6.0_06 and it worked fine.
(Some where along the line I upgraded to _10 in attempts to fix some other
jvm crashes I had with eclipse and I'd forgotten I'd done that.)
oh joy. Thanks for the help though.
Ted.
On Fri, Jul 25, 2008 at 06:46:10AM -0700, Tedman Leung wrote:
> I still get the exact same error
>
> INFO: Interceptor has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Unconnected sockets not implemented
> at
> org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:93)
> at
> org.apache.cxf.interceptor.BareOutInterceptor.handleMessage(BareOutInterceptor.java:68)
> ...
> Caused by: com.ctc.wstx.exc.WstxIOException: Unconnected sockets not
> implemented
> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
> at
> org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:91)
> ...
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Unconnected
> sockets not implemented
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:192)
> at $Proxy26.helloWorld(Unknown Source)
> ...
> Caused by: com.ctc.wstx.exc.WstxIOException: Unconnected sockets not
> implemented
> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
> at
> org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:91)
> ...
> Caused by: java.net.SocketException: Unconnected sockets not implemented
> at javax.net.SocketFactory.createSocket(SocketFactory.java:97)
> at
> sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:360)
> at sun.net.NetworkClient.doConnect(NetworkClient.java:145)
>
>
> Is there anyway to determine if it's rejecting the connection due to the
> truststore or if it's something else? As far as I can tell the trustStore
> file itself is fine and I can configure it to work with the
> apache/http-client packages.
>
> I also just upgraded from 2.0.6 to 2.0.7 to see if it would help but it
> doesn't.
>
> As far as the server end point goes it "looks" fine too from a browser.
> Actually there might be one small anomalie, when I go to the webservices
> listing I see
>
> -----------------
> HelloWorldWs
>
> * helloWorld
> * helloWorld2
> -----------------
> Endpoint address:
> http://127.0.0.1:8085/xxx/ws/HelloWorldService
> Wsdl: {http://ws.xxx.oscarehr.org/}HelloWorldWsService
> Target namespace: http://ws.xxx.oscarehr.org/
> -----------------
>
> which might be wrong, shouldn't the Endpoint address should be
> https://127.0.0.1:8086/xxx/ws/HelloWorldService ?
> (I'm using 8085 for http, and 8086 for https)
>
>
> if I click on the wsdl for that web service it shows what I'm
> expecting for the location :
>
> <wsdl:service name="HelloWorldWsService">
> <wsdl:port binding="tns:HelloWorldWsServiceSoapBinding"
> name="HelloWorldWsPort">
> <soap:address
> location="https://127.0.0.1:8086/xxx/ws/HelloWorldService"/>
> </wsdl:port>
> </wsdl:service>
>
> Is there some debug setting that would let me see what it's trying to
> connect to etc?
>
> thanks.
> Ted.
>
> On Thu, Jul 24, 2008 at 06:18:38PM -0600, Arul Dhesiaseelan wrote:
> > Can you try this?
> >
> > TLSClientParameters tlsParams = new TLSClientParameters();
> > tlsParams.setDisableCNCheck(true);
> >
> > KeyStore keyStore = KeyStore.getInstance("JKS");
> > String trustpass = "password";//provide trust pass
> >
> > File truststore = new File("truststore.jks");//provide your truststore
> > keyStore.load(new FileInputStream(truststore),
> > trustpass.toCharArray());
> > TrustManagerFactory trustFactory =
> > TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> > trustFactory.init(keyStore);
> > TrustManager[] tm = trustFactory.getTrustManagers();
> > tlsParams.setTrustManagers(tm);
> >
> > truststore = new File("client.jks");//provide you client store
> > keyStore.load(new FileInputStream(truststore),
> > trustpass.toCharArray());
> > KeyManagerFactory keyFactory =
> > KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> > keyFactory.init(keyStore, trustpass.toCharArray());
> > KeyManager[] km = keyFactory.getKeyManagers();
> > tlsParams.setKeyManagers(km);
> >
> > FiltersType filter = new FiltersType();
> > filter.getInclude().add(".*_EXPORT_.*");
> > filter.getInclude().add(".*_EXPORT1024_.*");
> > filter.getInclude().add(".*_WITH_DES_.*");
> > filter.getInclude().add(".*_WITH_NULL_.*");
> > filter.getExclude().add(".*_DH_anon_.*");
> > tlsParams.setCipherSuitesFilter(filter);//set all the needed
> > include and exclude filters.
> >
> > httpConduit.setTlsClientParameters(tlsParams);
> >
> > Cheers,
> > Arul
> >
> >
> > Tedman Leung wrote:
> > >So I'm still stuck with no leads what so ever,
> > >
> > >So far I've managed to check that my server seems to be OK, both my http
> > >and https ports are running when I check it with a browser, and my https
> > >webservice is running and I can run the method with a web browser so
> > >everything on the server appears to be fine.
> > >
> > >The client however, appears to be configured the same way all the other
> > >examples I've seen posted but it just doesn't work. It appears that none
> > >of the configuration changes I make have any affect what so ever on the
> > >error message.
> > >
> > >My current test client is as follows :
> > >
> > > public static void main(String... argv) throws Exception
> > > {
> > > System.setProperty("javax.net.debug", "ALL");
> > > System.setProperty("javax.net.ssl.trustStore",
> > > "/tmp/truststore");
> > >
> > > HelloWorldWsService service = new HelloWorldWsService();
> > >
> > > HelloWorldWs helloWorld = service.getHelloWorldWsPort();
> > > System.err.println("ENDPOINT:
> > >
> > > "+((BindingProvider)helloWorld).getRequestContext().get(BindingProvider.ENDPOINT_ADDRESS_PROPERTY));
> > >
> > > Client cxfClient = ClientProxy.getClient(helloWorld);
> > > HTTPConduit httpConduit =
> > > (HTTPConduit)cxfClient.getConduit();
> > >
> > > TLSClientParameters tslClientParameters =
> > > httpConduit.getTlsClientParameters();
> > > if (tslClientParameters == null) tslClientParameters = new
> > > TLSClientParameters();
> > > TrustAllManager[] tam = { new TrustAllManager() };
> > > tslClientParameters.setTrustManagers(tam);
> > > tslClientParameters.setSecureSocketProtocol("SSL");
> > > httpConduit.setTlsClientParameters(tslClientParameters);
> > >
> > > System.err.println(helloWorld.helloWorld());
> > > System.err.println(helloWorld.helloWorld2("foo"));
> > > }
> > >
> > >When I run it, I can see my trusted certificate is loaded. I also tested
> > >my truststore by using apache/HttpClient and I can connect to the server
> > >fine and get raw output from the server.
> > >
> > >I've also added a "trust everything" manager in there and it seems to have
> > >no effect. As a matter of fact, I can remove all the HTTPConduit and
> > >TLSClientParameters configuration lines and I still get the exact same
> > >"Unconnected sockets not implemented" error. There's nothing pointing to
> > >what exactly is wrong...
> > >
> > >anyone have any luck programmatically configuring the client or ssl?
> > >
> > >
> > >
> > >>So based on what you previously said, I had to reconfigure my server, so
> > >>both HTTP and HTTPS are running but now I've reconfigured the end point
> > >>i.e.
> > >>
> > >> <jaxws:endpoint implementor="org.xxx.ws.HelloWorldWs"
> > >> address="/HelloWorldService"
> > >>
> > >> publishedEndpointUrl="https://127.0.0.1:8086/xxx/ws/HelloWorldService"/>
> > >>
> > >>
> > >>Now if I check the wsdl using my browser it shows
> > >>
> > >> <wsdl:port binding="tns:HelloWorldWsServiceSoapBinding"
> > >> name="HelloWorldWsPort">
> > >> <soap:address
> > >> location="https://127.0.0.1:8086/xxxx/ws/HelloWorldService"/>
> > >> </wsdl:port>
> > >>
> > >>which I assume to be what I need.
> > >>
> > >>I've now changed the client to be :
> > >>
> > >> public static void main(String... argv) throws Exception
> > >> {
> > >> HelloWorldWsService service = new HelloWorldWsService();
> > >>
> > >> HelloWorldWs helloWorld = service.getHelloWorldWsPort();
> > >> Client cxfClient = ClientProxy.getClient(helloWorld);
> > >> HTTPConduit httpConduit =
> > >> (HTTPConduit)cxfClient.getConduit();
> > >>
> > >> TLSClientParameters tslClientParameters = new
> > >> TLSClientParameters();
> > >> tslClientParameters.setSecureSocketProtocol("SSL");
> > >> httpConduit.setTlsClientParameters(tslClientParameters);
> > >>
> > >> HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
> > >> httpClientPolicy.setConnectionTimeout(36000);
> > >> httpClientPolicy.setAllowChunking(false);
> > >> httpClientPolicy.setReceiveTimeout(32000);
> > >> httpConduit.setClient(httpClientPolicy);
> > >>
> > >> System.err.println(helloWorld.helloWorld());
> > >> System.err.println(helloWorld.helloWorld2("foo"));
> > >> }
> > >>
> > >>Now, when I run it, it gets a little further but my new error is :
> > >>
> > >> org.apache.cxf.interceptor.Fault: Unconnected sockets not implemented
> > >> at
> > >>
> > >> org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:93)
> > >> ...
> > >> Caused by: com.ctc.wstx.exc.WstxIOException: Unconnected sockets not
> > >> implemented
> > >> at
> > >>
> > >> com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
> > >> at
> > >>
> > >> org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:91)
> > >> ...
> > >> Caused by: java.net.SocketException: Unconnected sockets not
> > >> implemented
> > >> at
> > >> javax.net.SocketFactory.createSocket(SocketFactory.java:97)
> > >> at
> > >>
> > >> sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:360)
> > >> ...
> > >> Caused by: org.apache.cxf.interceptor.Fault: Unconnected sockets not
> > >> implemented
> > >> at
> > >>
> > >> org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:93)
> > >> ...
> > >>
> > >>
> > >>The line it errors on is actually the
> > >>
> > >> System.err.println(helloWorld.helloWorld());
> > >>
> > >>line. I couldn't find anything searching the internet on "Unconnected
> > >>sockets not implemented" (except a bunch of amq items). I can't really
> > >>find anything else that tells me what is wrong or what is configured
> > >>wrong.
> > >>
> > >>Any information is appreciated, thanks.
> > >> --
> > >> Ted Leung
> > >> [EMAIL
> > >> PROTECTED]
> > >>
> > >>// /*
> > >>You know things are getting a little fishy when you're commenting out
> > >>comments.
> > >>// */
> > >>
> > >
> > >
> >
>
> --
> Ted Leung
> [EMAIL PROTECTED]
>
> // /*
> You know things are getting a little fishy when you're commenting out
> comments.
> // */
--
Ted Leung
[EMAIL PROTECTED]
// /*
You know things are getting a little fishy when you're commenting out
comments.
// */
