So here's the deal. I have a WSDL web service that I need to make SOAP calls outside of my corporate network. The web service is an HTTPS SOAP and requires a client certificate. I have created client code in Java from wsdl2java and everything looks good.
What I cannot do right now is to get a response from a web service through CXF. SSL confirmation seems to only go dandy even until CXF tries to execute HTTP POST, but the response timeout (shown below):
Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: false Is secure renegotiation: false *** HelloRequest (empty) main, SEND TLSv1 ALERT: warning, description = no_renegotiation Padded plaintext before ENCRYPTION: len = 24 0000: 01 64 01 FD 5B 38 03 A6 70 41 57 58 6D 75 60 F7 .d..[8..pAWXmu`. 0010: 93 1F 02 F3 C4 46 01 01 .....F.. main, WRITE: TLSv1 Alert, length = 24 [Raw write]: length = 29 0000: 15 03 01 00 18 0C 9B DF 1B 60 AB 12 EE C7 CF C9 .........`...... 0010: 62 97 A5 5D 5F 14 48 E1 9F AD 8A 08 05 b..]_.H...... main, handling exception: java.net.SocketTimeoutException: Read timed out main, called close() main, called closeInternal(true) main, SEND TLSv1 ALERT: warning, description = close_notify Padded plaintext before ENCRYPTION: len = 24 0000: 01 00 BD 99 7A 7C 72 1F BB 11 2D AB 3F 53 C9 CD ....zr..-.?S.. ... continuing on
Now, if I use curl or something similar, I can get the answer in less than a second, so I know that the web service is not to blame. Below is all the code needed to create a service port, including configuration with TLS and HTTP proxies. I have a very simple JUnit test to create and run this too:
public static MYPORT setupTLS(MYPORT port) throws IOException, GeneralSecurityException { HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port) .getConduit(); String keyPassword = "password"; KeyStore keyStore = KeyStore.getInstance("pkcs12"); URL pkcs12_file = MECTPortFactory.class.getResource(System .getProperty("pkcs12.keyFile")); InputStream keyFile = pkcs12_file.openStream(); keyStore.load(keyFile, keyPassword.toCharArray()); KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword); TLSClientParameters tlsCP = new TLSClientParameters(); tlsCP.setKeyManagers(myKeyManagers); tlsCP.setDisableCNCheck(true); FiltersType cipher_suite_filter = new FiltersType(); cipher_suite_filter.getInclude().add("SSL_RSA_WITH_3DES_EDE_CBC_SHA"); cipher_suite_filter.getExclude().add(".*_DH_anon_.*"); tlsCP.setCipherSuitesFilter(cipher_suite_filter); httpConduit.setTlsClientParameters(tlsCP); httpConduit.setClient(getHttpClient()); return port; } private static HTTPClientPolicy getHttpClient() { HTTPClientPolicy client_policy = new HTTPClientPolicy(); client_policy.setProxyServer("PROXY_SERVER_ADDRESS"); client_policy.setProxyServerPort(8080); client_policy.setAutoRedirect(true); client_policy.setConnection(ConnectionType.KEEP_ALIVE); client_policy.setAllowChunking(true); client_policy.setReceiveTimeout(10000); return client_policy; } private static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword) throws GeneralSecurityException, IOException { String alg = KeyManagerFactory.getDefaultAlgorithm(); char[] keyPass = keyPassword != null ? keyPassword.toCharArray() : null; KeyManagerFactory fac = KeyManagerFactory.getInstance(alg); fac.init(keyStore, keyPass); return fac.getKeyManagers(); }
Edit:
I took advantage of some client settings, such as changing AutoRedirect , AllowChunking , etc. without any differences, so I do not think that the cause of errors.
Edit2:
I do not receive a response from the web service. How can I troubleshoot and fix what causes CXF instead of receiving a response?
java ssl proxy cxf
Nick klauer
source share