I'm trying to call an Italian webservice, but I'm getting an SSLHandshakeException exception. I know this is a security trust problem and I should have a certificate to allow me to communicate using SSL. I would like to know if someone can help me to understand what should be the next steps and how can I generate a valid certificate to communicate with the webservice. Security is not my beach :)
The Italian webservice has a zip folder with a tool for developers and they have there two certificates, but I don't know what I should do with them. YOu can see here: https://sistemats1.sanita.finanze.it/portale/spese-sanitarie/documenti-e-specifiche-tecniche-strumenti-per-lo-sviluppo
Link to the Zip file: (https://sistemats1.sanita.finanze.it/portale/documents/20182/34450/kit730P_ver_20210301.zip/027086e7-385a-6071-ca86-f52077923a85)
You can see my experimental code here: https://github.com/nbentoneves/ws-spring-sts/blob/main/src/main/java/com/github/STSClient.java, feel free to clone and try it.
Note: In the development kit they have a soap project and I was able to call the webservice without needing anything.
STS Test Environment: https://invioSS730pTest.sanita.finanze.it/DocumentoSpesa730pWeb/DocumentoSpesa730pPort
Thanks,
Have a nice code time :)
You need to create a Trust Manager which does not validate certificate chains like the default ones.
Check this:
(How to solve javax.net.ssl.SSLHandshakeException Error?)
Related
my team is facing a SSLException when we try to hit a REST based webservice. We are adding all the headers required to call the webservice.
Right now we have got a temporary solution to the problem. We have added the security file from Java 8 folder to the Java 7 folder.
There is one more socket based solution which our team tried, but I don't know it on the larger context. But it has been refused to implement too by higher authorities.
We have found that the webservice is based on java 5. And in java 7 some of the security certificates were not available due to which we were getting an error. The first solution works for the testing phase but it's not good for production purposes.
The actual error we are facing is:
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
During our research we found this question too and tried to follow up every solution given for this question.
So is there anyone who has faced the similar issue before and provide us with a solution to apply, so that we can hit the webservice and add those certificates dynamically at runtime.
Please post the SSL debug logs?
I had this problem once and reason was that remote rest service were only supporting TLSv1.2 and we were on TLSv1.1
We called the rest service by mentioning TLSv1.1 protocol in System.setProperty() method.
The problem was with the Java version. The security files which were needed by the rest service to hit were not present in Java 1.7.51(our current java version). So instead of changing the security files we upgraded our java version from 1.7.51 to 1.7.80(This version of java contains those security files). Hence no compatibility was broken and the issue was fixed successfully without a workaround.
We got this solution's idea from this StackOverflow Question.
Sorry in advance if this question has been posted before. I have look around but couldn't find an answer.
I am creating a server in Java that has a SSL socket to accept clients. I have been looking around on how to create the socket and have started to add the code to my application. After looking around the find out how to allow a self-signed certificate for testing I found that I create a keystore and add the certificate to that. To use the certificate I would need to add "System.setProperty("javax.net.ssl.keyStore", "keystorename.jks")" The only problem is I have to specify the password in the code as well if I go off other developers examples.
I would like to know if I have to specify the password and if I do need to what is the security implications?
Thanks in advance,
Yes you do, and the security implication is that the password is (1) fixed by the code and (2) probably visible in the object code. The solution to (2) is ultimately physical security of the software and the host it runs on.
As a premise, I am not very experienced yet, but I have tried to read and search everything I possibly could, related to this topic, and still no luck.
I was given a simple client to call a webservice but once it was fully setup (which included the use of a certificate and a couple more properties to set) I got the error mentioned in the title:
javax.xml.ws.WebServiceException: {http://http://cert.controller.portaapplicativa.ictechnology.it//}MyService is not a valid service. Valid services are:
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:187)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:159)
at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:82)
at javax.xml.ws.Service.<init>(Service.java:56)
at package.client.wsimport.MyService..<init>(MyService.java:46)
at package.client.Client.doRicercaDEN(Client.java:55)
at package.client.Client.main(Client.java:36)
I tried generating the client again with JAX-WS:
java -classpath C:\Programmi\Java\jdk1.6.0_38\lib\tools.jar com.sun.tools.internal.ws.WsImport -verbose C:\WsdlFile.wsdl -p package.client.wsimport -s C:\tmp\ws\
And I get the same issue. I am using a local copy of the wsdl because wsimport doesn't seem to like the certificate I'm trying to set in the properties (I'm most likely doing something wrong, but I opted for the simple workaround, given I have more pressing issues).
Trying to use SoapUI to test the service, everything works fine, though I need to set the preferences for the proxy to "None".
So I tried to make sure the connection doesn't use any proxy in my client as well:
(...)
systemSettings.remove("http.proxyHost");
systemSettings.remove("http.proxyPort");
systemSettings.remove("https.proxyHost");
systemSettings.remove("https.proxyPort");
System.setProperty("http.nonProxyHosts","*");
System.setProperty("https.nonProxyHosts","*");
(BTW, before "*", which as I understand it should work as a wildcard for "every domain", I have tried specifying the specific domains as well)
Anyway, the result is always the same.
Is there something I am doing wrong, something left to try?
I doubt this is a proxy issue. If you can share the code you are using to create the Service object it might help.
As a kick start try reading the below thread Is not a valid service exception in JAX-WS
What I think is that the QName you have provided when creating the Service is not proper. To get the correct QName you might try to open the generated stub.
As it turns out, what I was missing was importing the certificate in my local truststore (or better, when I first tried doing so, I thought I was using the correct truststore, but I wasn't).
For anyone who may need it, here is an explanation of how to do that using keytool: http://javarevisited.blogspot.it/2012/03/add-list-certficates-java-keystore.html
Another option is to use specific GUI like Portecle.
I am trying to connect to a webservice over ssl with a client certificate. Is there an elegant way of doing this apart from shoving things like "javax.net.ssl.keyStore" into System.properties.
Any pointers to code examples would be appreciated.
You could just install the cert into the system keystore. (Location varies across platforms, and you will need admin rights).
you might get some samples from the website for this book : http://www.manning.com/kanneganti/
See example code in my article. It shows how to dynamically provide the custom keystore to the HTTPS server as for the WS client. http://jakubneubauer.wordpress.com/2011/09/06/java-webservice-over-ssl/
Not sure if this is fully relevant, but still. This entry describes the way of generating the certificate and installing it on a local system without using the keytool. Probably you could reuse some parts of the (very simple) source code.
I have a Java client that calls a web service at the moment using the Http protocol.
When i try to use the Https protocol i keep getting this error
java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.
Any ideas what could be up?
Thanks
Damien
Due to american export regulations in encryption technologies, you can't use strong encryption out of the box. Your error looks like you (or your framework) is trying to use strong encryption, and other parts of the framework is not allowing it.
A discussion of a case that looks similar to yours can be found here.
A good crypto provider is BouncyCastle. Takes some reading, but it's not that hard to make it work.
Good luck,
Are you sure you are connecting your HTTPS client to the server port that talks over HTTPS (TLS/SSL) rather than HTTP?
YOu have to pass the keystore type from the client. This error should go then.