As a premise, I am not very experienced yet, but I have tried to read and search everything I possibly could, related to this topic, and still no luck.
I was given a simple client to call a webservice but once it was fully setup (which included the use of a certificate and a couple more properties to set) I got the error mentioned in the title:
javax.xml.ws.WebServiceException: {http://http://cert.controller.portaapplicativa.ictechnology.it//}MyService is not a valid service. Valid services are:
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:187)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:159)
at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:82)
at javax.xml.ws.Service.<init>(Service.java:56)
at package.client.wsimport.MyService..<init>(MyService.java:46)
at package.client.Client.doRicercaDEN(Client.java:55)
at package.client.Client.main(Client.java:36)
I tried generating the client again with JAX-WS:
java -classpath C:\Programmi\Java\jdk1.6.0_38\lib\tools.jar com.sun.tools.internal.ws.WsImport -verbose C:\WsdlFile.wsdl -p package.client.wsimport -s C:\tmp\ws\
And I get the same issue. I am using a local copy of the wsdl because wsimport doesn't seem to like the certificate I'm trying to set in the properties (I'm most likely doing something wrong, but I opted for the simple workaround, given I have more pressing issues).
Trying to use SoapUI to test the service, everything works fine, though I need to set the preferences for the proxy to "None".
So I tried to make sure the connection doesn't use any proxy in my client as well:
(...)
systemSettings.remove("http.proxyHost");
systemSettings.remove("http.proxyPort");
systemSettings.remove("https.proxyHost");
systemSettings.remove("https.proxyPort");
System.setProperty("http.nonProxyHosts","*");
System.setProperty("https.nonProxyHosts","*");
(BTW, before "*", which as I understand it should work as a wildcard for "every domain", I have tried specifying the specific domains as well)
Anyway, the result is always the same.
Is there something I am doing wrong, something left to try?
I doubt this is a proxy issue. If you can share the code you are using to create the Service object it might help.
As a kick start try reading the below thread Is not a valid service exception in JAX-WS
What I think is that the QName you have provided when creating the Service is not proper. To get the correct QName you might try to open the generated stub.
As it turns out, what I was missing was importing the certificate in my local truststore (or better, when I first tried doing so, I thought I was using the correct truststore, but I wasn't).
For anyone who may need it, here is an explanation of how to do that using keytool: http://javarevisited.blogspot.it/2012/03/add-list-certficates-java-keystore.html
Another option is to use specific GUI like Portecle.
Related
I'm trying to call an Italian webservice, but I'm getting an SSLHandshakeException exception. I know this is a security trust problem and I should have a certificate to allow me to communicate using SSL. I would like to know if someone can help me to understand what should be the next steps and how can I generate a valid certificate to communicate with the webservice. Security is not my beach :)
The Italian webservice has a zip folder with a tool for developers and they have there two certificates, but I don't know what I should do with them. YOu can see here: https://sistemats1.sanita.finanze.it/portale/spese-sanitarie/documenti-e-specifiche-tecniche-strumenti-per-lo-sviluppo
Link to the Zip file: (https://sistemats1.sanita.finanze.it/portale/documents/20182/34450/kit730P_ver_20210301.zip/027086e7-385a-6071-ca86-f52077923a85)
You can see my experimental code here: https://github.com/nbentoneves/ws-spring-sts/blob/main/src/main/java/com/github/STSClient.java, feel free to clone and try it.
Note: In the development kit they have a soap project and I was able to call the webservice without needing anything.
STS Test Environment: https://invioSS730pTest.sanita.finanze.it/DocumentoSpesa730pWeb/DocumentoSpesa730pPort
Thanks,
Have a nice code time :)
You need to create a Trust Manager which does not validate certificate chains like the default ones.
Check this:
(How to solve javax.net.ssl.SSLHandshakeException Error?)
I am using RestAssured Java library to test REST API, and need to use certificate when invoking the API. I've come across the following stackoverflow link How to make HTTPS GET call with certificate in Rest-Assured java, but none of the solution seems to work.
In RestAssure official Java Doc, I find this page: https://www.javadoc.io/doc/io.rest-assured/rest-assured/3.2.0
In the sub link that points to io.restassured.config, Class SSLConfig, there's this statement:
"Now you want to use this truststore in your client:"
RestAssured.config = RestAssured.newConfig().sslConfig(new SSLConfig("/truststore_javanet.jks", "test1234");
"or"
given().config(newConfig().sslConfig(new SSLConfig("/truststore_javanet.jks", "test1234"))
Is this kidding? Because if you look at the SSLConfig constructor
SSLConfig()
It does not accept path and password string as parameter at all. And that's what my IDE says too.
Has anyone get their code working at all?
Also the usual logging functionality 'RestAssured log.all()' does not seem to log any certificate related info when sending http requests.
Even if I made up some code like:
RestAssured.config = newConfig().sslConfig(new SSLConfig().trustStore("src/test/resources/certs/trust.jks", "password"));
It does not throw error if I give a non-existing file path value for the parameter.
So I am stuck. With no sample code to follow, or RestAssured printing any helpful info for me to debug certificate related issue.
I have a spring-boot application for which i am writing integration tests
I'm trying to use hoverfly-java to capture the traffic for an external system i am using. My test runs fine when i dont add hoverfly, but on adding this line:
#ClassRule
public static HoverflyRule hoverflyRule = HoverflyRule.inCaptureOrSimulationMode("simulation.json");
My external system returns a 500 and I see the following error
POST abc/login: x509: certificate signed by unknown authority
How to I update my resttemplate to fix this?
Actally, rather than me asking questions I can guess that if it is the case of being self-signed, you can try using the -tls-verification command in Hoverfly as documented here:
http://hoverfly.readthedocs.io/en/v0.13.0/pages/reference/hoverfly/hoverflycommands.html?highlight=tls
However, I have noticed that this is not configurable through Hoverfly Java. Try using the Hoverfly binary directly to prove that it is indeed the fix, and if that is the case raise a GitHub issue and we will make it configurable in the Java binding.
Disabling TLS verification solved the issue for me.
May be you didn't try the correct command.
Try hoverfly -tls-verification=false
You should see TLS certificate verification has been disabled
in the logs.
Hope this helps.
I wrote a maven plugin that performs network activity. When I run it, I'm passing in parameters to signal it should use a proxy.
mvn myplugin:goal -Dhttps.proxyHost=nonexistent-site.com -Dhttps.proxyPort=8000
Even when I point it at a nonexistent proxy, it succeeds. It seems to be bypassing the proxy and just making the network call directly if the proxy is bad. (this is my theory anyways. it could be that I'm not even setting the proxy correctly)
I've also edited the maven settings.xml and added the bad proxy host under but it also fails silently.
Same if I add the parameters to MAVEN_OPTS
How can I make the network call fail if the proxy is bad?
I just figured out the problem, thanks to #Tunaki.
Turns out the library (com.mashape.unirest.http.Unirest) I was using doesn't respect the java proxy settings. The issue is documented/linked to in #Tunaki's comments above.
The lesson here is that if you're using a network library that's not part of the jdk, make sure it respects the java settings.
In the case of Unirest, I had to manually create the proxy like so
HttpHost proxy = new HttpHost(System.getProperty("https.proxyHost")
, new Integer(System.getProperty("https.proxyPort")));
Unirest.setProxy(proxy);
I'm not sure if this question or answer really helps anyone. I'll leave it here for now in case it applies. But if anyone comments that I should delete this or I get a couple of downvotes, I'll remove the question.
I have a Spring Boot application that uses spring-yarn-boot:2.2.0.RELEASE to get access to a Hadoop filesystem (HDFS). Operations that I do are LISTSTATUS, GETFILESTATUS and OPEN (to read a file). HDFS URI is specified through application.properties:
spring.hadoop.fsUri=webhdfs://127.0.0.1:50070/webhdfs/v1/
I make a bean to which I provide Hadoop Configuration (that Spring somehow automagically prepares for me on startup):
SimplerFileSystem fs = new SimplerFileSystem(FileSystem.get(configuration));
FsShell shell = new FsShell(configuration);
And everything works well as expected, but the problems came when I got two new requirements.
First thing is that HDFS will be protected with SSL from now on. I can't seem to find any way to tell my application that the fsURI that starts with webhdfs:// is actually a https connection. And if I will give the https URL directly, I'll get an exception:
java.io.IOException: No FileSystem for scheme: https
at org.apache.hadoop.fs.FileSystem.getFileSystemClass(FileSystem.java:2584)
... which is caused by that code: FileSystem.get(configuration).
This thing is driving me crazy, I don't seem to find a way to get pass this.
Second requirement is, that I need to authenticate myself against the WebHDFS with basic authentication. For this I also can't find any means in the client API.
Has anyone done it before and have any instructions to share? Or maybe anyone knows a different client API that I can use to accomplish this?
One option is to implement the REST calls myself with RestTemplate or any other REST service consumer API, but this looks like not-so-special use case so I'm really hoping that there is something that has been done already.
EDIT:
Found a solution to the HTTPS problem. One should use swebhdfs:// as url prefix and everything will work. Still havent found a solution to the Basic Auth problem.