[jboss-user] [JBoss Web Services] - Re: https web service hangs when using wssecurity

Tue Feb 22 20:17:44 EST 2011

Kerry Ward [http://community.jboss.org/people/kerryrward] created the discussion

"Re: https web service hangs when using wssecurity"

To view the discussion, visit: http://community.jboss.org/message/589120#589120

--------------------------------------------------------------
This statement is false:

>  I have another service that I did with JBoss 4.2.3.GA and JDK 5 that uses https and is working just fine.  I tried to connect to it using JBoss 5.1.0.GA and JDK 6 and it has the same problem as my new service. 

Somewhere along the way I got wires crossed.  The existing web service call is working in JBoss 5.1.0.GA and JDK 6.  So now I just need to concentrate on my new service.

I added the environment variable  -Djavax.net.debug=all and shortly before hanging I get this output

New I/O client worker #1-1, fatal error: 46: General SSLEngine problem
sun.security.validator.ValidatorException: Violated path length constraints
New I/O client worker #1-1, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
New I/O client worker #1-1, WRITE: TLSv1 Alert, length = 2
New I/O client worker #1-1, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: General SSLEngine problem
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E                               .......
New I/O client worker #1-1, called closeOutbound()
New I/O client worker #1-1, closeOutboundInternal()
Keep-Alive-Timer, called close()
Keep-Alive-Timer, called closeInternal(true)
Keep-Alive-Timer, SEND TLSv1 ALERT:  warning, description = close_notify

I checked the WSDL location ( https://devweb.ark.org/govpay/service/ExtendedStatus?WSDL https://x.asite.org/pay/service/ExtendedStatus?WSDL) and the certificate checks out.  It is named *.asite.org and signed by DigiCert.  My debug also shows that DigiCert is in my truststore.  However, the wsdl references 
targetNamespace=" https://www.bsite.gov/pay/service https://www.bsite.gov/pay/service".  When I go here in the browser I get a certificate error - it is using the same *.asite.org certificate at www.bsite (http://www.bsite.gov)http://www.bsite.g.gov, which is clearly wrong.  

Will JBossWS trip up on a targetnamespace, where other tools do not?  I've notified the producer of the service of the inconsistency, but I am wondering if there is a way to quickly test/confirm the issue without having to wait for them to fix things on their side?
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/589120#589120]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20110222/33e17cd0/attachment-0001.html 