Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5525

Client - UntrustedURLConnectionIOException even the HTTPS established with client certificate auth

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • Transports
    • None

    • java 1.6.0_45 and 1.7.0_45 on Windows 8, CXF version 2.7.6

    • Unknown

    Description

      Hi,
      I'm facing issue with CXF client. I have a Java client generated from WSDL. The WSDL contains RequireClientCertificate="true" in the Policy. I'm calling a web service over HTTPS with client certificate authentication. Although HTTPS connection is established and with client certificate authentication (ensured with -Djavax.net.debug=all), calling a WS method throws exception.
      The strange thing is, that the first call succeeded and the second and all other calls, fail with this exception . The other calls can be done with the same client object or can create new, no matter. The client object is created as follows:

      // our custom ssl settings, with client cert auth in this case.
SSLSocketFactory sslSockF =
createSSLSocketFactoryFromProperties(_properties);
ProductionService service = new ProductionService(
         new URL(myURL),
         new QName("http://mycompany.com/api/productionService",
"ProductionService"));
port = service.getBasicHttpBindingIProductionService();
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setDisableCNCheck(true);
tlsParams.setSSLSocketFactory(sslSockF);
http.setTlsClientParameters(tlsParams);
return port;

      The exception:

      -----------------------------
etc...
Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException: UntrustedURLConnectionIOException invoking https://192.168.101.14/myApplication/services/ProductionService.svc: RequireClientCertificate is set, but no local certificates were negotiated.  Is the server set to ask for client authorization?
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
 at java.lang.reflect.Constructor.newInstance(Unknown Source)
 at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1334)
 at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1318)
 at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
 at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
 at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
 at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
 at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
 at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
 at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
 at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
 at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
 at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
 ... 14 more
Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException: RequireClientCertificate is set, but no local certificates were negotiated.  Is the server set to ask for client authorization?
 at org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenInterceptorProvider.java:117)
 at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTrustDecision(HTTPConduit.java:1680)
 at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1264)
 at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1234)
 at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
 at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
 at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
 at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1291)
 ... 24 more
-----------------------------

      Attachments

        Activity

          People

            Unassigned Unassigned
            jakub.neubauer Jakub Neubauer
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated: