Forum Discussion
Hi,
In step 2 of that link you followed it explains how to add the -D parameters.
Yes, if the password is correct there is no error - you get something like 'keystore initialized'
Hi
in the meantime i followed this link "http://blog.thilinamb.com/2011/02/invoking-secured-web-service-with.html" and now i see new message that before i did not seen before (read line) :
Error log
Thu Jul 07 18:49:55 CEST 2016:ERROR:org.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure)
org.apache.ws.security.WSSecurityException: Signature creation failed (Cannot setup signature data structure)
at org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:191)
at org.apache.ws.security.message.WSSecSignature.addReferencesToSign(WSSecSignature.java:411)
at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:383)
at com.eviware.soapui.impl.wsdl.support.wss.entries.SignatureEntry.process(SignatureEntry.java:238)
at com.eviware.soapui.impl.wsdl.support.wss.OutgoingWss.processOutgoing(OutgoingWss.java:175)
at com.eviware.soapui.impl.wsdl.submit.filters.WssRequestFilter.filterWsdlRequest(WssRequestFilter.java:59)
at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterAbstractHttpRequest(AbstractRequestFilter.java:39)
at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterRequest(AbstractRequestFilter.java:33)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:172)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:119)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://www.w3.org/2003/05/soap-envelope, Body)
at org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
... 14 more
SOAP UI LOG
Thu Jul 07 18:49:55 CEST 2016:ERROR:An error occurred [Signature creation failed (Cannot setup signature data structure)], see error log for details
Thu Jul 07 18:49:55 CEST 2016:DEBUG:Attempt 1 to execute request
Thu Jul 07 18:49:55 CEST 2016:DEBUG:Sending request: POST /xxxxx. S HTTP/1.1
Thu Jul 07 18:49:55 CEST 2016:DEBUG:Receiving response: HTTP/1.1 403 Forbidden
Thu Jul 07 18:49:55 CEST 2016:DEBUG:Connection can be kept alive for 5000 MILLISECONDS
Thu Jul 07 18:49:56 CEST 2016:INFO:Got response for [xxxxxxxxxxxxxx:Request 1] in 374ms (74 bytes)
Thu Jul 07 18:50:04 CEST 2016:DEBUG:Connection closed
Thanks
- rupert_anderson8 years agoValued Contributor
Hi,
You have started to setup WSSecurity / digital signature etc, that link is just like the other (WSS) one, only more detailed - if all you want is to get a client SSL certificate to work with SoapUI, then this will complicate things for you and take you in the wrong direction. You don't require a digitally signed SOAP body do you? Thats what that new error is relating to.
I still think the .p12 hasn't been converted into a .jks java keystore file correctly - if a browser can access the WSDL using the certificate, then SoapUI will be able to. It might help to enable that SSL debug java option, it can give extra details during the exchange of certificates.
- patrik8 years agoOccasional Contributor
Hi Rupert
here the logs with "—Djavax.net.debug=ssl:handshake " setted
soap ui Log
Fri Jul 08 00:26:09 CEST 2016:INFO:Settings saved to [C:\Users\myusr\soapui-settings.xml]
Scheduling garbage collection every 60 seconds
Fri Jul 08 00:26:15 CEST 2016:INFO:Reloading updated settings file
Fri Jul 08 00:26:15 CEST 2016:INFO:initialized soapui-settings from [C:\Users\myusr\soapui-settings.xml]
Fri Jul 08 00:26:31 CEST 2016:INFO:Added default schema from file:/C:/Program%20Files/SmartBear/SoapUI-5.2.0/bin/soapui-5.2.1.jar!/com/eviware/soapui/resources/xsds/xop.xsd with targetNamespace http://www.w3.org/2004/08/xop/include
Fri Jul 08 00:26:31 CEST 2016:INFO:Added default schema from file:/C:/Program%20Files/SmartBear/SoapUI-5.2.0/bin/soapui-5.2.1.jar!/com/eviware/soapui/resources/xsds/XMLSchema.xsd with targetNamespace http://www.w3.org/2001/XMLSchema
Fri Jul 08 00:26:31 CEST 2016:INFO:Added default schema from file:/C:/Program%20Files/SmartBear/SoapUI-5.2.0/bin/soapui-5.2.1.jar!/com/eviware/soapui/resources/xsds/xml.xsd with targetNamespace http://www.w3.org/XML/1998/namespace
Fri Jul 08 00:26:31 CEST 2016:INFO:Added default schema from file:/C:/Program%20Files/SmartBear/SoapUI-5.2.0/bin/soapui-5.2.1.jar!/com/eviware/soapui/resources/xsds/swaref.xsd with targetNamespace http://ws-i.org/profiles/basic/1.1/xsd
Fri Jul 08 00:26:31 CEST 2016:INFO:Added default schema from file:/C:/Program%20Files/SmartBear/SoapUI-5.2.0/bin/soapui-5.2.1.jar!/com/eviware/soapui/resources/xsds/xmime200505.xsd with targetNamespace http://www.w3.org/2005/05/xmlmime
Fri Jul 08 00:26:31 CEST 2016:INFO:Added default schema from file:/C:/Program%20Files/SmartBear/SoapUI-5.2.0/bin/soapui-5.2.1.jar!/com/eviware/soapui/resources/xsds/xmime200411.xsd with targetNamespace http://www.w3.org/2004/11/xmlmime
Fri Jul 08 00:26:31 CEST 2016:INFO:Added default schema from file:/C:/Program%20Files/SmartBear/SoapUI-5.2.0/bin/soapui-5.2.1.jar!/com/eviware/soapui/resources/xsds/soapEnvelope.xsd with targetNamespace http://schemas.xmlsoap.org/soap/envelope/
Fri Jul 08 00:26:31 CEST 2016:INFO:Added default schema from file:/C:/Program%20Files/SmartBear/SoapUI-5.2.0/bin/soapui-5.2.1.jar!/com/eviware/soapui/resources/xsds/soapEncoding.xsd with targetNamespace http://schemas.xmlsoap.org/soap/encoding/
Fri Jul 08 00:26:31 CEST 2016:INFO:Added default schema from file:/C:/Program%20Files/SmartBear/SoapUI-5.2.0/bin/soapui-5.2.1.jar!/com/eviware/soapui/resources/xsds/soapEnvelope12.xsd with targetNamespace http://www.w3.org/2003/05/soap-envelope
Fri Jul 08 00:26:31 CEST 2016:INFO:Added default schema from file:/C:/Program%20Files/SmartBear/SoapUI-5.2.0/bin/soapui-5.2.1.jar!/com/eviware/soapui/resources/xsds/soapEncoding12.xsd with targetNamespace http://www.w3.org/2003/05/soap-encoding
Fri Jul 08 00:26:31 CEST 2016:DEBUG:Getting wsdl component from [https://xxxxxxxxx.?wsdl]
Fri Jul 08 00:26:31 CEST 2016:DEBUG:Attempt 1 to execute request
Fri Jul 08 00:26:31 CEST 2016:DEBUG:Sending request: GET /xxxxxxxxxxxxx?wsdl HTTP/1.1
Fri Jul 08 00:26:32 CEST 2016:DEBUG:Receiving response: HTTP/1.1 403 Forbidden
Fri Jul 08 00:26:32 CEST 2016:DEBUG:Connection can be kept alive for 5000 MILLISECONDS
Fri Jul 08 00:26:32 CEST 2016:ERROR:Failed to load url [https://xxxxxxxxx.?wsdl]
Fri Jul 08 00:26:32 CEST 2016:ERROR:An error occurred [com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException], see error log for details
Fri Jul 08 00:26:40 CEST 2016:DEBUG:Connection closedHttp Log
Fri Jul 08 00:26:31 CEST 2016:DEBUG:>> "GET /xxxxxxxxxxxxx?wsdl HTTP/1.1[\r][\n]"
Fri Jul 08 00:26:31 CEST 2016:DEBUG:>> "Host: myhost.com[\r][\n]"
Fri Jul 08 00:26:31 CEST 2016:DEBUG:>> "Connection: Keep-Alive[\r][\n]"
Fri Jul 08 00:26:31 CEST 2016:DEBUG:>> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"
Fri Jul 08 00:26:31 CEST 2016:DEBUG:>> "[\r][\n]"
Fri Jul 08 00:26:32 CEST 2016:DEBUG:<< "HTTP/1.1 403 Forbidden[\r][\n]"
Fri Jul 08 00:26:32 CEST 2016:DEBUG:<< "Date: Thu, 07 Jul 2016 22:27:14 GMT[\r][\n]"
Fri Jul 08 00:26:32 CEST 2016:DEBUG:<< "Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips[\r][\n]"
Fri Jul 08 00:26:32 CEST 2016:DEBUG:<< "Content-Length: 74[\r][\n]"
Fri Jul 08 00:26:32 CEST 2016:DEBUG:<< "Keep-Alive: timeout=5, max=100[\r][\n]"
Fri Jul 08 00:26:32 CEST 2016:DEBUG:<< "Connection: Keep-Alive[\r][\n]"
Fri Jul 08 00:26:32 CEST 2016:DEBUG:<< "Content-Type: text/html; charset=iso-8859-1[\r][\n]"
Fri Jul 08 00:26:32 CEST 2016:DEBUG:<< "[\r][\n]"
Fri Jul 08 00:26:32 CEST 2016:DEBUG:<< "You need a client side certificate issued by MyFirm CA to access this site"Error Log
Fri Jul 08 00:26:32 CEST 2016:ERROR:com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException
com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException
at com.eviware.soapui.impl.wsdl.support.wsdl.WsdlLoader.makeInvalidDefinitionException(WsdlLoader.java:119)
at com.eviware.soapui.impl.wsdl.support.wsdl.WsdlLoader.loadXmlObject(WsdlLoader.java:109)
at com.eviware.soapui.impl.wsdl.support.xsd.SchemaUtils.getDefinitionParts(SchemaUtils.java:488)
at com.eviware.soapui.impl.wsdl.support.xsd.SchemaUtils.getDefinitionParts(SchemaUtils.java:477)
at com.eviware.soapui.impl.support.definition.support.AbstractDefinitionCache.update(AbstractDefinitionCache.java:94)
at com.eviware.soapui.impl.support.definition.support.AbstractDefinitionContext$Loader.construct(AbstractDefinitionContext.java:209)
at com.eviware.soapui.support.swing.SwingWorkerDelegator.construct(SwingWorkerDelegator.java:46)
at com.eviware.soapui.support.swing.SwingWorker$2.run(SwingWorker.java:131)
at java.lang.Thread.run(Unknown Source)Thanks again
- patrik8 years agoOccasional Contributor
Hi
Here I was again, .. i doubt : could it possible a firewal / closed port problem ? wich port doe's use SOAP UI ?
thanks again
- rupert_anderson8 years agoValued Contributor
Hi,
Where does the service you are calling reside?
SoapUI will make client calls over either the standard http(s) ports (80,443) or the one specified in your Request TestStep.
Firewalls can sometimes make a difference i.e. block the SoapUI request. Another common issue is not setting any proxy details in the SoapUI Settings, this often leads to issues where a browser can call the service (as it has correct proxy settings) and SoapUI can't.
Another typical SSL related issue (that I don't think you have, as I cannot see connection reset by peer) for SoapUI and sometimes Java code clients, is needing explicitly to enable TLS - see https://community.smartbear.com/t5/SoapUI-Open-Source/How-to-enable-TLS-1-2-in-SoapUI/m-p/96239/highlight/true#M17246
The thing is, it seems clear from the response that you're getting that the SSL handshake is OK, but your certificate is being rejected on the grounds of who signed it 'You need a client side certificate issued by MyFirm CA to access this site'
See http://wiki.cacert.org/ApacheServerClientCertificateAuthentication
Basic Client Side Authentication
This is for the case we want a preposition of the website to be accessible by certificate only. In this case any certificate from a set of CA's.
## Client Verification SSLVerifyClient optional SSLVerifyDepth 3 SSLCADNRequestPath /usr/share/ca-certificates/cacert.org/ # error handling RewriteEngine on RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS RewriteRule .? - [F] ErrorDocument 403 "You need a client side certificate issued by CAcert to access this site"
Related Content
- 9 years agoesfomeado
- 3 years agoyaminySharma04
- 10 months agork2212
Recent Discussions
- 7 days agoemoya