Problem consuming HTTPS web service

Hi everyone,

I’ve been trying to consume a HTTPS web service within a flow service. This web service uses an old version of Apache Axis (1.4), and its binding style is the deprecated “rpc/encoded”.

While I had access to a HTTP version of the same web service, everything worked fine, until the moment the protocol changed to HTTPS. After this, the connector linked to my Web Service Descriptor started returning the following error (full call stack at the bottom):

In the transport info, the following status message is returned:

A certificate was provided and registered by the Integration Server admin, and it was set in the provider’s endpoint alias configuration. The web service’s URL and port was unblocked by the network admin. Given that, I wasn’t involved in these steps, as it was made by another team.

Do you have any idea what can cause this kind of error? Could it be related to a SOAP incompatibility, a wrongly registered certificate, or some missing configuration in IS?

I am using WM9.8.

Thanks in advance,
Pablo

PS.: This is the call stack:

com.wm.app.b2b.server.ServiceException: org.apache.axis2.AxisFault: Connection closed by remote host.
	at pub.clientimpl.wssClient(clientimpl.java:2541)
	at pub.clientimpl.soapClient(clientimpl.java:1173)
	at sun.reflect.GeneratedMethodAccessor4837.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:483)
	at com.wm.app.b2b.server.JavaService.baseInvoke(JavaService.java:441)
	at com.wm.app.b2b.server.invoke.InvokeManager.process(InvokeManager.java:643)
	at com.wm.app.b2b.server.util.tspace.ReservationProcessor.process(ReservationProcessor.java:39)
	at com.wm.app.b2b.server.invoke.StatisticsProcessor.process(StatisticsProcessor.java:49)
	at com.wm.app.b2b.server.invoke.ServiceCompletionImpl.process(ServiceCompletionImpl.java:243)
	at com.wm.app.b2b.server.invoke.ValidateProcessor.process(ValidateProcessor.java:49)
	at com.wm.app.b2b.server.invoke.PipelineProcessor.process(PipelineProcessor.java:171)
	at com.wm.app.b2b.server.ACLManager.process(ACLManager.java:302)
	at com.wm.app.b2b.server.invoke.DispatchProcessor.process(DispatchProcessor.java:34)
	at com.wm.app.b2b.server.AuditLogManager.process(AuditLogManager.java:369)
	at com.wm.app.b2b.server.invoke.InvokeManager.invoke(InvokeManager.java:547)
	at com.wm.app.b2b.server.invoke.InvokeManager.invoke(InvokeManager.java:384)
	at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:238)
	at com.wm.app.b2b.server.BaseService.invoke(BaseService.java:205)
	at com.wm.lang.flow.FlowInvoke.invoke(FlowInvoke.java:258)
	at com.wm.lang.flow.FlowState.invokeNode(FlowState.java:511)
	at com.wm.lang.flow.FlowState.stepIncremental(FlowState.java:428)
	at com.wm.lang.flow.FlowState.invoke(FlowState.java:331)
	at wm.server.flowdebugger.stepFlow(flowdebugger.java:935)
	at wm.server.flowdebugger.execute(flowdebugger.java:465)
	at sun.reflect.GeneratedMethodAccessor286.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:483)
	at com.wm.app.b2b.server.JavaService.baseInvoke(JavaService.java:451)
	at com.wm.app.b2b.server.invoke.InvokeManager.process(InvokeManager.java:643)
	at com.wm.app.b2b.server.util.tspace.ReservationProcessor.process(ReservationProcessor.java:39)
	at com.wm.app.b2b.server.invoke.StatisticsProcessor.process(StatisticsProcessor.java:49)
	at com.wm.app.b2b.server.invoke.ServiceCompletionImpl.process(ServiceCompletionImpl.java:243)
	at com.wm.app.b2b.server.invoke.ValidateProcessor.process(ValidateProcessor.java:49)
	at com.wm.app.b2b.server.invoke.PipelineProcessor.process(PipelineProcessor.java:171)
	at com.wm.app.b2b.server.ACLManager.process(ACLManager.java:302)
	at com.wm.app.b2b.server.invoke.DispatchProcessor.process(DispatchProcessor.java:34)
	at com.wm.app.b2b.server.AuditLogManager.process(AuditLogManager.java:369)
	at com.wm.app.b2b.server.invoke.InvokeManager.invoke(InvokeManager.java:547)
	at com.wm.app.b2b.server.invoke.InvokeManager.invoke(InvokeManager.java:384)
	at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:238)
	at com.wm.app.b2b.server.comm.DefaultServerRequestHandler.handleMessage(DefaultServerRequestHandler.java:119)
	at com.wm.app.b2b.server.HTTPMessageHandler.process(HTTPMessageHandler.java:156)
	at com.wm.app.b2b.server.HTTPDispatch.handleRequest(HTTPDispatch.java:178)
	at com.wm.app.b2b.server.Dispatch.run(Dispatch.java:384)
	at com.wm.util.pool.PooledThread.run(PooledThread.java:127)
	at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.axis2.AxisFault: Connection closed by remote host.
	at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
	at com.wm.app.b2b.server.wss.HTTPTransportSender.makeFault(HTTPTransportSender.java:1110)
	at com.wm.app.b2b.server.wss.HTTPTransportSender.writeMessageWithWebM(HTTPTransportSender.java:577)
	at com.wm.app.b2b.server.wss.HTTPTransportSender.invoke(HTTPTransportSender.java:197)
	at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
	at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:484)
	at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:263)
	at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
	at com.softwareag.wsstack.client.impl.WSOperationClientImpl.execute(WSOperationClientImpl.java:65)
	at com.wm.app.b2b.server.wss.wssClientImpl.invokeWebService(wssClientImpl.java:209)
	at pub.clientimpl.wssClient(clientimpl.java:2494)
	... 46 more
Caused by: java.io.EOFException: Connection closed by remote host.
	at iaik.security.ssl.Utils.a(Unknown Source)
	at iaik.security.ssl.a.k(Unknown Source)
	at iaik.security.ssl.f.a(Unknown Source)
	at iaik.security.ssl.g.f(Unknown Source)
	at iaik.security.ssl.g.d(Unknown Source)
	at iaik.security.ssl.f.c(Unknown Source)
	at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
	at iaik.security.ssl.SSLTransport.getInputStream(Unknown Source)
	at iaik.security.ssl.SSLSocket.getInputStream(Unknown Source)
	at com.wm.net.NetURLConnection.connect(NetURLConnection.java:258)
	at com.wm.net.HttpURLConnection.getOutputStream(HttpURLConnection.java:442)
	at com.wm.net.HttpContext.getOutputStream(HttpContext.java:719)
	at com.wm.net.HttpContext.getOutputStream(HttpContext.java:695)
	at com.wm.app.b2b.server.wss.HTTPTransportSender.sendRequest(HTTPTransportSender.java:635)
	at com.wm.app.b2b.server.wss.HTTPTransportSender.writeMessageWithWebM(HTTPTransportSender.java:563)
	... 54 more

Hi,

can you please check for SSLv3 vs. TLS configuration?

What is your IS-Core- as well as the SCG-Entrust-Fix-Level.

See Empower for POODLE KB Article.

Regards,
Holger

Hi Holger,

I’m looking for the configurations asked, and I’ll get back as soon as I find it.

Unfortunately I don’t have access to Empower, but these topics gave me a good explanation about the POODLE vulnerability:

http://tech.forums.softwareag.com/techjforum/posts/list/54147.page
http://tech.forums.softwareag.com/techjforum/posts/list/55020.page

Thanks!

Hello – On POODLE there are many threads which have well explanation. Please go through and let us know if you still stuck in b/w.

Thanks,

Hi everyone,

The problem was solved, after these steps:

  • The web service we were trying to consume uses TLS 1.2;

  • Through some support tickets, we were advised to use a JSSE (Java Secure Socket Extension) socket factory to deal with this protocol, but we couldn’t set this property within our WS consumer;

  • Instead of configuring a web service descriptor, we used pub.client:http to request the service, setting the useJSSE property to “yes”, and loadAs set with “stream”;

  • After this, the following sequence gives me the response in document format:

  • pub.xml: xmlStringToXMLNode
  • pub.xml: xmlNodeToDocument

Thanks for all the help, it definitely pointed out the right direction to solve my problem!

Boa tarde Pablo.

Tudo bem?

Tive o mesmo problema aqui na empresa e através da sua solução, fiquei apenas com uma duvida:

No WS do cliente só tem um parametro em um metodo …
Como eu envio essa informação pelo flow pub.client:http?

Abaixo o meu xml da request pelo SOAPUI:


<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
   <soapenv:Header/>
   <soapenv:Body>
      <tem:AddCallData>
         <!--Optional:-->
         <tem:xml>           


		</tem:xml>
      </tem:AddCallData>
   </soapenv:Body>
</soapenv:Envelope>

Dentro do parametro xml será enviada uma string no formato XML com os dados esperado pelo Cliente.

Pode me ajudar por favor?

Obrigado

Ronaldo.