on 10-27-2008 3:09 PM
Hi everyone
I'm trying to call an external web service over HTTPS, and continually get the following error:
com.sap.engine.services.webservices.espbase.wsdl.exceptions.WSDLException: Peer sent alert: Alert Fatal: handshake failure
I haven't tried doing this before, so not quite sure where to start. I have a client certificate that must be used to access the remote web service, and I think the problem is associating the client cert with the web service call.
Has anyone else tried this before? Any suggestions of where to look?
I've had a brief look at Key Storage in NWA, but it's not something I'm familiar with - so not sure if it's even the right place to be looking.
Some help on this would be great!
Thanks
Stuart
Hi,
Can you deploy the tool which can be found in [SAP NOTE 1045019|https://service.sap.com/sap/support/notes/1045019], adding the following tracing locations in addition to the ws_security template:
"com.sap.security.core.server.https" and "com.sap.engine.services.webservices.jaxm.soap" and all of their successors.
Then press Start, reproduce the problem, press stop and attach the resulting zip file containing the traces. Currently all I can understand by this is that there is some problem establishing HTTPS connection - probably client certificate is not trusted or some cipher suite problem.
Best Regards,
Aleksandar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Aleksandar
Here's the output from the trace. Unfortunately the SAP forums don't allow attachments, so it may be difficult to read. Please let me know if you see anything that may help.
Thanks
Stuart
Time Severity User Thread Location Message
09:18:23:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:23:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@fa1b67
09:18:24:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:24:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@4c8af
09:18:24:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:24:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@b6981b
09:18:25:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:25:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@1133227
09:18:25:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:25:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@12d4229
09:18:26:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:26:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@117ae38
09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider [com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider] 'nonProxyHosts' are configured '10.|127.|192.168.*'.
09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider [com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider] 'nonProxyHosts' default value is '10.|127.|192.168.*'.
09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider Loadin mapping file from location :[c:/mapping.txt]
09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider Additional file for CTS configuration can not be found [c:\mapping.txt (The system cannot find the file specified)].
09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider >>>>>>>>> ERROR: Could not find mapping for service QName=vipSoapInterfaceService, class=class com.verisign._2006._08.vipservice.VipSoapInterfaceService
09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider: Creating client instance with WSDL URL [https://pilot-vipservices-auth.verisign.com:443/prov/soap/val/soap] (vipSoapInterfaceService) <com.verisign._2006._08.vipservice.VipSoapInterfaceService>
09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider: Using SAP JAX-WS Implemetation to create service delegate.
09:18:26:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:26:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@5586b0
09:18:26:687 Path Administrator HTTP Worker [0] ~s.espbase.wsdl.exceptions.WSDLException Exception : Peer sent alert: Alert Fatal: handshake failure
java.lang.Exception
at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1230)
at com.sap.exception.BaseExceptionInfo.<init>(BaseExceptionInfo.java:147)
at com.sap.exception.BaseException.<init>(BaseException.java:89)
at com.sap.engine.services.webservices.espbase.wsdl.exceptions.WSDLException.<init>(WSDLException.java:34)
at com.sap.engine.services.webservices.espbase.wsdl.WSDLLoader.loadDOMDocument(WSDLLoader.java:140)
at com.sap.engine.services.webservices.espbase.wsdl.WSDLLoader.load(WSDLLoader.java:91)
at com.sap.engine.services.webservices.espbase.wsdl.WSDLLoader.load(WSDLLoader.java:80)
at com.sap.engine.services.webservices.espbase.client.jaxws.core.SAPServiceDelegate.loadWSDLDefinitions(SAPServiceDelegate.java:201)
at com.sap.engine.services.webservices.espbase.client.jaxws.core.SAPServiceDelegate.initWSDL(SAPServiceDelegate.java:159)
at com.sap.engine.services.webservices.espbase.client.jaxws.core.SAPServiceDelegate.<init>(SAPServiceDelegate.java:113)
at com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider.createDelegate(CTSProvider.java:170)
at com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider.createServiceDelegate(CTSProvider.java:151)
at javax.xml.ws.Service.<init>(Service.java:57)
at com.verisign._2006._08.vipservice.VipSoapInterfaceService.<init>(VipSoapInterfaceService.java:41)
at JEE_jsp_result_6740550_1225116575421_1225116585468._jspService(JEE_jsp_result_6740550_1225116575421_1225116585468.java:64)
at com.sap.engine.services.servlets_jsp.lib.jspruntime.JspBase.service(JspBase.java:102)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:66)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:433)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:240)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:66)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:32)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:431)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:289)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:376)
at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:85)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)
at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:160)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)
at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:67)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)
at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)
at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)
at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:309)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.run(Processor.java:222)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:152)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:247)
Caused by: org.w3c.www.protocol.http.HttpException: Peer sent alert: Alert Fatal: handshake failure
iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure
at iaik.security.ssl.r.f(Unknown Source)
at iaik.security.ssl.x.b(Unknown Source)
at iaik.security.ssl.x.a(Unknown Source)
at iaik.security.ssl.r.d(Unknown Source)
at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source)
at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)
at org.w3c.www.protocol.http.g.markUsed(Unknown Source)
at org.w3c.www.protocol.http.HttpBasicServer.getConnection(Unknown Source)
at org.w3c.www.protocol.http.HttpBasicServer.runRequest(Unknown Source)
at org.w3c.www.protocol.http.HttpManager.runRequest(Unknown Source)
at org.w3c.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at org.w3c.www.protocol.http.HttpURLConnection.a(Unknown Source)
at org.w3c.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.URL.openStream(URL.java:1007)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:201)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:263)
at com.sap.engine.lib.xml.parser.Parser.parse_DTDValidation(Parser.java:282)
at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:293)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:101)
at com.sap.engine.lib.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:127)
at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:146)
at com.sap.engine.services.webservices.espbase.wsdl.WSDLLoader.loadDOMDocument(WSDLLoader.java:132)
at com.sap.engine.services.webservices.espbase.wsdl.WSDLLoader.load(WSDLLoader.java:91)
at com.sap.engine.services.webservices.espbase.wsdl.WSDLLoader.load(WSDLLoader.java:80)
at com.sap.engine.services.webservices.espbase.client.jaxws.core.SAPServiceDelegate.loadWSDLDefinitions(SAPServiceDelegate.java:201)
at com.sap.engine.services.webservices.espbase.client.jaxws.core.SAPServiceDelegate.initWSDL(SAPServiceDelegate.java:159)
at com.sap.engine.services.webservices.espbase.client.jaxws.core.SAPServiceDelegate.<init>(SAPServiceDelegate.java:113)
at com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider.createDelegate(CTSProvider.java:170)
at com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider.createServiceDelegate(CTSProvider.java:151)
at javax.xml.ws.Service.<init>(Service.java:57)
at com.verisign._2006._08.vipservice.VipSoapInterfaceService.<init>(VipSoapInterfaceService.java:41)
at JEE_jsp_result_6740550_1225116575421_1225116585468._jspService(JEE_jsp_result_6740550_1225116575421_1225116585468.java:64)
at com.sap.engine.services.servlets_jsp.lib.jspruntime.JspBase.service(JspBase.java:102)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:66)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:433)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:240)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:66)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:32)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:431)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:289)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:376)
at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:85)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)
at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:160)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)
at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:67)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)
at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)
at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)
at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:309)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.run(Processor.java:222)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:152)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:247)
09:18:27:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:27:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@20ba3c
09:18:27:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:27:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@12e6a08
09:18:28:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:28:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@26e3bf
09:18:28:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:28:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@1c5310d
09:18:29:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:29:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@f827f6
09:18:29:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:29:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@a8646a
09:18:30:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:30:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@175b961
09:18:30:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:30:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@c449f1
09:18:31:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS
09:18:31:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@1feeea8
09:18:31:593 Info Administrator HTTP Worker [3] System.out SessionImpl::getContext():[ B E G I N ].timerId=15
09:18:31:593 Info Administrator HTTP Worker [3] System.out SessionImpl::getContext():[ E N D ].timerId=[id:#15, elapsed: 0 ms.]
Ok, I've made some progress in another area I think.
I've added the client certificate to a new KeyStore view in NWA, and have created a Destination that uses the client certificate for authentication - which is all working well.
Now, if I can use the Destination with a Web Service Proxy then I'm sure it'll work fine. Does anyone know of an example of how to do this?
I've been trying to generate a web service client within NWDS, but there's a bug that's preventing me from doing this. I've logged that as a message with SAP, but have had no response at all in 4 days. Not very impressed on that front.
Will update this thread if I find the solution. In the meantime, any help would be greatly appreciated!
Hi Stuart,
I 'm quite new to Netweaver and am trying to get past a very similar issue. I have an independent Tomcat Java web server across the local network that hosts a web service secured via SSL (configured for one-way handshake i.e, no client auth). The WS consumer proxy executes on Netweaver AS Java. I have generated the web services client stub (deployable proxy contained in a dynamic web project wrapped and deployed as a EAR) using NWDS tooling (Web Services generator client wizard using JAX-WS).
I have used @WebServiceRef at the point of consumption of the proxy so that the automatic JNDI binding happens and the consumer proxy is visible via the SOA-->Single Service Administration-->Consumer Proxy listing. The client consumer proxy is visible and gets listed as expected.
Here is problem / specific concerns where I need inputs -
* The Web services consumer proxy port security configuration lists only a subset of NWA Keystore views. Where is the rationale here? Why are the other keystore views not visible? Where should I import the trust certificate for the consumer proxy to look up and how to configure it. I have tried importing the trust certs in all of these listed views but it does not like it. The handshake happens and the web service call executes only when I toggle the security config to not to check for server certs.
Appreciate if you could shed some light on this.
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.