When I user EJBCA ws client in java code like this :
CertTools.installBCProvider();
String urlstr = "https://127.0.0.1:8443/ejbca/ejbcaws/ejbcaws?wsdl";
System.setProperty("javax.net.ssl.trustStore","D:\Documents\Downloads\wstest.jks");
System.setProperty("javax.net.ssl.trustStorePassword","foo123");
System.setProperty("javax.net.ssl.keyStore","D:\Documents\Downloads\wstest.jks");
System.setProperty("javax.net.ssl.keyStorePassword","foo123");
QName qname = new QName("http://ws.protocol.core.ejbca.org/", "EjbcaWSService");
EjbcaWSService service;
service = new EjbcaWSService(new URL(urlstr),qname);
EjbcaWS ejbcaraws = service.getEjbcaWSPort();
UserMatch usermatch = new UserMatch();
usermatch.setMatchwith(0);
usermatch.setMatchtype(0);
usermatch.setMatchvalue("Vendil");
List<UserDataVOWS> result = ejbcaraws.findUser(usermatch);
It showed that :
AuthorizationDeniedException_Exception: Admin CLIENTCERT was not authorized to resource /administrator.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:145)
at com.sun.xml.ws.client.sei.StubHandler.readResponse(StubHandler.java:252)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:181)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:262)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:128)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:154)
at $Proxy37.findUser(Unknown Source)
Can someBody help me,waitting for your help!!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
javax.xml.ws.WebServiceException: Cannot be accessed in the following locations WSDL: https://localhost:8443/ejbca/ejbcaws/ejbcaws?wsdl。The operation failure and display:
java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)。
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:252)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:229)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:192)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:161)
at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:328)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:290)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:217)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:199)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:195)
at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:112)
at javax.xml.ws.Service.<init>(Service.java:57)
at etoseast.EjbcaWSService.<init>(EjbcaWSService.java:42)
at com.eastelsoft.ws.AA.test(AA.java:79)
at com.eastelsoft.ws.AA.main(AA.java:62)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:186)
at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:360)
at sun.net.NetworkClient.doConnect(NetworkClient.java:145)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:394)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:529)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:271)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:328)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:731)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:979)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at java.net.URL.openStream(URL.java:1009)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:994)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:395)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:214)
... 12 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Provider.java:1245)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:325)
at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:283)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:65)
at sun.net.www.protocol.https.Handler.openConnection(Handler.java:42)
at sun.net.www.protocol.https.Handler.openConnection(Handler.java:37)
at java.net.URL.openConnection(URL.java:945)
... 16 more
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Provider$Service.newInstance(Provider.java:1221)
I don't konw what should I do, can you give some exemple please!!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks,I do as what you say and it successed. Now I coding reference clientToolBox source code, but when I try to create a new Certificate like this it showed a Exception:
UserDataVOWS userdata = new UserDataVOWS();
userdata.setUsername("liwf");
userdata.setSubjectDN("CN=liwf");
userdata.setSubjectAltName(null);
userdata.setCaName("AdminCA1");//CA
userdata.setEndEntityProfileName("EMPTY");//
userdata.setCertificateProfileName("ENDUSER");//ENDUSER/OCSPSIGNER/SERVER
int requesttype =CertificateHelper.CERT_REQ_TYPE_CRMF ;//PKCS10, CRMF, SPKAC or PUBLICKEY
KeyPair keys;
keys = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA);
PKCS10CertificationRequest pkcs10 = new PKCS10CertificationRequest("SHA256WithRSA",
CertTools.stringToBcX509Name("CN=NOUSED"), keys.getPublic(), null, keys.getPrivate());
CertificateResponse result = ejbcaraws.certificateRequest(userdata,requestdata,requesttype, new String(Base64.encode(pkcs10.getEncoded())),CertificateHelper.RESPONSETYPE_CERTIFICATE);
The Exception is :
EjbcaException_Exception: -4
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:145)
at com.sun.xml.ws.client.sei.StubHandler.readResponse(StubHandler.java:252)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:181)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:262)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:128)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:154)
at $Proxy37.certificateRequest(Unknown Source)
I can't find what the -4 means? And can you give me some advice please? Or where can I referenced?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
thanks for your help,Now I can do some basic functions. But I hava a new doubt about when I have create a certificate in X509Certificate ,I don't know how to downLode it. can you give me some advice?
Thank you in advance.
waitting for your help!!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When I user EJBCA ws client in java code like this :
CertTools.installBCProvider();
String urlstr = "https://127.0.0.1:8443/ejbca/ejbcaws/ejbcaws?wsdl";
System.setProperty("javax.net.ssl.trustStore","D:\Documents\Downloads\wstest.jks");
System.setProperty("javax.net.ssl.trustStorePassword","foo123");
System.setProperty("javax.net.ssl.keyStore","D:\Documents\Downloads\wstest.jks");
System.setProperty("javax.net.ssl.keyStorePassword","foo123");
QName qname = new QName("http://ws.protocol.core.ejbca.org/", "EjbcaWSService");
EjbcaWSService service;
service = new EjbcaWSService(new URL(urlstr),qname);
EjbcaWS ejbcaraws = service.getEjbcaWSPort();
UserMatch usermatch = new UserMatch();
usermatch.setMatchwith(0);
usermatch.setMatchtype(0);
usermatch.setMatchvalue("Vendil");
List<UserDataVOWS> result = ejbcaraws.findUser(usermatch);
It showed that :
AuthorizationDeniedException_Exception: Admin CLIENTCERT was not authorized to resource /administrator.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:145)
at com.sun.xml.ws.client.sei.StubHandler.readResponse(StubHandler.java:252)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:181)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:262)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:128)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:154)
at $Proxy37.findUser(Unknown Source)
Can someBody help me,waitting for your help!!
The first message shows what the problem is.
Try superadmin.p12 instead to begin with.
Read about EJBCA authorization.
Anders
Thanks for your answer! Here is what i had tried with superadmin.p12,but it had a new error:
String urlstr = "https://localhost:8443/ejbca/ejbcaws/ejbcaws?wsdl";
System.setProperty("javax.net.ssl.keyStore","C:/ejbca_4_0_10/p12/superadmin.p12");
System.setProperty("javax.net.sslews.keyStorePassword","ejbca");
Provider tlsProvider = new TLSProvider();
Security.addProvider(tlsProvider);
Security.setProperty("ssl.TrustManagerFactory.algorithm", "AcceptAll");
Security.setProperty("ssl.KeyManagerFactory.algorithm", "NewSunX509");
QName qname = new QName("http://ws.protocol.core.ejbca.org/", "EjbcaWSService");
EjbcaWSService service=null;
The error is :
javax.xml.ws.WebServiceException: Cannot be accessed in the following locations WSDL: https://localhost:8443/ejbca/ejbcaws/ejbcaws?wsdl。The operation failure and display:
java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)。
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:252)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:229)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:192)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:161)
at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:328)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:290)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:217)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:199)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:195)
at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:112)
at javax.xml.ws.Service.<init>(Service.java:57)
at etoseast.EjbcaWSService.<init>(EjbcaWSService.java:42)
at com.eastelsoft.ws.AA.test(AA.java:79)
at com.eastelsoft.ws.AA.main(AA.java:62)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:186)
at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:360)
at sun.net.NetworkClient.doConnect(NetworkClient.java:145)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:394)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:529)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:271)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:328)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:731)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:979)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at java.net.URL.openStream(URL.java:1009)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:994)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:395)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:214)
... 12 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Provider.java:1245)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:325)
at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:283)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:65)
at sun.net.www.protocol.https.Handler.openConnection(Handler.java:42)
at sun.net.www.protocol.https.Handler.openConnection(Handler.java:37)
at java.net.URL.openConnection(URL.java:945)
... 16 more
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Provider$Service.newInstance(Provider.java:1221)
I don't konw what should I do, can you give some exemple please!!
I still think you should try clientToolBox before coding but here is an updated example code
CertTools.installBCProvider();
String urlstr = "https://127.0.0.1:8443/ejbca/ejbcaws/ejbcaws?wsdl";
System.setProperty("javax.net.ssl.trustStore","C:/ejbca_4_0_10/p12/truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword","changeit");
System.setProperty("javax.net.ssl.keyStore","C:/ejbca_4_0_10/p12/superadmin.p12");
System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
System.setProperty("javax.net.ssl.keyStorePassword","ejbca");
as earlier
QName qname =
Thanks,I do as what you say and it successed. Now I coding reference clientToolBox source code, but when I try to create a new Certificate like this it showed a Exception:
UserDataVOWS userdata = new UserDataVOWS();
userdata.setUsername("liwf");
userdata.setSubjectDN("CN=liwf");
userdata.setSubjectAltName(null);
userdata.setCaName("AdminCA1");//CA
userdata.setEndEntityProfileName("EMPTY");//
userdata.setCertificateProfileName("ENDUSER");//ENDUSER/OCSPSIGNER/SERVER
int requesttype =CertificateHelper.CERT_REQ_TYPE_CRMF ;//PKCS10, CRMF, SPKAC or PUBLICKEY
KeyPair keys;
keys = KeyTools.genKeys("1024", AlgorithmConstants.KEYALGORITHM_RSA);
PKCS10CertificationRequest pkcs10 = new PKCS10CertificationRequest("SHA256WithRSA",
CertTools.stringToBcX509Name("CN=NOUSED"), keys.getPublic(), null, keys.getPrivate());
CertificateResponse result = ejbcaraws.certificateRequest(userdata,requestdata,requesttype, new String(Base64.encode(pkcs10.getEncoded())),CertificateHelper.RESPONSETYPE_CERTIFICATE);
The Exception is :
EjbcaException_Exception: -4
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:145)
at com.sun.xml.ws.client.sei.StubHandler.readResponse(StubHandler.java:252)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:181)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:262)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:128)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:154)
at $Proxy37.certificateRequest(Unknown Source)
I can't find what the -4 means? And can you give me some advice please? Or where can I referenced?
thanks for your help,Now I can do some basic functions. But I hava a new doubt about when I have create a certificate in X509Certificate ,I don't know how to downLode it. can you give me some advice?
Thank you in advance.
waitting for your help!!