[SignServer-develop] Authorization Type

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I have some problem with web service (bin/client.sh request), using a
client certificate authentication.

My worker is set with AUTH = CLIENTCERT (it's a TIMESTAMP worker)
I have add authorized client for this worker using a certificate (we call it
* client.crt*)
The certificate *client.crt* is present in the application server's
truststore (I use GlassFish APPSRV)

But when I try to request the worker, It return me an error: "client
authentication"
Detail of the request:
*bin/client.sh timestamp -instr mystring -outrep response.tsr -url
http://localhost:8080/signserver/tsa?workerId=1 -keystore /tmp/client.jks
-keystorepwd "my_pass" -keyalias "my_alias"*

Detail of the error message:
*Exception in thread "main"
org.signserver.cli.spi.UnexpectedCommandFailureException:
java.io.IOException: Server returned HTTP response code: 400 for URL:
http://localhost:8080/signserver/tsa?workerId=1
    at
org.signserver.client.cli.defaultimpl.TimeStampCommand.execute(TimeStampCommand.java:320)
    at
org.signserver.cli.CommandLineInterface.execute(CommandLineInterface.java:97)
    at org.signserver.client.cli.ClientCLI.main(ClientCLI.java:45)
Caused by: java.io.IOException: Server returned HTTP response code: 400 for
URL: http://localhost:8080/signserver/tsa?workerId=1
    at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1403)
    at
org.signserver.client.cli.defaultimpl.TimeStampCommand.tsaRequest(TimeStampCommand.java:586)
    at
org.signserver.client.cli.defaultimpl.TimeStampCommand.run(TimeStampCommand.java:334)
    at
org.signserver.client.cli.defaultimpl.TimeStampCommand.execute(TimeStampCommand.java:312)
    ... 2 more*

Detail of the server.log:
*[#|2013-07-31T12:12:19.463+0200|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=16;_ThreadName=httpSSLWorkerThread-8080-0;|INFO
[IWorkerLogger] AUDIT; DefaultTimeStampLogger; LOG_ID:
db8d7ba8-f6f9-4f66-bf93-bea140d0f8d3; CLIENT_IP: 127.0.0.1;
REQUEST_FULLURL: http://localhost:8080/signserver/tsa?workerId=1;
RequestTime: 1375265539461; ResponseTime: 1; TimeStamp: ${TSA_TIME};
PKIStatus: ${TSA_PKISTATUS}; PKIFailureInfo: ${TSA_PKIFAILUREINFO};
SerialNumber: ${TSA_SERIALNUMBER}; TSA_POLICYID: ${TSA_POLICYID};
SIGNER_CERT_SERIALNUMBER: ${SIGNER_CERT_SERIALNUMBER};
SIGNER_CERT_ISSUERDN: ${SIGNER_CERT_ISSUERDN}; TIMESTAMPREQUEST_ENCODED:
${TSA_TIMESTAMPREQUEST_ENCODED}; TSA_TIMESTAMPRESPONSE_ENCODED:
${TSA_TIMESTAMPRESPONSE_ENCODED}; ARCHIVE_IDS: ${ARCHIVE_IDS}; PURCHASED:
${PURCHASED}; TSA_EXCEPTION: ${TSA_EXCEPTION}; EXCEPTION: Error, client
authentication is required.*

However when I configure the worker with AUTH = NOAUTH, the request is
successful.

Can somebody help me !?

Regard,

Valentin.

-- 

*Valentin PELTIER**
Stagiaire
*
val...@ar...

*AriadNEXT*
80 av. des Buttes de Coësmes
35700 RENNES - FRANCE

-- 

<http://www.ariadnext.com/solutions/securisation-des-documents/>

Ce message et toutes les pièces jointes sont confidentiels et établis à 
l'intention exclusive de son ou ses destinataires. Si vous avez reçu ce 
message par erreur, merci d'en avertir immédiatement l'émetteur et de 
détruire le message. Toute modification, édition, utilisation ou diffusion 
non autorisée est interdite. L'émetteur décline toute responsabilité au 
titre de ce message s'il a été modifié, déformé, falsifié, infecté par un 
virus ou encore édité ou diffusé sans autorisation.

This message and any attachments are confidential and intended for the 
named addressee(s) only. If you have received this message in error, please 
notify immediately the sender, then delete the message. Any unauthorized 
modification, edition, use or dissemination is prohibited. The sender shall 
not be liable for this message if it has been modified, altered, falsified, 
infected by a virus or even edited or disseminated without authorization.