BCJSSE close notify problem

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

BCJSSE close notify problem

Huangfu
hello
   we use
https://github.com/fiorenzino/client16/blob/master/src/test/java/com/jpeppol/client16/MyTLSSocketSecureFactory.java
to build  axis1.4 webservice client use SimpleTestHttp test link
nnb.tbb.com.tw this code is:(nnb.tbb.com.tw is open)
//
import java.io.IOException;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.Socket;

import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DefaultTlsClient;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsClientProtocol;
import org.bouncycastle.crypto.tls.TlsCredentials;

/**
 * Created by fiorenzo on 10/06/16.
 */
public class SimpleTestHttp {


    public static void main(String[] args) throws Exception {
        java.security.SecureRandom secureRandom = new
java.security.SecureRandom();
        Socket socket = new
Socket(java.net.InetAddress.getByName("nnb.tbb.com.tw"), 443);
        TlsClientProtocol protocol = new
TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(),
secureRandom);
        DefaultTlsClient client = new DefaultTlsClient() {
            public TlsAuthentication getAuthentication() throws IOException
{
                TlsAuthentication auth = new TlsAuthentication() {
                    // Capture the server certificate information!
                    public void
notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate
serverCertificate) throws IOException {
                    }

                    public TlsCredentials
getClientCredentials(CertificateRequest certificateRequest) throws
IOException {
                        return null;
                    }
                };
                return auth;
            }
        };
        protocol.connect(client);

        java.io.OutputStream output = protocol.getOutputStream();
        output.write("GET / HTTP/1.1\r\n".getBytes("UTF-8"));
        output.write("Host: ap-test.jpeppol.com\r\n".getBytes("UTF-8"));
        output.write("Connection: close\r\n".getBytes("UTF-8")); // So the
server will close socket immediately.
        output.write("\r\n".getBytes("UTF-8")); // HTTP1.1 requirement: last
line must be empty line.
        output.flush();

        java.io.InputStream input = protocol.getInputStream();
        BufferedReader reader = new BufferedReader(new
InputStreamReader(input));
        String line;
        while ((line = reader.readLine()) != null) {
            System.out.println(line);
            //System.out.println("KKK");
           
        }
    }
}
//
is appear
//
HTTP/1.1 200 OK
Date: Thu, 17 May 2018 02:33:00 GMT
Last-Modified: Wed, 11 Feb 2009 05:48:21 GMT
ETag: "2e267-e6-26bb3340"
Accept-Ranges: bytes
Content-Length: 230
Connection: close
Content-Type: text/html
Set-Cookie:
TS01db7c90=014dc385f0bf9942f4cb5c66f5ef66a5ad6e707db855d9d27378ae56f16a75190d1aec5a8a;
Path=/

<html>
Exception in thread "main"
org.bouncycastle.crypto.tls.TlsNoCloseNotifyException: No close_notify alert
received before connection closed
        at org.bouncycastle.crypto.tls.TlsProtocol.safeReadRecord(Unknown Source)
        at org.bouncycastle.crypto.tls.TlsProtocol.readApplicationData(Unknown
Source)
        at org.bouncycastle.crypto.tls.TlsInputStream.read(Unknown Source)
        at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411)
        at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453)
        at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
        at java.io.InputStreamReader.read(InputStreamReader.java:167)
        at java.io.BufferedReader.fill(BufferedReader.java:136)
        at java.io.BufferedReader.readLine(BufferedReader.java:299)
        at java.io.BufferedReader.readLine(BufferedReader.java:362)
        at userstar.SimpleTestHttp.main(SimpleTestHttp.java:49)
<head>
<title>Web-Page-Redirect</title>

</head>
<body onload="return URLRedirect();">
</body>
</html>
///
is web service server error or web service client is error
if  web service server error  How to fix?
if  web service client Can avoid the exception? I can fix it ?  thanks

regards
Hwangfu






--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html

Reply | Threaded
Open this post in threaded view
|

Re: BCJSSE close notify problem

Huangfu
hello
the first:
Want to know what caused this error?Is it related to this software? Is it
possible to improve or avoid it?
the second:
link:tw.yahoo.tw  AND www.google.com
The results are all 404,but tw.yahoo.tw not appear :
org.bouncycastle.crypto.tls.TlsNoCloseNotifyException: No close_notify alert
received before connection closed
www.google.com is appear
Is there a problem with the original code?or axis1.4 problem ?
(jdk1.5.0-1+axis1.4+ bcprov-jdk14-159.jar )use sample
https://github.com/fiorenzino/client16/blob/master/src/test/java/com/jpeppol/client16/MyTLSSocketSecureFactory.java 
and SimpleTestHttp.java
Does anyone know the answer?

regards
Hwangfu






--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html

Reply | Threaded
Open this post in threaded view
|

Re: BCJSSE close notify problem

Huangfu
In reply to this post by Huangfu
TSLSocketConnectionFactory.java code
//
import java.io.*;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.util.Hashtable;
import java.util.LinkedList;
import java.util.List;

import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.cert.X509Certificate;

import org.bouncycastle.crypto.tls.AbstractTlsClient;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DefaultTlsClient;
import org.bouncycastle.crypto.tls.ExtensionType;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsClientProtocol;
import org.bouncycastle.crypto.tls.TlsCredentials;
import org.bouncycastle.jce.provider.BouncyCastleProvider;


/**
 * This Class enables TLS V1.2 connection based on BouncyCastle Providers.
Just to use: URL myurl = new URL( "http://
 * ...URL tha only Works in TLS 1.2); HttpsURLConnection con =
(HttpsURLConnection )myurl.openConnection();
 * con.setSSLSocketFactory(new TSLSocketConnectionFactory());
 *
 * @author AZIMUTS
 */
public class TSLSocketConnectionFactory extends SSLSocketFactory
{

   //
////////////////////////////////////////////////////////////////////////////////////////////////////////////
   // Adding Custom BouncyCastleProvider
   //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
   static
   {
      if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null)
         Security.addProvider(new BouncyCastleProvider());
         //Security.addProvider(new BouncyCastleJsseProvider());
   }

   //
////////////////////////////////////////////////////////////////////////////////////////////////////////////
   // HANDSHAKE LISTENER
   //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
   public class TLSHandshakeListener implements HandshakeCompletedListener
   {
      public void handshakeCompleted(HandshakeCompletedEvent event)
      {

      }
   }

   //
////////////////////////////////////////////////////////////////////////////////////////////////////////////
   // SECURE RANDOM
   //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
   private SecureRandom _secureRandom = new SecureRandom();

   //
////////////////////////////////////////////////////////////////////////////////////////////////////////////
   // Adding Custom BouncyCastleProvider
   //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
   @Override
   public Socket createSocket(Socket socket, final String host, int port,
boolean arg3)
            throws IOException
   {
      if (socket == null)
      {
         socket = new Socket();
      }
      if (!socket.isConnected())
      {
         socket.connect(new InetSocketAddress(host, port));
      }

      final TlsClientProtocol tlsClientProtocol = new
TlsClientProtocol(socket.getInputStream(),
               socket.getOutputStream(), _secureRandom);
      return _createSSLSocket(host, tlsClientProtocol);

   }

   //
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
   // SOCKET FACTORY METHODS
   //
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
   @Override
   public String[] getDefaultCipherSuites()
   {
      return null;
   }

   @Override
   public String[] getSupportedCipherSuites()
   {
      return null;
   }

   @Override
   public Socket createSocket(String host, int port) throws IOException,
UnknownHostException
   {
      Socket socket = new Socket();
      socket.connect(new InetSocketAddress(host, port));
      final TlsClientProtocol tlsClientProtocol = new
TlsClientProtocol(socket.getInputStream(),
               socket.getOutputStream(), _secureRandom);
      return _createSSLSocket(host, tlsClientProtocol);
   }

   @Override
   public Socket createSocket(InetAddress host, int port) throws IOException
   {
      return null;
   }

   @Override
   public Socket createSocket(String host, int port, InetAddress localHost,
            int localPort) throws IOException, UnknownHostException
   {
      return null;
   }

   @Override
   public Socket createSocket(InetAddress address, int port,
            InetAddress localAddress, int localPort) throws IOException
   {
      return null;
   }

   //
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
   // SOCKET CREATION
   //
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

   private SSLSocket _createSSLSocket(final String host, final
TlsClientProtocol tlsClientProtocol)
   {
      return new SSLSocket()
      {
         private java.security.cert.Certificate[] peertCerts;

         @Override
         public InputStream getInputStream() throws IOException
         {
       
            return tlsClientProtocol.getInputStream();
         }

         @Override
         public OutputStream getOutputStream() throws IOException
         {
       
            return tlsClientProtocol.getOutputStream();
         }

         @Override
         public synchronized void close() throws IOException
         {
       
            tlsClientProtocol.close();
         }

         @Override
         public void
addHandshakeCompletedListener(HandshakeCompletedListener arg0)
         {

         }

         @Override
         public boolean getEnableSessionCreation()
         {
            return false;
         }

         @Override
         public String[] getEnabledCipherSuites()
         {
            return null;
         }

         @Override
         public String[] getEnabledProtocols()
         {
            return this.enabledProtocols;
         }

         @Override
         public boolean getNeedClientAuth()
         {
            return false;
         }

         @Override
         public SSLSession getSession()
         {
            return new SSLSession()
            {

               public int getApplicationBufferSize()
               {
                  return 0;
               }

               public String getCipherSuite()
               {
                  throw new UnsupportedOperationException();
               }

               public long getCreationTime()
               {
                  throw new UnsupportedOperationException();
               }

             
               public byte[] getId()
               {
                  throw new UnsupportedOperationException();
               }

             
               public long getLastAccessedTime()
               {
                  throw new UnsupportedOperationException();
               }

             
               public java.security.cert.Certificate[]
getLocalCertificates()
               {
                  throw new UnsupportedOperationException();
               }

             
               public Principal getLocalPrincipal()
               {
                  throw new UnsupportedOperationException();
               }

             
               public int getPacketBufferSize()
               {
                  throw new UnsupportedOperationException();
               }

               
               public X509Certificate[] getPeerCertificateChain()
                        throws SSLPeerUnverifiedException
               {
                  // TODO Auto-generated method stub
                  return null;
               }

             
               public java.security.cert.Certificate[] getPeerCertificates()
throws SSLPeerUnverifiedException
               {
                  return peertCerts;
               }

               
               public String getPeerHost()
               {
                  throw new UnsupportedOperationException();
               }

               
               public int getPeerPort()
               {
                  return 0;
               }

               
               public Principal getPeerPrincipal() throws
SSLPeerUnverifiedException
               {
                  return null;
                  // throw new UnsupportedOperationException();

               }

               
               public String getProtocol()
               {
                  throw new UnsupportedOperationException();
               }

               
               public SSLSessionContext getSessionContext()
               {
                  throw new UnsupportedOperationException();
               }

               
               public Object getValue(String arg0)
               {
                  throw new UnsupportedOperationException();
               }

               
               public String[] getValueNames()
               {
                  throw new UnsupportedOperationException();
               }

             
               public void invalidate()
               {
                  throw new UnsupportedOperationException();

               }

               
               public boolean isValid()
               {
                  throw new UnsupportedOperationException();
               }

               
               public void putValue(String arg0, Object arg1)
               {
                  throw new UnsupportedOperationException();

               }

               
               public void removeValue(String arg0)
               {
                  throw new UnsupportedOperationException();

               }

            };
         }

         private String[] enabledProtocols;

         @Override
         public String[] getSupportedProtocols()
         {
            return null;
         }

         @Override
         public boolean getUseClientMode()
         {
            return false;
         }

         @Override
         public boolean getWantClientAuth()
         {

            return false;
         }

         @Override
         public void
removeHandshakeCompletedListener(HandshakeCompletedListener arg0)
         {

         }

         @Override
         public void setEnableSessionCreation(boolean arg0)
         {

         }

         @Override
         public void setEnabledCipherSuites(String[] arg0)
         {

         }

         @Override
         public void setEnabledProtocols(String[] arg0)
         {
            this.enabledProtocols = arg0;
         }

         @Override
         public void setNeedClientAuth(boolean arg0)
         {

         }

         @Override
         public void setUseClientMode(boolean arg0)
         {

         }

         @Override
         public void setWantClientAuth(boolean arg0)
         {

         }

         @Override
         public String[] getSupportedCipherSuites()
         {
            return null;
         }

         @Override
         public void startHandshake() throws IOException
         {
            tlsClientProtocol.connect(new DefaultTlsClient()
//            {
//               @Override
//               public Hashtable<Integer, byte[]> getClientExtensions()
throws IOException
//               {
//                  Hashtable<Integer, byte[]> clientExtensions =
super.getClientExtensions();
//                  if (clientExtensions == null)
//                  {
//                     clientExtensions = new Hashtable<Integer, byte[]>();
//                  }
//
//                  // Add host_name
//                  byte[] host_name = host.getBytes();
//
//                  final ByteArrayOutputStream baos = new
ByteArrayOutputStream();
//                  final DataOutputStream dos = new DataOutputStream(baos);
//                  dos.writeShort(host_name.length + 3); // entry size
//                  dos.writeByte(0); // name type = hostname
//                  dos.writeShort(host_name.length);
//                  dos.write(host_name);
//                  dos.close();
//                  clientExtensions.put(ExtensionType.server_name,
baos.toByteArray());
//                  return clientExtensions;
//               }
//
//               @Override
//               public TlsAuthentication getAuthentication()
//                        throws IOException
//               {
//                  return new TlsAuthentication()
//                  {
//
//                     @Override
//                     public void notifyServerCertificate(Certificate
serverCertificate) throws IOException
//                     {
//
//                        try
//                        {
//                           CertificateFactory cf =
CertificateFactory.getInstance("X.509");
//                           List<java.security.cert.Certificate> certs =
new LinkedList<java.security.cert.Certificate>();
//                           for (org.bouncycastle.asn1.x509.Certificate c :
serverCertificate.getCertificateList())
//                           {
//                              certs.add(cf.generateCertificate(new
ByteArrayInputStream(c.getEncoded())));
//                           }
//                           peertCerts = certs.toArray(new
java.security.cert.Certificate[0]);
//                        }
//                        catch (CertificateException e)
//                        {
//                           System.out.println("Failed to cache server
certs" + e);
//                           throw new IOException(e);
//                        }
//
//                     }
//
//                     @Override
//                     public TlsCredentials
getClientCredentials(CertificateRequest arg0)
//                              throws IOException
//                     {
//                        return null;
//                     }
//
//                  };
//
//               }
//
//            });
            {
                @SuppressWarnings("unchecked")
                @Override
                public Hashtable<Integer, byte[]> getClientExtensions()
throws IOException
                {
                    Hashtable<Integer, byte[]> clientExtensions =
super.getClientExtensions();
                    if (clientExtensions == null)
                    {
                        clientExtensions = new Hashtable<Integer, byte[]>();
                    }

                    // Add host_name
                    byte[] host_name = host.getBytes();
                   
                    final ByteArrayOutputStream baos = new
ByteArrayOutputStream();
                   
                    final DataOutputStream dos = new DataOutputStream(baos);
                   
                    dos.writeShort(host_name.length + 3);
                    dos.writeByte(0); //
                    dos.writeShort(host_name.length);
                    dos.write(host_name);
                    dos.close();
                   
                    clientExtensions.put(ExtensionType.server_name,
baos.toByteArray());
                   
                    return clientExtensions;
                }

               
                public TlsAuthentication getAuthentication()
                        throws IOException
                {
                    return new TlsAuthentication()
                    {

                       
                        public void notifyServerCertificate(Certificate
serverCertificate) throws IOException
                        {
                           
                            try
                            {
                                KeyStore ks = _loadKeyStore();
                                // Log.to("util").info(">>>>>>>> KeyStore :
" + ks.size());

                                CertificateFactory cf =
CertificateFactory.getInstance("X.509");
                                List<java.security.cert.Certificate> certs =
new LinkedList<java.security.cert.Certificate>();
                                boolean trustedCertificate = false;
                                for (org.bouncycastle.asn1.x509.Certificate
c : serverCertificate.getCertificateList())
                                {
                                    java.security.cert.Certificate cert =
cf.generateCertificate(new ByteArrayInputStream(c
                                            .getEncoded()));
                                    certs.add(cert);

                                    String alias =
ks.getCertificateAlias(cert);
                                    if (alias != null)
                                    {
                                        // Log.to("util").info(">>> Trusted
cert\n" + c.getSubject().toString());
                                        if (cert instanceof
java.security.cert.X509Certificate)
                                        {
                                            try
                                            {
                                               
((java.security.cert.X509Certificate) cert).checkValidity();
                                                trustedCertificate = true;
                                                //
Log.to("util").info("Certificate is active for current date\n" + cert);
                                            }
                                            catch
(CertificateExpiredException cee)
                                            {
                                                //
R01FLog.to("r01f.util").info("Certificate is expired...");
                                            }
                                        }
                                    }
                                    else
                                    {
                                        // Log.to("util").info(">>> Unknown
cert " + c.getSubject().toString());
                                        // Log.to("util").fine("" + cert);
                                    }

                                }
                                if (!trustedCertificate)
                                {
                                    throw new CertificateException("Unknown
cert " + serverCertificate);
                                }
                                peertCerts = certs.toArray(new
java.security.cert.Certificate[0]);
                            }
                            catch (Exception ex)
                            {
                                ex.printStackTrace();
                                throw new IOException();
                            }
                           
                        }

                       
                        public TlsCredentials
getClientCredentials(CertificateRequest arg0)
                                throws IOException
                        {
                            return null;
                        }

                        /**
                         * Private method to load keyStore with system or
default properties.
                         *
                         * @return
                         * @throws Exception
                         */
                        private KeyStore _loadKeyStore() throws Exception
                        {
                            FileInputStream trustStoreFis = null;
                            try
                            {
                                String sysTrustStore = null;
                                File trustStoreFile = null;

                                KeyStore localKeyStore = null;

                                sysTrustStore =
System.getProperty("javax.net.ssl.trustStore");
                                String javaHome;
                                if (!"NONE".equals(sysTrustStore))
                                {
                                    if (sysTrustStore != null)
                                    {
                                        trustStoreFile = new
File(sysTrustStore);
                                        trustStoreFis =
_getFileInputStream(trustStoreFile);
                                    }
                                    else
                                    {
                                        javaHome =
System.getProperty("java.home");
                                        trustStoreFile = new File(javaHome +
File.separator + "lib" + File.separator
                                                + "security" +
File.separator + "jssecacerts");

                                        if ((trustStoreFis =
_getFileInputStream(trustStoreFile)) == null)
                                        {
                                            trustStoreFile = new
File(javaHome + File.separator + "lib" + File.separator
                                                    + "security" +
File.separator + "cacerts");
                                            trustStoreFis =
_getFileInputStream(trustStoreFile);
                                        }
                                    }

                                    if (trustStoreFis != null)
                                    {
                                        sysTrustStore =
trustStoreFile.getPath();
                                    }
                                    else
                                    {
                                        sysTrustStore = "No File Available,
using empty keystore.";
                                    }
                                }

                                String trustStoreType =
System.getProperty("javax.net.ssl.trustStoreType") != null ? System
                                       
.getProperty("javax.net.ssl.trustStoreType") : KeyStore.getDefaultType();
                                String trustStoreProvider =
System.getProperty("javax.net.ssl.trustStoreProvider") != null ? System
                                       
.getProperty("javax.net.ssl.trustStoreProvider")
                                        : "";

                                if (trustStoreType.length() != 0)
                                {
                                    if (trustStoreProvider.length() == 0)
                                    {
                                        localKeyStore =
KeyStore.getInstance(trustStoreType);
                                    }
                                    else
                                    {
                                        localKeyStore =
KeyStore.getInstance(trustStoreType, trustStoreProvider);
                                    }

                                    char[] keyStorePass = null;
                                    String str5 =
System.getProperty("javax.net.ssl.trustStorePassword") != null ? System
                                           
.getProperty("javax.net.ssl.trustStorePassword") : "";

                                    if (str5.length() != 0)
                                    {
                                        keyStorePass = str5.toCharArray();
                                    }

                                    localKeyStore.load(trustStoreFis,
(char[]) keyStorePass);

                                    if (keyStorePass != null)
                                    {
                                        for (int i = 0; i <
keyStorePass.length; i++)
                                        {
                                            keyStorePass[i] = 0;
                                        }
                                    }
                                }
                                return (KeyStore) localKeyStore;
                            }
                            finally
                            {
                                if (trustStoreFis != null)
                                {
                                    trustStoreFis.close();
                                }
                            }
                        }

                        private FileInputStream _getFileInputStream(File
paramFile) throws Exception
                        {
                       
                            if (paramFile.exists())
                            {
                           
                                return new FileInputStream(paramFile);
                            }
                            return null;
                        }

                    };

                }

            });

         }

      };// Socket

   }
}
//



--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html

Reply | Threaded
Open this post in threaded view
|

Re: BCJSSE close notify problem

Peter Dettman-3
In reply to this post by Huangfu
Hi Hwangfu,

TlsCloseNotifyException is thrown when the remote peer fails to send a
close_notify warning alert before closing the connection. When this
alert is missing, there is the possibility of a truncation attack (data
missing from the end). For some protocols (usually including HTTPS),
this may be tolerated if the application data still parses correctly.

So, in your example, if you see TlsCloseNotifyException, it means maybe
you didn't receive the whole response. You have to check the response
itself is e.g. correctly formatted HTML.

I want to mention that the TLS code you are using is our legacy API. I
would suggest you upgrade to BC 1.59 and use bctls-jdk15on-159.jar,
which contains a JSSE provider ("BCJSSE"). By registering the BCJSSE
provider, you can then use it via the javax.net.ssl classes. Also, if
you want to write an HTTPS client, you can then use a mature HTTPS
implementation (e.g. Apache HttpComponents) configured with BCJSSE.

You may find many code examples on the internet using
org.bounycastle.crypto.tls, but these are from before BCJSSE was
available, and BCJSSE is a much better choice for almost everybody now.

Regards,
Pete Dettman


On 17/5/18 9:46 am, Huangfu wrote:

> hello
>    we use
> https://github.com/fiorenzino/client16/blob/master/src/test/java/com/jpeppol/client16/MyTLSSocketSecureFactory.java
> to build  axis1.4 webservice client use SimpleTestHttp test link
> nnb.tbb.com.tw this code is:(nnb.tbb.com.tw is open)
> //
> import java.io.IOException;
> import java.io.BufferedReader;
> import java.io.InputStreamReader;
> import java.net.Socket;
>
> import org.bouncycastle.crypto.tls.CertificateRequest;
> import org.bouncycastle.crypto.tls.DefaultTlsClient;
> import org.bouncycastle.crypto.tls.TlsAuthentication;
> import org.bouncycastle.crypto.tls.TlsClientProtocol;
> import org.bouncycastle.crypto.tls.TlsCredentials;
>
> /**
>  * Created by fiorenzo on 10/06/16.
>  */
> public class SimpleTestHttp {
>
>
>     public static void main(String[] args) throws Exception {
>         java.security.SecureRandom secureRandom = new
> java.security.SecureRandom();
>         Socket socket = new
> Socket(java.net.InetAddress.getByName("nnb.tbb.com.tw"), 443);
>         TlsClientProtocol protocol = new
> TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(),
> secureRandom);
>         DefaultTlsClient client = new DefaultTlsClient() {
>             public TlsAuthentication getAuthentication() throws IOException
> {
>                 TlsAuthentication auth = new TlsAuthentication() {
>                     // Capture the server certificate information!
>                     public void
> notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate
> serverCertificate) throws IOException {
>                     }
>
>                     public TlsCredentials
> getClientCredentials(CertificateRequest certificateRequest) throws
> IOException {
>                         return null;
>                     }
>                 };
>                 return auth;
>             }
>         };
>         protocol.connect(client);
>
>         java.io.OutputStream output = protocol.getOutputStream();
>         output.write("GET / HTTP/1.1\r\n".getBytes("UTF-8"));
>         output.write("Host: ap-test.jpeppol.com\r\n".getBytes("UTF-8"));
>         output.write("Connection: close\r\n".getBytes("UTF-8")); // So the
> server will close socket immediately.
>         output.write("\r\n".getBytes("UTF-8")); // HTTP1.1 requirement: last
> line must be empty line.
>         output.flush();
>
>         java.io.InputStream input = protocol.getInputStream();
>         BufferedReader reader = new BufferedReader(new
> InputStreamReader(input));
>         String line;
>         while ((line = reader.readLine()) != null) {
>             System.out.println(line);
>             //System.out.println("KKK");
>            
>         }
>     }
> }
> //
> is appear
> //
> HTTP/1.1 200 OK
> Date: Thu, 17 May 2018 02:33:00 GMT
> Last-Modified: Wed, 11 Feb 2009 05:48:21 GMT
> ETag: "2e267-e6-26bb3340"
> Accept-Ranges: bytes
> Content-Length: 230
> Connection: close
> Content-Type: text/html
> Set-Cookie:
> TS01db7c90=014dc385f0bf9942f4cb5c66f5ef66a5ad6e707db855d9d27378ae56f16a75190d1aec5a8a;
> Path=/
>
> <html>
> Exception in thread "main"
> org.bouncycastle.crypto.tls.TlsNoCloseNotifyException: No close_notify alert
> received before connection closed
> at org.bouncycastle.crypto.tls.TlsProtocol.safeReadRecord(Unknown Source)
> at org.bouncycastle.crypto.tls.TlsProtocol.readApplicationData(Unknown
> Source)
> at org.bouncycastle.crypto.tls.TlsInputStream.read(Unknown Source)
> at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411)
> at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453)
> at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
> at java.io.InputStreamReader.read(InputStreamReader.java:167)
> at java.io.BufferedReader.fill(BufferedReader.java:136)
> at java.io.BufferedReader.readLine(BufferedReader.java:299)
> at java.io.BufferedReader.readLine(BufferedReader.java:362)
> at userstar.SimpleTestHttp.main(SimpleTestHttp.java:49)
> <head>
> <title>Web-Page-Redirect</title>
>
> </head>
> <body onload="return URLRedirect();">
> </body>
> </html>
> ///
> is web service server error or web service client is error
> if  web service server error  How to fix?
> if  web service client Can avoid the exception? I can fix it ?  thanks
>
> regards
> Hwangfu
>
>
>
>
>
>
> --
> Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html
>


Reply | Threaded
Open this post in threaded view
|

Re: BCJSSE close notify problem

Huangfu
In reply to this post by Huangfu
Hello Peter :
   can to fix MyTLSSocketSecureFactory.java and
TSLSocketConnectionFactory.java to Improve the error
link www.google.com  is error,but other https link is  success not appear
close_notify,This is what I don't understand,In test operation use eclipse
is appear:
//
Caused by: org.w3c.dom.DOMException: NodeImpl Not found
        at org.apache.axis.message.NodeImpl.removeChild(NodeImpl.java:515)
        at org.apache.axis.message.NodeImpl.setParent(NodeImpl.java:789)
        at org.apache.axis.message.NodeImpl.setParentElement(NodeImpl.java:632)
        ... 14 more
2018/5/23 上午 01:11:31 org.apache.axis.encoding.DeserializationContext
pushNewElement
//
Not all errors, partly correct,if www.google.com is appear error ,Is there
anything wrong with BCJSSE?
and which contains a JSSE provider ("BCJSSE"). By registering the BCJSSE
provider, add TSLSocketConnectionFactory.java
//
if (Security.getProvider(BouncyCastleJsseProvider.PROVIDER_NAME) == null) {
                    Security.addProvider(new BouncyCastleJsseProvider());
                }
//
and java.security  use
//
security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
security.provider.3=org.bouncycastle.jce.provider.BouncyCastleProvider
//
or have  you the better sample code can use ?

Regards
HwangFu









--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html

Reply | Threaded
Open this post in threaded view
|

Re: BCJSSE close notify problem

Peter Dettman-3
There is a simple HTTPS client example here:

https://github.com/bcgit/bc-java/blob/master/tls/src/test/java/org/bouncycastle/jsse/provider/test/BCJSSEClientTest.java

Change 'host' to "www.google.com" and 'port' to 443 and you should see
that it works fine. Also, there is no need to write your own
SSLSocketFactory.

If you register BouncyCastleJsseProvider in java.security, then you do
not need Security.addProvider.

Regards,
Pete Dettman

On 23/5/18 8:40 am, Huangfu wrote:

> Hello Peter :
>    can to fix MyTLSSocketSecureFactory.java and
> TSLSocketConnectionFactory.java to Improve the error
> link www.google.com  is error,but other https link is  success not appear
> close_notify,This is what I don't understand,In test operation use eclipse
> is appear:
> //
> Caused by: org.w3c.dom.DOMException: NodeImpl Not found
> at org.apache.axis.message.NodeImpl.removeChild(NodeImpl.java:515)
> at org.apache.axis.message.NodeImpl.setParent(NodeImpl.java:789)
> at org.apache.axis.message.NodeImpl.setParentElement(NodeImpl.java:632)
> ... 14 more
> 2018/5/23 上午 01:11:31 org.apache.axis.encoding.DeserializationContext
> pushNewElement
> //
> Not all errors, partly correct,if www.google.com is appear error ,Is there
> anything wrong with BCJSSE?
> and which contains a JSSE provider ("BCJSSE"). By registering the BCJSSE
> provider, add TSLSocketConnectionFactory.java
> //
> if (Security.getProvider(BouncyCastleJsseProvider.PROVIDER_NAME) == null) {
>    Security.addProvider(new BouncyCastleJsseProvider());
> }
> //
> and java.security  use
> //
> security.provider.1=sun.security.provider.Sun
> security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
> security.provider.3=org.bouncycastle.jce.provider.BouncyCastleProvider
> //
> or have  you the better sample code can use ?
>
> Regards
> HwangFu
>
>
>
>
>
>
>
>
>
> --
> Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html
>


Reply | Threaded
Open this post in threaded view
|

Re: BCJSSE close notify problem

Huangfu
hello peter:
   I test the sample code is error:
   //
org.bouncycastle.jsse.provider.ProvKeyManagerFactorySpi engineInit
資訊: Initialized with empty key store
Exception in thread "main" java.lang.RuntimeException: Export restriction:
SSLSocketFactory supports non-pluggable ciphersuite(s)
        at
com.sun.net.ssl.internal.ssl.ExportControl.checkCipherSuites(ExportControl.java:176)
        at javax.net.ssl.SSLContext.getSocketFactory(SSLContext.java:164)
        at userstar.BCJSSEClientTest.main(BCJSSEClientTest.java:110)
//
   SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); is
error

I must to write anycode to the sample code  and I use
jdk1.5.01\jre\lib\security\cacerts set Trust certificate

Best Regards
Hwangfu






--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html

Reply | Threaded
Open this post in threaded view
|

Re: BCJSSE close notify problem

Huangfu
In reply to this post by Peter Dettman-3
Hello Peter
  link the previous question and I use axis1.4 and How to use this code to
receive and send the webservice?
and I must use many host and port ,Whether to establish a client for each
connection?
Is it possible to provide my source code? Please help?
thanks
//



--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html

Reply | Threaded
Open this post in threaded view
|

Re: BCJSSE close notify problem

Huangfu
In reply to this post by Peter Dettman-3
//GoldService.java
public interface GoldService extends javax.xml.rpc.Service {
    public java.lang.String getGoldServiceHttpPortAddress();

    public bank.ws.GoldServicePortType getGoldServiceHttpPort() throws
javax.xml.rpc.ServiceException;

    public bank.ws.GoldServicePortType getGoldServiceHttpPort(java.net.URL
portAddress) throws javax.xml.rpc.ServiceException; }
//GoldServiceHttpBindingStub.java import java.security.Security;

import org.apache.axis.AxisProperties;

public class GoldServiceHttpBindingStub extends org.apache.axis.client.Stub
implements bank.ws.GoldServicePortType {
    private java.util.Vector cachedSerClasses = new java.util.Vector();
    private java.util.Vector cachedSerQNames = new java.util.Vector();
    private java.util.Vector cachedSerFactories = new java.util.Vector();
    private java.util.Vector cachedDeserFactories = new java.util.Vector();

    static org.apache.axis.description.OperationDesc [] _operations;

    static {
        _operations = new org.apache.axis.description.OperationDesc[1];
        _initOperationDesc1();
    }

    private static void _initOperationDesc1(){
        org.apache.axis.description.OperationDesc oper;
        org.apache.axis.description.ParameterDesc param;
        oper = new org.apache.axis.description.OperationDesc();
        oper.setName("informGoldValue");
        param = new org.apache.axis.description.ParameterDesc(new
javax.xml.namespace.QName("http://ws.fstop", "in0"),
org.apache.axis.description.ParameterDesc.IN, new
javax.xml.namespace.QName("http://ws.fstop", "Gold"), bank.ws.Gold.class,
false, false);
        param.setNillable(true);
        oper.addParameter(param);
        oper.setReturnType(new javax.xml.namespace.QName("http://ws.fstop",
"GoldSell"));
        oper.setReturnClass(bank.ws.GoldSell.class);
        oper.setReturnQName(new javax.xml.namespace.QName("http://ws.fstop",
"out"));
        oper.setStyle(org.apache.axis.constants.Style.WRAPPED);
        oper.setUse(org.apache.axis.constants.Use.LITERAL);
        _operations[0] = oper;

    }

    public GoldServiceHttpBindingStub() throws org.apache.axis.AxisFault {
         this(null);
    }

    public GoldServiceHttpBindingStub(java.net.URL endpointURL,
javax.xml.rpc.Service service) throws org.apache.axis.AxisFault {
         this(service);
         super.cachedEndpoint = endpointURL;
    }

    public GoldServiceHttpBindingStub(javax.xml.rpc.Service service) throws
org.apache.axis.AxisFault {
        if (service == null) {
            super.service = new org.apache.axis.client.Service();
        } else {
            super.service = service;
        }
       
((org.apache.axis.client.Service)super.service).setTypeMappingVersion("1.2");
            java.lang.Class cls;
            javax.xml.namespace.QName qName;
            javax.xml.namespace.QName qName2;
            java.lang.Class beansf =
org.apache.axis.encoding.ser.BeanSerializerFactory.class;
            java.lang.Class beandf =
org.apache.axis.encoding.ser.BeanDeserializerFactory.class;
            java.lang.Class enumsf =
org.apache.axis.encoding.ser.EnumSerializerFactory.class;
            java.lang.Class enumdf =
org.apache.axis.encoding.ser.EnumDeserializerFactory.class;
            java.lang.Class arraysf =
org.apache.axis.encoding.ser.ArraySerializerFactory.class;
            java.lang.Class arraydf =
org.apache.axis.encoding.ser.ArrayDeserializerFactory.class;
            java.lang.Class simplesf =
org.apache.axis.encoding.ser.SimpleSerializerFactory.class;
            java.lang.Class simpledf =
org.apache.axis.encoding.ser.SimpleDeserializerFactory.class;
            java.lang.Class simplelistsf =
org.apache.axis.encoding.ser.SimpleListSerializerFactory.class;
            java.lang.Class simplelistdf =
org.apache.axis.encoding.ser.SimpleListDeserializerFactory.class;
            qName = new javax.xml.namespace.QName("http://ws.fstop",
"ArrayOfGoldProduct");
            cachedSerQNames.add(qName);
            cls = bank.ws.GoldProduct[].class;
            cachedSerClasses.add(cls);
            qName = new javax.xml.namespace.QName("http://ws.fstop",
"GoldProduct");
            qName2 = new javax.xml.namespace.QName("http://ws.fstop",
"GoldProduct");
            cachedSerFactories.add(new
org.apache.axis.encoding.ser.ArraySerializerFactory(qName, qName2));
            cachedDeserFactories.add(new
org.apache.axis.encoding.ser.ArrayDeserializerFactory());

            qName = new javax.xml.namespace.QName("http://ws.fstop",
"ArrayOfGoldSellProduct");
            cachedSerQNames.add(qName);
            cls = bank.ws.GoldSellProduct[].class;
            cachedSerClasses.add(cls);
            qName = new javax.xml.namespace.QName("http://ws.fstop",
"GoldSellProduct");
            qName2 = new javax.xml.namespace.QName("http://ws.fstop",
"GoldSellProduct");
            cachedSerFactories.add(new
org.apache.axis.encoding.ser.ArraySerializerFactory(qName, qName2));
            cachedDeserFactories.add(new
org.apache.axis.encoding.ser.ArrayDeserializerFactory());

            qName = new javax.xml.namespace.QName("http://ws.fstop",
"Gold");
            cachedSerQNames.add(qName);
            cls = bank.ws.Gold.class;
            cachedSerClasses.add(cls);
            cachedSerFactories.add(beansf);
            cachedDeserFactories.add(beandf);

            qName = new javax.xml.namespace.QName("http://ws.fstop",
"GoldProduct");
            cachedSerQNames.add(qName);
            cls = bank.ws.GoldProduct.class;
            cachedSerClasses.add(cls);
            cachedSerFactories.add(beansf);
            cachedDeserFactories.add(beandf);

            qName = new javax.xml.namespace.QName("http://ws.fstop",
"GoldSell");
            cachedSerQNames.add(qName);
            cls = bank.ws.GoldSell.class;
            cachedSerClasses.add(cls);
            cachedSerFactories.add(beansf);
            cachedDeserFactories.add(beandf);

            qName = new javax.xml.namespace.QName("http://ws.fstop",
"GoldSellProduct");
            cachedSerQNames.add(qName);
            cls = bank.ws.GoldSellProduct.class;
            cachedSerClasses.add(cls);
            cachedSerFactories.add(beansf);
            cachedDeserFactories.add(beandf);

    }

    protected org.apache.axis.client.Call createCall() throws
java.rmi.RemoteException {
        try {
            org.apache.axis.client.Call _call = super._createCall();
            if (super.maintainSessionSet) {
                _call.setMaintainSession(super.maintainSession);
            }
            if (super.cachedUsername != null) {
                _call.setUsername(super.cachedUsername);
            }
            if (super.cachedPassword != null) {
                _call.setPassword(super.cachedPassword);
            }
            if (super.cachedEndpoint != null) {
                _call.setTargetEndpointAddress(super.cachedEndpoint);
            }
            if (super.cachedTimeout != null) {
                _call.setTimeout(super.cachedTimeout);
            }
            if (super.cachedPortName != null) {
                _call.setPortName(super.cachedPortName);
            }
            java.util.Enumeration keys = super.cachedProperties.keys();
            while (keys.hasMoreElements()) {
                java.lang.String key = (java.lang.String)
keys.nextElement();
                _call.setProperty(key, super.cachedProperties.get(key));
            }
            // All the type mapping information is registered
            // when the first call is made.
            // The type mapping information is actually registered in
            // the TypeMappingRegistry of the service, which
            // is the reason why registration is only needed for the first
call.
            synchronized (this) {
                if (firstCall()) {
                    // must set encoding style before registering
serializers
                    _call.setEncodingStyle(null);
                    for (int i = 0; i < cachedSerFactories.size(); ++i) {
                        java.lang.Class cls = (java.lang.Class)
cachedSerClasses.get(i);
                        javax.xml.namespace.QName qName =
                                (javax.xml.namespace.QName)
cachedSerQNames.get(i);
                        java.lang.Object x = cachedSerFactories.get(i);
                        if (x instanceof Class) {
                            java.lang.Class sf = (java.lang.Class)
                                 cachedSerFactories.get(i);
                            java.lang.Class df = (java.lang.Class)
                                 cachedDeserFactories.get(i);
                            _call.registerTypeMapping(cls, qName, sf, df,
false);
                        }
                        else if (x instanceof
javax.xml.rpc.encoding.SerializerFactory) {
                            org.apache.axis.encoding.SerializerFactory sf =
(org.apache.axis.encoding.SerializerFactory)
                                 cachedSerFactories.get(i);
                            org.apache.axis.encoding.DeserializerFactory df
= (org.apache.axis.encoding.DeserializerFactory)
                                 cachedDeserFactories.get(i);
                            _call.registerTypeMapping(cls, qName, sf, df,
false);
                        }
                    }
                }
            }
            return _call;
        }
        catch (java.lang.Throwable _t) {
            throw new org.apache.axis.AxisFault("Failure trying to get the
Call object", _t);
        }
    }

    public bank.ws.GoldSell informGoldValue(bank.ws.Gold in0) throws
java.rmi.RemoteException {
        if (super.cachedEndpoint == null) {
            throw new org.apache.axis.NoEndPointException();
        }
        org.apache.axis.client.Call _call = createCall();
        _call.setOperation(_operations[0]);
        _call.setUseSOAPAction(true);
        _call.setSOAPActionURI("");
        _call.setEncodingStyle(null);
        _call.setProperty(org.apache.axis.client.Call.SEND_TYPE_ATTR,
Boolean.FALSE);
        _call.setProperty(org.apache.axis.AxisEngine.PROP_DOMULTIREFS,
Boolean.FALSE);
       
_call.setSOAPVersion(org.apache.axis.soap.SOAPConstants.SOAP11_CONSTANTS);
        _call.setOperationName(new
javax.xml.namespace.QName("http://ws.fstop", "informGoldValue"));

        setRequestHeaders(_call);
        setAttachments(_call);
   
   
 try {        java.lang.Object _resp = _call.invoke(new java.lang.Object[]
{in0});

        if (_resp instanceof java.rmi.RemoteException) {
            throw (java.rmi.RemoteException)_resp;
        }
        else {
            extractAttachments(_call);
            try {
                return (bank.ws.GoldSell) _resp;
            } catch (java.lang.Exception _exception) {
                return (bank.ws.GoldSell)
org.apache.axis.utils.JavaUtils.convert(_resp, bank.ws.GoldSell.class);
            }
        }
  } catch (org.apache.axis.AxisFault axisFaultException) {
  throw axisFaultException;
}
    }

}
//GoldServiceLocator.java
import javax.activation.DataHandler;
import javax.mail.internet.MimeMultipart;
import java.sql.*;
import java.io.*;
import java.util.*;
import java.util.Date;
import javax.naming.*;
import java.util.Properties;
import java.text.*;
import javax.sql.*;
import userstar.*;


public class GoldServiceLocator extends org.apache.axis.client.Service
implements bank.ws.GoldService {

    public GoldServiceLocator() {
    }
   
    private Connection conn=null;
        private Statement Stmt=null;
       



    public GoldServiceLocator(org.apache.axis.EngineConfiguration config) {
        super(config);
    }

    public GoldServiceLocator(java.lang.String wsdlLoc,
javax.xml.namespace.QName sName) throws javax.xml.rpc.ServiceException {
        super(wsdlLoc, sName);
    }
   
    public  String getPortAddress ()
    {
      String sql = "select * from tai_user where tai_user='008' ";
      String address="";
      try {
                Stmt = ConnBeanS.getStatement();
                ResultSet rs=Stmt.executeQuery(sql);
                if(rs.first())
                {
                  address = rs.getString("url");
                }
                ConnBeanS.setStatementClose(Stmt);
               
        } catch (Exception e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
        }
          return address ;
     
    }

    // Use to get a proxy class for GoldServiceHttpPort 210.61.159.98 test
196
    // test http://210.65.217.178:5555  //210.65.217.177:443
//epgw.hncb.com.tw
  private java.lang.String GoldServiceHttpPort_address = "
http://118.163.137.170/GoldService/GoldService.asmx";

    public java.lang.String getGoldServiceHttpPortAddress() {
    //GoldServiceHttpPort_address=getPortAddress ();
    return GoldServiceHttpPort_address;
    }

    // The WSDD service name defaults to the port name.
    private java.lang.String GoldServiceHttpPortWSDDServiceName =
"GoldServiceHttpPort";

    public java.lang.String getGoldServiceHttpPortWSDDServiceName() {
        return GoldServiceHttpPortWSDDServiceName;
    }

    public void setGoldServiceHttpPortWSDDServiceName(java.lang.String name)
{
        GoldServiceHttpPortWSDDServiceName = name;
    }

    public bank.ws.GoldServicePortType getGoldServiceHttpPort() throws
javax.xml.rpc.ServiceException {
       java.net.URL endpoint;
        try {
            endpoint = new java.net.URL(GoldServiceHttpPort_address);
        }
        catch (java.net.MalformedURLException e) {
            throw new javax.xml.rpc.ServiceException(e);
        }
        return getGoldServiceHttpPort(endpoint);
    }

    public bank.ws.GoldServicePortType getGoldServiceHttpPort(java.net.URL
portAddress) throws javax.xml.rpc.ServiceException {
        try {
            bank.ws.GoldServiceHttpBindingStub _stub = new
bank.ws.GoldServiceHttpBindingStub(portAddress, this);
            _stub.setPortName(getGoldServiceHttpPortWSDDServiceName());
            return _stub;
        }
        catch (org.apache.axis.AxisFault e) {
            return null;
        }
    }

    public void setGoldServiceHttpPortEndpointAddress(java.lang.String
address) {
        GoldServiceHttpPort_address = address;
    }

    /**
     * For the given interface, get the stub implementation.
     * If this service has no port for the given interface,
     * then ServiceException is thrown.
     */
    public java.rmi.Remote getPort(Class serviceEndpointInterface) throws
javax.xml.rpc.ServiceException {
        try {
            if
(bank.ws.GoldServicePortType.class.isAssignableFrom(serviceEndpointInterface))
{
                bank.ws.GoldServiceHttpBindingStub _stub = new
bank.ws.GoldServiceHttpBindingStub(new
java.net.URL(GoldServiceHttpPort_address), this);
                _stub.setPortName(getGoldServiceHttpPortWSDDServiceName());
                return _stub;
            }
        }
        catch (java.lang.Throwable t) {
            throw new javax.xml.rpc.ServiceException(t);
        }
        throw new javax.xml.rpc.ServiceException("There is no stub
implementation for the interface:  " + (serviceEndpointInterface == null ?
"null" : serviceEndpointInterface.getName()));
    }

    /**
     * For the given interface, get the stub implementation.
     * If this service has no port for the given interface,
     * then ServiceException is thrown.
     */
    public java.rmi.Remote getPort(javax.xml.namespace.QName portName, Class
serviceEndpointInterface) throws javax.xml.rpc.ServiceException {
        if (portName == null) {
            return getPort(serviceEndpointInterface);
        }
        java.lang.String inputPortName = portName.getLocalPart();
        if ("GoldServiceHttpPort".equals(inputPortName)) {
            return getGoldServiceHttpPort();
        }
        else  {
            java.rmi.Remote _stub = getPort(serviceEndpointInterface);
            ((org.apache.axis.client.Stub) _stub).setPortName(portName);
            return _stub;
        }
    }

    public javax.xml.namespace.QName getServiceName() {
        return new javax.xml.namespace.QName("http://ws.fstop",
"GoldService");
    }

    private java.util.HashSet ports = null;

    public java.util.Iterator getPorts() {
        if (ports == null) {
            ports = new java.util.HashSet();
            ports.add(new javax.xml.namespace.QName("http://ws.fstop",
"GoldServiceHttpPort"));
        }
        return ports.iterator();
    }

    /**
    * Set the endpoint address for the specified port name.
    */
    public void setEndpointAddress(java.lang.String portName,
java.lang.String address) throws javax.xml.rpc.ServiceException {
       
if ("GoldServiceHttpPort".equals(portName)) {
            setGoldServiceHttpPortEndpointAddress(address);
        }
        else
{ // Unknown Port Name
            throw new javax.xml.rpc.ServiceException(" Cannot set Endpoint
Address for Unknown Port" + portName);
        }
    }

    /**
    * Set the endpoint address for the specified port name.
    */
    public void setEndpointAddress(javax.xml.namespace.QName portName,
java.lang.String address) throws javax.xml.rpc.ServiceException {
        setEndpointAddress(portName.getLocalPart(), address);
    }

}
//GoldServicePortType.java
public interface GoldServicePortType extends java.rmi.Remote {
    public bank.ws.GoldSell informGoldValue(bank.ws.Gold in0) throws
java.rmi.RemoteException; } //GoldServicePortTypeProxy.java import
java.sql.ResultSet; import java.sql.Statement;

import org.apache.axis.EngineConfiguration;
import org.apache.axis.configuration.FileProvider;

import userstar.ConnBeanS;

public class GoldServicePortTypeProxy implements bank.ws.GoldServicePortType
{
  private String _endpoint = null;
  private bank.ws.GoldServicePortType goldServicePortType = null;
 
  public GoldServicePortTypeProxy() {
    _initGoldServicePortTypeProxy();
  }
 
  public GoldServicePortTypeProxy(String endpoint) {
    _endpoint = endpoint;
    _initGoldServicePortTypeProxy();
  }
  private Statement  Stmt=null;
  public  String getPortFile ()
  {
    String sql = "select * from tai_user where tai_user='008' ";
    String address="";
    try {
                Stmt = ConnBeanS.getStatement();
                ResultSet rs=Stmt.executeQuery(sql);
                if(rs.first())
                {
                  address = rs.getString("file_dir");
                }
                ConnBeanS.setStatementClose(Stmt);
               
        } catch (Exception e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
               
        }
          return address ;
   
  }
 
  private void _initGoldServicePortTypeProxy() {
    try {
    String file_dir = getPortFile ();
    EngineConfiguration config = new FileProvider(file_dir);
   
       //EngineConfiguration config = new
FileProvider("D:\\1212\\webservice\\web_client\\src\\fstop\\ws\\wsclient_deploy.wsdd");
      goldServicePortType = (new
bank.ws.GoldServiceLocator(config)).getGoldServiceHttpPort();
      if (goldServicePortType != null) {
        if (_endpoint != null)
         
((javax.xml.rpc.Stub)goldServicePortType)._setProperty("javax.xml.rpc.service.endpoint.address",
_endpoint);
        else
          _endpoint =
(String)((javax.xml.rpc.Stub)goldServicePortType)._getProperty("javax.xml.rpc.service.endpoint.address");
      }
     
    }
    catch (javax.xml.rpc.ServiceException serviceException) {}
  }
 
  public String getEndpoint() {
    return _endpoint;
  }
 
  public void setEndpoint(String endpoint) {
    _endpoint = endpoint;
    if (goldServicePortType != null)
     
((javax.xml.rpc.Stub)goldServicePortType)._setProperty("javax.xml.rpc.service.endpoint.address",
_endpoint);
   
  }
 
  public bank.ws.GoldServicePortType getGoldServicePortType() {
    if (goldServicePortType == null)
      _initGoldServicePortTypeProxy();
    return goldServicePortType;
  }
 
  public bank.ws.GoldSell informGoldValue(bank.ws.Gold in0) throws
java.rmi.RemoteException{
    if (goldServicePortType == null)
      _initGoldServicePortTypeProxy();
    return goldServicePortType.informGoldValue(in0);
  }
 
 
}
//PWCallback.java

import java.io.IOException;

import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

import java.sql.*;
import java.io.*;
import java.util.*;
import java.util.Date;
import javax.naming.*;
import java.util.Properties;
import java.text.*;
import javax.sql.*;
import userstar.*;



/**

 * PWCallback for the Client

 */

public class PWCallback implements CallbackHandler {



    /**

     * @see
javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])

     */
        private Connection conn=null;
        private Statement  Stmt=null;
       

       

    public void handle(Callback[] callbacks) throws IOException,

                    UnsupportedCallbackException {
   
    String sql="select * from tai_user where tai_user='008'";
    String pwd="";
    String user="";
    try {
    Stmt = ConnBeanS.getStatement();
   
    ResultSet rs=Stmt.executeQuery(sql);
    if(rs.first())
    {
    pwd = rs.getString("password");
    user = rs.getString("user_name");
    }
   
    ConnBeanS.setStatementClose(Stmt);
    }
    catch(Exception e) {
    e.printStackTrace();
    }

        for (int i = 0; i < callbacks.length; i++) {

            if (callbacks[i] instanceof WSPasswordCallback) {

                WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];

                // set the password given a username

                if (user.equals(pc.getIdentifier())) {

                    pc.setPassword(pwd);

                }

            } else {

                throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");

            }

        }

    }

}
//client_deploy.wsdd
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

 <transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>

  <globalConfiguration >

   <requestFlow >

    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >

     <parameter name="action" value="UsernameToken"/>

     <parameter name="user" value="tom"/>

     <parameter name="passwordCallbackClass" value="bank.ws.PWCallback"/>

     <parameter name="passwordType" value="PasswordDigest"/>

    </handler>

   </requestFlow >

  </globalConfiguration >

</deployment>
//wsdl
<wsdl:definitions xmlns:soapenc12="http://www.w3.org/2003/05/soap-encoding"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://ws.fstop"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:soapenc11="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:soap12="http://www.w3.org/2003/05/soap-envelope"
targetNamespace="http://ws.fstop">
<wsdl:types>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
attributeFormDefault="qualified" elementFormDefault="qualified"
targetNamespace="http://ws.fstop">
<xsd:complexType name="Gold">
<xsd:all>
<xsd:element minOccurs="0" name="date" nillable="true" type="xsd:string"/>
<xsd:element minOccurs="0" name="kind" nillable="true" type="xsd:string"/>
<xsd:element minOccurs="0" name="curcd" nillable="true" type="xsd:string"/>
<xsd:element minOccurs="0" name="cnt" nillable="true" type="xsd:string"/>
<xsd:element minOccurs="0" name="time" nillable="true" type="xsd:string"/>
<xsd:element minOccurs="0" name="goldProduct" nillable="true"
type="tns:ArrayOfGoldProduct"/> </xsd:all> </xsd:complexType>
<xsd:complexType name="ArrayOfGoldProduct"> <xsd:sequence> <xsd:element
maxOccurs="unbounded" minOccurs="0" name="GoldProduct" nillable="true"
type="tns:GoldProduct"/> </xsd:sequence> </xsd:complexType> <xsd:complexType
name="GoldProduct"> <xsd:all> <xsd:element minOccurs="0" name="currec"
nillable="true" type="xsd:string"/> <xsd:element minOccurs="0" name="totrec"
nillable="true" type="xsd:string"/> <xsd:element minOccurs="0" name="goodno"
nillable="true" type="xsd:string"/> <xsd:element minOccurs="0" name="sell"
nillable="true" type="xsd:string"/> <xsd:element minOccurs="0" name="sellt"
nillable="true" type="xsd:string"/> <xsd:element minOccurs="0" name="buy"
nillable="true" type="xsd:string"/> <xsd:element minOccurs="0" name="dpdiff"
nillable="true" type="xsd:string"/> </xsd:all> </xsd:complexType>
<xsd:element name="informGoldValue"> <xsd:complexType> <xsd:sequence>
<xsd:element maxOccurs="1" minOccurs="1" name="in0" nillable="true"
type="tns:Gold"/> </xsd:sequence> </xsd:complexType> </xsd:element>
<xsd:complexType name="GoldSell"> <xsd:sequence> <xsd:element minOccurs="0"
name="msg_cod" nillable="true" type="xsd:string"/> <xsd:element
minOccurs="0" name="msg_desc" nillable="true" type="xsd:string"/>
<xsd:element minOccurs="0" name="date" nillable="true" type="xsd:string"/>
<xsd:element minOccurs="0" name="time" nillable="true" type="xsd:string"/>
<xsd:element minOccurs="0" name="bank_no" nillable="true"
type="xsd:string"/> <xsd:element minOccurs="0" name="curcd" nillable="true"
type="xsd:string"/> <xsd:element minOccurs="0" name="goldSellProduct"
nillable="true" type="tns:ArrayOfGoldSellProduct"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="ArrayOfGoldSellProduct"> <xsd:sequence> <xsd:element
maxOccurs="unbounded" minOccurs="0" name="GoldSellProduct" nillable="true"
type="tns:GoldSellProduct"/> </xsd:sequence> </xsd:complexType>
<xsd:complexType name="GoldSellProduct"> <xsd:sequence> <xsd:element
minOccurs="0" name="sale_kind" nillable="true" type="xsd:string"/>
<xsd:element minOccurs="0" name="goodno" nillable="true" type="xsd:string"/>
<xsd:element minOccurs="0" name="unit_price" nillable="true"
type="xsd:string"/> <xsd:element minOccurs="0" name="sale_amt"
nillable="true" type="xsd:string"/> <xsd:element minOccurs="0"
name="tax_amt" nillable="true" type="xsd:string"/> <xsd:element
minOccurs="0" name="discount_amt" nillable="true" type="xsd:string"/>
<xsd:element minOccurs="0" name="sale_q" nillable="true" type="xsd:string"/>
<xsd:element minOccurs="0" name="sale_oz" nillable="true"
type="xsd:string"/> <xsd:element minOccurs="0" name="take_q" nillable="true"
type="xsd:string"/> <xsd:element minOccurs="0" name="unit_price_g"
nillable="true" type="xsd:string"/> <xsd:element minOccurs="0" name="dpdiff"
nillable="true" type="xsd:string"/> </xsd:sequence> </xsd:complexType>
<xsd:element name="informGoldValueResponse"> <xsd:complexType>
<xsd:sequence> <xsd:element maxOccurs="1" minOccurs="1"
name="informGoldValueResult" nillable="true" type="tns:GoldSell"/>
</xsd:sequence> </xsd:complexType> </xsd:element> </xsd:schema>
</wsdl:types> <wsdl:message name="informGoldValueResponse"> <wsdl:part
name="parameters" element="tns:informGoldValueResponse"></wsdl:part>
</wsdl:message>
<wsdl:message name="informGoldValueRequest"> <wsdl:part name="parameters"
element="tns:informGoldValue"></wsdl:part>
</wsdl:message>
<wsdl:portType name="GoldServicePortType"> <wsdl:operation
name="informGoldValue"> <wsdl:input name="informGoldValueRequest"
message="tns:informGoldValueRequest"></wsdl:input>
<wsdl:output name="informGoldValueResponse"
message="tns:informGoldValueResponse"></wsdl:output>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="GoldServiceHttpBinding" type="tns:GoldServicePortType">
<wsdlsoap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="informGoldValue">
<wsdlsoap:operation soapAction=""/>
<wsdl:input name="informGoldValueRequest"> <wsdlsoap:body use="literal"/>
</wsdl:input> <wsdl:output name="informGoldValueResponse"> <wsdlsoap:body
use="literal"/> </wsdl:output> </wsdl:operation> </wsdl:binding>
<wsdl:service name="GoldService"> <wsdl:port name="GoldServiceHttpPort"
binding="tns:GoldServiceHttpBinding">
<wsdlsoap:address
location="http://localhost/services/GoldService.GoldServiceHttpPort/"/>
</wsdl:port>
<wsdl:port name="GoldServiceHttpsPort" binding="tns:GoldServiceHttpBinding">
<wsdlsoap:address
location="https://localhost/services/GoldService.GoldServiceHttpsPort/"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>

//

all code ,but I must use to add BSJSSE code in these code   thank

Best Regards
Hwangfu




--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html

Reply | Threaded
Open this post in threaded view
|

Re: BCJSSE close notify problem

Matti Aarnio
In reply to this post by Huangfu
Dear HwangFu,

The issue you have here is in how you edit your XML DOM data model,
and has nothing to do with BouncyCastle.

Your complete backtrace should show you the caller of the Axis DOM modules.
The issue is somewhere in there.

Best Regards,
Matti


On 23.05.2018 04:40, Huangfu wrote:
Hello Peter :
   can to fix MyTLSSocketSecureFactory.java and
TSLSocketConnectionFactory.java to Improve the error
link www.google.com  is error,but other https link is  success not appear
close_notify,This is what I don't understand,In test operation use eclipse
is appear:
//
Caused by: org.w3c.dom.DOMException: NodeImpl Not found
	at org.apache.axis.message.NodeImpl.removeChild(NodeImpl.java:515)
	at org.apache.axis.message.NodeImpl.setParent(NodeImpl.java:789)
	at org.apache.axis.message.NodeImpl.setParentElement(NodeImpl.java:632)
	... 14 more
2018/5/23 上午 01:11:31 org.apache.axis.encoding.DeserializationContext
pushNewElement
//
Not all errors, partly correct,if www.google.com is appear error ,Is there
anything wrong with BCJSSE?
and which contains a JSSE provider ("BCJSSE"). By registering the BCJSSE 
provider, add TSLSocketConnectionFactory.java
//
if (Security.getProvider(BouncyCastleJsseProvider.PROVIDER_NAME) == null) {
		    Security.addProvider(new BouncyCastleJsseProvider());
		}
//
and java.security  use
//
security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
security.provider.3=org.bouncycastle.jce.provider.BouncyCastleProvider
//
or have  you the better sample code can use ?

Regards 
HwangFu









--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html


Reply | Threaded
Open this post in threaded view
|

Re: BCJSSE close notify problem

Huangfu
Hello Matti:
   Yes, I know that it is an axis parsing problem, but it is not in my
program code. This will cause close_notify. In eclipse, it will display an
error but the data will still be received. But in server is close the
connecttion, the follow-up data cannot be received. Error is In http head,
use www.google.com is appear close_notify, so you want to avoid close_notify
so that the data can still be received and then closed, but can not be done,
follow-up test message is as follows:
//
Aused by: org.w3c.dom.DOMException: NodeImpl Not Found
At org.apache.axis.message.NodeImpl.removeChild(NodeImpl.java:515)
At org.apache.axis.message.NodeImpl.setParent(NodeImpl.java:789)
At org.apache.axis.message.NodeImpl.setParentElement(NodeImpl.java:632)
... 14 more
godsell.getBank_no()=godsell.getDate()=godsell.getMsg_cod()=EP90godsell.getMsg_desc()=Request
WebException,Status:ConnectFailure,Message:Remote server
godsell.getTime()=godsell.getGoldSellProduct()=[Lfubon.
ws.GoldSellProduct;@b8176d~~
//
It responded with the data value
But the actual use of the web server is
//
//
aultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
 faultSubcode:
 faultString: org.bouncycastle.crypto.tls.TlsNoCloseNotifyException: No
close_notify alert received before connection closed
 faultActor:
 faultNode:
 faultDetail:

{http://xml.apache.org/axis/}stackTrace:org.bouncycastle.crypto.tls.TlsNoCloseNotifyException:
No close_notify alert received before connection closed
        at org.bouncycastle.crypto.tls.TlsProtocol.safeReadRecord(Unknown
Source)
        at
org.bouncycastle.crypto.tls.TlsProtocol.readApplicationData(Unknown
Source)
        at org.bouncycastle.crypto.tls.TlsInputStream.read(Unknown Source)
        at java.io.BufferedInputStream.read1(BufferedInputStream.java:254)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
        at java.io.FilterInputStream.read(FilterInputStream.java:111)
        at
org.apache.crimson.parser.XmlReader$Utf8Reader.read(XmlReader.java:645)
        at
org.apache.crimson.parser.InputEntity.fillbuf(InputEntity.java:1068)
//
Want to know how to avoid close_notify?

Regards
HwangFU



--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html

Reply | Threaded
Open this post in threaded view
|

Re: BCJSSE close notify problem

Huangfu
I use to connecttion Tomcat 7.0 TLSv1.1 and TLSv1.2 and send and receive is
success,but use .net webservice send is success,but recieve is not
work,appear
//
stackTrace:org.bouncycastle.crypto.tls.TlsNoCloseNotifyException:
No close_notify alert received before connection closed
//
other .net and IBM webservice is support TLSv1.0,TLSv1.1,TLSv1.2,Tomcate 7.0
webservice TLSv1.0,TLSv1.1,TLSv1.2 and  TLSv1.1,TLSv1.2 is can use,
I test in domain name is appear : close_notify error ,Not yet connected to
webservice,Whether the domain name connect is appear error?
but use JSSE in TLSv1.0  Resolution is normal?but not  support TLSv1.1
above?
is use BCJSSE receive data to Resolution Cause error?or other ?

Best Regards
HwangFu




--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html

Reply | Threaded
Open this post in threaded view
|

Re: BCJSSE close notify problem

Huangfu
Hi Peter:
.net's error message does not know whether it is related to the following
https://github.com/dotnet/corefx/issues/12213

Regards
HwangFu



--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html