Discussion:
getting Mono WSDL.EXE to process https
Orlando Andico
2006-03-07 02:18:37 UTC
Permalink
i'm trying to digest an extremely complicated WSDL which my Perl SOAP::Lite
powers can't handle. worse, the web service is sitting behind a firewall and
so i can't explore it with Mindreef SOAPScope. so i have to run my
exploration tools on the actual machine which will contact the web service.
this machine is remote, and is running Linux, so i can't run VS.NET on it
:)

i've been trying to use the WSDL.EXE from Mono 1.1 to download the WSDL and
create a stub. Unfortunately, the web service does not have a valid https
certificate, so WSDL.EXE is bombing out with "trust failure."

ideas?


--
Orlando Andico, MCP, RHCE
http://orlygoingthirty.blogspot.com
Roger Filomeno
2006-03-07 02:58:08 UTC
Permalink
just wget the wsdl then save it as .xml or you can host it to a server and
have SoapScope read it.
Post by Orlando Andico
i'm trying to digest an extremely complicated WSDL which my Perl
SOAP::Lite powers can't handle. worse, the web service is sitting behind a
firewall and so i can't explore it with Mindreef SOAPScope. so i have to run
my exploration tools on the actual machine which will contact the web
service. this machine is remote, and is running Linux, so i can't run
VS.NET <http://vs.net/> on it :)
i've been trying to use the WSDL.EXE from Mono 1.1 to download the WSDL
and create a stub. Unfortunately, the web service does not have a valid
https certificate, so WSDL.EXE is bombing out with "trust failure."
ideas?
--
Orlando Andico, MCP, RHCE
http://orlygoingthirty.blogspot.com
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
--
Roger P. Filomeno
Mobile Specialist / R&D
http://corrupted partition.blogspot.com/
Finger Apps Inc, http://fingerapps.com
TXTMOKKO, http://txtmokko.com
MyAyala, http://myayala.com
KayaMoney e-Commerce, http://kayamoney.com/
KayaShop e-Market, http://kayamoney.com/shop/
*Registered Linux User # 367694
*VOIP # 6539822 (InPhonex)
*PGP IDs: 0xCB5F3FF7 / 0xBC0BFBA2 (http://keyserver.pgp.com)
Orlando Andico
2006-03-07 03:04:11 UTC
Permalink
Post by Roger Filomeno
just wget the wsdl then save it as .xml or you can host it to a server and
have SoapScope read it.
tried that. the WSDL has a ServiceFacade and it didn't work because the
action URL is HTTPS and WSDL.EXE needs to post to that URL.

i also tried installing the certificate using certmgr but even after
installing, WSDL.EXE is still throwing the trust failure error.
Miguel A Paraz
2006-03-07 05:11:37 UTC
Permalink
Post by Orlando Andico
i've been trying to use the WSDL.EXE from Mono 1.1 to download the WSDL and
create a stub. Unfortunately, the web service does not have a valid https
certificate, so WSDL.EXE is bombing out with "trust failure."
ideas?
In Java, you can override the certificate checking. Is there no such
option in .NET? Use Java webservices tools then... :)
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug-cunTk1MwBs8iFSDQTTA3ONd+***@public.gmane.org (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
Orlando Andico
2006-03-07 05:34:09 UTC
Permalink
Yes I know, I've done this in Java. But -- the Apache AXIS wsdl2java
probably has the same problem as Mono WSDL.EXE -- by default, it won't
accept invalid certificates. Having to recompile wsdl2java from source
(considering my nonexistent experience with ANT) does not strike me as
particularly fun. :P

Ultimately, I want to be able to encapsulate the XML myself (whether via raw
XML or weird SOAP::Data contortions) so that I can call the web service from
Perl.

Having to carry the baggage of Java or .NET/Mono around just so I can call
one remote service does not really appeal to me.
Post by Miguel A Paraz
Post by Orlando Andico
i've been trying to use the WSDL.EXE from Mono 1.1 to download the WSDL
and
Post by Orlando Andico
create a stub. Unfortunately, the web service does not have a valid
https
Post by Orlando Andico
certificate, so WSDL.EXE is bombing out with "trust failure."
ideas?
In Java, you can override the certificate checking. Is there no such
option in .NET? Use Java webservices tools then... :)
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
--
Orlando Andico, MCP, RHCE
http://orlygoingthirty.blogspot.com
Miguel A Paraz
2006-03-07 06:27:52 UTC
Permalink
Post by Orlando Andico
Yes I know, I've done this in Java. But -- the Apache AXIS wsdl2java
probably has the same problem as Mono WSDL.EXE -- by default, it won't
accept invalid certificates. Having to recompile wsdl2java from source
(considering my nonexistent experience with ANT) does not strike me as
particularly fun. :P
There is a non-programmatic approach. Get the server's public
certificate and add it to the JRE "cacerts" using the "keytool."

I assume .NET has a similar mechanism?
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug-cunTk1MwBs8iFSDQTTA3ONd+***@public.gmane.org (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
Orlando Andico
2006-03-07 07:01:07 UTC
Permalink
Yeah, cachemgr -ssl https://my.url/EvilWebService.asmx

Doesn't work though! hahaha! the cache manager claims that the new
certificate has been installed, but wsdl still doesn't want to eat it.

Anyway, it turns out Roger's original suggestion worked. I wget'ed the WSDL,
applied wsdl to it, compiled the stub, and.. I'm stuck (so far). But that's
limited by my stupidity now.

Anyway in the WS client I can put an override function to ignore the fake
certificate. So we merrily go on our way..
Post by Miguel A Paraz
Post by Orlando Andico
Yes I know, I've done this in Java. But -- the Apache AXIS wsdl2java
probably has the same problem as Mono WSDL.EXE -- by default, it won't
accept invalid certificates. Having to recompile wsdl2java from source
(considering my nonexistent experience with ANT) does not strike me as
particularly fun. :P
There is a non-programmatic approach. Get the server's public
certificate and add it to the JRE "cacerts" using the "keytool."
I assume .NET has a similar mechanism?
--
Orlando Andico, MCP, RHCE
http://orlygoingthirty.blogspot.com
Orlando Andico
2006-03-07 09:32:23 UTC
Permalink
I have progress!

I've created the proxy class (using wsdl on the downloaded WSDL) and wrote a
teeny tiny sample program which overrides the certificate detection.

Now for my new problem: I'm getting a 404 error (!)
Unfortunately, I can't do ANY debugging whatsoever because the entire SOAP
handshake happens inside a TLS session!! so I can't wire-dump the XML, I
can't even peek at the HTTP headers.

Does anyone know how to "overload" the .NET web services classes so that
they spew out the XML handshake? this is pretty easy in Perl.
Post by Orlando Andico
Yeah, cachemgr -ssl https://my.url/EvilWebService.asmx
Doesn't work though! hahaha! the cache manager claims that the new
certificate has been installed, but wsdl still doesn't want to eat it.
Anyway, it turns out Roger's original suggestion worked. I wget'ed the
WSDL, applied wsdl to it, compiled the stub, and.. I'm stuck (so far). But
that's limited by my stupidity now.
Anyway in the WS client I can put an override function to ignore the fake
certificate. So we merrily go on our way..
Post by Miguel A Paraz
Post by Orlando Andico
Yes I know, I've done this in Java. But -- the Apache AXIS wsdl2java
probably has the same problem as Mono WSDL.EXE -- by default, it won't
accept invalid certificates. Having to recompile wsdl2java from source
(considering my nonexistent experience with ANT) does not strike me as
particularly fun. :P
There is a non-programmatic approach. Get the server's public
certificate and add it to the JRE "cacerts" using the "keytool."
I assume .NET has a similar mechanism?
--
Orlando Andico, MCP, RHCE
http://orlygoingthirty.blogspot.com
--
Orlando Andico, MCP, RHCE
http://orlygoingthirty.blogspot.com

Loading...