I've checked the version installed in the server
$ rpm -qa | grep openssl
openssl-0.9.7a-33.24

Does also this version have known issues?

Btw, could it be a problem related to the "stubs format"?
I've generated these stubs starting from wsdl distributed by voms
developers (in attachment) with this ant command:

<java classname="org.apache.axis.wsdl.WSDL2Java" fork="true">
<arg line="-o ${build.stubs.src.dir} --noWrapped
glite-security-voms-admin-2.0.2.wsdl"/>
<classpath>
<fileset dir="${container.dir}/lib">
<include name="*.jar" />
</fileset>
</classpath>
</java>

Did I make any mistakes?

Andrea



On Tue, Feb 24, 2009 at 10:31 PM, Tom Scavo <***@gmail.com> wrote:
> Andrea, on a long shot, are you perhaps using OpenSSL 0.9.8j on the
> client?  This particular version of OpenSSL is known to have SSL/TLS
> handshake issues.
>
> Tom
>
> On Tue, Feb 24, 2009 at 10:53 AM, Andrea Turli <***@eng.it> wrote:
>> Hi all,
>>
>> I'm trying to consume a secure Axis Web service (the voms server in
>> https) but I've many problems. In particular, I'm using this code in a
>> -nosec container (GT4.1)
>>
>>    static {
>>        Util.registerTransport();
>>    }
>> ....
>>        VOMSAdminServiceLocator locator = new VOMSAdminServiceLocator();
>>        URL vomsAdminURL = new
>> URL("https://my_server:8443/voms/myVO/services/VOMSAdmin");
>>
>>        VOMSAdmin stub = locator.getVOMSAdmin(vomsAdminURL);
>>
>>                // credentials
>>                stub._setProperty(GSIConstants.GSI_CREDENTIALS, credentials);
>>
>>                // Authentication method
>>                stub._setProperty(Constants.GSI_SEC_CONV, Constants.ENCRYPTION);
>>
>>                // delegation
>>                stub._setProperty(GSIConstants.GSI_MODE, GSIConstants.GSI_MODE_NO_DELEG);
>>
>>                // set Context lifetime
>>                stub._setProperty(Constants.CONTEXT_LIFETIME, 300);
>>
>>
>>        try {
>>            stub.createUser(user);
>>            logger.info("User created with CN " + username + " with DN " + dn
>>                    + " with CA " + ca + " with mail " + email);
>>        } catch (Exception e) {
>>            e.printStackTrace();
>>            throw e;
>>        }
>>
>> and I get this fault:
>> AxisFault
>>  faultCode: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}General
>>  faultSubcode:
>>  faultString: ; nested exception is:
>>        org.globus.common.ChainedIOException: Authentication failed [Caused
>> by: Failure unspecified at GSS-API level [Caused by: Handshake
>> failure]]
>>  faultActor:
>>  faultNode:
>>  faultDetail:
>>        {http://xml.apache.org/axis/}stackTrace:AxisFault
>>  faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
>>  faultSubcode:
>>  faultString: org.globus.common.ChainedIOException: Authentication
>> failed [Caused by: Failure unspecified at GSS-API level [Caused by:
>> Handshake failure]]
>>  faultActor:
>>  faultNode:
>>  faultDetail:
>>        {http://xml.apache.org/axis/}stackTrace:Authentication failed. Caused
>> by Failure unspecified at GSS-API level. Caused by
>> COM.claymoresystems.ptls.SSLCaughtAlertException: Handshake failure
>>        at COM.claymoresystems.ptls.SSLRecordReader.processAlert(SSLRecordReader.java:153)
>>        at COM.claymoresystems.ptls.SSLRecordReader.readRecord(SSLRecordReader.java:90)
>>        at COM.claymoresystems.ptls.SSLHandshake.recvHandshakeToken(SSLHandshake.java:177)
>>        at COM.claymoresystems.ptls.SSLHandshakeClient.processTokens(SSLHandshakeClient.java:108)
>>        at COM.claymoresystems.ptls.SSLHandshake.processHandshake(SSLHandshake.java:135)
>>        at org.globus.gsi.gssapi.GlobusGSSContextImpl.initSecContext(GlobusGSSContextImpl.java:483)
>>        at org.globus.gsi.gssapi.net.GssSocket.authenticateClient(GssSocket.java:102)
>>        at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:140)
>>        at org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:161)
>>        at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:433)
>>        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:135)
>>        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>>        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>>        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>>        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
>>        at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
>>        at org.apache.axis.client.Call.invoke(Call.java:2710)
>>        at org.apache.axis.client.Call.invoke(Call.java:2386)
>>        at org.apache.axis.client.Call.invoke(Call.java:2309)
>>        at org.apache.axis.client.Call.invoke(Call.java:1766)
>>        at org.globus.wsrf.security.impl.secconv.SecureConversationSOAPBindingStub.requestSecurityToken(SecureConversationSOAPBindingStub.java:1153)
>>        at org.globus.wsrf.impl.security.authentication.secureconv.Authenticator.authenticate(Authenticator.java:95)
>>        at org.globus.wsrf.impl.security.authentication.secureconv.SecContextHandler.handleRequest(SecContextHandler.java:265)
>>        at org.apache.axis.handlers.HandlerChainImpl.handleRequest(HandlerChainImpl.java:105)
>>        at org.apache.axis.handlers.JAXRPCHandler.invoke(JAXRPCHandler.java:52)
>>        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>>        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>>        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>>        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
>>        at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
>>        at org.apache.axis.client.Call.invoke(Call.java:2710)
>>        at org.apache.axis.client.Call.invoke(Call.java:2386)
>>        at org.apache.axis.client.Call.invoke(Call.java:2309)
>>        at org.apache.axis.client.Call.invoke(Call.java:1766)
>>        at org.glite.wsdl.services.org_glite_security_voms_service_admin.VOMSAdminSoapBindingStub.createUser(VOMSAdminSoapBindingStub.java:905)
>>        at org.gcube.vomanagement.credentialsrenewal.impl.Delegator.addVOMSUser(Delegator.java:415)
>>        at org.gcube.vomanagement.credentialsrenewal.impl.CredentialsAccountResource.initialise(CredentialsAccountResource.java:694)
>>        at org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:91)
>>        at org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:34)
>>        at org.gcube.common.core.state.GCUBEResourceHome._create(GCUBEResourceHome.java:279)
>>        at org.gcube.common.core.state.GCUBEResourceHome.create(GCUBEResourceHome.java:250)
>>        at org.gcube.common.core.state.GCUBEWSHome.create(GCUBEWSHome.java:164)
>>        at org.gcube.vomanagement.credentialsrenewal.impl.CredentialsRenewalService.createCAAccountOperation(CredentialsRenewalService.java:84)
>>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>        at java.lang.reflect.Method.invoke(Method.java:585)
>>        at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:384)
>>        at org.globus.axis.providers.RPCProvider.invokeMethodSub(RPCProvider.java:107)
>>        at org.globus.axis.providers.PrivilegedInvokeMethodAction.run(PrivilegedInvokeMethodAction.java:42)
>>        at java.security.AccessController.doPrivileged(Native Method)
>>        at javax.security.auth.Subject.doAs(Subject.java:396)
>>        at org.globus.gsi.jaas.GlobusSubject.runAs(GlobusSubject.java:55)
>>        at org.globus.gsi.jaas.JaasSubject.doAs(JaasSubject.java:90)
>>        at org.globus.axis.providers.RPCProvider.invokeMethod(RPCProvider.java:97)
>>        at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:281)
>>        at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:319)
>>        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>>        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>>        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>>        at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:450)
>>        at org.apache.axis.server.AxisServer.invoke(AxisServer.java:285)
>>        at org.globus.wsrf.container.ServiceThread.doPost(ServiceThread.java:664)
>>        at org.globus.wsrf.container.ServiceThread.process(ServiceThread.java:382)
>>        at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
>>
>>        {http://xml.apache.org/axis/}hostname:grids16.eng.it
>>
>> org.globus.common.ChainedIOException: Authentication failed [Caused
>> by: Failure unspecified at GSS-API level [Caused by: Handshake
>> failure]]
>>        at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
>>        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
>>        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>>        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>>        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>>        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
>>        at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
>>        at org.apache.axis.client.Call.invoke(Call.java:2710)
>>        at org.apache.axis.client.Call.invoke(Call.java:2386)
>>        at org.apache.axis.client.Call.invoke(Call.java:2309)
>>        at org.apache.axis.client.Call.invoke(Call.java:1766)
>>        at org.globus.wsrf.security.impl.secconv.SecureConversationSOAPBindingStub.requestSecurityToken(SecureConversationSOAPBindingStub.java:1153)
>>        at org.globus.wsrf.impl.security.authentication.secureconv.Authenticator.authenticate(Authenticator.java:95)
>>        at org.globus.wsrf.impl.security.authentication.secureconv.SecContextHandler.handleRequest(SecContextHandler.java:265)
>>        at org.apache.axis.handlers.HandlerChainImpl.handleRequest(HandlerChainImpl.java:105)
>>        at org.apache.axis.handlers.JAXRPCHandler.invoke(JAXRPCHandler.java:52)
>>        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>>        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>>        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>>        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
>>        at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
>>        at org.apache.axis.client.Call.invoke(Call.java:2710)
>>        at org.apache.axis.client.Call.invoke(Call.java:2386)
>>        at org.apache.axis.client.Call.invoke(Call.java:2309)
>>        at org.apache.axis.client.Call.invoke(Call.java:1766)
>>        at org.glite.wsdl.services.org_glite_security_voms_service_admin.VOMSAdminSoapBindingStub.createUser(VOMSAdminSoapBindingStub.java:905)
>>        at org.gcube.vomanagement.credentialsrenewal.impl.Delegator.addVOMSUser(Delegator.java:415)
>>        at org.gcube.vomanagement.credentialsrenewal.impl.CredentialsAccountResource.initialise(CredentialsAccountResource.java:694)
>>        at org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:91)
>>        at org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:34)
>>        at org.gcube.common.core.state.GCUBEResourceHome._create(GCUBEResourceHome.java:279)
>>        at org.gcube.common.core.state.GCUBEResourceHome.create(GCUBEResourceHome.java:250)
>>        at org.gcube.common.core.state.GCUBEWSHome.create(GCUBEWSHome.java:164)
>>        at org.gcube.vomanagement.credentialsrenewal.impl.CredentialsRenewalService.createCAAccountOperation(CredentialsRenewalService.java:84)
>>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>        at java.lang.reflect.Method.invoke(Method.java:585)
>>        at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:384)
>>        at org.globus.axis.providers.RPCProvider.invokeMethodSub(RPCProvider.java:107)
>>        at org.globus.axis.providers.PrivilegedInvokeMethodAction.run(PrivilegedInvokeMethodAction.java:42)
>>        at java.security.AccessController.doPrivileged(Native Method)
>>        at javax.security.auth.Subject.doAs(Subject.java:396)
>>        at org.globus.gsi.jaas.GlobusSubject.runAs(GlobusSubject.java:55)
>>        at org.globus.gsi.jaas.JaasSubject.doAs(JaasSubject.java:90)
>>        at org.globus.axis.providers.RPCProvider.invokeMethod(RPCProvider.java:97)
>>        at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:281)
>>        at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:319)
>>        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>>        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>>        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>>        at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:450)
>>        at org.apache.axis.server.AxisServer.invoke(AxisServer.java:285)
>>        at org.globus.wsrf.container.ServiceThread.doPost(ServiceThread.java:664)
>>        at org.globus.wsrf.container.ServiceThread.process(ServiceThread.java:382)
>>        at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
>> Caused by: org.globus.common.ChainedIOException: Authentication failed
>> [Caused by: Failure unspecified at GSS-API level [Caused by: Handshake
>> failure]]
>>        at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:145)
>>        at org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:161)
>>        at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:433)
>>        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:135)
>>        ... 54 more
>>
>>        {http://xml.apache.org/axis/}hostname:grids16.eng.it
>>
>> ; nested exception is:
>>        org.globus.common.ChainedIOException: Authentication failed [Caused
>> by: Failure unspecified at GSS-API level [Caused by: Handshake
>> failure]]
>>        at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
>>        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:216)
>>        at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
>>        at org.apache.axis.client.Call.invoke(Call.java:2710)
>>        at org.apache.axis.client.Call.invoke(Call.java:2386)
>>        at org.apache.axis.client.Call.invoke(Call.java:2309)
>>        at org.apache.axis.client.Call.invoke(Call.java:1766)
>>        at org.glite.wsdl.services.org_glite_security_voms_service_admin.VOMSAdminSoapBindingStub.createUser(VOMSAdminSoapBindingStub.java:905)
>>        at org.gcube.vomanagement.credentialsrenewal.impl.Delegator.addVOMSUser(Delegator.java:415)
>>        at org.gcube.vomanagement.credentialsrenewal.impl.CredentialsAccountResource.initialise(CredentialsAccountResource.java:694)
>>        at org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:91)
>>        at org.gcube.common.core.state.GCUBEWSResource.initialise(GCUBEWSResource.java:34)
>>        at org.gcube.common.core.state.GCUBEResourceHome._create(GCUBEResourceHome.java:279)
>>        at org.gcube.common.core.state.GCUBEResourceHome.create(GCUBEResourceHome.java:250)
>>        at org.gcube.common.core.state.GCUBEWSHome.create(GCUBEWSHome.java:164)
>>        at org.gcube.vomanagement.credentialsrenewal.impl.CredentialsRenewalService.createCAAccountOperation(CredentialsRenewalService.java:84)
>>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>        at java.lang.reflect.Method.invoke(Method.java:585)
>>        at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:384)
>>        at org.globus.axis.providers.RPCProvider.invokeMethodSub(RPCProvider.java:107)
>>        at org.globus.axis.providers.PrivilegedInvokeMethodAction.run(PrivilegedInvokeMethodAction.java:42)
>>        at java.security.AccessController.doPrivileged(Native Method)
>>        at javax.security.auth.Subject.doAs(Subject.java:396)
>>        at org.globus.gsi.jaas.GlobusSubject.runAs(GlobusSubject.java:55)
>>        at org.globus.gsi.jaas.JaasSubject.doAs(JaasSubject.java:90)
>>        at org.globus.axis.providers.RPCProvider.invokeMethod(RPCProvider.java:97)
>>        at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:281)
>>        at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:319)
>>        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>>        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>>        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>>        at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:450)
>>        at org.apache.axis.server.AxisServer.invoke(AxisServer.java:285)
>>        at org.globus.wsrf.container.ServiceThread.doPost(ServiceThread.java:664)
>>        at org.globus.wsrf.container.ServiceThread.process(ServiceThread.java:382)
>>        at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
>> Caused by: javax.xml.rpc.soap.SOAPFaultException: ; nested exception is:
>>        org.globus.common.ChainedIOException: Authentication failed [Caused
>> by: Failure unspecified at GSS-API level [Caused by: Handshake
>> failure]]
>>        at org.globus.wsrf.impl.security.authentication.wssec.WSSecurityFault.makeFault(WSSecurityFault.java:105)
>>        at org.globus.wsrf.impl.security.authentication.secureconv.SecContextHandler.handleRequest(SecContextHandler.java:273)
>>        at org.apache.axis.handlers.HandlerChainImpl.handleRequest(HandlerChainImpl.java:105)
>>        at org.apache.axis.handlers.JAXRPCHandler.invoke(JAXRPCHandler.java:52)
>>        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>>        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>>        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>>        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
>>        ... 36 more
>>
>>
>> I've tried to invoke the same voms server from a java client and I've
>> no problem.
>> Could you give me any kind of support?
>>
>> Thank you,
>> Andrea
>>
>
>

Yaohhh!!!!

Finally we manage to communicate with VOMS from a GT container by
setting "Constants.GSI_TRANSPORT" as stub property.

Thanks Tim for your precious suggestion

Andrea

On Wed, Mar 4, 2009 at 12:07 AM, Tim Freeman <***@mcs.anl.gov> wrote:
> On Tue, 24 Feb 2009 16:53:16 +0100
> Andrea Turli <***@eng.it> wrote:
>
>>               // credentials
>>               stub._setProperty(GSIConstants.GSI_CREDENTIALS, credentials);
>>
>>               // Authentication method
>>               stub._setProperty(Constants.GSI_SEC_CONV,
>> Constants.ENCRYPTION);
>>
>>               // delegation
>>               stub._setProperty(GSIConstants.GSI_MODE,
>> GSIConstants.GSI_MODE_NO_DELEG);
>>
>>               // set Context lifetime
>>               stub._setProperty(Constants.CONTEXT_LIFETIME, 300);
>
> Are you intentionally setting "Constants.GSI_SEC_CONV" there?  Only an educated
> guess, but I wouldn't think secure conversation is the appropriate choice for
> VOMS admin service.  Try setting the "Constants.GSI_TRANSPORT" to
> "Constants.SIGNATURE" or "Constants.ENCRYPTION" instead?
>
> Tim
>
>