| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| SSL socket exception with HTTP(S) resquet |
« View previous topic :: View next topic » |
| Author |
Message
|
| ajayrana |
 Posted: Sat Sep 27, 2014 5:51 am Post subject: SSL socket exception with HTTP(S) resquet |
 |
|
Apprentice
Joined: 08 May 2014
Posts: 35
|
Hi All,
I a trying to hit a https URL through a HTTP request node. The flow is something like :
SOAP Request --> HTTP Request -- > Compute --> SOAP Reply
The https URL requires basic authentication, for which i created a security profile.
Also, i have imported the site certificate and imported it in my keystore.
Now when i make the call, I'm getting a SocketException.
My HTTP Request Node properties:
| Code: |
gen.uploadCustomerDocument_Request_Response#setImageUrl.dataSource
gen.uploadCustomerDocument_Request_Response#setImageUrl.connectDatasourceBeforeFlowStarts
gen.uploadCustomerDocument_Request_Response#setImageUrl.validateMaster
gen.uploadCustomerDocument_Request_Response#changeImageToBlob.dataSource = contact admin
gen.uploadCustomerDocument_Request_Response#changeImageToBlob.connectDatasourceBeforeFlowStarts
gen.uploadCustomerDocument_Request_Response#changeImageToBlob.validateMaster
gen.uploadCustomerDocument_Request_Response#Database Retrieve.dataSourceName = contact admin
gen.uploadCustomerDocument_Request_Response#Database Retrieve.validateMaster
gen.uploadCustomerDocument_Request_Response#HTTPRequest.URLSpecifier = http://upload.wikimedia.org/wikipedia/commons/9/9a/TajMinaret1.jpg
gen.uploadCustomerDocument_Request_Response#HTTPRequest.timeoutForServer
gen.uploadCustomerDocument_Request_Response#HTTPRequest.httpProxyLocation
gen.uploadCustomerDocument_Request_Response#HTTPRequest.httpVersion
gen.uploadCustomerDocument_Request_Response#HTTPRequest.enableKeepAlive
gen.uploadCustomerDocument_Request_Response#HTTPRequest.requestCompressionType
gen.uploadCustomerDocument_Request_Response#HTTPRequest.protocol
gen.uploadCustomerDocument_Request_Response#HTTPRequest.allowedCiphers
gen.uploadCustomerDocument_Request_Response#HTTPRequest.hostnameChecking
gen.uploadCustomerDocument_Request_Response#HTTPRequest.keyAlias
gen.uploadCustomerDocument_Request_Response#HTTPRequest.enableCRLCheck
gen.uploadCustomerDocument_Request_Response#HTTPRequest.acceptCompressedResponses = yes
gen.uploadCustomerDocument_Request_Response#HTTPRequest.validateMaster
gen.uploadCustomerDocument_Request_Response#HTTPRequest.securityProfileName = mATMImageAuth
gen.uploadCustomerDocument_Request_Response#Trace.filePath
gen.uploadCustomerDocument_Request_Response#Trace1.filePath
gen.uploadCustomerDocument_Request_Response#FAILURE.filePath
gen.uploadCustomerDocument_Request_Response#ERROR.filePath
|
Trace before the HTTP Request node:
| Code: |
(0x01000000:Name ):Properties = ( ['SOAPPROPERTYPARSER' : 0x7fbe913cdb20]
(0x03000000:NameValue):MessageSet = '' (CHARACTER)
(0x03000000:NameValue):MessageType = '' (CHARACTER)
(0x03000000:NameValue):MessageFormat = '' (CHARACTER)
(0x03000000:NameValue):Encoding = 546 (INTEGER)
(0x03000000:NameValue):CodedCharSetId = 1208 (INTEGER)
(0x03000000:NameValue):Transactional = FALSE (BOOLEAN)
(0x03000000:NameValue):Persistence = FALSE (BOOLEAN)
(0x03000000:NameValue):CreationTime = GMTTIMESTAMP '2014-09-27 13:39:05.436746' (GMTTIMESTAMP)
(0x03000000:NameValue):ExpirationTime = -1 (INTEGER)
(0x03000000:NameValue):Priority = 0 (INTEGER)
(0x03000000:NameValue):ReplyIdentifier = X'000000000000000000000000000000000000000000000000' (BLOB)
(0x03000000:NameValue):ReplyProtocol = 'SOAP-AXIS2' (CHARACTER)
(0x03000000:NameValue):Topic = NULL
(0x03000000:NameValue):ContentType = 'text/xml;charset=UTF-8' (CHARACTER)
(0x03000000:NameValue):IdentitySourceType = '' (CHARACTER)
(0x03000000:NameValue):IdentitySourceToken = '' (CHARACTER)
(0x03000000:NameValue):IdentitySourcePassword = '' (CHARACTER)
(0x03000000:NameValue):IdentitySourceIssuedBy = '' (CHARACTER)
(0x03000000:NameValue):IdentityMappedType = '' (CHARACTER)
(0x03000000:NameValue):IdentityMappedToken = '' (CHARACTER)
(0x03000000:NameValue):IdentityMappedPassword = '' (CHARACTER)
(0x03000000:NameValue):IdentityMappedIssuedBy = '' (CHARACTER)
)
(0x01000000:Name ):HTTPInputHeader = ( ['WSINPHDR' : 0x7fbe913d1530]
(0x03000000:NameValue):X-Original-HTTP-Command = 'POST http://10.211.55.11:7080/AccountOpeningService/AccountOpeningService HTTP/1.1' (CHARACTER)
(0x03000000:NameValue):Accept-Encoding = 'gzip,deflate' (CHARACTER)
(0x03000000:NameValue):Content-Type = 'text/xml;charset=UTF-8' (CHARACTER)
(0x03000000:NameValue):SOAPAction = '"http://AccountOpeningService/uploadCustomerDocument"' (CHARACTER)
(0x03000000:NameValue):Content-Length = '572' (CHARACTER)
(0x03000000:NameValue):Host = '10.211.55.11:7080' (CHARACTER)
(0x03000000:NameValue):Connection = 'Keep-Alive' (CHARACTER)
(0x03000000:NameValue):User-Agent = 'Apache-HttpClient/4.1.1 (java 1.5)' (CHARACTER)
(0x03000000:NameValue):X-Remote-Addr = '10.211.55.2' (CHARACTER)
(0x03000000:NameValue):X-Remote-Host = '10.211.55.2' (CHARACTER)
(0x03000000:NameValue):X-Server-Name = '10.211.55.11' (CHARACTER)
(0x03000000:NameValue):X-Server-Port = '7080' (CHARACTER)
(0x03000000:NameValue):X-Scheme = 'http' (CHARACTER)
(0x03000000:NameValue):X-Server-Name = '10.211.55.11' (CHARACTER)
(0x03000000:NameValue):X-Server-Port = '7080' (CHARACTER)
)
(0x01000000:Folder):XMLNSC = ( ['xmlnsc' : 0x7fbe913d4a00]
(0x01000000:Folder)http://AccountOpeningService:uploadCustomerDocument = (
(0x01000000:Folder):uploadCustomerDocumentRequest = (
(0x03000000:PCDataField):customerId = '0025772072000000' (CHARACTER)
(0x03000000:PCDataField):documentType = 'Sign' (CHARACTER)
(0x03000000:PCDataField):imageUrl = 'https://m.yuko.co.in/mATM/customerkycdocs/CU069691411214401013/CUSTOMER_IMAGE.jpg' (CHARACTER)
)
)
)
)
( ['MQROOT' : 0x7fbe913a1360]
(0x01000000:Name ):Destination = (
(0x01000000:Name):SOAP = (
(0x01000000:Name):Reply = (
(0x03000000:NameValue):ReplyIdentifier = X'534f4150000000000100000000000000fe14000000000000' (BLOB)
)
)
(0x01000000:Name):RouterList =
(0x01000000:Name):HTTP = (
(0x03000000:NameValue):RequestURL = 'https://m.yuko.co.in/mATM/customerkycdocs/CU069691411214401013/CUSTOMER_IMAGE.jpg' (CHARACTER)
)
)
(0x01000000:Name ):SOAP = (
(0x01000000:Name):Input = (
(0x01000000:Folder):Message = ( ['SOAP' : 0x7fbe913d84f0]
(0x01000000:Folder):Context = ( ['xmlnsc' : 0x7fbe913dbd50]
(0x03000100:Attribute ):operation = 'uploadCustomerDocument' (CHARACTER)
(0x03000100:Attribute ):operationType = 'REQUEST_RESPONSE' (CHARACTER)
(0x03000100:Attribute ):portType = 'AccountOpeningService' (CHARACTER)
(0x03000100:Attribute ):portTypeNamespace = 'http://AccountOpeningService' (CHARACTER)
(0x03000100:Attribute ):port = 'AccountOpeningServiceHttpPort' (CHARACTER)
(0x03000100:Attribute ):service = 'AccountOpeningServiceHttpService' (CHARACTER)
(0x03000100:Attribute ):fileName = 'AccountOpeningService.wsdl' (CHARACTER)
(0x03000000:PCDataField):SOAP_Version = '1.1' (CHARACTER)
(0x01000000:Folder ):Namespace = (
(0x03000102:NamespaceDecl)http://www.w3.org/2000/xmlns/:soapenv = 'http://schemas.xmlsoap.org/soap/envelope/' (CHARACTER)
(0x03000102:NamespaceDecl)http://www.w3.org/2000/xmlns/:acc = 'http://AccountOpeningService' (CHARACTER)
)
)
(0x01000000:Folder):Header =
)
(0x01000000:Name ):Transport = (
(0x01000000:Name):HTTP = (
(0x03000000:NameValue):MaxClientWaitTime = 180 (INTEGER)
)
)
)
)
(0x03000000:NameValue):internalID = '0025772067500000' (CHARACTER)
) |
Error :
| Code: |
2014-09-27 19:09:07.650325 5374 UserTrace BIP4067I: Message propagated to output terminal for trace node 'gen.AccountOpeningService.gen/uploadCustomerDocument_Request_Response.Trace'.
The trace node 'gen.AccountOpeningService.gen/uploadCustomerDocument_Request_Response.Trace' has received a message and is propagating it to any nodes connected to its output terminal.
No user action required.
2014-09-27 19:09:07.655777 5374 UserTrace BIP2231E: Error detected whilst processing a message in node 'gen.AccountOpeningService.gen/uploadCustomerDocument_Request_Response.HTTPRequest'.
The message broker detected an error whilst processing a message in node 'gen.AccountOpeningService.gen/uploadCustomerDocument_Request_Response.HTTPRequest'. The message has been augmented with an exception list and has been propagated to the node's failure terminal for further processing.
See the following messages for details of the error.
2014-09-27 19:09:07.655795 5374 RecoverableException BIP3152S: Socket error detected whilst invoking Web service located at host 'm.yuko.co.in', port 443, path '/mATM/customerkycdocs/CU069691411214401013/CUSTOMER_IMAGE.jpg'.
This may be a transient error, such as a server not responding, or a symptom of an invalid hostname or port number.
Check that the hostname and port number are valid, and point to a functioning Web service.
2014-09-27 19:09:07.655799 5374 SocketException BIP3165S: An error occurred whilst performing an SSL socket operation. Operation: 'setSSLOptions'. Error Text: 'java.io.FileNotFoundException: Reserved for future use (No such file or directory)'.
This may be a temporary error, such as a server not responding, or a symptom of an invalid hostname or port number.
See the following messages for information pertaining to this error.
2014-09-27 19:09:07.656021 5374 UserTrace BIP2539I: Node 'gen.AccountOpeningService.gen/uploadCustomerDocument_Request_Response.FAILURE': Evaluating expression ''Root'' at ('', '1.3'). This resolved to ''Root''. The result was ''ROW... Root Element Type=16777216 NameSpace='' Name='Root' Value=NULL''.
2014-09-27 19:09:07.656279 5374 UserTrace BIP2539I: Node 'gen.AccountOpeningService.gen/uploadCustomerDocument_Request_Response.FAILURE': Evaluating expression ''LocalEnvironment'' at ('', '2.3'). This resolved to ''LocalEnvironment''. The result was ''ROW... Root Element Type=16777216 NameSpace='' Name='Root' Value=NULL''.
2014-09-27 19:09:07.656431 5374 UserTrace BIP4060I: Data ''( ['SOAPRoot' : 0x7fbe91371dd0] |
The flow works with http url's, the issue is coming only with https request.
It will be great if somebody can point me to some document or suggestion if I am missing something.
Thanks in Advance !!
Regards
Ajay Rana |
|
| Back to top |
|
 |
| Vitor |
| Posted: Mon Sep 29, 2014 2:39 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Is the keystore (and for that matter the truststore) correctly identified to the execution group?
Can we assume your flow is in fact fronted by a SOAP Input node, or do you really use a SOAP Request node followed by an HTTP Request node?
Can you explain a little more about what you're doing, and why you have SOAP elements in the message tree prior to the http call? I'm wondering if you are inadvertently trying to engage SOAP SSL support from a non-SOAP node.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| ajayrana |
| Posted: Mon Sep 29, 2014 10:30 pm Post subject: |
|
|
Apprentice
Joined: 08 May 2014
Posts: 35
|
Hi Vitor,
| Quote: |
Is the keystore (and for that matter the truststore) correctly identified to the execution group? |
Yes, the keystore and the trustore are getting identfied.
| Quote: |
| Can we assume your flow is in fact fronted by a SOAP Input node, or do you really use a SOAP Request node followed by an HTTP Request node? |
Yes, that's a mistake in typing from my side its a Soap Input node.
| Quote: |
| Can you explain a little more about what you're doing, and why you have SOAP elements in the message tree prior to the http call? |
We are doing this flow for a bank here and all services which needs to be called from outside the Bank's network should be a SOAP service. The external vendor of the bank has to pass on the image he has captured as part of other activities.
Thanks & Regards
Ajay Rana[/quote] |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Sep 30, 2014 3:03 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| ajayrana wrote: |
| Quote: |
Is the keystore (and for that matter the truststore) correctly identified to the execution group? |
Yes, the keystore and the trustore are getting identfied.
|
How do you know? Post evidence from the broker that it knows what & where they are, and that it can access them because the file system permissions are correct.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Sep 30, 2014 4:17 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
First of all if the request you are making is in fact a SOAP call you should be using a SOAP request node and not an HTTP request node.
On the other hand you never specified if the HTTP connector was using the eg's set up, or the broker wide set up. It makes a difference in how you set up your SSL.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
