[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HTTPAPI and SSL



The log is below. It sanitized it first. To me is shows that I contacted
the app server with the message I constructed in my RPG program. I'm
curious about the CommSSL_Read error however. Later in the log I can see
that the app server responded with the message that the request XML is
missing. This is the answer from the webservice I am calling out on the
internet.  I can see the response XML in my RPG program. As I stated, I
feel that this means the SSL communication is working. (Although I am
curious why the AS400 is accepting a self signed cert where it doesn't
trust the CA). On the java side it seems simple enough.  This is the method
I exposed as a web service. The code executes because the system.out prints
but the value of requestXML is empty. I'm stumped. Any ideas are really
appreciated.
Thanks
Oscar



    @WebMethod(operationName = "SubmitRequest")
    public String submitRequest(@WebParam(name = "requestXML")String
requestXML) {
        System.out.println("inside RXDB_ProxyService submit request " +
requestXML);
        return ejbRef.submitRequest(requestXML);
    }

HTTPAPI Ver 1.21 released 2007-10-01

New iconv() objects set, PostRem=1208. PostLoc=0. ProtRem=819. ProtLoc=0
http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry  : 2
DNS resolver options: x'00000136'
DNS default domain: 1234567.COM
DNS server found: 255.255.255.2
DNS server found: 255.255.255.11
https_init(): entered
-------------------------------------------------------------------------------------
Dump of local-side certificate information:
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
Dump of server-side certificate information:
-------------------------------------------------------------------------------------
Cert Validation Code = 6000
-----BEGIN CERTIFICATE-----
MIIC6DCCAlGgAwIBAgIESZq6kDANBgkqhkiG9w0BAQUFADCBpjELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRkw
FwYDVQQKExBTdW4gTWlWcm9zeXN0ZW1zMSswKQYDVQQLEyJTdW4gSmF2YSBTeXN0
ZW0gQXBwbGljYXRpb24gU2VydmVyMSQwIgYDVQQDExtsaS03Z2x3emMxLXhwLTQu
YWFhbGlmZS5jb20wHhcNMDkwMjE3MTMyNDMyWhcNMTkwMjE1MTMyNDMyWjCBpjEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRh
IENsYXJhMRkwFwYDVQQKExBTdW4gTWljcm9zeXN0ZW1zMSswKQYDVQQLEyJTdW4g
SmF2YSBTeXN0ZW0gQXBwbGljYXRpb24gU2VydmVyMSQwIgYDVQQDExtsaS03Z2x3
emMxLXhwLTQuYWFhbGlmZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgZ0AMIGJAoGB
ANz3cavF5sjxZILSyu7zlrLOOPYGI1Alu11xiWKxCJ1i18b4B4zrFQxRj9U7JHGQ
PKuhDczbzf1WbGnAnDtbjJ3hwB4AfZjTCZIrWqCDdOibaREy3NIVgnJKFQw3pep2
Yc6CmvkIyOu1afxx8uVyUiflkSmhsn8Mr2KaXTMui4NBAgMBAAGjITAfMB0GA1Ud
DgQWBBTjVA+2/LIo9AqXQGHR3Bi92m12AjBNBgkqhkiG9w0BAQUFAAOBgQCJUbmt
kORN7HqcLRKaQsApRk31Y9J4nnZgT7eRCfcWK1tPTztYeWZ6ZqaU55iWTTwb40wh
5zgLPD7ysA6wzlWC+IMPA6iVPxT2XEF4Xgtc9Jq8tEVUpnXfH0KTO1BKuOE+UDuH
pgn2F1AKV2E6MPDs/uRNajGkbRT41klXsQZaVQ==
-----END CERTIFICATE-----
Serial Number: 49:9A:BA:90
Common Name: li-7glwzc1-xp-4.1234567.COM
Country: US
State/Province: California
Locality: Santa Clara
Org Unit: Sun Microsystems
Org: Sun Java System Application Server
Issuer CN: li-7glwzc1-xp-4.1234567.COM
Issuer Country: US
Issuer State/Province: California
Issuer Locality: Santa Clara
Issuer Org: Sun Microsystems
Issuer Org Unit: Sun Java System Application Server
Unknown Field: 03
Unknown Field: 20090217082432
Unknown Field: 20190215082432
Unknown Field: 1.2.840.113549.1.1.5

Protocol Used: TLS Version 1
http_persist_post(): entered
http_long_ParseURL(): entered
do_post(): entered
POST /RXDB_ProxyService/RXDB_Proxy HTTP/1.1
Host: LI-7GLWZC1-XP-4.1234567.COM:8181
User-Agent: http-api/1.21
Content-Type: text/xml; charset=utf-8
SOAPAction: http://rxdb.1234567.org/SubmitRequest
Expect: 100-continue
Content-Length: 827


recvresp(): entered
SetError() #43: CommSSL_Read:  time-out!
senddoc(): entered
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:rxdb="http://rxdb.1234567.COM/";>
<soapenv:Header/><soapenv:Body><rxdb:SubmitRequest><requestXML>***PAYLOAD_REMOVED***</requestXML></rxdb:SubmitRequest>
 </soapenv:Body></soapenv:Envelope>
recvresp(): entered
HTTP/1.1 200 OK
X-Powered-By: Servlet/2.5
Server: Sun Java System Application Server 9.1_02
Content-Type: text/xml;charset="utf-8"
Transfer-Encoding: chunked
Date: Wed, 18 May 2011 11:37:03 GMT


SetError() #13: HTTP/1.1 200 OK
recvdoc parms: chunked 0
header_load_cookies() entered
recvchunk(): entered
get_chunk_size(): entered
1ff

chunk size = 511
get_chunk_size returned 511
calling comm_blockread
<?xml version="1.0" ?><S:Envelope
xmlns:S="http://schemas.xmlsoap.org/soap/envelope/";><S:Body><ns2:SubmitRequestResponse

xmlns:ns2="http://rxdb.1234567.COM/";><return>&lt;IntelRX&gt;&lt;IntelRXResponse&gt;&lt;TrackingID&gt;&lt;/TrackingID&gt;&lt;Result&gt;0&lt;/Result&gt;&lt;Comments&gt;Error
 Message: Error. Request XML missing.
Parameter name: missing request xml
time taken: 0.0625048
seconds&lt;/Comments&gt;&lt;/IntelRXResponse&gt;&lt;/IntelRX&gt;</return></ns2:SubmitRequestResponse></S:Body></S:Envelope>
comm_blockread returned 511


get_chunk_size(): entered
0

chunk size = 0
get_chunk_size returned 0
http_close(): entered


                                                                           
             Scott Klement                                                 
             <sk@scottklement.                                             
             com>                                                       To 
             Sent by:                  HTTPAPI and FTPAPI Projects         
             ftpapi-bounces@li         <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>     
             sts.scottklement.                                          cc 
             com                                                           
                                                                   Subject 
                                       Re: HTTPAPI and SSL                 
             05/17/2011 01:39                                              
             PM                                                            
                                                                           
                                                                           
             Please respond to                                             
                HTTPAPI and                                                
              FTPAPI Projects                                              
             <ftpapi@xxxxxxxxx                                             
              ttklement.com>                                               
                                                                           
                                                                           





> I can call the web service, the code on the app server executes, I
> get a response from the web service. The problem is that the soap
> envelope I construct isn't making it to the web server.

That's a new one to me.  I've never heard of it successfully
establishing the connection, but then failing to send the data.  Please
post a debug log so we can see what's happening.


> I've placed system.outs after every line of code on the java side and
> the input parameters are clearly not making it to the web service.  I
> thought this may have something to do with the face that the test web
> service is using a self signed cert and this cert is not in the CA
> store on the AS400, but I don't think that is the problem since I can
> get the java programs to execute and return a response to the as400.

I agree.  If you can successfully establish a connection and exchange
part of the data (the part that tells which service to invoke, et al)
then clearly the SSL portion of the process is working.

> Just for grins I looked at the certificate store and can't find a
> client application for the httpapi (as some internet postings alluded
> to). That really confused me since I would think that I needed to
> trust a certificate before I'd accept it. This says to me that the
> AS400 is accepting the self signed certificate from the app server
> even though I don't it doesn't come from a trusted CA. Anyone care to
> elaborate?

No client application profile is required unless you plan to do
client-side certificates (which is an unusual requirement in HTTPS)

If you WANT to have a client application profile, then it's possible to
use one.  You need to call https_init('PROFILE_NAME'); when you load
your program.  And you have to have a matching client application
profile set up in the DCM (by "matching", I mean it's application ID
must be 'PROFILE_NAME')

But, I don't understand why we're worried about this, considering that
we've already established that SSL isn't the problem.

Please help us focus on the problem at hand by proving a debug log.
This will clue us in as to what is and isn't working, and help us see
what the problem might be.

If you don't know how to generate one, the process is described on the
2nd half of the following page:
http://www.scottklement.com/httpapi/beta/
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------


-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------