The server sent HTTP status code -1

Hi Ranch,

I am creating a client for https third party web service with METRO 2.0,

i converted the certificate .CRT to .JKS which they gave me and used on my code like below

System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); System.setProperty("javax.net.ssl.trustStore", "...\key.jks"); System.setProperty("javax.net.ssl.trustStorePassword", "blahblah");

now when i try to run the code it throws me the following error :

com.sun.xml.ws.client.ClientTransportException: The server sent HTTP status code -1: null at com.sun.xml.ws.transport.http.client.HttpTransportPipe.checkStatusCode(HttpTransportPipe.java:222) at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:179) at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:93) at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:105) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470) at com.sun.xml.ws.client.Stub.process(Stub.java:319) at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89) at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140) at $Proxy38.processPayment(Unknown Source)

I have not seen HTTP error codes with 1 digit , is it sent from the server? what does the error mean actually?

Help me to sort it out.

Thanks in advance

Hi. Never heard of http status -1. Anyway, if you are able to use Netbeans to develop your web service client, then The secure/SSL part is all configured. I don't think you need to write all this code. The following tutorials may be of help:

a) http://netbeans.org/kb/docs/websvc/wsit.html
b) http://www.roseindia.net/webservices/netbeans/SecurityinWebService.shtml
c) http://dlc.sun.com.edgesuite.net/javaee5/screencasts/metro-nb6/ (screen cast audio + video)

All the best.

i converted the certificate .CRT to .JKS which they gave me and used on my code like below

How did you convert .CRT to .JKS? Did you mean you imported the cert file into your keystore (JKS)?

Thanks Srini,

I tried to create a client by giving the URL in netbeans which doesn't worked same happen on SOAP UI also, it worked on browser(after installing a certificate), so i saved the wsdl from browser and generated a client locally with wsdl file.

and the External service Document says it needs "Client Certificate" and "HTTP Basic Authorization" to handle. i believe i'm missing on "HTTP Basic Authorization" part, any idea on this?

i have the credentials, i am not pretty sure how it's going to be passed. and even i can find that on header part of SOAP-UI request.

Could you please let me know how can we handle "HTTP Basic Authorization"?


@Freddy,

i imported .CRT to .JKS using java keytool.

Hi Imran, you must have figured it out by now. Anyway, please see here for Basic Authentication. Hope it helps

Hi Srini,

Still i was not figured out the Solution ,

I'm using the following code to achieve Basic authentication as my development is not web related,

BindingProvider bp = null; bp = (BindingProvider) port; bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "BLAHBLAH"); bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "BLAHBLAH");

But still the issue is same, i believe its hitting the webservice server and returning negative result.

any Idea?

Imran, There is good information here on setting up SSL with Authentication, and also how to code the client. Please see if it helps.

Srini,

I followed as given on link, still the error persist,

tried creating client using different ways, on JAX-RPC it gave like below,

java.rmi.RemoteException: HTTP Status-Code -1: null; nested exception is: HTTP Status-Code -1: null at com.test.Ebanking_Stub.getBalanceByNumber(Ebanking_Stub.java:135) at test.Main.main(Main.java:42)

Using SAAJ:

com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection post SEVERE: SAAJ0008: Bad Response; null com.sun.xml.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Bad response: (-1null at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:168) at orange.itcSoapPost.Callitc(itcSoapPost.java:106) at orange.itcSoapPost.main(itcSoapPost.java:241) Caused by: java.security.PrivilegedActionException: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Bad response: (-1null at java.security.AccessController.doPrivileged(Native Method) at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:162

on all the Responses i am getting -1 as the response , as i don't have access to server, i have raised a clarification for the error with external server.

I suspect the request is never being sent at all and that minus 1 is a default value not being replaced by an actual HTTP response code.

Bill

Just like to give a brief on this,

please let me know am i missing something.

#1 I have 2 certificates .p12 and .CRT, with the .p12 contains private and public keys, and .CRT contains public key

#2 Imported .CRT to key-store and used on my program, i have not used .p12(and i am not sure whether its the certificate i need to use, if yes, how can i convert it to .jks with private key, or can i use .p12 directly on my code), its the first time i'm working with certificates on WS.

#3 I was able to see the WSDL on browser after installing those certificates. i saved those wsdl on my local and started creating client.

#4 was not able to test on SOAP UI, it throws handshake exception when i try to send a request(i tried giving both certificates on SOAP UI)

#5 created client with local wsdl on netbeans and used basic authentication and ininitialized the jks(which has no private key inside) and connecting and it gives the error.

--do i need to use the certificate with private key to get connected?
--if yes, how can i use that certificate on my code or import as .JKS

Give me a shout. if still any info needed.

If you can see the WSDL from a browser after installing the certificates, then the service side must be fine. In that case, the issue seems to be with the certificates. Per step 1 of the earlier link:

1. Create a server key and have it trusted by the SOAP client
-->1.1 Create a server key
-->1.2 import the server's public key into the web service client's truststore
----->1.2.1 Export the certificate from the server keystore into a file
----->1.2.2 Then import the certificate into the SOAP client's truststore
2. Activate the SSL port on the JEE Server
3. Add users and a new role to the application server
4. Update the web.xml to require SSL and basic authentication
5. Update the soap:address in the WSDL's service section to use the https protocol and port
6. Redeploy the web service
7. Update the SOAP client to provide the basic auth username and password

Assuming that step 1.1, 2, 4, 5, and 6 are setup correctly on the server, and step 7 is the client which should be fine I think because its simple enough. Some questions:
a) What method are you using to verify that step 1.2.1 and 1.2.2 are done correctly as required? You could try using something like this: keytool -list -keystore client.jks -storepass ClientJKS (client.jks is the file from step 1.2.2)
b) Can you confirm that on the server side, the userid/password are setup as required, e.g. the tomcat example in the link where an entry is added in server.xml?
c) In the link, the updated client code has this line "System.out.println("Using URL: " + urlUsed);". Please post the URL used, including the secure port#. Does this match the WSDL URL you enter in the browser?
d) What technologies are used on the server? I mean like Metro/Glassfish/Axis, etc.
e) Regarding

#5 created client with local wsdl on netbeans

the local WSDL does have the complete remote WSDL URL, right? Just want to confirm.
f) are you generating this client in Netbeans based on the wsdl? if yes, then how are you specifying the truststore? And how are you executing it? Take a look at this Secure Calculator tutorial in Netbeans. See if you develop your client in the same way?
g) Regarding

System.setProperty("javax.net.ssl.trustStore", "...\key.jks");

maybe you can turn on logging and see if it is actually finding your truststore. Try running your client program using -Djavax.net.debug=all. See here for what I mean. This might provide you clues as to the problem.
How are you importing your .crt to .jks? Please see Import a root or intermediate CA certificate to an existing Java keystore for an example. As William Brogden mentioned earlier, maybe the request is not even sent? Or maybe it can't find the keystore?

If you still have problems after looking into and trying all of the above then please post more details about your server and client environments, your client code (the minimum necessary), etc. and I can try to duplicate it.
Whatever it is, kindly post your solution here once you have it - I am sure it will be soon.
Best of luck!

please find my answers

a) What method are you using to verify that step 1.2.1 and 1.2.2 are done correctly as required? You could try using something like this: keytool -list -keystore client.jks -storepass ClientJKS (client.jks is the file from step 1.2.2)

---- i have created using keytool with import to a jks, when i listed it using keytool list command it listed the certificate details from keystore, so i hope the certificate is properly imported on keystore.

b) Can you confirm that on the server side, the userid/password are setup as required, e.g. the tomcat example in the link where an entry is added in server.xml?

---- with the documentation i have received from the server end, they have provided me the username and password(on my development it will be a standalone jar, which will be invoked from a legacy system written on C, so there will be no web.xml or web related on client side)

c) In the link, the updated client code has this line "System.out.println("Using URL: " + urlUsed);". Please post the URL used, including the secure port#. Does this match the WSDL URL you enter in the browser?

--- from program : Using URL: https://webservices-ext.orange.com.do/ebanking-test/
from Browser : https://webservices-ext.orange.com.do/ebanking-test?wsdl

d) What technologies are used on the server? I mean like Metro/Glassfish/Axis, etc.

--- i don't have access on server side, so i'm not pretty sure on which stack its running.
e) Regarding the local WSDL does have the complete remote WSDL URL, right? Just want to confirm.

--- yes, its a copy of the remote wsdl.

f) are you generating this client in Netbeans based on the wsdl? if yes, then how are you specifying the truststore?

--- i'm specifying the local wsdl, and i specify the truststore using the below code.

System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); System.setProperty("javax.net.ssl.trustStore", "...\key.jks"); System.setProperty("javax.net.ssl.trustStorePassword", "blahblah");

when i remove the above code it shoots : HTTP transport error: javax.net.ssl.SSLHandshakeException

g) Regarding maybe you can turn on logging and see if it is actually finding your truststore. Try running your client program using -Djavax.net.debug=all. See here for what I mean. This might provide you clues as to the problem.

--- i turned on the log

find the output log, i believe its picking up the key store and negotiating with server. hope the log will give some idea to dig.

use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 trustStore is: D:\Temenos Imran\APAP\c.19-pagos\c.19-pagos\apap-certificates\key.jks trustStore type is : jks trustStore provider is : init truststore adding as trusted cert:

*** ServerHelloDone [read] MD5 and SHA1 hashes: len = 4 0000: 0E 00 00 00 .... *** Certificate chain *** *** ClientKeyExchange, RSA PreMasterSecret, TLSv1

main, READ: TLSv1 Alert, length = 18 Padded plaintext after DECRYPTION: len = 18 0000: 02 28 8B E7 FA 76 A7 2D 0E CD 7F 8E 81 D9 14 F4 .(...v.-........ 0010: FD 89 .. main, RECV TLSv1 ALERT: fatal, handshake_failure %% Invalidated: [Session-1, SSL_RSA_WITH_RC4_128_MD5] main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure main, called close() main, called closeInternal(true) %% No cached client session *** ClientHello, TLSv1

[Raw read]: length = 5 0000: 16 03 01 00 04 ..... [Raw read]: length = 4 0000: 0E 00 00 00 .... main, READ: TLSv1 Handshake, length = 4 *** ServerHelloDone [read] MD5 and SHA1 hashes: len = 4 0000: 0E 00 00 00 .... *** ClientKeyExchange, RSA PreMasterSecret, TLSv1

Here is the Response sent by server:

main, READ: TLSv1 Application Data, length = 242 Padded plaintext after DECRYPTION: len = 242 0000: 3C 21 44 4F 43 54 59 50 45 20 48 54 4D 4C 20 50 <!DOCTYPE HTML P 0010: 55 42 4C 49 43 20 22 2D 2F 2F 49 45 54 46 2F 2F UBLIC "-//IETF// 0020: 44 54 44 20 48 54 4D 4C 20 32 2E 30 2F 2F 45 4E DTD HTML 2.0//EN 0030: 22 3E 0A 3C 68 74 6D 6C 3E 3C 68 65 61 64 3E 0A ">.<html><head>. 0040: 3C 74 69 74 6C 65 3E 34 30 30 20 42 61 64 20 52 <title>400 Bad R 0050: 65 71 75 65 73 74 3C 2F 74 69 74 6C 65 3E 0A 3C equest</title>.< 0060: 2F 68 65 61 64 3E 3C 62 6F 64 79 3E 0A 3C 68 31 /head><body>.<h1 0070: 3E 42 61 64 20 52 65 71 75 65 73 74 3C 2F 68 31 >Bad Request</h1 0080: 3E 0A 3C 70 3E 59 6F 75 72 20 62 72 6F 77 73 65 >.<p>Your browse 0090: 72 20 73 65 6E 74 20 61 20 72 65 71 75 65 73 74 r sent a request 00A0: 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 that this serve 00B0: 72 20 63 6F 75 6C 64 20 6E 6F 74 20 75 6E 64 65 r could not unde 00C0: 72 73 74 61 6E 64 2E 3C 62 72 20 2F 3E 0A 3C 2F rstand.<br />.</ 00D0: 70 3E 0A 3C 2F 62 6F 64 79 3E 3C 2F 68 74 6D 6C p>.</body></html 00E0: 3E 0A 9A FF 35 D2 A7 DB 5F 56 F8 9F 8D 47 20 86 >...5..._V...G . 00F0: 7E 10 .. [Raw read]: length = 5 0000: 15 03 01 00 12 ..... [Raw read]: length = 18 0000: 70 11 DD EA A9 EB 89 7A 3E C7 8C 0A 0B 91 EA 30 p......z>......0 0010: 77 ED w. main, READ: TLSv1 Alert, length = 18 Padded plaintext after DECRYPTION: len = 18 0000: 01 00 FA 81 5D 94 57 8D 67 09 07 92 0C B5 96 29 ....].W.g......) 0010: 8B 25 .% main, RECV TLSv1 ALERT: warning, close_notify main, called closeInternal(false) main, SEND TLSv1 ALERT: warning, description = close_notify Padded plaintext before ENCRYPTION: len = 18 0000: 01 00 E0 A9 72 6B BE 89 B9 49 29 F5 A2 9E 36 AE ....rk...I)...6. 0010: 99 51 .Q main, WRITE: TLSv1 Alert, length = 18 [Raw write]: length = 23 0000: 15 03 01 00 12 20 AA 40 F9 6C A5 5E FE 47 3E DD ..... .@.l.^.G>. 0010: F2 EC D4 BC C4 C7 61 ......a main, called close() main, called closeInternal(true)

and ends with this error:

com.sun.xml.ws.client.ClientTransportException: The server sent HTTP status code -1: null at com.sun.xml.ws.transport.http.client.HttpTransportPipe.checkStatusCode(HttpTransportPipe.java:222) at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:179) at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:93) at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:105) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470) at com.sun.xml.ws.client.Stub.process(Stub.java:319) at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89) at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140) at $Proxy39.processPayment(Unknown Source) at orange.Main.main(Main.java:94)


Thanks in advance!!!

i have some more info,

The server guys gave me a code on how the connection could be made, but its on .NET

My apologies for posting .net code on java forum, but to get a solution i need to be.
public void doAction() { EBanking eb = new EBanking(); // aquí se especifica la ruta donde estará el certificado con extensión .P12 string certName = @"C:\certificates\apap.P12"; string bces = string.Empty; string[] arrBces = { "" }; for (int i = 0; i < 10; i++) { try { // Se carga el certificado con la biblioteca X509Certificate2 // para nuestro caso utilizamos las que nos provee .NET // El entorno Java debe tener su correspondiente biblioteca // para trabajar con certificados X509Certificate2 cert = new X509Certificate2(certName, ""); // Se establecen las credenciales a utilizar para la autenticación NetworkCredential netCredential = new NetworkCredential("USERNAME", "PASSWORD"); // se establecen la credenciales como BASIC Uri uri = new Uri(eb.Url); ICredentials credentials = netCredential.GetCredential(uri, "Basic"); eb.ClientCertificates.Add(cert); eb.Credentials = credentials; eb.PreAuthenticate = true; // Settings for improve renegotiation and // certificate handshanking // added to fix a renegotiation error // when calling webservice multiple time in arraow ServicePointManager.Expect100Continue = false; //consuming ODO's webmethod get balance by number DateTime before = DateTime.Now; arrBces = eb.getBalanceByNumber("8091112222"); // arrBces= eb.processPayment("8091112222", "100.00"); DateTime after = DateTime.Now; TimeSpan t = after - before; Console.WriteLine("Tiempo de respuesta " + i.ToString() + " " + t.TotalMilliseconds); //this is for test proposal //System.Threading.Thread.Sleep(TimeSpan.FromSeconds(5)); } catch (Exception ex) { Console.WriteLine(ex.Message); //this is for test proposal //System.Threading.Thread.Sleep(TimeSpan.FromSeconds(5)); } foreach (string var in arrBces) { bces += var + "\n"; } } MessageBox.Show(bces); }

from the above code i can see they are using .p12 certificate for connection the web service, here on my java side i'm using only the keystore with public key to connect will this be a issue

My Java Code:

public static void main(String[] args) { try { // Call Web Service Operation System.setProperty("https.proxyHost", "10.93.2.20"); System.setProperty("https.proxyPort", "8080"); System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); System.setProperty("javax.net.ssl.trustStore", "..\key.jks"); System.setProperty("javax.net.ssl.trustStorePassword", ""); System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true"); _do.com.orange.webservices_ext.Ebanking1 service = new _do.com.orange.webservices_ext.Ebanking1(); _do.com.orange.webservices_ext.Ebanking port = service.EbankingNew(); BindingProvider bp = null; bp = (BindingProvider) port; String urlUsed = (String) bp.getRequestContext(). get(BindingProvider.ENDPOINT_ADDRESS_PROPERTY); System.out.println("Using URL: " + urlUsed); bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "xxxxx"); bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "xxxxxxx"); java.lang.String number = "8091112222"; java.lang.String amount = "111"; BalanceReplyMsg brm = port.getBalanceByNumberOO(number); System.out.println(brm.getDueAmount()); System.out.println(brm.getDueAmountCdt()); } catch (Exception ex) { ex.printStackTrace(); } }

Hi. So from the debug logs, we can see that it is an SSLHandshakeException and incorrect setup of certificates can be a cause of this.

Question: Have you had a chance to work through the SecureCalculator example using Netbeans? This part is important, if you ask me. If you can do that, then you will understand how to code the client.

You can find an example of reading a p12 certificate here - search for "extract the public key". And here in Section 6.2 is an example of how to use the X509Certificate if this is how you want to do it.

If you still have trouble, I can try this out over the weekend. Let us know how it goes. All the best!

And here is a post in stackoverflow with pointers to real code.

But I think that if you can get the Netbeans SecureCalculator tutorial working, then use that client as the basis for your development, it will get done quicker that way.

Hi Srini,

Atlast it worked

I just updated the Code like below....

I created two keys, a key with Public key and another one contains public+private.

System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); System.setProperty("javax.net.ssl.trustStore", "key.jks"); System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); System.setProperty("javax.net.ssl.keyStore", "keystore.jks"); System.setProperty("javax.net.ssl.keyStorePassword", "changeit");


Ebanking1 service = new Ebanking(); Ebanking port = service.EbankingNew();

but really i'm unsure how it worked, let me look on it.

Thank you so much for your prompt responses, it really helped me out to get the solution

Thanks a lot.

Wow! Very nice Thanks for sharing the solution, Imran!