Rodrigo Soto

Greenhorn
+ Follow
since Oct 13, 2009
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
1
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Rodrigo Soto

Hello,
I am trying to build a jar file as an API for other applications to use. The problem is that when I try to use API.jar it relies on other jars that I've included inside API.jar but it the JVM does not find the dependencies. Here is my build.xml:

This creates a jar file with the following tree:
api------
|
com(where some src classes are)
|
net (some other src classes are)
|
conf(configuration files for com and net classes)
|
lib (where dependencies are placed)
|
Meta-Inf
And when I the main application uses API.jar the following error is thrown:


Thank you.
9 years ago

Pat Farrell wrote:
Gregg's question was: " you need to know what the server's authentication requirements are"

which is not addressed by your quoted section. Authentication is in addition to the transport security, which is all that HTTPS, or HTTP+TLS provides.

You have to go back to your vendor and ask them. While you are talking to them, ask for a sample code fragment that you can use for testing. And ask for the specific port that they expect you to use. And ask them if they have a non-TLS testing version.

This all may be as simple as telling the Apache HttpClient to talk to "https://www.somevendor.com:1234"

But you need to get more information.


Well I have talked to the people providing the service and this are the instructions


1. Extract your private key and public key.
2. Extract the CA public key.
3. Install these three items per your software.
4. Do NOT install the public keys of all of the other secure nodes/apps
5. Do NOT install the public keys of all of the other secure nodes/apps
6. Do NOT install the public keys of all of the other secure nodes/apps
7. When you make a TLS connection with someone, they will offer their certificate that is signed by the CA. You need to determine if it is signed properly using the public key I have given you.
* If yes, continue with the connection.
* If no, hit the eject button.

this is all they have given. Again I am a newbie at security any help is greatly appreciated.
9 years ago

Pat Farrell wrote:
You didn't answer @gregg's question. And you are still mixing up terms.

If you use https, then you are using SSL. Its mostly the same as TLS, but its not meaningful to talk about "https over TLS" as HTTPS is essentially TLS.

Using HTTPS is not usually enough for authentication. Usually the server site expects that you use HTTPS and do a login with some sort of userid and password, or using client-side certs.

I agree that you are right in separating the SOAP stuff from the SSL stuff. Its nearly impossible to debug a connection once its using SSL. So nice vendors offer an unencrypted connection for testing.



I will have to apologize since I am very new at Security issues. This is the requirement as stated from the vendor:"The HTTP connection shall be made using TLS connection and the port shall be configurable. HTTP connections shall require the encryption-option". Hope this helps and that I have answer @gregg's question.
9 years ago

greg stark wrote:

Rodrigo Soto wrote:and what are the certificates for? I thought the whole purpose was to authenticate a user with valid certificates to have sensible information within the system. Am I wrong?



The whole purpose is to make secure connections, but the devil is in the details. Most SSL sites use certificates only to authenticate the server to the client, and use usernames and passwords to authenticate the client to the server. Since you are writing the client side, you need to know what the server's authentication requirements are. Does your server require client certificates in SSL?



The Server has a few requirements and one of them is that the connection has to be https over TLS using soap. But first I would like to understand how to do it with no soap messaging and then I think I can figure out how to use the soap message.

Thank you.
9 years ago
and what are the certificates for? I thought the whole purpose was to authenticate a user with valid certificates to have sensible information within the system. Am I wrong?
9 years ago
Hello,
I am trying to develop a java client that sends a request to a server but one of the requirements is that the connections has to be via https with certificates. I am new at java. I have read a few tutorials but they only explain how the server works but not a client. Thank you in advance for your help.
9 years ago
Hi all,
I am trying to compile and old project that I build some time ago but I only found the .class files and I want to compile a new .java file that depend on some of those other classes. I am using


to compile but when it tries to import the classes needed it returns with errors specifying that those classes does not exist but they do exist inside my \project\net directory. Any ideas on how to solve this.
9 years ago
Hi all,
I am trying to send a soap message. The problem is that I am getting an Axis fault message as follow:


Thank you in advance for your cooperation.
By the way here is the code that I am using to create the message.
9 years ago
Well the I dont know if the problem is really that because when I send the soap message to the server it tries to validate the message against some xsd but I do not have control over that. The problem is that the server is sending a fault message stating that there does not exist a WS-Action but it is there. I have been working on this problem and have not find any solution. Any other thoughts on how to solve this?
9 years ago
Thank you for your prompt responses. I have used the TCPMon and this the soap messages does have a soapenv:Body, here it is the message

I hope this helps to narrow the problem down. Thank you in advance.
9 years ago
Hi all, I am developing a client that generates a soap messages and sends it to a public registry. When I create this messages it does not goes through and returns a Axisfault here is the stack trace:


Here is the method that creates the soap message:

I thank you in advance.
9 years ago