I am migrating some (more) legacy code up to CXF 2.7 from 2.3. The code used to build and run fine, but now I'm getting an exception (trimmed to the relevant part) ...
Caused by: java.io.IOException: JSSE Security Exception
at gov.faa.swim.ctk.harness.wss.common.server.CtkJettyHTTPTransportFactory.createDestination(CtkJettyHTTPTransportFactory.java:136)
at gov.faa.swim.ctk.harness.wss.common.server.CtkJettyHTTPTransportFactory.getDestination(CtkJettyHTTPTransportFactory.java:111)
at org.apache.cxf.binding.soap.SoapTransportFactory.getDestination(SoapTransportFactory.java:142)
at org.apache.cxf.endpoint.ServerImpl.initDestination(ServerImpl.java:83)
at org.apache.cxf.endpoint.ServerImpl.<init>(ServerImpl.java:62)
at org.apache.cxf.frontend.ServerFactoryBean.create(ServerFactoryBean.java:170)
... 52 more
Caused by: java.lang.RuntimeException: Protocol mismatch for port 15443: engine's protocol is http, the url protocol is https
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:162)
at gov.faa.swim.ctk.harness.wss.common.server.CtkJettyHTTPTransportFactory.createDestination(CtkJettyHTTPTransportFactory.java:131)
... 57 more
Caused by: java.io.IOException: Protocol mismatch for port 15443: engine's protocol is http, the url protocol is https
at org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory.createJettyHTTPServerEngine(JettyHTTPServerEngineFactory.java:271)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.retrieveEngine(JettyHTTPDestination.java:127)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:160)
... 58 more
So it would seem that the server engine is not correctly configured for TLS/HTTPS, but as far as I can tell it is. This is how the engine factory is set up:
<httpj:engine-factory bus="cxf">
<httpj:identifiedTLSServerParameters id="secure">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="${tlsKeystorePassword}">
<sec:keyStore type="JKS" password="${tlsKeyPassword}"
file="${tlsKeystore}"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="${tlsTruststorePassword}"
file="${tlsTruststore}"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_RSA_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DH_DSS_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DH_RSA_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_RSA_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_DH_DSS_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_DH_RSA_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA</sec:include>
<sec:include>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA</sec:include>
<sec:include>TLS_RSA_WITH_3DES_EDE_CBC_SHA</sec:include>
<sec:include>TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA</sec:include>
<sec:include>TLS_DH_RSA_WITH_3DES_EDE_CBC_SH</sec:include>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:identifiedTLSServerParameters>
<httpj:engine port="${port}">
<httpj:tlsServerParametersRef id="secure" />
<httpj:threadingParameters minThreads="5" maxThreads="15" />
</httpj:engine>
</httpj:engine-factory>
Does anyone know if there was a change somewhere along the line that isn't accounted for in here? Any kicks in the right direction would be appreciated, thanx!
Stephen W. Chappell
Caused by: java.io.IOException: JSSE Security Exception
at gov.faa.swim.ctk.harness.wss.common.server.CtkJettyHTTPTransportFactory.createDestination(CtkJettyHTTPTransportFactory.java:136)
at gov.faa.swim.ctk.harness.wss.common.server.CtkJettyHTTPTransportFactory.getDestination(CtkJettyHTTPTransportFactory.java:111)
at org.apache.cxf.binding.soap.SoapTransportFactory.getDestination(SoapTransportFactory.java:142)
at org.apache.cxf.endpoint.ServerImpl.initDestination(ServerImpl.java:83)
at org.apache.cxf.endpoint.ServerImpl.<init>(ServerImpl.java:62)
at org.apache.cxf.frontend.ServerFactoryBean.create(ServerFactoryBean.java:170)
... 52 more
Caused by: java.lang.RuntimeException: Protocol mismatch for port 15443: engine's protocol is http, the url protocol is https
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:162)
at gov.faa.swim.ctk.harness.wss.common.server.CtkJettyHTTPTransportFactory.createDestination(CtkJettyHTTPTransportFactory.java:131)
... 57 more
Caused by: java.io.IOException: Protocol mismatch for port 15443: engine's protocol is http, the url protocol is https
at org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory.createJettyHTTPServerEngine(JettyHTTPServerEngineFactory.java:271)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.retrieveEngine(JettyHTTPDestination.java:127)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:160)
... 58 more
So it would seem that the server engine is not correctly configured for TLS/HTTPS, but as far as I can tell it is. This is how the engine factory is set up:
<httpj:engine-factory bus="cxf">
<httpj:identifiedTLSServerParameters id="secure">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="${tlsKeystorePassword}">
<sec:keyStore type="JKS" password="${tlsKeyPassword}"
file="${tlsKeystore}"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="${tlsTruststorePassword}"
file="${tlsTruststore}"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_RSA_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DH_DSS_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DH_RSA_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_RSA_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_DH_DSS_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_DH_RSA_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA</sec:include>
<sec:include>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA</sec:include>
<sec:include>TLS_RSA_WITH_3DES_EDE_CBC_SHA</sec:include>
<sec:include>TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA</sec:include>
<sec:include>TLS_DH_RSA_WITH_3DES_EDE_CBC_SH</sec:include>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:identifiedTLSServerParameters>
<httpj:engine port="${port}">
<httpj:tlsServerParametersRef id="secure" />
<httpj:threadingParameters minThreads="5" maxThreads="15" />
</httpj:engine>
</httpj:engine-factory>
Does anyone know if there was a change somewhere along the line that isn't accounted for in here? Any kicks in the right direction would be appreciated, thanx!
Stephen W. Chappell