Search code examples
javasoapws-security

Consuming secure web service from JAVA

I've been banging my head against the wall for the last month trying to get a simple WebService client to work.

Basically, the service that I am accessing requires both signing XML elements and the whole document. I have successfully got the first step to work both manually (implementing the algorithm) and following IBM tutorials.

I have been searching information on how to get the second step to work and all I have been able to find was that the following properties should be set, either via parameters or by setting them in the code like:

System.setProperty("javax.net.ssl.keyStoreType","pkcs12");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
System.setProperty("javax.net.ssl.keyStore","/path/to/keystore");

I am not sure if this is enough but I know it is indeed necessary since commenting out these three lines results in a java.lang.NullPointerException at sun.security.pkcs12.PKCS12KeyStore.engineGetKey.

I have a XML document I know is valid for testing purposes. However, I can't get the WebService to accept my request whenever I send it via my own application. I know the request is fine since it does work on SoapUI.

I have tried to keep my code as short as possible and it's currently looking like the following:

String xml = getXMLToSend(); // Loads the XML I know works

uy.gub.dgi.WSEFacturaEFACRECEPCIONSOBRE params;
params = new WSEFacturaEFACRECEPCIONSOBRE();
Data datain = new Data();
datain.setXmlData(xml);        
params.setDatain(datain);

// Do the external call
WSEFacturaEFACRECEPCIONSOBREResponse resp = efacrecepcionsobre(params);

Note: All these elements are NetBeans-generated from the WSDL.

And this is the result:

%% Cached client session: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
main, WRITE: TLSv1 Application Data, length = 320
main, WRITE: TLSv1 Application Data, length = 32
main, WRITE: TLSv1 Application Data, length = 288
main, READ: TLSv1 Application Data, length = 144
main, READ: TLSv1 Application Data, length = 64
main, READ: TLSv1 Application Data, length = 4016
main, READ: TLSv1 Application Data, length = 368
main, READ: TLSv1 Alert, length = 32
main, RECV TLSv1 ALERT:  warning, close_notify
main, called closeInternal(false)
main, SEND TLSv1 ALERT:  warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 32
main, called closeSocket(selfInitiated)
main, called close()
main, called closeInternal(true)
Server : handleFault(): com.sun.xml.messaging.saaj.soap.ver1_1.Message1_1Impl@42c3bd
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Error al consumir el Servicio Web
    at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:189)
    at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:130)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
    at com.sun.proxy.$Proxy37.efacrecepcionsobre(Unknown Source)
    at xmlsign.XmlSign.efacrecepcionsobre(XmlSign.java:196)
    at xmlsign.XmlSign.main(XmlSign.java:110)

I am unsure whether my XML code should or not include [CDATA tags. SoapUI needs them but I couldn't get my code to work either way. I have tried:

  • Wrapping my XML in CDATA tags
  • Sending it directly
  • Sending the whole SoapUI request (which starts like <soapenv:Envelope xmlns:soapenv=...).

SoapUI works flawlessly, all I need to do is set it to use my keystore and provide a password for it. I am trying to implement the same behavior in my code but cannot find a way to do so. This is the settings dialog on SoapUI.

enter image description here

I am honestly clueless as to what to do next since everything that I have tried seems to fail.

Solution

  • You have here a valid request, only body parts (it is old but changes are minimal, ie xsd changed), tell me if you need the complete soap envelope, you have in your soap ui test or in dgi examples:

    <?xml version="1.0" encoding="UTF-8"?>
<DGICFE:EnvioCFE version="1.0" xsi:schemaLocation="http://cfe.dgi.gub.uy EnvioCFE_v1.26.xsd" xmlns:DGICFE="http://cfe.dgi.gub.uy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <DGICFE:Caratula version="1.0">
    <DGICFE:RutReceptor>214844360018</DGICFE:RutReceptor>
    <DGICFE:RUCEmisor>216236720014</DGICFE:RUCEmisor>
    <DGICFE:Idemisor>0</DGICFE:Idemisor>
    <DGICFE:CantCFE>1</DGICFE:CantCFE>
    <DGICFE:Fecha>2013-09-25T23:34:12-03:00</DGICFE:Fecha>
    <DGICFE:X509Certificate>MIIFhDCCA2ygAwIBAgIQIcZdY4xVnSVRv12pmrXptDANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJVWTErMCkGA1UECgwiQURNSU5JU1RSQUNJT04gTkFDSU9OQUwgREUgQ09SUkVPUzEfMB0GA1UECwwWU0VSVklDSU9TIEVMRUNUUk9OSUNPUzEdMBsGA1UEAwwUQ29ycmVvIFVydWd1YXlvIC0gQ0EwHhcNMTMwNjE3MTkwNDA5WhcNMTQwNjE3MTkwNDA5WjCBmTEoMCYGCSqGSIb3DQEJARYZamNhcmxvcy5hbHZhcmV6QGdtYWlsLmNvbTEWMBQGA1UECgwNVFUgUEVESURPIFdFQjESMBAGA1UECAwJQ2FuZWxvbmVzMQswCQYDVQQGEwJVWTEYMBYGA1UEBRMPUlVDMjE2MjM2NzIwMDE0MRowGAYDVQQDDBFUVSBQRURJRE8gV0VCIFNSTDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1ikDTROtXNuYiH/RpVf3LYhXkMGPvwxn1L8OVQBVKo/lmoAQGFernm2pJj1tM3yAltkRyjLUf3+zqDFrkM0X0IqYd8GrcLb9l0VWUP0eTFzxT5WFamRGhLJ/w8GpXj+IFm2f8mavQAfB42yWCK2sFDEhvT5U35+2kVcT04MRLpcCAwEAAaOCAWgwggFkMCQGA1UdEQQdMBuBGWpjYXJsb3MuYWx2YXJlekBnbWFpbC5jb20wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA/gwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQUFdy4NHb4asV9//+TOkSAAzn47/YwHwYDVR0jBBgwFoAUJY/fQy+OaroLvkZcV1CTt1G+/NkwVAYDVR0gBE0wSzBJBgwrBgEEAYH1TwEBAQQwOTA3BggrBgEFBQcCARYraHR0cDovL3d3dy5jb3JyZW8uY29tLnV5L2NvcnJlb2NlcnQvY3BzLnBkZjAYBg0rBgEEAYH1TwEBAQQBBAcMBURpc2NvMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly93d3cuY29ycmVvLmNvbS51eS9Db3JyZW9DZXJ0L2FuYy5jcmwwDQYJKoZIhvcNAQEFBQADggIBAAdGDy9H3qNk6bHjseHw3wAp8tgScaSpPTGggs974WxfOb5H/v1P3OIXnx5IqtYsfBLR5Sj/CCi7KHq80gQsSL4myb30rQW+kjrsQ1pcuwzbND2GWRAOyczwDiLWTIziQtjoCODlUE5BTezYAn91cPmgQJZ7t34+phqIjlvBDwCGJBhcZdwvoF6Q9N9WQxjFlwfRITOd1fw5YgqHsPE1LTuy3n//joyYFwS4bxm+H1oRjMMETGkL2aZQ/CSOni4ts/rbwjmpMVaz9WWp6CWWceGvl/hIzVEo3Gl8JdmV/4q8Jsgxy9CJBDAEognNFFkxcHOvb+udRhAswnfSgSNpYijm79agpAMw8gr19Bl8/+1X8Mu8MIBQxAzLmvPqEXtLaMkONhHe0tlq+LYHTLK4FsPhouCjMS74JZ47h48MFLXyxObGsLEbdq74W8V9uK4JL3/wLk3Qmbl4A0nugRFHU9HphRqgbMFVOuM/eLIH1FA4wUvQGgSiBhLpCJ/Wju2kou126dS8Ae6ntdUMnjGG1JIG1zyfmAqxhA+SsOmHkDwGIFWuWye9kqAnPV0Tkz5APUUKazRzhTyJtMGOa+MhL4nKfJfoPQqYxt4BARWRcu9WpETGc+mK8WjxGesSPYp779p0+mb4d7Jr9yH1t975VesZsY+Xbjcg1kPkDE+3H7Kk</DGICFE:X509Certificate>
  </DGICFE:Caratula>
  <ns1:CFE xmlns:ns1="http://cfe.dgi.gub.uy" version="1.0"><ns1:eTck><ns1:TmstFirma>2013-09-25T23:09:16-03:00</ns1:TmstFirma><ns1:Encabezado><ns1:IdDoc><ns1:TipoCFE>101</ns1:TipoCFE><ns1:Serie>A</ns1:Serie><ns1:Nro>21</ns1:Nro><ns1:FchEmis>2013-09-25</ns1:FchEmis><ns1:MntBruto>1</ns1:MntBruto><ns1:FmaPago>1</ns1:FmaPago><ns1:FchVenc>2014-05-20</ns1:FchVenc></ns1:IdDoc><ns1:Emisor><ns1:RUCEmisor>216236720014</ns1:RUCEmisor><ns1:RznSoc>Tu Pedido Web SRL</ns1:RznSoc><ns1:NomComercial>Tu Pedido Web</ns1:NomComercial><ns1:EmiSucursal>Sucursal 1</ns1:EmiSucursal><ns1:CdgDGISucur>1</ns1:CdgDGISucur><ns1:DomFiscal>Park way M.18 S.14</ns1:DomFiscal><ns1:Ciudad>Ciudad de la Costa</ns1:Ciudad><ns1:Departamento>Canelones</ns1:Departamento></ns1:Emisor><ns1:Receptor><ns1:TipoDocRecep>2</ns1:TipoDocRecep><ns1:CodPaisRecep>UY</ns1:CodPaisRecep><ns1:DocRecep>214844360018</ns1:DocRecep><ns1:RznSocRecep>DGI</ns1:RznSocRecep></ns1:Receptor><ns1:Totales><ns1:TpoMoneda>UYU</ns1:TpoMoneda><ns1:MntNetoIvaTasaMin>0</ns1:MntNetoIvaTasaMin><ns1:MntNetoIVATasaBasica>348.36</ns1:MntNetoIVATasaBasica><ns1:IVATasaMin>10</ns1:IVATasaMin><ns1:IVATasaBasica>22</ns1:IVATasaBasica><ns1:MntIVATasaMin>0</ns1:MntIVATasaMin><ns1:MntIVATasaBasica>76.64</ns1:MntIVATasaBasica><ns1:MntTotal>425</ns1:MntTotal><ns1:CantLinDet>3</ns1:CantLinDet><ns1:MntPagar>425</ns1:MntPagar></ns1:Totales></ns1:Encabezado><ns1:Detalle><ns1:Item><ns1:NroLinDet>1</ns1:NroLinDet><ns1:IndFact>3</ns1:IndFact><ns1:NomItem>Chivito canadiense pollo</ns1:NomItem><ns1:Cantidad>1</ns1:Cantidad><ns1:UniMed>uni.</ns1:UniMed><ns1:PrecioUnitario>220</ns1:PrecioUnitario><ns1:MontoItem>220</ns1:MontoItem></ns1:Item><ns1:Item><ns1:NroLinDet>2</ns1:NroLinDet><ns1:IndFact>3</ns1:IndFact><ns1:NomItem>Ensalada Oriental</ns1:NomItem><ns1:Cantidad>1</ns1:Cantidad><ns1:UniMed>uni.</ns1:UniMed><ns1:PrecioUnitario>170</ns1:PrecioUnitario><ns1:MontoItem>170</ns1:MontoItem></ns1:Item><ns1:Item><ns1:NroLinDet>3</ns1:NroLinDet><ns1:IndFact>3</ns1:IndFact><ns1:NomItem>COCA 600</ns1:NomItem><ns1:Cantidad>1</ns1:Cantidad><ns1:UniMed>uni.</ns1:UniMed><ns1:PrecioUnitario>35</ns1:PrecioUnitario><ns1:MontoItem>35</ns1:MontoItem></ns1:Item></ns1:Detalle><ns1:CAEData><ns1:CAE_ID>1234567890</ns1:CAE_ID><ns1:DNro>1</ns1:DNro><ns1:HNro>9999</ns1:HNro><ns1:FecVenc>2014-05-20</ns1:FecVenc></ns1:CAEData></ns1:eTck><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>54SNwKhQcauyDgAa3LKRfVDq04o=</DigestValue></Reference></SignedInfo><SignatureValue>qbEx/alzxeyM0WrrSCN0BWAyDzPwYxM/g0XwijqWNcyTMmRu+LdAr+OE73NHxXmdmNy+2tukH48VJ6FbuQzTmB1UlBLRX9VDZMedczwP7hipIrtcrn8WKNkn7ZgOPEAxzwDSwiCOaFIQh1Rs2wBcYLgLoDC3mdsd8UEH6fKJmvc=</SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerName>CN=Correo Uruguayo - CA, OU=SERVICIOS ELECTRONICOS, O=ADMINISTRACION NACIONAL DE CORREOS, C=UY</X509IssuerName><X509SerialNumber>44894492790004750363406944301179333044</X509SerialNumber></X509IssuerSerial></X509Data></KeyInfo></Signature></ns1:CFE>
</DGICFE:EnvioCFE>