Topic
  • 9 replies
  • Latest Post - ‏2014-07-11T12:19:22Z by John_Lane-Williams
SystemAdmin
SystemAdmin
535 Posts

Pinned topic Error using SSL with RPG web service stubs created by wsdl2ws.sh

‏2012-04-25T15:16:34Z |
I have successfully used IBM's wsdl2ws.sh to generate an RPG stub to a vendor's web service. Based on the "Web Services Client for ILE
Programming Guide" and other resources, I also did the following:

1. set up the *SYSTEM certificate store 2. retrieved the vendor
's public key into the executing user profile's home/user/.ssh directory 3. added a call to axiscStubSetSecure to identify the certificate store 4. added calls to create the SOAP header with the username and password given me by the vendor.


However, when I execute the RPG stub, I get a fault returned which states
"HTTPTransportException: HTTPS transport error.GSKit Error is 202 - Key database file was not found."

I found http://www-03.ibm.com/systems/i/software/iws/faq.html#wseng3:

How 

do I enable SSL?   When an integrated Web services server is created, a corresponding HTTP server is also created. You will need to enable SSL 

for the HTTP server and go through the port exposed by the HTTP server when invoking a Web service operation. If you by-pass the HTTP server and go directly to the integrated Web services server ports, you will be limited to non-SSL connections.
"


However, as this is my first time using web services and I have never done any web development or worked with HTTP servers,
I do not know:
  • if I have enabled SSL for the HTTP server correctly
  • how to "go through the port exposed by the HTTP server when invoking a Web service operation"

I did NOT create an integrated Web Services server, as I am not hosting a web service,
just calling an existing one on someone else's server.

I would like to know how to debug the RPG stub and web services APIs. I have downloaded SOAPUI and TCPMON, but do not know enough
to interface them with the RPG web stub call I am executing directly from the iSeries command line.

Any directions for troubleshooting this error and using SOAPUI and TCPMON would be appreciated.

Bob
Updated on 2012-05-01T17:44:32Z at 2012-05-01T17:44:32Z by SystemAdmin
  • amra1
    amra1
    56 Posts

    Re: Error using SSL with RPG web service stubs created by wsdl2ws.sh

    ‏2012-04-25T22:37:28Z  
    Can you show an example of how you are invoking axiscStubSetSecure()?

    Also, ensure you have the latest HTTP server group PTF.
  • SystemAdmin
    SystemAdmin
    535 Posts

    Re: Error using SSL with RPG web service stubs created by wsdl2ws.sh

    ‏2012-04-26T14:04:06Z  
    Here is my call to axiscStubSetSecure():
    
    axiscStubSetSecure(WsStub.handle:wc_KeyPath:wc_CAPwd: wc_CertLbl:
    'NONE':
    '05':
    'NONE');
    

    where wc_KeyPath = /QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB
    and wc_CertLbl = LOCAL_CERTIFICATE_AUTHORITY_1040CAD1(1)
    and wc_CApwd = <the password for the *SYSTEM Store>

    I talked with IBM support yesterday and he had me check my Java and HTTP
    Server PTF Groups, and didn't indicate we were out-of-date. (We just
    upgraded to 6.1 in January.)
  • amra1
    amra1
    56 Posts

    Re: Error using SSL with RPG web service stubs created by wsdl2ws.sh

    ‏2012-04-26T21:23:59Z  
    Here is my call to axiscStubSetSecure():
    <pre class="jive-pre"> axiscStubSetSecure(WsStub.handle:wc_KeyPath:wc_CAPwd: wc_CertLbl: 'NONE': '05': 'NONE'); </pre>
    where wc_KeyPath = /QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB
    and wc_CertLbl = LOCAL_CERTIFICATE_AUTHORITY_1040CAD1(1)
    and wc_CApwd = <the password for the *SYSTEM Store>

    I talked with IBM support yesterday and he had me check my Java and HTTP
    Server PTF Groups, and didn't indicate we were out-of-date. (We just
    upgraded to 6.1 in January.)
    I am assuming the certificate was imported to the system via digital certificate manager.

    The user profile the client program is running under must have authority to the certificate store (.kdb). Does it have the authority?

    What happens if you pass NULL string to as the password (in which case the internal stash object will be used.
  • amra1
    amra1
    56 Posts

    Re: Error using SSL with RPG web service stubs created by wsdl2ws.sh

    ‏2012-04-26T21:32:39Z  
    Here is my call to axiscStubSetSecure():
    <pre class="jive-pre"> axiscStubSetSecure(WsStub.handle:wc_KeyPath:wc_CAPwd: wc_CertLbl: 'NONE': '05': 'NONE'); </pre>
    where wc_KeyPath = /QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB
    and wc_CertLbl = LOCAL_CERTIFICATE_AUTHORITY_1040CAD1(1)
    and wc_CApwd = <the password for the *SYSTEM Store>

    I talked with IBM support yesterday and he had me check my Java and HTTP
    Server PTF Groups, and didn't indicate we were out-of-date. (We just
    upgraded to 6.1 in January.)
    Forgot to mention the new HTTP group PTFs were released about 10 days ago....
  • SystemAdmin
    SystemAdmin
    535 Posts

    Re: Error using SSL with RPG web service stubs created by wsdl2ws.sh

    ‏2012-05-01T14:26:24Z  
    Okay, some updates.

    1. I had passed some the parameters to the Axis security and SOAP header routines as RPG variables with initial values, but they needed to be "pointers to null-terminated strings" or constants. I changed them to constants and my Axis calls are now working.

    2. IBM support pointed out the Axis trace routines in the Integrated Web Services for IBM i manual, which allowed me to get more information on what was happening.

    3. I discovered that my vendor was using a different version of the Verisign Certificate Authority than IBM has as the default for Verisign in the IBM i DCM, so I imported the CA they were using from their website.

    4. The vendor sent me a log showing that I am now successfully connecting. However, they are returning a "credential" error, even though the credentials (username and password) are clearly in the XML showing in the log file. I am working with the vendor on this issue.

    5. Obviously missing from the XML is "item", the one complex element with "maxOccurs" greater than 1: A list of items and quantities defined in the .xsd as:

    
    =====THE INPUT PARAMETER TO THE VENDOR WEB SERVICE===== <xs:complexType name=
    "parcelShipmentNotification"> <xs:sequence> <xs:element name=
    "parcel" type=
    "tns:parcelDetails" minOccurs=
    "0"/> <xs:element name=
    "requestPackingSlip" type=
    "xs:boolean" minOccurs=
    "0"/> </xs:sequence> </xs:complexType>   =====PARCEL DETAILS===== <xs:complexType name=
    "parcelDetails"> <xs:sequence> <xs:element name=
    "carrierName" type=
    "xs:string" minOccurs=
    "0"/> <xs:element name=
    "carrierService" type=
    "xs:string" minOccurs=
    "0"/> <xs:element name=
    "items" type=
    "tns:item" nillable=
    "true" minOccurs=
    "0" maxOccurs=
    "unbounded"/> <xs:element name=
    "orderId" type=
    "xs:string" minOccurs=
    "0"/> <xs:element name=
    "parcelId" type=
    "xs:string" minOccurs=
    "0"/> <xs:element name=
    "parcelReference" type=
    "xs:string" minOccurs=
    "0"/> <xs:element name=
    "shippingDate" type=
    "xs:dateTime" minOccurs=
    "0"/> <xs:element name=
    "trackingURL" type=
    "xs:string" minOccurs=
    "0"/> </xs:sequence> </xs:complexType>   =====ITEM===== <xs:complexType name=
    "item"> <xs:sequence> <xs:element name=
    "quantity" type=
    "xs:int" minOccurs=
    "0"/> <xs:element name=
    "sku" type=
    "xs:string" minOccurs=
    "0"/> </xs:sequence> </xs:complexType>
    


    A debug of the data structure defined for the input parameter is attached ("Web Service Input and Result values from the RPG.doc), showing that 3 SKUs (000237868, 000243633, 000388154) and quantities are in the array being passed by the RPG stub.

    (I will attach the trace log in a separate entry...)
  • SystemAdmin
    SystemAdmin
    535 Posts

    Re: Error using SSL with RPG web service stubs created by wsdl2ws.sh

    ‏2012-05-01T14:27:38Z  
    Here is the trace log, which seems to show at timestamp 27/04/2012 12:23:28:772 and :774 that the "ComplexObjectHandler()" was being called to process the items element, even though the values themselves are not shown, as they are with the other elements.
  • SystemAdmin
    SystemAdmin
    535 Posts

    Re: Error using SSL with RPG web service stubs created by wsdl2ws.sh

    ‏2012-05-01T17:44:32Z  
    I think I figured it all out!

    I was neglecting to set the "size" and "type" elements that are part of the "item" complex element, which includes an array.

    My XML now appears to be correctly generated. Waiting on some help from the vendor as to why the credentials still aren't being accepted.
  • John_Lane-Williams
    John_Lane-Williams
    5 Posts

    Re: Error using SSL with RPG web service stubs created by wsdl2ws.sh

    ‏2014-07-11T10:30:22Z  
    I think I figured it all out!

    I was neglecting to set the "size" and "type" elements that are part of the "item" complex element, which includes an array.

    My XML now appears to be correctly generated. Waiting on some help from the vendor as to why the credentials still aren't being accepted.

    Sorry to drag up an old post but, for complex arrays how do you find the values to use to set the "type" element ?

     

  • John_Lane-Williams
    John_Lane-Williams
    5 Posts

    Re: Error using SSL with RPG web service stubs created by wsdl2ws.sh

    ‏2014-07-11T12:19:22Z  

    Sorry to drag up an old post but, for complex arrays how do you find the values to use to set the "type" element ?

     

    Solved , found this in the IWS manual;

    type field, which is an indication of the type of element (for example, array of integers, or an array of
    user-defined complex structures). Constants for the possible types are defined in the generated
    <portType>_xsdtypes.rpgleinc file. There are constants for all the simple types. For example,
    XSDC_STRING and XSDC_INT. For complex types, the field should be set to XSDC_USER_TYPE.