Java settings for Fiddler examination of outgoing SOAP requests?

1
votes

I am trying to debug my SOAP requests going to a third party web service. My client side code (the code running on my local machine) was generated using wsimport. I am trying to configure Fiddler to intercept my outgoing SOAP requests but have had no luck. Here is what I have done so far:

  1. WinINET LAN settings pointed to localhost (127.0.0.1:8888) with Fiddler running and capturing traffic. I have HTTPS requests being decrypted by Fiddler since my web service is using HTTPS. At this point my requests to the 3rd party URL do not appear at all. I receive a stack trace error telling me the web service cannot process request due to an internal error (this is why I am debugging my request - since it is third party I do not have access to the web service logs).

  2. I then added the following code to my method that calls the web service:

    System.setProperty("http.proxyHost", "127.0.0.1");
System.setProperty("https.proxyHost", "127.0.0.1");
System.setProperty("http.proxyPort", "8888");
System.setProperty("https.proxyPort", "8888");

When I execute my code with this included, I receive the following errors:

org.apache.jasper.JasperException: javax.xml.ws.WebServiceException: Failed to access the WSDL at: <wsdl_url>. It failed with: 
Got sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target while opening stream from <wsdl_url>.

BUT in Fiddler I get an entry for the request that seems to not complete (sorry - new to Fiddler). The host is listed as "Tunnel to" and it is greyed out. In the Fiddler log I get this error:

!SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate on pipe to (CN=<wsdl_base_url>, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).

To me, it seems that I have the configuration correct for Fiddler and my proxy, but I am missing something in Java. I can't help but feel that I am missing a critical step here, so any advice would be greatly appreciated. Thanks!

EDIT: Do I need to generate new Java code using wsimport with the -httpproxy option set?

1
javaweb-servicestomcatsoapfiddler
Since this is a secure channel, you have to have a KeyStore and a TrustStore with the public certificate of the server in your Truststore, the client certificate in you KeyStore and the public version of the client certificate in the server TrustStore. Since you have a AuthenticationException, are you sure this is all ok ?Nyamiou The Galeanthrope
@NyamiouTheGaleanthrope Should the certificate be from Fiddler or from my web service provider? I'm guessing my web service provider, but just checking.dadykhoff
Also I think I should be able to view my outgoing request regardless of whether it authenticates on their end, right?dadykhoff
You are right, it should be the certificate of the service provider. Also, I've never used Fiddler, so I don't know if you can see the SSL handshake in it.Nyamiou The Galeanthrope

1 Answers

1
votes

You need to add Fiddler's root certificate to the Java Key Store. Java does not use the system's certificate store, so the fact that Fiddler puts itself there doesn't solve the problem for you.

Get Fiddler's certificate by clicking Export Root Certificate from inside Tools > Fiddler Options > HTTPS. Then import the cert: http://azure.microsoft.com/en-us/documentation/articles/java-add-certificate-ca-store/#to-add-a-certificate-to-the-cacerts-store