In addition to the standard CIM Exceptions sent by the CIM Server to the client, the CIM Client library generates the following exceptions. The exception generated by the client library along with the reason and solution is explained below:
Exception: CIMCLIENT_ERR_SSL_HANDSHAKE_FAILED
(Unable to Initialize Specified TrustManager: org.snia.wbemcmd.xml.HTTPOutputSimple@ed0338)
Problem:
This exception indicates that the specified TrustManager may not exist, may contain invalid path, or it may not have required permission to load.
Solution:
Make sure that the TrustManager you have specified exist and has correct path and right permissions. Also make sure that the TrustManager is not set to “null”.
Exception: CIMCLIENT_ERR_SSL_HANDSHAKE_FAILED(SSL Factory Initialization failed: org.snia.wbemcmd.xml.HTTPOutputSimple@ed0338)
Problem:
This exception may happen in number different scenarios. Such as, unable to find JSSE providers, unable to generate random seed, unable to connect to correct server, server had problem with SSL handshake, or policy permissions are incorrect.
Solution:
Follow JSSE specification and make sure the system java configurations are setup correctly.
Exception: CIMCLIENT_ERR_HTTP_ERROR(Couldn't find trusted certificate, response=500)
Problem:
This exception may happen because of SSL handshake failure. SSL handshake may fail because the certificate sent by the server was an invalid certificate or the certificate is not in clients Trust store.
Solution:
Either add this certificate to client Trust store or handle the certificate appropriately in the Certificate Manager.
Exception:
CIMCLIENT_ERR_TIMED_OUT (Request Timeout)
Problem:
This exception indicates that a timeout has occurred on a socket read. This could mean the server or provider may be slow in responding to client request, or the client time out is small.
Solution:
Consider trying this operation at some other time or might want to set client timeout or increase the client timeout. Refer to CIMClient API java documentation for how to set client timeout.
Exception: CIMCLIENT_ERR_CONNECTION_FAILED(Connection refused)
Problem:
This exception indicates that an error occurred while attempting to connect to CIMServer on a port. The CIMServer may not be running on the specified address or it may not be listening on the specified port.
Solution:
Check to make sure that the server address is correct and the port number specified is the correct port number for an SSL or non-SSL communication. (e.g., This exception may be thrown if the CIMServer is SSL enabled and listening on port 5989, the client trying to connect to non-SSL port 5988.)
Exception:
CIMCLIENT_ERR_CONNECTION_FAILED(sequoia Unknown host)
Problem: This exception indicates that the CIMServer address specified may contain an invalid system name or the system is not reachable.
Solution: Make sure the specified CIMServer address is correct and the remote system is reachable.
Exception: CIM_ERR_FAILED(IO
terminated in HTTP headers)
Problem: Java Client sends this error in couple of
cases -
1. Server closed the connection before the client had
a chance to read.
2. CIMServer did not send
the response.
3. CIMServer takes longer
time to respond.
4. Java Client read timeout is set too low.
Solution:
You can turn on the trace on the Client side and
possibly in cimserver.
To turn on the trace in Java Client - set
DEBUG_XML=true in cim.properties
and pass it to the client, for example
#java -Dorg.snia.wbem.cimom.properties=cim.properties
TestClient
I see my client hangs and
does not return or how to set timeouts in a Client?
When you have a SSL enabled client trying to connect
non-SSL CIMServer and vice-versa. You may notice that
the client does not return. In such case you should make sure to set the proper
timeouts.
Here is how you can set the timeouts:
1. Set READ timeout, refer
to CIMClient class
This is a read timeout, i.e. the client has found the
server and connected to it, and the server is not responding to any request.
Basically the socket is blocked. This may happen in case of a Non-SSL client
connecting to SSL server and also vice versa. For your applications I think setTimeout()
call is good enough.
2. To set the connection
timeout
//Assumption timeout is in
seconds
Either you add the following line in your client program
System.setProperty("java.net.connectiontimeout","20")
Or
You can pass it at run time, using
java -Djava.net.connectiontimeout=20 myclient
How to decode a property
that is an enumeration? I.E. to decode the numeric value that is returned for
the property. Does WBEM provide methods
to look up the numeric value to retrieve a String value? Or do I need to implement a look up table for
every enumeration that I am interested in?
The strings associated with enumeration property values are defined as qualifiers on the class schema. A client does not get these strings from a provider directly. But rather than duplicate the string definitions on the client side, you can get them from the CIM server using a getClass operation.
For example, PG_NISServerService:: ServerType is an
enumeration. When I make the request I
get a numeric value between 0 and 4 (inclusive). I then have to decode the numeric values as
such:
"0"
- Unknown
"1"
- Other
"2"
- Not an
"3"
- NIS Master
"4"
-
How do I use
a CIMInstance to get a fully qualified CIMObjectPath (i.e. a path with the class name and specific
keys)?
This creates a CIMObjectPath with all of the properties correctly set.
instances = CIMClient.enumerateInstances(CIMObjectPath(classname, namespace), CIMClient.DEEP,
true, true, false, null);
currentInstance = (CIMInstance)instances.nextElement();
CIMObjectPath cop = new CIMObjectPath(currentInstance.getClassName(), "root/cimv2");
cop.setKeys(currentInstance.getKeyValuePairs());
The cimclient
library performs the SSL handshaking and receives the certificate/key, what
environment settings must be in place for certificates to be passed?
Clients must create a trust store, import certificates from the server they trust in to the trust store, provide the trust store path to the JSSE either on the command line ( java -Djavax.net.ssl.trustStore=mytruststore <MyClient> ) or through
System.setProperty("javax.net.trustStore", "mytruststore");
How do set ‘trustManager’
property programmatically?
String myTrustManager=
"org.mycompany.cimapp.myCertManager";
GlobalConfig.setTrustManager(myTrustManager);
Note
that you can not set this property to ‘null’. If you would like to use the
default trust manager provided in JSSE, do not even define the trust manager
property in your program or in your properties file.
No,
you cannot. If you define/set this property in your Client application either
using setTrustManager() or through WBEM
Client configuration file (like cim.properties) it
will be set once per process, I.E you can not set/unset for every connection
being in the same process.
Does the cimclient
library accept the certificate and place it in the trust store? How would the application specify to the cimclient library where the trust store is
Client library using JSSE will only validate the server certificate using the trust store. It accepts only trusted certificates from the server. In case of non-trusted certificate the client library will call the trust manager if there is one specified. It is the job of trust manager to either accept the server certificate (possibly add that to the trust store) or reject the certificate.
How is the
client application notified that the certificate or key was placed in
the trust store? Is this assumed?
Same as above
Can the client application set
the environment so that certificates or keys are required from some target
systems but other target systems are not validated or authenticated?
Yes, trust manager can do this.
Where can I find more
information on Trust Manager and Trust Stores?
More information can be found at J2SE web site. - ----
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html
http://java.sun.com/j2se/1.4/docs/api/javax/net/ssl/X509TrustManager.html
I am unable use/initialize SSL
connection, what do I do?
Some applications have their own version of Java included in it and they use the included Java, not the one you installed on the systems (such as the one from /opt/java). In such cases make sure that java security configuration files are not modified.
How can I find out cimclient.jar version?
You can run PackageVersion program to look at the version.java org.snia.wbem.PackageVersion
My GUI application doesn’t work properly on HP-UX?
There is a bug in Java 1.4 HP-UX version (and 1.3) AWT libraries. For this you will need to install PHSS_24303 patch. I also found that Patch PHSS_24303 replaced by PHSS_26262. So we will need PHSS_26262.
CIMInstance.getKeyValuePairs() returns no keys although there are multiple
keys in my (exaple PG_OperatingSystem
has 4 keys) provider.
This bug is fixed in 2.0 Final Release. You should not see this bug.
CIMHTTPIndicationReceiver -Exception:
javax.net.ssl.SSLException: No available certificate
corresponds to the SSL cipher suites which are enabled.
The certificate (i.e a keystore) you are
passing to the Listener is either in incorrect format or may be the keystore password is incorrect. You may want to verify the password and the certificate
format. Other thing you can do is - take the same certificate and see if you
can use it with a stand-alone listener (refer to SDK example listener
or if you have test listener you can use it with).
How to Create Subscriptions?
Creating subscription is same as creating any CIM instance...you will use
CIM Client interfaces to do so. Currently WBEM (core CIMServer)
only supports CIM_IndicationSubscription, CIM_IndicationFilter, CIM_IndicationHandlerCIMXML
and IndicationHandlerSNMPMapper classes.
When a listener is created, does it execute in its own thread, separate
from the code that created it
Listener runs as server
(either SSL or non-SSL) and listens on the specified port. When Listener startCIMHTTPListener() is called, it will create a thread and starts listening.
I am unable to modify instances of CIM_IndicationHandlerCIMXML
class. Client says - Unable to modify
instance: CIM_ERR_NOT_FOUND(CIM_ERR_NOT_FOUND: The
requested object could not be found: "CIM_IndicationHandlerCIMXML")
The modifyInstance operation
is not supported for the
CIM_IndicationHandlerCIMXML class or CIM_IndicationFilter
class, and for CIM_IndicationSubscription,
only modification of the SubscriptionState
property is supported. So, it's necessary to delete the old instance
and create a new instance with the desired change. Also, deletion of a filter or handler that is
referenced by an existing subscription is not allowed, without first
deleting the subscription.
However, in the case you should see something like
"CIM_ERR_NOT_SUPPORTED: The requested operation is not supported",
rather than CIM_ERR_NOT_FOUND. Make sure
to check that your request specifies the correct namespace, key values,
etc. It looks like perhaps the instancename parameter to the modifyInstance
operation included only the classname and not the key
values.
If I create instances of CIM_IndicationFilter,
and corresponding instances of CIM_IndicationSubscription,
and CIM_IndicationHandlerCIMXML classes, does the
CIMOM check for the presence of the Indication provider? if
'RT_TestIndication'(sample indication provider) is
not present, Will it give an error response?
When you create an enabled Subscription, the IndicationService will look for indication providers that
can serve the subscription. If none are
found, you will get an error response.
The subscriber doesn't specify an indication provider. The subscriber
specifies the desired indication subclass, properties and namespace in the
Filter. The IndicationService
looks for indication providers that have registered to serve the specified
indication class in the specified namespace.
Maybe your indication provider is not registered? Let me know if you need help registering your
indication provider.
If I create a disabled subscription (the property SubscriptionState is set to 'Disabled'), will the IndicationService still check for the presence of the
indication provider?
If you create the
Subscription with SubscriptionState property set to
'Disabled', the IndicationService will NOT check
whether there is an indication provider to serve the subscription. So maybe that's what you want to do for now,
to get going.
Since the IndicationService
knows which indication subclass is served by an indication provider, is it
required that the instances of indication classes be created before the
provider is registered?
The IndicationService
checks that the class specified in the Filter is a subclass of CIM_Indication, so you must define the indication subclass
you'll be using. (Instances of the
indication subclass don't get created until the indication provider generates
an indication.)
How a particular listener
is associated with a given subscription and what goes into the Destination
property CIM_ IndicationHandlerCIMXML
The listener is
associated with the subscription through the destination property of the
handler instance. Multiple subscriptions can refer to the same handler instance;
so one listener can listen to multiple subscriptions.
With subscription
you will specify the destination where the Listener is running. An example,
<PROPERTY NAME="Destination"
TYPE="string">
<VALUE>https://mysystem.cup.hp.com:8189/cimom/Pegasus_RT_IndicationConsumer</VALUE>
</PROPERTY>
In
the above case, Listener would be running on mysystem.cup.hp.com at port 8189
with SSL enabled.
Can I specify/use any port number with my Listener?
It is not a good
plan to select any port and have the application use it. It is recommended that a Listener application
to have its own port number and is registered with IANA so that no one
else uses that port number. And also if the application is going to be running
on HP-UX, you can request INET Team to have the IANA registered port number
added to /etc/services. This way no other HP-UX application uses your port
numbers.
When the client creates
the indication listener, does it return an error if a listener already exists
on that system on the same port?
Yes it does say
- Address is in use.
Create Instance for CIM_IndicationSubscription
fails; However, I can create Handler and Filter instances.
There is a problem with Java Client API while creating
instance with reference values related to indication subscription class. This
is mainly because of Each time the ObjectPath
gets passed to CIM Operations, Client API modifies the CIMObjectPath
after it gets the response from cimserver. The work
around is to store the CIMObjectPath that is passed
to createInstance() while creating Filter and Handler instances. Then use
that stored paths in Subscription.
Refer to the example (examples/Indication/SubscribeIndTest.java ) that is in WBEM Java Client SDK.