The WBEM Java Client SDK is a set of APIs that contain the components necessary to write management applications that communicate with WBEM-enabled management devices using XML and HTTP communication standards.
WBEM applications request information or services from the Common Information Model (CIM) Object Manager through the WBEM APIs. These APIs represent CIM objects as Java classes. These APIs can be used to describe managed objects and retrieve information about managed objects on a system.
WBEM client applications use the org.snia.wbem.client APIs to manipulate CIM objects. A client application uses the CIM API to construct an object (for example, a class, instance, or namespace) and then initializes, or instantiates that object. The application uses the client APIs to pass the object to the CIM Object Manager (CIMOM) and request an operation, such as creating a CIM class, instance, or deleting an instance.
CIM Listener (org.snia.wbem.listener) provides interfaces to process CIM/XML Indications.
The javadoc documentation includes the following packages that the client applications require to make CIM operation requests to a CIM Object Manager.
org.snia.wbem.client
org.snia.wbem.cim
org.snia.wbemcfg
org.snia.wbem.listener
You must use Xerces 1.4.4
version. It can be downloaded from
http://xml.apache.org/dist/xerces-j/
Java 1.4 version is used because it includes JSSE
(for SSL). Note JSEE is not part of earlier versions of Java. For HP-UX, you may download Java 1.4 from http://www.hp.com/go/java/.
The
Java CLASSPATH must include the following:
CLASSPATH=$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/jre/lib/jsse.jar:$XERCES_HOME/xerces-1_4_4/xerces.jar:$CIMCLIENT_HOME/cimclient.jar:.
1. This version supports both SSL and non-SSL based CIM/XML indications. Client SDK now includes the CIM Listener interfaces for writing CIM/XML indication consumers. With Secured Listener, 2-way SSL authentication is always enabled with CIM/XML Indications. Please refer to Java documentation of org.snia.wbem.listener package. You can also refer to the “CIM-XML Listener” section in this document on how to write consumers.
2. Redesigned CIM HTTP Listener interface to separate Consumer interfaces from Listener
3. Added Operation Context – which is (can be) used to pass additional information to clients/consumers.
4. Added support for Local connection in Java CIM Client interface. I.E. Java CIM Clients that wish to do local connection to CIMServer can now use this feature.
WBEM client applications use the org.snia.wbem.client APIs to manipulate CIM
objects on the CIM Object Manager. A client application uses classes in org.snia.wbem.cim package to construct an object (for
example, a class, instance, or namespace) and initializes that object. Then
uses the client APIs to pass the object to the CIMOM and request a CIM
operation, such as creating a CIM class, instance, or namespace.
Client applications typically follow this sequence:
1. Connect to the CIMOM using CIMClient. A client application connects to the CIMOM before performing a CIM operation, such as creating a CIM class or updating a CIM instance.
2. Use the client APIs to request CIM operations. Most of the client programs perform tasks such as creating, deleting and modifying classes and instances; enumerating instances; invoking provider methods; and handling errors and exceptions.
3. Close the client connection to the CIM Object Manager using CIMClient, to free the server resources used by the client session.
Client applications typically import the required CIM classes and create CIM objects and then open client connection. Some of the common imports and CIM object creations are show below.
import org.snia.wbem.client.CIMClient;
import org.snia.wbem.cim.CIMNameSpace;
import org.snia.wbem.cim.CIMObjectPath;
import org.snia.wbem.cim.CIMClass;
import org.snia.wbem.cim.CIMProperty;
import org.snia.wbem.cim.CIMInstance;
import org.snia.wbem.cim.CIMValue;
import org.snia.wbem.cim.CIMQualifierType;
import org.snia.wbem.cim.CIMException;
CIMNameSpace clientNameSpace
= null;
CIMClient cc = null;
int portNo
= CIMNameSpace.DEFAULT_PORT;
String nameSpace =
"root/cimv2"; // namespace
To open a client connection, you use the CIMClient class to connect to the CIM
Object Manager. You must specify the required type of connection (HTTP or
HTTPS) in the CIMNameSpace constructor. If connection
type is not specified the HTTP is used as the default. You must also specify
the user name and password for the connection to the specified CIM server.
Example HTTP connection:
String hostURL = "http://"
+ hostname + ":" + portNo;
try
{
clientNameSpace
= new CIMNameSpace(hostURL,
nameSpace);
cc = new CIMClient(clientNameSpace,
"guest", "guest", CIMClient.HTTP);
}
catch (CIMException e)
{
System.err.println("Failed to access CIMOM: " + e);
}
Example
HTTPS connection:
String hostURL = "https://"
+ hostname + ":" + portNo;
try
{
clientNameSpace = new CIMNameSpace(hostURL, nameSpace);
cc = new CIMClient(clientNameSpace,
"guest", "guest", CIMClient.HTTP);
}
catch (CIMException e)
{
System.err.println("Failed to access CIMOM: " + e);
}
The
following examples show how to do CIM operations using org.snia.wbem.client
APIs.
The
following example shows how to do enumerateClasses
of CIM_ComputerSystem
try
{
System.out.println("\n*** Enumerate classes - No DEEP");
CIMObjectPath path = new CIMObjectPath("CIM_ComputerSystem");
Boolean deepInheritance = false;
Boolean localOnly = true;
Boolean includeQualifiers = true;
Boolean includeClassOrigin = true;
Enumeration en = cc.enumerateClasses(path, deepInheritance,
localOnly, includeQualifiers,
includeClassOrigin);
if (en != null)
{
while
( en.hasMoreElements() )
{
CIMClass
cimclass = (CIMClass) en.nextElement();
System.out.println("Class
name: " + cimclass.getName());
}
}
}
catch (CIMException ce)
{
System.err.println("Failed to enumerate classes: " + ce);
}
The
following example shows how to do invokeMethod
on a Sample_MethodProvider.
//
NOTE: The following test requires the Sample_MethodProviderClass
//
and a sample method provider for Sample_MethodProviderClass.
//
System.out.println("\n*** Invoke Method.");
String testNameSpace = "root/SampleProvider";
String testClassName = "Sample_MethodProviderClass";
String methodName = "SayHello";
String inParamValue = "Yoda";
String goodReply = "Hello, " + inParamValue +
"!";
String goodParam = "From Neverland";
CIMObjectPath currentPath;
Vector inParams = new Vector();
Vector outParams = new Vector();
CIMValue retValue;
try
{
// construct CIMObjectPath
//
currentPath = new CIMObjectPath(testClassName);
// set the namespace
//
currentPath.setNameSpace(testNameSpace);
// create parameter vectors
//
inParams.addElement( new CIMProperty("dummy",
new
CIMValue(inParamValue, CIMDataType.getPredefinedType(
CIMDataType.STRING))));
// call invokeMethod
//
retValue=cc.invokeMethod(currentPath, methodName, inParams,
outParams);
System.out.println("InvokeMethod response =
" + retValue.toString());
}
catch (CIMException ce)
{
System.err.println("invokeMethod Failed: "
+ ce);
}
Clients may close the connection by calling the CIMClient.close() method. Client connection will also be closed when the CIMClient object goes out of scope.
try
{
if( cc != null )
{
cc.close();
}
}
catch (CIMException ce)
{
System.err.println("Failed to close connection: " + ce);
}
This version support supports Local connection in Java
CIM Client interface. I.E. Java CIM Clients that wish to do local connection to
CIMServer can now use this feature. To do local
connection clients create CIMClient
(
CIMNameSpace
namespace)
and this creates local connection to the CIM
Server running on the local system for the specified namespace. Clients do not
have to specify the username and/or password as the authentication is done
based the user logged in.
Importing Certificates into
Java Trust Store
1. Export the server certificate from the .pem file.
Use openssl
command to export Pegasus CIMServer certificate file.
# /opt/wbem/sbin/openssl x509 -in /var/opt/wbem/server.pem
-out server.cer
2. Import the server certificate in
to the client trust store.
- Copy the server certificate on to the client system.
- Use Java keytool to import the certificate into the
client trust store.
# keytool
-import -alias sequoia1 -file server.cer -keystore mytruststore
You will be asked to enter a
password. The password is required only for modifying mytruststore
in the future. The keytool creates the trust store if
it is not already exists and then import the specified certificate. (For example
we entered the password as “wbem01”)
3. Specify the truststore
in the command line of the client application using “-Djavax.net.ssl.trustStore”.
For Example,
java
-Djavax.net.ssl.trustStore=mytruststore
<MyClient> <system> root/cimv2 5989 ssl
4. If your client application is
written to update the truststore file
programmatically then you must also specify the password that was used to
create the truststore using “-Djavax.net.ssl.trustStorePassword”.
For Example,
java
-Djavax.net.ssl.trustStore=mytruststore -Djavax.net.ssl.trustStorePassword=wbem01
<MyClient>
<system> root/cimv2 5989 ssl
Viewing Certificates and
Trust Store files
1.You view certificates in a certificate file
using keytool command.
keytool -printcert -file server.cer
1. You can
view all the certificates in a truststore using the keytool command.
keytool -list -v
-keystore mytruststore
The primary responsibility of the TrustManager is to determine whether the presented authentication credentials should be trusted or not. If the credentials are not trusted, the connection will be terminated. If no trust manager is specified by the client application then JSSE will use its own trust manager that supports authentication based on X.509 public key certificates.
If the default X509TrustManager behavior isn't suitable for your situation, you can implement your own X509TrustManager. JSSE interface allows you to override certification validation and continue the SSL handshake. You can also use the interface to discontinue an SSL handshake by performing additional validation on a server's digital certificate chain.
When an SSL client connects to an SSL server, the SSL server presents its digital certificate chain to the client for authentication. This certificate chain can contain invalid digital certificates. As per the SSL specification, the client should drop the SSL connection once it discovers an invalid certificate. However, some applications such as Web Browsers ask the user whether to accept the invalid certificate. The Trust Manager eliminates this inconsistent practice by enabling you to control when to continue or discontinue an SSL connection. Using a Trust Manager you can perform custom checks before continuing an SSL connection. For example, you can use the Trust Manager to specify that only users from specific localities, such as towns, states, or countries, or users with other special attributes, to gain access via the SSL connection.
Here is an example of a Trust
Manager that basically ignores the server certificates chain by not validating
the certificate chain. It accepts any certificates from any server and goes
ahead with SSL handshake.
import java.security.cert.*;
import java.security.KeyStore;
import javax.net.*;
import javax.net.ssl.*;
/**
This class implements the X509TrustManager
interface. It does not validate the
certificate chain sent by the server, it basically
ignores the certificate chain and goes ahead with the SSL hand shake.
*/
public class DontValidateCertificate
implements X509TrustManager
{
X509TrustManager
myX509TrustManager;
/**
* checkClientTrusted
checks to see if the chain is in the
* keyStore object.
*/
public void checkClientTrusted(X509Certificate[]
chain,
String authType)
throws CertificateException
{
}
/**
* checkServerTrusted
verifies to see if the chain is in the
* keyStore object.
*/
public void checkServerTrusted(X509Certificate[]
chain,
String authType)
throws CertificateException
{
}
/**
* This method retrieves all of the certificates in the keyStore
* and returns them in an X509Certificate array.
We return null
* as we are accepting any certificates. We
should only return null if we are using this trust manager
* with CIMClient
applications. However, we must return an empty X509Certificate[]
is used with
* CIM Listener (which is SSL Server) interface.
*/
public X509Certificate[] getAcceptedIssuers()
{
return null;
}
}
The Client SDK includes the following two simple trust managers.
org.snia.wbemcmd.xml.CertificateManager
org.snia.wbemcmd.xml.DontValidateCertificate
org.snia.wbem.listener.DoNotValidateClientCert ( Note: Use this with CIM Listener interface)
Client API uses JSSE trust manager by default. If you want the API to use your own trust manager then you need to explicitly specify.
Refer to JSSE reference guide http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html for more information about writing trust managers.
The Client SDK allows the client applications to specify the following configuration properties in a property file. If no property file is specified then the SDK will use default values for all the properties. If the property file is specified but one or more properties are not set in the property file, then SDK will use the default values for those properties.
Property Name |
Default Value |
DEBUG_XML DEBUG_XMLDECODE clientLogFilePath TrustManager |
False False "/logs/clientout.txt" Do not define this in properties file unless you have your own Trust Manager. Do not set it to NULL either. JSSE uses its default Trust Manager only if this property is not defined. |
The DEBUG_XML, DEBUG_XMLDECODE, and clientLogFilePath properties are only for developmental debug purposes and they should not be set in the release product and should not be exposed to the client application users.
Note: The debug trace or logging in the client API is not thread safe, it is recommended that clients do not use debug logging in a multi-threaded application.
The client applications can only use the set methods in “GlobalConfig” class to set the following configuration properties if needed. The above four properties can also be set using the set methods.
Property Name |
Default Value |
httpSocketProvider httpsSocketProvider |
org.snia.wbemcmd.xml.PlainSocketProvider org.snia.wbemcmd.xml.JSSESocketProvider |
The client applications can specify the properties file in the following ways:
1. Specify the property file on the command line by setting “–D org.snia.wbem.cimom.properties”
For example,
# java -Dorg.snia.wbem.cimom.properties=./cim.properties <myAapp>
2. Specify the property file programmatically using the System.setProperty() before creating the CIMClient object.
For example,
System.setProperty("org.snia.wbem.cimom.properties", “./cim.properties”);
A CIM-HTTP Listener is an HTTP server that receives and processes CIM Export Requests and issues CIM Export Responses. An CIM Export Message is used to transfer data from a CIM entity into a non-CIM entity.
What are the components of a CIM-HTTP Listener?
The listener is associated with the subscription through the destination property of the handler instance. Multiple subscriptions can refer to the same handler instance; so one listener can listen to multiple subscriptions.
With subscription you will
specify the destination where the Listener is running.
For example,
1. SSL enable consumer
<PROPERTY
NAME="Destination" TYPE="string">
<VALUE>https://mysystem.cup.hp.com:8189/cimom/Pegasus_RT_IndicationConsumer</VALUE>
</PROPERTY>
1. Non-SSL enable consumer
<PROPERTY
NAME="Destination" TYPE="string">
<VALUE>http://mysystem.cup.hp.com:8189/cimom/Pegasus_RT_IndicationConsumer</VALUE>
</PROPERTY>
In the above case, Listener
would be running on mysystem.cup.hp.com at port 8189 with SSL enabled.
CIM-XML consumer
applications use the org.snia.wbem.listner APIs to handle CIM-XML indications that are
delivered by the client Applications.
Please follow some of examples that are provided with the SDK.
First implement a consumer using CIMIndicationConsumer interface. Then create a CIMListener object, add the list of consumers that are interested in consuming Indications.
CIM-XML Listener Consumers typically follow this sequence:
1. Identify the port number they want to listen for indications.
2. Implement a consumer using CIMIndicationConsumer interface.
3. Write it’s own ‘consumerIndication(); method to process indication when received.
4. Use the CIM HTTP Listener APIs to start listening on a particular port.
5. Start running as a process
Import classes
import org.snia.wbem.listener.CIMHTTPListener;
import org.snia.wbem.listener.CIMIndicationConsumer;
import org.snia.wbem.xml.OperationContext;
public class MyIndicationConsumer
implements CIMIndicationConsumer
{
MyIndicationConsumer(String name)
{
System.out.println("I am a consumer" + name);
}
public void consumeIndication(OperationContext
context,
String URL, CIMIndication cime)
{
// do something with indications
received
}
}
Indication
Processor (consumeIndicattion()) method
Once the indication is received you can have your own consumerIndication() method that can process the CIMInstance which is passed by the CIMListener. Here is an example:
public void consumeIndication(XMLOperationContext
context ,
String URL, CIMIndication
{
System.out.println("---------- Begin of event data ----------");
System.out.println("--- Indication URL : "+indURL);
System.out.println("--- Indication : "+ind.toString());
try
{
Object o=null;
if (ind.getClassName().startsWith("CIM_Class"))
o=(Object)ind.getProperty("classdefinition").getValue().getValue();
if (ind.getClassName().startsWith("CIM_Inst"))
o=(Object)
ind.getProperty("sourceinstance").getValue().getValue();
if (o instanceof CIMInstance)
{
CIMInstance
eo=(CIMInstance)o;
System.out.println("---
Embedded Instance: "+eo);
}
else if (o instanceof CIMClass) {
CIMClass
eo=(CIMClass)o;
System.out.println("---
Embedded Class: "+eo);
}
System.out.println("----------- End of event data -----------\n");
}
catch
(Exception ee)
{
ee.printStackTrace();
}
}
public class SampleListener
{
CIMHTTPListener myListener
= new CIMHTTPListener(listenerPortNo, isSSL);
try {
// Add
consumer
MyIndicationConsumer consumer1 = new MyIndicationConsumer("1");
myListener.addConsumer(consumer1);
myListener.start ();
}
catch (CIMExecption ce)
{
System.out.println(“Unable to add consumers: “ + ce.getMessage());
}
}
Operation
Context Object
OperationContext class holds the operation specific
additional information that will be passed to clients or consumers. It carries
the information about the context in which the client program issued the
request. OperationContext
holds container objects.
For example: Listener interface would want to pass
additional information, such as content language, to consumers. In such case Listener
would create an Operation Context and add Content Language container into the
context. The context is passed to consumers.
Consumers can then use Context get method to
the container object.
{
// Create Context
OperationContext myContext = new OperationContext();
// Create a OperationContext
Container object
ExampleContextContainer myContainer
= new ExampleContextContainer();
//
// insert objects into Context
//
myContext.insert((OperationContext)myContainer);
//
// get objects from the Context
//
ExampleContextContainer clCont =
(ExampleContextContainer)myContext.get(ExampleContextContainer.NAME);
System.out.println("Got back :" + clCont.getName());
}
The ExampleContextContainer
object carries the request context information that consumer may access.
public class ExampleContextContainer
implements OperationContextContainer
{
/** Container name of this
container */
public
static final String NAME="ExampleContextContainer";
public
ExampleContextContainer() { }
public
String getName()
{
return(NAME);
}
public
Object clone()
{
return
((Object)new ExampleContextContainer());
}
};
SSL Support
with CIM Listener
The CIM Listener interface supports SSL for secure communication. The CIM Listener (a Server) can accept either http or https connections from the system delivering indications (an Indication Client). The Listener applications (Indication Consumers) using the CIM Listener API would require to have a server certificate and private key in order to support SSL enabled communication with the Indication clients. The Listener applications can write their own X509 Trust Manager where they can do additional validations like host name verification. However the CIM Listener API provides a default X509 Trust Manager that does not do any additional validations.
The CIM Listener running as server, does client authentication by requesting the Indication Client to send its certificate for authentication. Hence the Indication Client (e.g., CIM Server) trying to connect to the CIM Listener using https connection must have its own certificate.
Creating subscription is
same as creating any CIM instance...you will use CIM Client interfaces to do
so. Currently WBEM (core CIMServer)
only supports CIM_IndicationSubscription, CIM_IndicationFilter, CIM_IndicationHandlerCIMXML
and IndicationHandlerSNMPMapper classes.
In addition to the standard CIM Exceptions sent by the CIM Server to the client, the CIM Client library generates the following exceptions. The exception generated by the client library along with the reason and solution is explained below:
Exception: CIMCLIENT_ERR_SSL_HANDSHAKE_FAILED
(Unable to Initialize Specified TrustManager: org.snia.wbemcmd.xml.HTTPOutputSimple@ed0338)
Problem:
This exception indicates that the specified TrustManager may not exist, may contain invalid path, or it may not have required permission to load.
Solution:
Make sure that the TrustManager you have specified exist and has correct path and right permissions. Also make sure that the TrustManager is not set to “null”.
Exception: CIMCLIENT_ERR_SSL_HANDSHAKE_FAILED(SSL Factory Initialization failed: org.snia.wbemcmd.xml.HTTPOutputSimple@ed0338)
Problem:
This exception may happen in number different scenarios. Such as, unable to find JSSE providers, unable to generate random seed, unable to connect to correct server, server had problem with SSL handshake, or policy permissions are incorrect.
Solution:
Follow JSSE specification and make sure the system java configurations are setup correctly.
Exception: CIMCLIENT_ERR_HTTP_ERROR(Couldn't find trusted certificate, response=500)
Problem:
This exception may happen because of SSL handshake failure. SSL handshake may fail because the certificate sent by the server was an invalid certificate or the certificate is not in clients Trust store.
Solution:
Either add this certificate to client Trust store or handle the certificate appropriately in the Certificate Manager.
Exception:
CIMCLIENT_ERR_TIMED_OUT (Request Timeout)
Problem:
This exception indicates that a timeout has occurred on a socket read. This could mean the server or provider may be slow in responding to client request, or the client time out is small.
Solution:
Consider trying this operation at some other time or might want to set client timeout or increase the client timeout. Refer to CIMClient API java documentation for how to set client timeout.
Exception:
CIMCLIENT_ERR_CONNECTION_FAILED(Connection refused)
Problem:
This exception indicates that an error occurred while attempting to connect to CIMServer on a port. The CIMServer may not be running on the specified address or it may not be listening on the specified port.
Solution:
Check to make sure that the server address is correct and the port number specified is the correct port number for an SSL or non-SSL communication. (e.g., This exception may be thrown if the CIMServer is SSL enabled and listening on port 5989, the client trying to connect to non-SSL port 5988.)
Exception:
CIMCLIENT_ERR_CONNECTION_FAILED(sequoia Unknown host)
Problem: This exception indicates that the CIMServer address specified may contain an invalid system name or the system is not reachable.
Solution: Make sure the specified CIMServer address is correct and the remote system is reachable.
CIMInstance.getKeyValuePairs() returns no keys although there are multiple
keys in my (exaple PG_OperatingSystem
has 4 keys) provider.
This
bug is fixed in 2.0 Final Release.
I see my client hangs and does not return or
how to set timeouts in a Client?
When
you have a SSL enabled client trying to connect non-SSL CIMServer
and vice-versa. You may notice that the client does not return. In such case
you should make sure to set the proper timeouts.
Here
is how you can set the timeouts:
1.
Set READ timeout, refer to CIMClient class
This is a read timeout, i.e. the client has
found the server and connected to it, and the server is not responding to any
request. Basically the socket is blocked. This may happen in case of a Non-SSL
client connecting to SSL server and also vice versa. For your applications I
think setTimeout() call is good enough.
2. To set the connection timeout
//Assumption
timeout is in seconds
Either you add the following line in your client program
System.setProperty("java.net.connectiontimeout","20")
Or
You can pass it at run time,
using
java -Djava.net.connectiontimeout=20 myclient
How
to decode a property that is an enumeration?
I.E. to decode the numeric value that is returned for the property. Does WBEM provide methods to look up the
numeric value to retrieve a String value?
Or do I need to implement a look up table for every enumeration that I
am interested in?
The strings associated with enumeration property values are defined as qualifiers on the class schema. A client does not get these strings from a provider directly. But rather than duplicate the string definitions on the client side, you can get them from the CIM server using a getClass operation.
For example, PG_NISServerService:: ServerType is an
enumeration. When I make the request I
get a numeric value between 0 and 4 (inclusive). I then have to decode the numeric values as
such:
"0" - Unknown
"1" - Other
"2" - Not an
"3" - NIS Master
"4" -
The cimclient
library performs the SSL handshaking and receives the certificate/key, what
environment settings must be in place for certificates to be passed?
Clients must create a trust store, import certificates from the server they trust in to the trust store, provide the trust store path to the JSSE either on the command line ( java -Djavax.net.ssl.trustStore=mytruststore <MyClient> ) or through
System.setProperty("javax.net.trustStore", "mytruststore");
How do set ‘trustManager’
property programmatically?
String
myTrustManager= "org.mycompany.cimapp.myCertManager";
GlobalConfig.setTrustManager(myTrustManager);
Note that you can not set this property to ‘null’. If
you would like to use the default trust manager provided in JSSE, do not even
define the trust manager property in your program or in your properties file.
No, you cannot. If you define/set this property in
your Client application either using setTrustManager() or through WBEM
Client configuration file (like cim.properties) it
will be set once per process, I.E you can not set/unset for every connection
being in the same process.
Does the cimclient
library accept the certificate and place it in the trust store? How would the application specify to the cimclient library where the trust store is
Client library using JSSE will only validate the server certificate using the trust store. It accepts only trusted certificates from the server. In case of non-trusted certificate the client library will call the trust manager if there is one specified. It is the job of trust manager to either accept the server certificate (possibly add that to the trust store) or reject the certificate.
How is the
client application notified that the certificate or key was placed in
the trust store? Is this assumed?
Same as above
Can the client application set
the environment so that certificates or keys are required from some target
systems but other target systems are not validated or authenticated?
Yes, trust manager can do this.
Where can I find more
information on Trust Manager and Trust Stores?
More information can be found at J2SE web site. - ----
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html
http://java.sun.com/j2se/1.4/docs/api/javax/net/ssl/X509TrustManager.html
I am unable use/initialize SSL
connection, what do I do?
Some applications have their own version of Java included in it and they use the included Java, not the one you installed on the systems (such as the one from /opt/java). In such cases make sure that java security configuration files are not modified.
How can I find out cimclient.jar version?
You can run PackageVersion program to look at the version.
java org.snia.wbem.PackageVersion
My GUI application doesn’t work properly on HP-UX?
There is a bug in Java 1.4 HP-UX version (and 1.3) AWT libraries. For this you will need to install PHSS_24303 patch. I also found that Patch PHSS_24303 replaced by PHSS_26262. So we will need PHSS_26262.
CIMInstance.getKeyValuePairs() returns no keys although there are multiple
keys in my (exaple PG_OperatingSystem
has 4 keys) provider.
This
bug is fixed in 2.0 Final Release. You
should not see this bug.
Question 1: How to Create Subscriptions?
Creating subscription is
same as creating any CIM instance...you will use CIM Client interfaces to do
so. Currently WBEM (core CIMServer)
only supports CIM_IndicationSubscription, CIM_IndicationFilter, CIM_IndicationHandlerCIMXML
and IndicationHandlerSNMPMapper classes.
Question 2: When a listener is created, does it execute
in its own thread, separate from the code that created it
Listener runs as server (either SSL or
non-SSL) and listens on the specified port. When Listener startCIMHTTPListener() is called, it will create a thread and starts listening.
Question 3: I
am unable to modify instances of CIM_IndicationHandlerCIMXML
class. Client says - Unable to modify
instance: CIM_ERR_NOT_FOUND(CIM_ERR_NOT_FOUND: The
requested object could not be found: "CIM_IndicationHandlerCIMXML")
The
modifyInstance operation is not supported for the
CIM_IndicationHandlerCIMXML class or CIM_IndicationFilter
class, and for CIM_IndicationSubscription,
only modification of the SubscriptionState
property is supported. So, it's necessary to delete the old instance
and create a new instance with the desired change. Also, deletion of a filter or handler that is
referenced by an existing subscription is not allowed, without first
deleting the subscription.
However,
in the case you should see something like "CIM_ERR_NOT_SUPPORTED: The requested
operation is not supported", rather than CIM_ERR_NOT_FOUND. Make sure to check that your request
specifies the correct
namespace, key values, etc. It looks
like perhaps the instancename parameter to the modifyInstance operation included only the classname and not the key values.
Question
4: If I create instances of CIM_IndicationFilter, and
corresponding instances of CIM_IndicationSubscription,
and CIM_IndicationHandlerCIMXML classes, does the
CIMOM check for the presence of the Indication provider? if
'RT_TestIndication'(sample indication provider) is
not present, Will it give an error response?
When
you create an enabled Subscription, the IndicationService
will look for indication providers that can serve the subscription. If none are found, you will get an error
response. The subscriber doesn't specify
an indication provider. The subscriber specifies the desired indication
subclass, properties and namespace in the Filter. The IndicationService
looks for indication providers that have registered to serve the specified
indication class in the specified namespace.
Maybe your indication provider is not registered? Let me know if you need help registering your
indication provider.
Question
5: If I create a disabled subscription (the property SubscriptionState
is set to 'Disabled'), will the IndicationService
still check for the presence of the indication provider?
If you create the Subscription with SubscriptionState property set to 'Disabled', the IndicationService will NOT check whether there is an
indication provider to serve the subscription.
So maybe that's what you want to do for now, to get going.
Question 6: Since the IndicationService knows which indication subclass is served
by an indication provider, is it required that the instances of indication
classes be created before the provider is registered?
The IndicationService
checks that the class specified in the Filter is a subclass of CIM_Indication, so you must define the indication subclass
you'll be using. (Instances of the
indication subclass don't get created until the indication provider generates
an indication.)
Question 7:
How a particular listener is associated with a given subscription and
what goes into the Destination property CIM_ IndicationHandlerCIMXML
The listener is associated
with the subscription through the destination property of the handler instance.
Multiple subscriptions can refer to the same handler instance; so one listener
can listen to multiple subscriptions.
With subscription you will
specify the destination where the Listener is running. An example,
<PROPERTY
NAME="Destination" TYPE="string">
<VALUE>https://mysystem.cup.hp.com:8189/cimom/Pegasus_RT_IndicationConsumer</VALUE>
</PROPERTY>
In
the above case, Listener would be running on mysystem.cup.hp.com at port 8189
with SSL enabled.
Question
8: Can I specify/use any port number with my
Listener?
It is not a good plan to
select any port and have the application use it. It is recommended that a Listener application
to have its own port number and is registered with IANA so that no one
else uses that port number. And also if the application is going to be running
on HP-UX, you can request INET Team to have the IANA registered port number added
to /etc/services. This way no other HP-UX application uses your port numbers.
Question 9: when the client creates the
indication listener, does it return an error if a listener already exists on
that system on the same port?
Yes it does say - Address is in use.
Question 10: Create Instance for CIM_IndicationSubscription fails; However, I can create
Handler and Filter instances.
There
is a problem with Java Client API while creating instance with reference values
related to indication subscription class. This is mainly because of Each time the ObjectPath gets
passed to CIM Operations, Client API modifies the CIMObjectPath
after it gets the response from cimserver. The work
around is to store the CIMObjectPath that is passed
to createInstance() while creating Filter and Handler instances. Then use
that stored paths in Subscription.
Refer to the example (examples/Indication/SubscribeIndTest.java ) that is in WBEM Java Client SDK.
//
// Example cim.properties
//
DEBUG_XML=false
DEBUG_XMLDECODE=false
clientLogFilePath=cimclient.txt
// CIM Clients may specify their own Trust
Manager to use
// instead of the default JSSE TrustManager.
TrustManager=org.mycompany.myapp.MyCertificateManager