vSphere

 View Only

 Unexpected element tag "serverCertificate" seen when registering vsphere client plugin with vsphere client sdk 8.0U3

Joe Huang's profile image
Joe Huang posted Jul 29, 2024 04:24 AM

Hi all,

I am developing and updating our vsphere client plugin with vsphere client sdk 8.0U3 by following this security enhancement blog post: https://blogs.vmware.com/code/2023/11/15/vsphere-security-strong-mode-and-its-impact-on-vsphere-client-plugins/.

How I implement is to replace the packages in html-client-sdk\tools\vCenter plugin registration of 8.0U3.

When I register plugin server by extension-registration.sh and with option -serverCertificateFile, extension-registration.sh throws the error messages as below.

Exception in thread "main" java.lang.RuntimeException: [ERROR] An error occurred while executing the following action: 'registerPlugin'
        at com.vmware.automatic.plugin.registration.commands.PluginCmd.execute(PluginCmd.java:92)
        at com.vmware.automatic.plugin.registration.PluginRegistrationEntryPoint.execute(PluginRegistrationEntryPoint.java:63)
        at com.vmware.automatic.plugin.registration.PluginRegistrationMain.main(PluginRegistrationMain.java:21)
Caused by: com.sun.xml.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server:
Unexpected element tag "serverCertificate" seen

while parsing serialized DataObject of type vim.Extension.ServerInfo
at line 1, column 473

while parsing property "server" of static type ArrayOfExtensionServerInfo

while parsing serialized DataObject of type vim.Extension
at line 1, column 202

while parsing call information for method RegisterExtension
at line 1, column 110

while parsing SOAP body
at line 1, column 102

while parsing SOAP envelope
at line 1, column 38

while parsing HTTP request for method registerExtension
on object of type vim.ExtensionManager
at line 1, column 0 Please see the server log to find more detail regarding exact cause of the failure.
        at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:163)
        at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:103)
        at com.sun.xml.ws.client.sei.StubHandler.readResponse(StubHandler.java:223)
        at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:176)
        at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:263)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:88)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:61)
        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:131)
        at com.sun.proxy.$Proxy37.registerExtension(Unknown Source)
        at com.vmware.automatic.plugin.registration.commands.RegisterPluginCmd.doExecute(RegisterPluginCmd.java:66)
        at com.vmware.automatic.plugin.registration.commands.PluginCmd.execute(PluginCmd.java:84)
   

    ... 2 more

The content of certificate file is:

-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIESfh6ZzANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdV
bmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYD
VQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3du
MB4XDTE4MDgxNzE0NTczMFoXDTE5MDgxMjE0NTczMFowbDEQMA4GA1UEBhMHVW5r
bm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UE
ChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJtNo9v0NFhF5SHNdTBFdrCv
V50zfgrH8FCQg4UKa8nwy5Dg2MIPOy+41d92By6Qog6dxu5jVbRrPt2yPeN23HZj
AEKYjINudEU0AuF83QGHbhswOs25+XJvhkqbYDdnzH+8uOqMhiJx7eesObqDKG0E
wC9MZEAcCs+wt342GWb1NdAt5qIcmNJo9nhJD1zuJxp6rKB3CDPsnKeilhQK0kr5
rmAzEDT4BlAVeg0UzX/Tnk90FYS8CVOV7y1Q1ZpwxvoWydb/HTiipp/eEu4TGe+H
uzdi0hGiCzYyL9D7rqUkmNpqyEdOLDji4iO/tkVl16QIpaiPR0vsoqExlwRL1xEC
AwEAAaMhMB8wHQYDVR0OBBYEFC34UXUovn0DUNXfZBidGVcMU5kXMA0GCSqGSIb3
DQEBCwUAA4IBAQB3gd4FbNb0JiXTrp+jl9s1UHVqZb4PkKP/DtClvuXW13zBhfD9
KSbKtYjHX7cneXlSYDFN6e3vdjC5j1/RTrJjKjabnVVl0reeosE/+/VwQV+sUtg0
LPwJbgDqUc8ntoaD7Nkps4GFWPytd+IjumUE8cuQnDL0jSXcCgTov9Fp/TBIkj6k
gJEYmV/mYerSG1t6k4oG8DkqJo4Be3GlHorP78+XzgY5wSdNIk+2wgjh+EWa0JUc
8Yc/Ahz6fRId2p+uSo+jn0dEu5avsW/t5R5DHrQNM7TMDo/CPnBOArnvIzoQrZnR
mOj9T/bbZBHEpwHoVGVzZyK4cCffeHyNonXK
-----END CERTIFICATE-----

I retrieve such certificate by this command: openssl s_client -showcerts -connect.

I use the vim25.jar of version 7.0 and it works perfectly. If I replace it with version 8.0U3 of vsphere management sdk, then I will fail to build my plugin and it shows such error

src\main\java\com\qnap\vcremoteplugin\gateway\SessionServiceImpl.java:85: error: cannot access jakarta.xml.ws.Service
    private static final VimPortType vimPort = vimService.getVimPort();
                                                         ^
  class file for jakarta.xml.ws.Service not found

Can anyone give me a help?

Thanks!

Denis Chorbadzhiyski's profile image
Broadcom Employee Denis Chorbadzhiyski posted Sep 03, 2024 02:04 AM

Hi Joe,

The ability to register plug-ins with certificates is new and you need both the server-registration script and the vCenter Server to be from version 8.0 U2 or latest. You also need a vim25 from U2 or latest.

The error "cannot access jakarta.xml.ws.Service" happens because vim25 uses a newer version of java.

Since 8.0U1 vim25.jar has a new dependency to JAX-WS-RT (com.sun.xml.ws:jaxws-rt https://eclipse-ee4j.github.io/metro-jax-ws/) for compatibility with Java 11 (https://www.oracle.com/java/technologies/javase/11-relnote-issues.html#JDK-8190378). The imports related to JAX-WS in vim25.jar should be changed from "javax.xml.bind." and "javax.xml.ws." to "jakarta.xml.bind." and "javax.xml.ws." respectively. This means that everywhere where vim25.jar is used, it requires a new run-time dependency i.e. com.sun.xml.ws:jaxws-rt. We have updated our Remote Plug-in Sample to show this change.

Let us know if you are able to resolve the issue.

Best Regards,

Denis