[
https://issues.apache.org/jira/browse/CXF-3865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13130652#comment-13130652
]
aman kohli commented on CXF-3865:
---------------------------------
i have tried this on 2.4.3 and it still does not work, the server gives a
slightly different error.
NOTE: the keystores in the tarball maynot be right, but the steps to rebuild
them are in the src/main/keystores/k*txt file.
Server log:
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building stub 1.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] >>> exec-maven-plugin:1.2.1:java (default-cli) @ crypto-stub-problem >>>
[INFO]
[INFO] <<< exec-maven-plugin:1.2.1:java (default-cli) @ crypto-stub-problem <<<
[INFO]
[INFO] --- exec-maven-plugin:1.2.1:java (default-cli) @ crypto-stub-problem ---
19-Oct-2011 15:36:15
org.apache.cxf.service.factory.ReflectionServiceFactoryBean
buildServiceFromClass
INFO: Creating Service {http://collection.blah.com/}CollectionImplService from
class com.blah.collection.CollectionService
19-Oct-2011 15:36:15 org.apache.cxf.endpoint.ServerImpl initDestination
INFO: Setting the server's publish address to be
http://localhost:9198/WS/services/Collection
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further
details.
Server ready...
19-Oct-2011 15:36:19 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Inbound Message
----------------------------
ID: 1
Address: http://localhost:9198/WS/services/Collection/?wsdl
Http-Method: GET
Content-Type: text/xml
Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive],
content-type=[text/xml], Host=[localhost:9198], Pragma=[no-cache],
User-Agent=[Apache CXF 2.4.3]}
--------------------------------------
19-Oct-2011 15:36:20 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Inbound Message
----------------------------
ID: 2
Address: http://localhost:9198/WS/services/Collection/
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=UTF-8
Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive],
Content-Length=[2202], content-type=[text/xml; charset=UTF-8],
Host=[localhost:9198], Pragma=[no-cache], SOAPAction=[""], User-Agent=[Apache
CXF 2.4.3]}
Payload: <soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
soap:mustUnderstand="1"><xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
Id="EK-FD96307AA9D5C3B7EB13190349805011"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference><ds:X509Data><ds:X509IssuerSerial><ds:X509IssuerName>CN=umpd</ds:X509IssuerName><ds:X509SerialNumber>1319034400</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>MzkrKke0mtMf/PFM7HafgX1qrIULWSjzaPRTrxRrUqumUf0vvhsAulIlbYQyGp9t9MGy3+8BIPyv4UNgulgJp2HLGxp0bXZL8c3e/dNfFN10ASmqZIqkBvmgiZCRZcX10Ij9WKIs4o2/KXSUcssiWXivOhqDtywAH+GzUN2TECc=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference
URI="#ED-1"/></xenc:ReferenceList></xenc:EncryptedKey></wsse:Security></soap:Header><soap:Body><xenc:EncryptedData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="ED-1"
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";><wsse:Reference
URI="#EK-FD96307AA9D5C3B7EB13190349805011"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>YnEeXUGjJ6qppL9/Sv3cbgjGLAUdcv5/ueuhVbDc8Idw4iyrEU1nZmo/j7UN0CbV2gxB1GJDol5JLyghGLYjPr6GCpshL9V9CfGv19CpzQqZjruoZTv9WCsDPPKQ2w+ONj9z5eS23tSfCoyi2qZHfcpXQFH/V82WNK7ujybCdBt0+hoPgVQUzdbEt6pro0KiTBvhw2xFOTfjnULapVs8Q3Uwa+kDOHfcJ9GkxvGTZHk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
--------------------------------------
19-Oct-2011 15:36:21 org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessage
WARNING:
org.apache.ws.security.WSSecurityException: General security error (No
certificates were found for decryption (KeyId))
at
org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:241)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:99)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:319)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:287)
at
org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:939)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:875)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:247)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
at org.eclipse.jetty.server.Server.handle(Server.java:346)
at
org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)
at
org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1065)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:823)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:220)
at
org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)
at java.lang.Thread.run(Thread.java:619)
19-Oct-2011 15:36:21 org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://collection.blah.com/}CollectionImplService has
thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: General security error (No certificates
were found for decryption (KeyId))
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:643)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:308)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:319)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:287)
at
org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:939)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:875)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:247)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
at org.eclipse.jetty.server.Server.handle(Server.java:346)
at
org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)
at
org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1065)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:823)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:220)
at
org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)
at java.lang.Thread.run(Thread.java:619)
Caused by: org.apache.ws.security.WSSecurityException: General security error
(No certificates were found for decryption (KeyId))
at
org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:241)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:99)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249)
... 21 more
> Asymmetric Encryption - alias is null during decryption using private key
> -------------------------------------------------------------------------
>
> Key: CXF-3865
> URL: https://issues.apache.org/jira/browse/CXF-3865
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.2.10
> Environment: actually 2.2.3 is the version
> running on mac osx lion and windows xp; java 1.6
> Reporter: aman kohli
> Attachments: cxf-wss4j-asym-crypto-soap.tgz
>
>
> as raised on mailing list, Colm suggested I upload the test case here. This
> is the description from the mailing list
> http://mail-archives.apache.org/mod_mbox/ws-users/201110.mbox/%[email protected]%3E
>
> Running into a problem on the server implementation (a cxf soap server) of
> asymmetric encryption.
> The intention is the soap body is to be encrypted with the server's public
> key. The client
> (also using cxf) seems to be encrypting the message body ok.
> On receipt of the message, the server implementation raises an exception,
> with the reason
> the alias is null. Here's the stack:
> org.apache.ws.security.WSSecurityException: The signature or decryption was
> invalid; nested
> exception is:
> java.lang.Exception: alias is null
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:330)
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:104)
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:84)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:198)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:77)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:236)
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:104)
> at
> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:302)
> �
> Caused by: java.lang.Exception: alias is null
> at
> org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBase.java:207)
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:328)
> ... 22 more
> I added some println statements to the password callback on the server side
> to print out the
> type and id:
> *** password callback type 1 class
> org.apache.ws.security.WSPasswordCallback
> *** password callback id null
> The API is used to configure CXF and WSS4j and not the xml configuration. The
> messages are
> not being signed, nor are timestamps being used, just encryption/decryption,
> ep is the endpointimpl
> :
> Map<String,Object> inProps1 = new HashMap<String,Object>();
> inProps1.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
> inProps1.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> PasswordCallbackHandler.class.getName());
> inProps1.put(WSHandlerConstants.DEC_PROP_FILE,
> "server-security.properties");
> inProps1.put(WSHandlerConstants.USER, "clientkey");
> ep.getServer().getEndpoint().getInInterceptors().add(new
> WSS4JInInterceptor(inProps1));
> And the properties file is:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=storepass
> org.apache.ws.security.crypto.merlin.keystore.alias=clientkey
>
> org.apache.ws.security.crypto.merlin.keystore.file=src/main/keystores/server-encypt.jks
> The server cert is self signed:
> $ keytool -genkey -alias umpservice -keyalg RSA -sigalg SHA1withRSA
> -keypass ump-pass -storepass
> dummy-service -keystore server-encypt.jks -dname cn=localhost
> $ keytool -genkey -alias clientkey -keyalg RSA -sigalg SHA1withRSA
> -keypass client-pass -storepass
> dummy-service -keystore ump-stub-keystore.jks -dname cn=umpd
> and the certificate was exported using the following:
> $ keytool -export -rfc -keystore ump-stub-keystore.jks -storepass
> dummy-service -keypass
> client-pass -alias clientkey -file client-cert.cer
> This is the WSDL extract:
> <wsp:Policy wsu:Id="AsymEncryption"
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
> <wsp:Policy>
> <!-- <sp:RequireThumbprintReference/> -->
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
> <wsp:Policy>
> <!-- <sp:RequireThumbprintReference/> -->
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <!-- <sp:IncludeTimestamp/>
> <sp:OnlySignEntireHeadersAndBody/>
> -->
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:EncryptedParts
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
> <sp:Body/>
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> �
> <wsdl:binding name="CollectionImplServiceSoapBinding"
> type="tns:CollectionService">
> <wsp:PolicyReference
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
> URI="#AsymEncryption"/>
> And this is the incoming message:
> <output>
> INFO: Inbound Message
> ----------------------------
> ID: 1
> Address: /FooWS/services/Collection/
> Encoding: UTF-8
> Content-Type: text/xml; charset=UTF-8
> Headers: {content-type=[text/xml; charset=UTF-8],
> connection=[keep-alive], Host=[localhost:9198],
> Content-Length=[2549], SOAPAction=[""], User-Agent=[Apache CXF 2.2.3],
> Content-Type=[text/xml;
> charset=U
> TF-8], Accept=[*/*], Pragma=[no-cache], Cache-Control=[no-cache]}
> Payload: <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><soap:Header><wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/
> 01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soap:mustUnderstand="1"><xenc:EncryptedKey
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
> Id="EncKeyId-A77755F726FB2C832813189733820252"><xenc:EncryptionMe
> thod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /><ds:KeyInfo
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <wsse:SecurityTokenReference
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><ds:X509Data>
> <ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=umpd</ds:X509IssuerName>
> <ds:X509SerialNumber>1316785867</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data></wsse:SecurityTokenReference>
> </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>FlnDsQHOdVw0AOZualC9D6HvNIl7Hr2zXqf6YTZV5c28QzhwsJnZHLrL49dVPeq0TGT5QeRylc5lSfkUnWqwLoRs/N7yspkktxshhz7CTu3zzqbo3f82nSAr6d7nLXaI+dsIlDAkmngV/4uOJk1TqavjZl
> +7XW5XtxGHihzs5Zw=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference
> URI="#EncDataId-1"
> /></xenc:ReferenceList></xenc:EncryptedKey></wsse:Security></soap:Header><soap:Body><xen
> c:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
> Id="EncDataId-1"
> Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-
> cbc" /><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <wsse:SecurityTokenReference
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:Reference
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040
> 1-wss-wssecurity-secext-1.0.xsd"
> URI="#EncKeyId-A77755F726FB2C832813189733820252"
> /></wsse:SecurityTokenReference>
> </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Gbc/CYA8k1XJhCRYO8lA7rdxoUB6X4n7ZxfFSpxg437HUUjlaIImZ9vbX+UxxOuDKgEyN8TayBQR
> WIl+7npAm1BkzB88XJLf3EoVQI3eJhctspIuUgj/VIoHh090fCdw3bZGPSikqXlNPzPn5BsJKa/F
> 7Q4MIXjgS7G7L4tBesgsNJEcBx7ftp6Slxw+iTSvudYcMQ5ZcQcl0a4o2NbohFUIc1HJhg4daq0c
> LwvKit9owEQyMNkVXJV/vj6swU+gx9ltbFJJ4uqnx5zCA2obxOZzk61v+VX9ctotdP3/xLr/WHtz
> dRPsTsM34zguG6vwRq+f1czBKtlkbaN4CxTZDvPkLgFSXX286ki452UWBIzqxaynCAL6tY1qgMYi
> tDbQveW+suDbu4cwN4WtUUJdWmqGAOJOeXTXsmCqEcipN/eqod75QVbqzBrTBjpywNdhdxE2aBU/
> wfXa1HMwhoKw9+Ul3st6I1tpuVbi+wK7amqGIwCo8URtdJEBzbu90g1uWfSgb/iIlrIyCk6vSIlB
> XbLD3VZCx0nlqfaG5GZOaqz1mAxCAfnrYg5y9eGkxIMk</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
> </output>
> On the client side, the WSS4j is setup as:
> Map<String,Object> outProps1 = new HashMap<String,Object>();
> outProps1.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
> outProps1.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ClientCallbackHandler.class.getName());
> outProps1.put(WSHandlerConstants.ENC_PROP_FILE,
> "client-crypto.properties");
> outProps1.put(WSHandlerConstants.ENCRYPTION_USER, "servicekey");
> cxfEndpoint.getOutInterceptors().add(new
> WSS4JOutInterceptor(outProps1));
>
> and the properties file is:
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.alias=servicekey
> org.apache.ws.security.crypto.merlin.keystore.password=clientpass
> org.apache.ws.security.crypto.merlin.file=src/main/keystores/client-store.jks
> and the cert was imported using the command:
> $ keytool -import -trustcacerts -keystore client-store.jks -storepass
> clientpass -alias servicekey
> -file client-cert.cer
> Not sure what is going wrong, but there are a lot of steps, so maybe this is
> a simple error
> on my part.
> The CXF version is 2.2.3, If I need to redirect this to the cxf-users list,
> please let me
> know.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
