Hello,
I am attempting to run the samples which come with rampart to do some
performance benchmarking on the different WS-* standards that are supported.
We expect to publish these findings in an academic paper. Unfortunately, I'm
having difficulty making the tests work.
The problem I'm having right now is that in an earlier set of tests, a
colleague set up a set of RSA keys for use instead of the default keys that
come with the rampart samples. The keys he created were used to benchmark the
basic samples (no security, username/password, encryption, signing,
encrypt+sign) and worked fine. My task right now is to use the keys he used to
run the WS-SecureConversation sample (sample04) in the policy sample set. I am
able to execute sample04 and get results with the default keystore, but not
with the RSA keys that were previously used by my colleague. When I attempt to
execute my tests using the custom RSA keys, I get the following error:
client.04:
[copy] Copying 1 file to
/home/novakom/rampart-1.5/samples/policy/build/client_repositories/sample04/modules
[copy] Copying 1 file to
/home/novakom/rampart-1.5/samples/policy/build/client_repositories/sample04/modules
[copy] Copying 1 file to
/home/novakom/rampart-1.5/samples/policy/build/temp_client
[copy] Copying 1 file to
/home/novakom/rampart-1.5/samples/policy/build/temp_client
[java] Exception in thread "main" org.apache.axis2.AxisFault: Error in
obtaining a token
[java] at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
[java] at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
[java] at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
[java] at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
[java] at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
[java] at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
[java] at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
[java] at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:540)
[java] at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:521)
[java] at
org.apache.rampart.samples.policy.sample04.Client.main(Unknown Source)
[java] Caused by: org.apache.rampart.RampartException: Error in obtaining
a token
[java] at
org.apache.rampart.util.RampartUtil.getToken(RampartUtil.java:787)
[java] at
org.apache.rampart.util.RampartUtil.getSecConvToken(RampartUtil.java:645)
[java] at
org.apache.rampart.builder.SymmetricBindingBuilder.initializeTokens(SymmetricBindingBuilder.java:883)
[java] at
org.apache.rampart.builder.SymmetricBindingBuilder.build(SymmetricBindingBuilder.java:84)
[java] at
org.apache.rampart.MessageBuilder.build(MessageBuilder.java:144)
[java] at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
[java] ... 9 more
[java] Caused by: org.apache.rahas.TrustException: Error in obtaining
token from : "http://pcbls.sei.cmu.edu:18080/axis2/services/sample04";
[java] at
org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:153)
[java] at
org.apache.rampart.util.RampartUtil.getToken(RampartUtil.java:774)
[java] ... 14 more
[java] Caused by: org.apache.axis2.AxisFault: Error in creating an
encrypted key
[java] at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
[java] at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
[java] at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
[java] at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
[java] at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
[java] at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
[java] at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
[java] at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:540)
[java] at
org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:147)
[java] ... 15 more
[java] Caused by: org.apache.rampart.RampartException: Error in creating
an encrypted key
[java] at
org.apache.rampart.builder.BindingBuilder.getEncryptedKeyBuilder(BindingBuilder.java:230)
[java] at
org.apache.rampart.builder.SymmetricBindingBuilder.setupEncryptedKey(SymmetricBindingBuilder.java:708)
[java] at
org.apache.rampart.builder.SymmetricBindingBuilder.doSignBeforeEncrypt(SymmetricBindingBuilder.java:425)
[java] at
org.apache.rampart.builder.SymmetricBindingBuilder.build(SymmetricBindingBuilder.java:91)
[java] at
org.apache.rampart.MessageBuilder.build(MessageBuilder.java:144)
[java] at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
[java] ... 23 more
[java] Caused by: org.apache.ws.security.WSSecurityException: General
security error (No certificates for user service were found for encryption)
[java] at
org.apache.ws.security.message.WSSecEncryptedKey.prepare(WSSecEncryptedKey.java:163)
[java] at
org.apache.rampart.builder.BindingBuilder.getEncryptedKeyBuilder(BindingBuilder.java:226)
[java] ... 28 more
[java] Java Result: 1
To describe my environment, I am running tomcat 6.0.20 with Axis2 1.5.1 on top,
with Rampart 1.5 on top of that. However, instead of building the .aar file
and deploying it to Axis2, I have been running the sample04 service manually on
the server (by running ant service.04 from the command line) because although I
can deploy the service, there is some weird error that makes the client fail
when it tries to connect to the service. In any case, running the service
manually works fine as long as I use the default keys, so I don't think that's
the problem.
In trying to fix the problem, I did a google search on the root exception above
and found something about cached data; so I stopped & restarted the tomcat
server (which shouldn't be used anyways) as well as deleted all of the temp
files; it did not help.
I'm pretty sure this is some sort of configuration issue. Here is the content
of the client.properties file:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.alias=escrsaclient
org.apache.ws.security.crypto.merlin.keystore.password=escrsaclientpass
org.apache.ws.security.crypto.merlin.file=client.jks
Here is the content of the service.properties file:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.alias=escrsaservice
org.apache.ws.security.crypto.merlin.keystore.password=escrsaservicepass
org.apache.ws.security.crypto.merlin.file=service.jks
Now, here is what I did to migrate from the default keystore to the custom RSA
keystore:
1. On both the server and client, I copied over the keystore that was used in
the original tests. This was created in the same directory as the /keys
directory (in the /samples directory) and named /keys_rsa
2. On both the server & client, I modified the build.xml file to point to the
new keystore, by changing the "keys.dir" property to point to "../keys_rsa"
3. On the server, I modified the sample04/service.xml to use the
"escrsaservicepass" password specified in the custom service.properties file (I
modified the sections under the RampartConfig tag, NOT the one under the
cryptoProperties section)
4. On the client, I modified the sample04/policy.xml file to use the
"escrsaclientpass" password specified in the custom client.properties file
(again, the ones under the RampartConfig tag)
5. On both the server & client, I modified the PWCBHandler.java file to set the
appropriate passwords for the client & server
Above & beyond that, I'm really not sure what to look at. Any help anyone can
offer with respect to resolving the WSSecurityException listed above would be
very much appreciated.
Thanks,
Marc Novakouski
_______________________________________________________________________________
Marc Novakouski
Software Engineering Institute
Member of the Technical Staff - SoS Engineering (SoSE) Team
Research, Technology and Systems Solutions (RTSS) Program
System of Systems Practice (SoSP) Initiative
Phone: (412) 268-4274
