Hi Marc,
Looking at the error message, "No certificates for user
**service**were found for encryption", it seems that your sample still
uses "service"
as the encryption user. Did you change the following property in the
policy.xml ?
<ramp:encryptionUser>service</ramp:encryptionUser> to
<ramp:encryptionUser>escrsaservice</ramp:encryptionUser>
Best Regards,
Nandana
On Wed, Apr 28, 2010 at 10:59 PM, Marc Novakouski <[email protected]>wrote:
> Hello,
> I am attempting to run the samples which come with rampart to do some
> performance benchmarking on the different WS-* standards that are supported.
> We expect to publish these findings in an academic paper. Unfortunately,
> I'm having difficulty making the tests work.
>
> The problem I'm having right now is that in an earlier set of tests, a
> colleague set up a set of RSA keys for use instead of the default keys that
> come with the rampart samples. The keys he created were used to benchmark
> the basic samples (no security, username/password, encryption, signing,
> encrypt+sign) and worked fine. My task right now is to use the keys he used
> to run the WS-SecureConversation sample (sample04) in the policy sample set.
> I am able to execute sample04 and get results with the default keystore,
> but not with the RSA keys that were previously used by my colleague. When I
> attempt to execute my tests using the custom RSA keys, I get the following
> error:
>
> client.04:
> [copy] Copying 1 file to
> /home/novakom/rampart-1.5/samples/policy/build/client_repositories/sample04/modules
> [copy] Copying 1 file to
> /home/novakom/rampart-1.5/samples/policy/build/client_repositories/sample04/modules
> [copy] Copying 1 file to
> /home/novakom/rampart-1.5/samples/policy/build/temp_client
> [copy] Copying 1 file to
> /home/novakom/rampart-1.5/samples/policy/build/temp_client
> [java] Exception in thread "main" org.apache.axis2.AxisFault: Error in
> obtaining a token
> [java] at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
> [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> [java] at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
> [java] at
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
> [java] at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
> [java] at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
> [java] at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
> [java] at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:540)
> [java] at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:521)
> [java] at
> org.apache.rampart.samples.policy.sample04.Client.main(Unknown Source)
> [java] Caused by: org.apache.rampart.RampartException: Error in
> obtaining a token
> [java] at
> org.apache.rampart.util.RampartUtil.getToken(RampartUtil.java:787)
> [java] at
> org.apache.rampart.util.RampartUtil.getSecConvToken(RampartUtil.java:645)
> [java] at
> org.apache.rampart.builder.SymmetricBindingBuilder.initializeTokens(SymmetricBindingBuilder.java:883)
> [java] at
> org.apache.rampart.builder.SymmetricBindingBuilder.build(SymmetricBindingBuilder.java:84)
> [java] at
> org.apache.rampart.MessageBuilder.build(MessageBuilder.java:144)
> [java] at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
> [java] ... 9 more
> [java] Caused by: org.apache.rahas.TrustException: Error in obtaining
> token from : "http://pcbls.sei.cmu.edu:18080/axis2/services/sample04";
> [java] at
> org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:153)
> [java] at
> org.apache.rampart.util.RampartUtil.getToken(RampartUtil.java:774)
> [java] ... 14 more
> [java] Caused by: org.apache.axis2.AxisFault: Error in creating an
> encrypted key
> [java] at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
> [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> [java] at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
> [java] at
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
> [java] at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
> [java] at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
> [java] at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
> [java] at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:540)
> [java] at
> org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:147)
> [java] ... 15 more
> [java] Caused by: org.apache.rampart.RampartException: Error in
> creating an encrypted key
> [java] at
> org.apache.rampart.builder.BindingBuilder.getEncryptedKeyBuilder(BindingBuilder.java:230)
> [java] at
> org.apache.rampart.builder.SymmetricBindingBuilder.setupEncryptedKey(SymmetricBindingBuilder.java:708)
> [java] at
> org.apache.rampart.builder.SymmetricBindingBuilder.doSignBeforeEncrypt(SymmetricBindingBuilder.java:425)
> [java] at
> org.apache.rampart.builder.SymmetricBindingBuilder.build(SymmetricBindingBuilder.java:91)
> [java] at
> org.apache.rampart.MessageBuilder.build(MessageBuilder.java:144)
> [java] at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
> [java] ... 23 more
> [java] Caused by: org.apache.ws.security.WSSecurityException: General
> security error (No certificates for user service were found for encryption)
> [java] at
> org.apache.ws.security.message.WSSecEncryptedKey.prepare(WSSecEncryptedKey.java:163)
> [java] at
> org.apache.rampart.builder.BindingBuilder.getEncryptedKeyBuilder(BindingBuilder.java:226)
> [java] ... 28 more
> [java] Java Result: 1
>
>
> To describe my environment, I am running tomcat 6.0.20 with Axis2 1.5.1 on
> top, with Rampart 1.5 on top of that. However, instead of building the .aar
> file and deploying it to Axis2, I have been running the sample04 service
> manually on the server (by running ant service.04 from the command line)
> because although I can deploy the service, there is some weird error that
> makes the client fail when it tries to connect to the service. In any case,
> running the service manually works fine as long as I use the default keys,
> so I don't think that's the problem.
>
> In trying to fix the problem, I did a google search on the root exception
> above and found something about cached data; so I stopped & restarted the
> tomcat server (which shouldn't be used anyways) as well as deleted all of
> the temp files; it did not help.
>
> I'm pretty sure this is some sort of configuration issue. Here is the
> content of the client.properties file:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.alias=escrsaclient
> org.apache.ws.security.crypto.merlin.keystore.password=escrsaclientpass
> org.apache.ws.security.crypto.merlin.file=client.jks
>
> Here is the content of the service.properties file:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.alias=escrsaservice
> org.apache.ws.security.crypto.merlin.keystore.password=escrsaservicepass
> org.apache.ws.security.crypto.merlin.file=service.jks
>
> Now, here is what I did to migrate from the default keystore to the custom
> RSA keystore:
>
> 1. On both the server and client, I copied over the keystore that was used
> in the original tests. This was created in the same directory as the /keys
> directory (in the /samples directory) and named /keys_rsa
>
> 2. On both the server & client, I modified the build.xml file to point to
> the new keystore, by changing the "keys.dir" property to point to
> "../keys_rsa"
>
> 3. On the server, I modified the sample04/service.xml to use the
> "escrsaservicepass" password specified in the custom service.properties file
> (I modified the sections under the RampartConfig tag, NOT the one under the
> cryptoProperties section)
>
> 4. On the client, I modified the sample04/policy.xml file to use the
> "escrsaclientpass" password specified in the custom client.properties file
> (again, the ones under the RampartConfig tag)
>
> 5. On both the server & client, I modified the PWCBHandler.java file to set
> the appropriate passwords for the client & server
>
>
> Above & beyond that, I'm really not sure what to look at. Any help anyone
> can offer with respect to resolving the WSSecurityException listed above
> would be very much appreciated.
>
> Thanks,
> Marc Novakouski
>
>
>
> _______________________________________________________________________________
> Marc Novakouski
> Software Engineering Institute
> Member of the Technical Staff - SoS Engineering (SoSE) Team
> Research, Technology and Systems Solutions (RTSS) Program
> System of Systems Practice (SoSP) Initiative
> Phone: (412) 268-4274
>
>
>
>
