Hi Nandana, That (and a few other things I missed) was exactly what I needed. Thanks so much! Marc
-----Original Message----- From: Nandana Mihindukulasooriya [mailto:[email protected]] Sent: Wednesday, April 28, 2010 6:41 PM To: [email protected] Subject: Re: Difficulty running samples for performance benchmarking Hi Marc, Looking at the error message, "No certificates for user **service**were found for encryption", it seems that your sample still uses "service" as the encryption user. Did you change the following property in the policy.xml ? <ramp:encryptionUser>service</ramp:encryptionUser> to <ramp:encryptionUser>escrsaservice</ramp:encryptionUser> Best Regards, Nandana On Wed, Apr 28, 2010 at 10:59 PM, Marc Novakouski <[email protected]>wrote: > Hello, > I am attempting to run the samples which come with rampart to do some > performance benchmarking on the different WS-* standards that are supported. > We expect to publish these findings in an academic paper. > Unfortunately, I'm having difficulty making the tests work. > > The problem I'm having right now is that in an earlier set of tests, a > colleague set up a set of RSA keys for use instead of the default keys > that come with the rampart samples. The keys he created were used to > benchmark the basic samples (no security, username/password, > encryption, signing, > encrypt+sign) and worked fine. My task right now is to use the keys > encrypt+he used > to run the WS-SecureConversation sample (sample04) in the policy sample set. > I am able to execute sample04 and get results with the default > keystore, but not with the RSA keys that were previously used by my > colleague. When I attempt to execute my tests using the custom RSA > keys, I get the following > error: > > client.04: > [copy] Copying 1 file to > /home/novakom/rampart-1.5/samples/policy/build/client_repositories/sample04/modules > [copy] Copying 1 file to > /home/novakom/rampart-1.5/samples/policy/build/client_repositories/sample04/modules > [copy] Copying 1 file to > /home/novakom/rampart-1.5/samples/policy/build/temp_client > [copy] Copying 1 file to > /home/novakom/rampart-1.5/samples/policy/build/temp_client > [java] Exception in thread "main" org.apache.axis2.AxisFault: > Error in obtaining a token > [java] at > org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70) > [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:318) > [java] at > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) > [java] at > org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416) > [java] at > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402) > [java] at > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) > [java] at > org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) > [java] at > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:540) > [java] at > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:521) > [java] at > org.apache.rampart.samples.policy.sample04.Client.main(Unknown Source) > [java] Caused by: org.apache.rampart.RampartException: Error in > obtaining a token > [java] at > org.apache.rampart.util.RampartUtil.getToken(RampartUtil.java:787) > [java] at > org.apache.rampart.util.RampartUtil.getSecConvToken(RampartUtil.java:645) > [java] at > org.apache.rampart.builder.SymmetricBindingBuilder.initializeTokens(SymmetricBindingBuilder.java:883) > [java] at > org.apache.rampart.builder.SymmetricBindingBuilder.build(SymmetricBindingBuilder.java:84) > [java] at > org.apache.rampart.MessageBuilder.build(MessageBuilder.java:144) > [java] at > org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64) > [java] ... 9 more > [java] Caused by: org.apache.rahas.TrustException: Error in > obtaining token from : > "http://pcbls.sei.cmu.edu:18080/axis2/services/sample04"; > [java] at > org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:153) > [java] at > org.apache.rampart.util.RampartUtil.getToken(RampartUtil.java:774) > [java] ... 14 more > [java] Caused by: org.apache.axis2.AxisFault: Error in creating an > encrypted key > [java] at > org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70) > [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:318) > [java] at > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) > [java] at > org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416) > [java] at > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402) > [java] at > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) > [java] at > org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) > [java] at > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:540) > [java] at > org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:147) > [java] ... 15 more > [java] Caused by: org.apache.rampart.RampartException: Error in > creating an encrypted key > [java] at > org.apache.rampart.builder.BindingBuilder.getEncryptedKeyBuilder(BindingBuilder.java:230) > [java] at > org.apache.rampart.builder.SymmetricBindingBuilder.setupEncryptedKey(SymmetricBindingBuilder.java:708) > [java] at > org.apache.rampart.builder.SymmetricBindingBuilder.doSignBeforeEncrypt(SymmetricBindingBuilder.java:425) > [java] at > org.apache.rampart.builder.SymmetricBindingBuilder.build(SymmetricBindingBuilder.java:91) > [java] at > org.apache.rampart.MessageBuilder.build(MessageBuilder.java:144) > [java] at > org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64) > [java] ... 23 more > [java] Caused by: org.apache.ws.security.WSSecurityException: > General security error (No certificates for user service were found for > encryption) > [java] at > org.apache.ws.security.message.WSSecEncryptedKey.prepare(WSSecEncryptedKey.java:163) > [java] at > org.apache.rampart.builder.BindingBuilder.getEncryptedKeyBuilder(BindingBuilder.java:226) > [java] ... 28 more > [java] Java Result: 1 > > > To describe my environment, I am running tomcat 6.0.20 with Axis2 > 1.5.1 on top, with Rampart 1.5 on top of that. However, instead of > building the .aar file and deploying it to Axis2, I have been running > the sample04 service manually on the server (by running ant service.04 > from the command line) because although I can deploy the service, > there is some weird error that makes the client fail when it tries to > connect to the service. In any case, running the service manually > works fine as long as I use the default keys, so I don't think that's the > problem. > > In trying to fix the problem, I did a google search on the root > exception above and found something about cached data; so I stopped & > restarted the tomcat server (which shouldn't be used anyways) as well > as deleted all of the temp files; it did not help. > > I'm pretty sure this is some sort of configuration issue. Here is the > content of the client.properties file: > > org.apache.ws.security.crypto.provider=org.apache.ws.security.componen > ts.crypto.Merlin > org.apache.ws.security.crypto.merlin.keystore.type=jks > org.apache.ws.security.crypto.merlin.keystore.alias=escrsaclient > org.apache.ws.security.crypto.merlin.keystore.password=escrsaclientpas > s org.apache.ws.security.crypto.merlin.file=client.jks > > Here is the content of the service.properties file: > > org.apache.ws.security.crypto.provider=org.apache.ws.security.componen > ts.crypto.Merlin > org.apache.ws.security.crypto.merlin.keystore.type=jks > org.apache.ws.security.crypto.merlin.keystore.alias=escrsaservice > org.apache.ws.security.crypto.merlin.keystore.password=escrsaservicepa > ss org.apache.ws.security.crypto.merlin.file=service.jks > > Now, here is what I did to migrate from the default keystore to the > custom RSA keystore: > > 1. On both the server and client, I copied over the keystore that was > used in the original tests. This was created in the same directory as > the /keys directory (in the /samples directory) and named /keys_rsa > > 2. On both the server & client, I modified the build.xml file to point > to the new keystore, by changing the "keys.dir" property to point to > "../keys_rsa" > > 3. On the server, I modified the sample04/service.xml to use the > "escrsaservicepass" password specified in the custom > service.properties file (I modified the sections under the > RampartConfig tag, NOT the one under the cryptoProperties section) > > 4. On the client, I modified the sample04/policy.xml file to use the > "escrsaclientpass" password specified in the custom client.properties > file (again, the ones under the RampartConfig tag) > > 5. On both the server & client, I modified the PWCBHandler.java file > to set the appropriate passwords for the client & server > > > Above & beyond that, I'm really not sure what to look at. Any help > anyone can offer with respect to resolving the WSSecurityException > listed above would be very much appreciated. > > Thanks, > Marc Novakouski > > > > ______________________________________________________________________ > _________ > Marc Novakouski > Software Engineering Institute > Member of the Technical Staff - SoS Engineering (SoSE) Team Research, > Technology and Systems Solutions (RTSS) Program System of Systems > Practice (SoSP) Initiative > Phone: (412) 268-4274 > > > >
