Hi Nandana and Amilal, thanks for your answers.
For Nandana:
I use the Rampar 1.5 verion for the Server side, and the 1.4 version
for the client side.
The stack trace is following:
2010-07-09 11:16:53,358 ERROR [main] engine.AxisEngine
(AxisEngine.java:212) - The
signature or decryption was invalid; nested exception is:
java.lang.Exception: alias is null
org.apache.axis2.AxisFault: The signature or decryption was invalid;
nested exception is:
java.lang.Exception: alias is null
at
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:363)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at
es.upv.dsic.gti_ia.secure.MMServiceStub.newCertificate(MMServiceStub.java:192)
at
es.upv.dsic.gti_ia.secure.SecurityTools.generateAllProcessCertificate(SecurityTools.java:175)
at es.upv.dsic.gti_ia.core.BaseAgent.<init>(BaseAgent.java:126)
at MMS_Example.ConsumerAgent.<init>(ConsumerAgent.java:25)
at MMS_Example.Run_Example1.main(Run_Example1.java:45)
Caused by: org.apache.ws.security.WSSecurityException: The signature
or decryption was
invalid; nested exception is:
java.lang.Exception: alias is null
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:292)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:92)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:80)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:146)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 12 more
Caused by: java.lang.Exception: alias is null
at
org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBase.java:137)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:290)
... 18 more
2010-07-09 11:16:53,360 ERROR [main] secure.SecurityTools
(SecurityTools.java:193) -
org.apache.axis2.AxisFault: The signature or decryption was invalid;
nested exception is:
java.lang.Exception: alias is null
2010-07-09 11:16:53,360 ERROR [main] MMS_Example.Run_Example1
(Run_Example1.java:54) -
Error null
For Amilal:
Yes, the ´mms´ alias is the Server certificate that used for sign,
therefore in the Server side use the `mms` for sign and decryption,
and ?useReqSigCert? for encryption with the client public key. In
client side i use the ?mms? public key to encryption the message and
the client certificate (CertFirmaDigital) to sign the message.
The strange thing is that it works succsseful when i use certificates
created in keytool command, but when use DNIe the Server return
'null', when i should return the same alias that i using in the side
of client for sign the message 'CertFirmaDigital'.
I thinks that the problem is when the Server return the message, since
the service functionality is correct, but when returning the result of
the Web service operation fails.
Regards.
Quoting Amila Jayasekara <[email protected]>:
Hi Joan,
I am also testing some code with a similar policy file. I have
also encountered the given error during my testing. This error
normally occurs when password callback is unable to set password for
a given user. In my case i got following stack trace;
Exception in thread "main" org.apache.axis2.AxisFault: *General
security error* *(WSSecurityEngine: Callback supplied no password
for: initiator)*
at
org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:523)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:375)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at
org.apache.rampart.client.SecureServiceStub.add(SecureServiceStub.java:191)
at org.apache.rampart.client.Client.main(Client.java:56)
a...@aj-laptop:~/development/Tools/rampart-test/clients/client-general$
But, in my case things were fine when i set the password for signing
user "initiator". (Using pwcb.setPassword("password");).
In your case, due to some reason the user passed into Callback class
is "null". But in rampart configuration you have specified the
signing user as "mms". Therefore callback class should get called
with the user "mms". I am not clear why callback is getting called
with a null user. Nandana, do you have any idea about this ?
Note: I am using the code in trunk.
Hope this information is useful.
Thankx
AmilaJ
Nandana Mihindukulasooriya wrote:
Hi Joan,
What is the Rampart version you are using ? Can send the full
stack-trace ?
Best Regards,
Nandana
On Wed, Jul 7, 2010 at 8:54 PM, Joan Bellver Faus
<[email protected]>wrote:
Hello,
I implementing a new web services with Rampart, the policy is singn and
encryption.
When i using the certificates createds in keytool command, the services
works correctly, but when i using Spanish National ID Card (
http://www.dnielectronico.es/) the web services returned this error:
org.apache.axis2.AxisFault: General security error (WSSecurityEngine:
Callback supplied no password for: null)
This error is because the rampart can not access to the public key??
The settings.xml is:
<module ref="rampart" />
<wsp:Policy wsu:Id="SignEncr"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";
/>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
">
<wsp:Policy>
<sp:RequireThumbprintReference />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body />
</sp:EncryptedParts>
<ramp:RampartConfig xmlns:ramp="
http://ws.apache.org/rampart/policy";>
<ramp:user>mms</ramp:user>
<ramp:encryptionUser>useReqSigCert</ramp:encryptionUser>
<ramp:passwordCallbackClass>es.upv.dsic.gti_ia.MMService.PWCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">/home/joabelfa/Escritorio/pruebas_seguridad/qpidd/security/MMSkeystore.jks</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password_mmskeystore</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
