I'm working on migrating some legacy code I've been stuck with from CXF
2.3/WSS4J 1.5 up to CXF 2.7/WSS4J 1.6, and I'm having some troubles. The latest
issue is something that I'm sure is obvious and I'm just not seeing ... I am
getting this exception when I run one of my tests:
org.apache.cxf.binding.soap.SoapFault: Security processing failed.
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:280)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:141)
....
Caused by: org.apache.ws.security.WSSecurityException: Error during Signature:
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:122)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265)
... 47 more
Caused by: org.apache.ws.security.WSSecurityException: General security error
(WSSecurityEngine: No crypto property file supplied to verify signature)
at
org.apache.ws.security.message.WSSecSignature.getSigningCerts(WSSecSignature.java:789)
at
org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:169)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:71)
... 50 more
I've shortened the stack trace a bit but that should be the most important
parts. Now the exception itself I think is clear - there's a problem with the
crypto properties. It's the exact problem that eludes me. In my Spring
configuration, the original developers referenced a Crypto bean rather than
using an external file. This is the bean configuration:
<bean id="wss4jOutInterceptor"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature" />
<entry key="user" value="test-user (test ca 1)" />
<entry key="timeToLive" value="60" />
<entry key="signatureUser" value="test-user (test ca 1)" />
<entry key="signatureKeyIdentifier" value="DirectReference" />
<entry key="SignaturePropRefId" value="signatureProperties" />
<entry key="signatureProperties" value-ref="cryptoProperties" />
<entry key="signatureParts"
value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp";
/>
<entry key="signatureAlgorithm"
value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<entry key="signatureDigestAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#sha256"/>
<entry key="passwordCallbackRef" value-ref="pwCallback" />
</map>
</constructor-arg>
</bean>
<bean id="wss4jInInterceptor"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature Timestamp Encrypt" />
<entry key="SignaturePropRefId" value="cryptoProperties" />
<entry key="decryptionPropRefId" value="cryptoProperties" />
<entry key="cryptoProperties" value-ref="cryptoProperties" />
<entry key="passwordCallbackRef" value-ref="pwCallback" />
</map>
</constructor-arg>
</bean>
<util:properties id="cryptoProperties">
<prop
key="org.apache.ws.security.crypto.provider">org.apache.ws.security.components.crypto.Merlin</prop>
<prop
key="org.apache.ws.security.crypto.merlin.keystore.file">test-user.jks</prop>
<prop key="org.apache.ws.security.crypto.merlin.keystore.type">jks</prop>
<prop key="org.apache.ws.security.crypto.merlin.keystore.provider"></prop>
-->
<prop
key="org.apache.ws.security.crypto.merlin.keystore.password">xxxxx</prop>
<prop key="org.apache.ws.security.crypto.merlin.load.cacerts">false</prop>
</util:properties>
Does anyone have any ideas on what may be off here? Thanx,
Stephen W. Chappell
