Can someone translate this into plain English? After much grief, a call is
going out, but the response may be invalid? Or maybe I don't have the
interceptors configured properly?
Feb23 14:55:26.546 WARN [PhaseInterceptorChain ][::] - Interceptor for
{http://aamva.org/authentication/3.1.0}AuthenticationService#{http://aamva.org/authentication/3.1.0}Authenticate
has thrown exception, unwinding now
java.lang.NullPointerException: null
at
org.apache.cxf.ws.security.wss4j.CryptoCoverageChecker.handleMessage(CryptoCoverageChecker.java:140)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.ws.security.wss4j.CryptoCoverageChecker.handleMessage(CryptoCoverageChecker.java:61)
~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
~[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
[cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
[cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
at com.sun.proxy.$Proxy55.authenticate(Unknown Source) [na:na]
at
txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:188)
[VlsBusiness.class:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.8.0_40]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[na:1.8.0_40]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.8.0_40]
at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_40]
...
Feb23 14:55:26.558 ERROR[VlsBusiness ][::] - There was a
problem authenticating to the AAMVA Authentication Service:
javax.xml.ws.soap.SOAPFaultException: Fault string, and possibly fault code,
not set
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
at com.sun.proxy.$Proxy55.authenticate(Unknown Source)
These are the values I'm setting on the PORT:
// configure ws-security
Properties crytoProperties = new Properties();
crytoProperties.put(SecurityConstants.TIMESTAMP_FUTURE_TTL, "120");
crytoProperties.put(SecurityConstants.SIGNATURE_PROPERTIES, WSS4J_PROPERTIES);
crytoProperties.put(SecurityConstants.SIGNATURE_USERNAME, KEYSTORE_KEY_ALIAS);
crytoProperties.put(SecurityConstants.ENCRYPT_PROPERTIES, WSS4J_PROPERTIES);
crytoProperties.put(SecurityConstants.ENCRYPT_USERNAME, KEYSTORE_KEY_ALIAS);
crytoProperties.put(SecurityConstants.CALLBACK_HANDLER,
txdps.dl.bpr.common.business.VlsCxfUserPasswordCallback.class.getName());
Map<String, Object> ctx = ((BindingProvider) port).getRequestContext();
Enumeration<?> e = crytoProperties.propertyNames();
while (e.hasMoreElements()) {
String key = (String) e.nextElement();
ctx.put(key, crytoProperties.get(key));
}
Bus bus = BusFactory.newInstance().createBus();
STSClient stsClient = new STSClient(bus);
Map<String, Object> stsProps = stsClient.getProperties();
stsProps.put(SecurityConstants.ENCRYPT_PROPERTIES, WSS4J_PROPERTIES);
stsProps.put(SecurityConstants.ENCRYPT_USERNAME, KEYSTORE_KEY_ALIAS);
stsProps.put(SecurityConstants.SIGNATURE_PROPERTIES, WSS4J_PROPERTIES);
stsProps.put(SecurityConstants.SIGNATURE_USERNAME, KEYSTORE_KEY_ALIAS);
stsProps.put(SecurityConstants.STS_TOKEN_USERNAME, KEYSTORE_KEY_ALIAS);
stsProps.put(SecurityConstants.STS_TOKEN_PROPERTIES, WSS4J_PROPERTIES);
stsProps.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
ctx.put(SecurityConstants.STS_CLIENT, stsClient);
// create properties for intercepters
HashMap<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP + " " +
WSHandlerConstants.SIGNATURE
+ " " + WSHandlerConstants.ENCRYPT);
inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
txdps.dl.bpr.common.business.VlsCxfUserPasswordCallback.class.getName());
inProps.put(WSHandlerConstants.USER, KEYSTORE_KEY_ALIAS);
inProps.put(WSHandlerConstants.SIGNATURE_USER, KEYSTORE_KEY_ALIAS);
inProps.put(WSHandlerConstants.SIG_PROP_FILE, WSS4J_PROPERTIES);
inProps.put(WSHandlerConstants.ENCRYPTION_USER, KEYSTORE_KEY_ALIAS);
inProps.put(WSHandlerConstants.ENC_PROP_FILE, WSS4J_PROPERTIES);
HashMap<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP + " " +
WSHandlerConstants.SIGNATURE
+ " " + WSHandlerConstants.ENCRYPT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
txdps.dl.bpr.common.business.VlsCxfUserPasswordCallback.class.getName());
outProps.put(WSHandlerConstants.USER, KEYSTORE_KEY_ALIAS);
outProps.put(WSHandlerConstants.SIGNATURE_USER, KEYSTORE_KEY_ALIAS);
outProps.put(WSHandlerConstants.SIG_PROP_FILE, WSS4J_PROPERTIES);
outProps.put(WSHandlerConstants.ENCRYPTION_USER, KEYSTORE_KEY_ALIAS);
outProps.put(WSHandlerConstants.ENC_PROP_FILE, WSS4J_PROPERTIES);
DefaultCryptoCoverageChecker coverageChecker = new
DefaultCryptoCoverageChecker();
coverageChecker.setEncryptBody(true);
coverageChecker.setEncryptUsernameToken(true);
coverageChecker.setSignAddressingHeaders(true);
coverageChecker.setSignBody(true);
coverageChecker.setSignTimestamp(true);
coverageChecker.setSignUsernameToken(true);
// activate ws-security
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint endpoint = client.getEndpoint();
endpoint.getInInterceptors().add(new SCTInInterceptor());
endpoint.getInInterceptors().add(new WSS4JInInterceptor(inProps));
endpoint.getInInterceptors().add(new LoggingInInterceptor());
endpoint.getOutInterceptors().add(new SCTOutInterceptor());
endpoint.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
endpoint.getOutInterceptors().add(new LoggingOutInterceptor());
endpoint.getOutInterceptors().add(coverageChecker);
// enable TLS
HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(36000);
httpClientPolicy.setAllowChunking(false);
httpClientPolicy.setReceiveTimeout(32000);
KeyStore trustStore = KeyStore.getInstance("JKS");
URL truststoreUrl =
Thread.currentThread().getContextClassLoader().getResource(KEYSTORE_FILE);
trustStore.load(truststoreUrl.openStream(), KEYSTORE_PASSWORD.toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
TLSClientParameters tlsParams = new TLSClientParameters();
List<String> cipherSuites = new ArrayList<String>();
cipherSuites.add("SHA1withRSA");
tlsParams.setCipherSuites(cipherSuites);
tlsParams.setDisableCNCheck(true);
tlsParams.setSecureSocketProtocol("TLSv1.2"); // TLSv1 TLSv1.1 TLSv1.2
tlsParams.setTrustManagers(trustFactory.getTrustManagers());
httpConduit.setTlsClientParameters(tlsParams);
httpConduit.setClient(httpClientPolicy);
