The CryptoCoverageChecker should be added to the in interceptor list, not the out interceptor list, as its job is to verify that incoming message parts were signed/encrypted. I'll fix the NPE.
Colm. On Thu, Feb 23, 2017 at 9:08 PM, Morein, Arnie <[email protected]> wrote: > Can someone translate this into plain English? After much grief, a call is > going out, but the response may be invalid? Or maybe I don't have the > interceptors configured properly? > > Feb23 14:55:26.546 WARN [PhaseInterceptorChain ][::] - Interceptor > for {http://aamva.org/authentication/3.1.0}AuthenticationService#{http:// > aamva.org/authentication/3.1.0}Authenticate has thrown exception, > unwinding now > java.lang.NullPointerException: null > at org.apache.cxf.ws.security.wss4j.CryptoCoverageChecker. > handleMessage(CryptoCoverageChecker.java:140) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.ws.security.wss4j.CryptoCoverageChecker. > handleMessage(CryptoCoverageChecker.java:61) ~[cxf-rt-ws-security-3.1.10. > jar:3.1.10] > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept( > PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) > [cxf-core-3.1.10.jar:3.1.10] > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > [cxf-rt-frontend-simple-3.1.10.jar:3.1.10] > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) > [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10] > at com.sun.proxy.$Proxy55.authenticate(Unknown Source) [na:na] > at > txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:188) > [VlsBusiness.class:na] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ~[na:1.8.0_40] > at sun.reflect.NativeMethodAccessorImpl.invoke( > NativeMethodAccessorImpl.java:62) ~[na:1.8.0_40] > at sun.reflect.DelegatingMethodAccessorImpl.invoke( > DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_40] > at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_40] > ... > Feb23 14:55:26.558 ERROR[VlsBusiness ][::] - There was a > problem authenticating to the AAMVA Authentication Service: > javax.xml.ws.soap.SOAPFaultException: Fault string, and possibly fault > code, not set > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke( > JaxWsClientProxy.java:161) > at com.sun.proxy.$Proxy55.authenticate(Unknown Source) > > These are the values I'm setting on the PORT: > > // configure ws-security > Properties crytoProperties = new Properties(); > > crytoProperties.put(SecurityConstants.TIMESTAMP_FUTURE_TTL, "120"); > > crytoProperties.put(SecurityConstants.SIGNATURE_PROPERTIES, > WSS4J_PROPERTIES); > crytoProperties.put(SecurityConstants.SIGNATURE_USERNAME, > KEYSTORE_KEY_ALIAS); > > crytoProperties.put(SecurityConstants.ENCRYPT_PROPERTIES, > WSS4J_PROPERTIES); > crytoProperties.put(SecurityConstants.ENCRYPT_USERNAME, > KEYSTORE_KEY_ALIAS); > > crytoProperties.put(SecurityConstants.CALLBACK_HANDLER, > txdps.dl.bpr.common.business.VlsCxfUserPasswordCallback. > class.getName()); > > Map<String, Object> ctx = ((BindingProvider) port).getRequestContext(); > Enumeration<?> e = crytoProperties.propertyNames(); > while (e.hasMoreElements()) { > String key = (String) e.nextElement(); > ctx.put(key, crytoProperties.get(key)); > } > > Bus bus = BusFactory.newInstance().createBus(); > STSClient stsClient = new STSClient(bus); > Map<String, Object> stsProps = stsClient.getProperties(); > stsProps.put(SecurityConstants.ENCRYPT_PROPERTIES, WSS4J_PROPERTIES); > stsProps.put(SecurityConstants.ENCRYPT_USERNAME, KEYSTORE_KEY_ALIAS); > > stsProps.put(SecurityConstants.SIGNATURE_PROPERTIES, WSS4J_PROPERTIES); > stsProps.put(SecurityConstants.SIGNATURE_USERNAME, KEYSTORE_KEY_ALIAS); > > stsProps.put(SecurityConstants.STS_TOKEN_USERNAME, KEYSTORE_KEY_ALIAS); > stsProps.put(SecurityConstants.STS_TOKEN_PROPERTIES, WSS4J_PROPERTIES); > stsProps.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true"); > > ctx.put(SecurityConstants.STS_CLIENT, stsClient); > > // create properties for intercepters > HashMap<String, Object> inProps = new HashMap<String, Object>(); > inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP + " " > + WSHandlerConstants.SIGNATURE > + " " + WSHandlerConstants.ENCRYPT); > inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, > txdps.dl.bpr.common.business.VlsCxfUserPasswordCallback. > class.getName()); > > inProps.put(WSHandlerConstants.USER, KEYSTORE_KEY_ALIAS); > > inProps.put(WSHandlerConstants.SIGNATURE_USER, KEYSTORE_KEY_ALIAS); > inProps.put(WSHandlerConstants.SIG_PROP_FILE, WSS4J_PROPERTIES); > > inProps.put(WSHandlerConstants.ENCRYPTION_USER, KEYSTORE_KEY_ALIAS); > inProps.put(WSHandlerConstants.ENC_PROP_FILE, WSS4J_PROPERTIES); > > HashMap<String, Object> outProps = new HashMap<String, Object>(); > outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP + " > " + WSHandlerConstants.SIGNATURE > + " " + WSHandlerConstants.ENCRYPT); > outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, > txdps.dl.bpr.common.business.VlsCxfUserPasswordCallback. > class.getName()); > > outProps.put(WSHandlerConstants.USER, KEYSTORE_KEY_ALIAS); > > outProps.put(WSHandlerConstants.SIGNATURE_USER, KEYSTORE_KEY_ALIAS); > outProps.put(WSHandlerConstants.SIG_PROP_FILE, WSS4J_PROPERTIES); > > outProps.put(WSHandlerConstants.ENCRYPTION_USER, KEYSTORE_KEY_ALIAS); > outProps.put(WSHandlerConstants.ENC_PROP_FILE, WSS4J_PROPERTIES); > > DefaultCryptoCoverageChecker coverageChecker = new > DefaultCryptoCoverageChecker(); > coverageChecker.setEncryptBody(true); > coverageChecker.setEncryptUsernameToken(true); > coverageChecker.setSignAddressingHeaders(true); > coverageChecker.setSignBody(true); > coverageChecker.setSignTimestamp(true); > coverageChecker.setSignUsernameToken(true); > > // activate ws-security > org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port); > org.apache.cxf.endpoint.Endpoint endpoint = client.getEndpoint(); > > endpoint.getInInterceptors().add(new SCTInInterceptor()); > endpoint.getInInterceptors().add(new WSS4JInInterceptor(inProps)); > endpoint.getInInterceptors().add(new LoggingInInterceptor()); > > endpoint.getOutInterceptors().add(new SCTOutInterceptor()); > endpoint.getOutInterceptors().add(new WSS4JOutInterceptor(outProps)); > endpoint.getOutInterceptors().add(new LoggingOutInterceptor()); > endpoint.getOutInterceptors().add(coverageChecker); > > // enable TLS > HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); > HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); > httpClientPolicy.setConnectionTimeout(36000); > httpClientPolicy.setAllowChunking(false); > httpClientPolicy.setReceiveTimeout(32000); > > KeyStore trustStore = KeyStore.getInstance("JKS"); > URL truststoreUrl = Thread.currentThread().getContextClassLoader(). > getResource(KEYSTORE_FILE); > trustStore.load(truststoreUrl.openStream(), KEYSTORE_PASSWORD.toCharArray( > )); > > TrustManagerFactory trustFactory = TrustManagerFactory > .getInstance(TrustManagerFactory.getDefaultAlgorithm()); > trustFactory.init(trustStore); > > TLSClientParameters tlsParams = new TLSClientParameters(); > List<String> cipherSuites = new ArrayList<String>(); > cipherSuites.add("SHA1withRSA"); > tlsParams.setCipherSuites(cipherSuites); > tlsParams.setDisableCNCheck(true); > tlsParams.setSecureSocketProtocol("TLSv1.2"); // TLSv1 TLSv1.1 TLSv1.2 > tlsParams.setTrustManagers(trustFactory.getTrustManagers()); > > httpConduit.setTlsClientParameters(tlsParams); > httpConduit.setClient(httpClientPolicy); > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
