I note from the log that it loads the truststore and the keystore, but only appears to search the truststore for the server cert to verify the signing on the response?
DEBUG 2018-01-20 00:12:59,141 [Thread-2] org.apache.wss4j.common.util.Loader - Trying to find [C:\Users\AlGrant\IdeaProjects\importer\src\main\resources\keystore.jks] using sun.misc.Launcher$AppClassLoader@18b4aac2 class loader. DEBUG 2018-01-20 00:12:59,142 [Thread-2] org.apache.wss4j.common.util.Loader - Trying to find [C:\Users\AlGrant\IdeaProjects\importer\src\main\resources\keystore.jks] using sun.misc.Launcher$AppClassLoader@18b4aac2 class loader. DEBUG 2018-01-20 00:12:59,145 [Thread-2] org.apache.wss4j.common.util.Loader - Trying to find [C:\Users\AlGrant\IdeaProjects\importer\src\main\resources\keystore.jks] using ClassLoader.getSystemResource(). DEBUG 2018-01-20 00:12:59,147 [Thread-2] org.apache.wss4j.common.crypto.Merlin - The KeyStore C:\Users\AlGrant\IdeaProjects\importer\src\main\resources\keystore.jks of type jks has been loaded DEBUG 2018-01-20 00:12:59,148 [Thread-2] org.apache.wss4j.common.util.Loader - Trying to find [C:\Users\AlGrant\IdeaProjects\importer\src\main\resources\truststore.jks] using sun.misc.Launcher$AppClassLoader@18b4aac2 class loader. DEBUG 2018-01-20 00:12:59,151 [Thread-2] org.apache.wss4j.common.util.Loader - Trying to find [C:\Users\AlGrant\IdeaProjects\importer\src\main\resources\truststore.jks] using sun.misc.Launcher$AppClassLoader@18b4aac2 class loader. DEBUG 2018-01-20 00:12:59,153 [Thread-2] org.apache.wss4j.common.util.Loader - Trying to find [C:\Users\AlGrant\IdeaProjects\importer\src\main\resources\truststore.jks] using ClassLoader.getSystemResource(). DEBUG 2018-01-20 00:12:59,156 [Thread-2] org.apache.wss4j.common.crypto.Merlin - The TrustStore C:\Users\AlGrant\IdeaProjects\importer\src\main\resources\truststore.jks of type jks has been loaded DEBUG 2018-01-20 00:12:59,160 [Thread-2] org.apache.wss4j.dom.processor.TimestampProcessor - Found Timestamp list element DEBUG 2018-01-20 00:12:59,171 [Thread-2] org.apache.wss4j.common.util.DateUtil - Validation of Created: Everything is ok DEBUG 2018-01-20 00:12:59,174 [Thread-2] org.apache.wss4j.dom.processor.SignatureProcessor - Found signature element DEBUG 2018-01-20 00:12:59,176 [Thread-2] org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1 DEBUG 2018-01-20 00:12:59,183 [Thread-2] org.apache.wss4j.common.crypto.Merlin - Searching keystore for cert using Subject Key Identifier bytes DEBUG 2018-01-20 00:12:59,184 [Thread-2] org.apache.wss4j.common.crypto.Merlin - No SKI match found in keystore DEBUG 2018-01-20 00:12:59,185 [Thread-2] org.apache.wss4j.common.crypto.Merlin - Searching keystore for cert using Subject Key Identifier bytes DEBUG 2018-01-20 00:12:59,185 [Thread-2] org.apache.wss4j.common.crypto.Merlin - No SKI match found in keystore should the server cert be added to keystore.jks instead of truststore.jks? -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
