Hi,
Did you specify the private key password properly in your password
callback handler class?
Thanks,
Ruchith
On 7/18/06, Shyam Shukla <[EMAIL PROTECTED]> wrote:
Thanks Ruchith,
I used "IssuerSerial" for signatureKeyIdentifier tag in axis2.xml and
verified the alias of the private key in my keystore which was same as I
have defined in <user> tag in axis2.xml.
Now I am getting following error:
<< Start of Error >>
org.apache.axis2.AxisFault: WSHandler: Signature: error during message
procesing
org.apache.ws.security.WSSecurityException: Signature creation failed;
nested ex
ception is:
java.security.UnrecoverableKeyException: Cannot recover key; nested
exce
ption is:
org.apache.ws.security.WSSecurityException: WSHandler: Signature:
error
during message procesingorg.apache.ws.security.WSSecurityException:
Signature cr
eation failed; nested exception is:
java.security.UnrecoverableKeyException: Cannot recover key
at
org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
java:255)
at
org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
r.java:82)
at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
peration.java:328)
at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
isOperation.java:279)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
457)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
399)
at
sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
va:60)
Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature:
err
or during message procesingorg.apache.ws.security.WSSecurityException:
Signature
creation failed; nested exception is:
java.security.UnrecoverableKeyException: Cannot recover key
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction
.java:57)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
a:191)
at
org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
java:181)
... 9 more
<< End of Error >>
The relevant section of code from axis2.xml that I am using is as below:
<< Start of axis2.xml snippet >>
<!-- Engage the addressing module -->
<module ref="addressing"/>
<!-- Engage the security module -->
<module ref="rampart"/>
<!-- Test with addressing and MTOM: Client's Configuration:START-->
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature</items>
<user>wss4jclient</user>
<passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
<signaturePropFile>cryptoSender.properties</signaturePropFile>
<signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
<signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{
http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/200
5/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/o
asis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimi
zeParts>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature</items>
<passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
<signaturePropFile>cryptoSender.properties</signaturePropFile>
</action>
</parameter>
<< End of axis2.xml snippet >>
Please also find below the contents of my keystore file:
<< Start of wss4jClient.jks file >>
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: wss4jca
Creation date: Jun 26, 2006
Entry type: trustedCertEntry
Owner: [EMAIL PROTECTED], CN=wss4j ca, OU=Technical,
O=Persi
stent Systems, L=Pune, ST=Mah, C=IN
Issuer: [EMAIL PROTECTED], CN=wss4j ca, OU=Technical,
O=Pers
istent Systems, L=Pune, ST=Mah, C=IN
Serial number: f15acfb74d13af3c
Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
GMT+05
:30 2016
Certificate fingerprints:
MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
*******************************************
*******************************************
Alias name: wss4jclient
Creation date: Jun 26, 2006
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=wss4j client, OU=technical, O=Persistent Systems, L=Pune, ST=Mah,
C=IN
Issuer: [EMAIL PROTECTED], CN=wss4j ca, OU=Technical,
O=Pers
istent Systems, L=Pune, ST=Mah, C=IN
Serial number: 2
Valid from: Mon Jun 26 17:01:47 GMT+05:30 2006 until: Tue Jun 26 17:01:47
GMT+05
:30 2007
Certificate fingerprints:
MD5: 3E:1C:C9:44:F0:17:64:40:8D:81:2B:87:4E:21:91:81
SHA1: 70:BC:F1:EF:72:81:0A:69:50:03:00:7C:9F:AB:33:B0:EC:1D:F0:F6
Certificate[2]:
Owner: [EMAIL PROTECTED], CN=wss4j ca, OU=Technical,
O=Persi
stent Systems, L=Pune, ST=Mah, C=IN
Issuer: [EMAIL PROTECTED], CN=wss4j ca, OU=Technical,
O=Pers
istent Systems, L=Pune, ST=Mah, C=IN
Serial number: f15acfb74d13af3c
Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
GMT+05
:30 2016
Certificate fingerprints:
MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
*******************************************
*******************************************
<< End of wss4jClient.jks file >>
And contents of cryptoSender.properties file are as below:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.file=wss4jClient.jks
Please let me know what's going wrong??
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 18, 2006 10:30 AM
To: Shyam Shukla
Cc: [email protected]
Subject: Re: WSHandler: Signature: unknown key identification
Hi ,
Please try using any of the following values for the
"signatureKeyIdentifier":
DirectReference
IssuerSerial
X509KeyIdentifier
SKIKeyIdentifier
Thumbprint
These are different ways of referencing the signature key.
The value of the "user" is the alias of the private key used for
signature and wss4j will extract and set the required key reference
info appropriately. Therefore you DON'T have to specify the value.
Thanks,
Ruchith
On 7/17/06, Shyam Shukla <[EMAIL PROTECTED]> wrote:
>
>
>
>
> Hi All,
>
>
>
> I am working with axis2 1.0 and wss4j 1.5 to implement WS-Security feature
> supported by this architecture.
>
> I am using rampart module to sign the soap messages.
>
> Now when I invoke a web service I get the following error message:
>
>
>
> << Start of Error Message>>
>
>
>
> org.apache.axis2.AxisFault: WSHandler: Signature: unknown key
> identification; ne
>
> sted exception is:
>
> org.apache.ws.security.WSSecurityException:
> WSHandler: Signature: unknow
>
> n key identification
>
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
>
> java:255)
>
> at
> org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
>
> r.java:82)
>
> at
> org.apache.axis2.engine.Phase.invoke(Phase.java:381)
>
> at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
>
> at
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
>
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
>
> peration.java:328)
>
> at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
>
> isOperation.java:279)
>
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
>
> 457)
>
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
>
> 399)
>
> at
> sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
>
> va:60)
>
> Caused by: org.apache.ws.security.WSSecurityException:
> WSHandler: Signature: unk
>
> nown key identification
>
> at
> org.apache.ws.security.handler.WSHandler.decodeSignatureParameter(WSH
>
> andler.java:397)
>
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
>
> a:124)
>
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
>
> java:181)
>
> ... 9 more
>
>
>
> << End of Error Message >>
>
>
>
> From error it looks like I am not giving correct "signatureKeyIdentifier"
in
> axis2.xml. As per the document, I came to know that value of
> "signatureKeyIdentifier" should be IssuerSerial number so I assigned CA's
> serial number to this tag but it did no work?
>
> Can anyone figure it out where I am going wrong?
>
>
>
> Best Regards,
> Shyam Shukla
>
>
>
> DISCLAIMER ========== This e-mail may contain privileged and
confidential
> information which is the property of Persistent Systems Pvt. Ltd. It is
> intended only for the use of the individual or entity to which it is
> addressed. If you are not the intended recipient, you are not authorized
to
> read, retain, copy, print, distribute or use this message. If you have
> received this communication in error, please notify the sender and delete
> all copies of this message. Persistent Systems Pvt. Ltd. does not accept
any
> liability for virus infected mails.
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the
property of Persistent Systems Pvt. Ltd. It is intended only for the use of the
individual or entity to which it is addressed. If you are not the intended
recipient, you are not authorized to read, retain, copy, print, distribute or
use this message. If you have received this communication in error, please
notify the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
