Hi Ruchith, Now I have solved the problem mentioned in this email by making few changes as below:
1- My client program was using a different a Password CallBack class due to wrong entry in the classpath environment variable so I modified it to the correct path. 2- I was using two different keystore files i.e. one for client and other for server and both were having keys which were signed by the same CA which I believe is okay but it was throwing "Signature Processing" error at receiving end i.e. at server side. So I used the same keystore file at both end and it worked. Can you please explain me point2 why can not I use two different keystores which are having keys which were signed by same CA? Now my next target is to implement WS-Policy in soap request/response for that I went through online documentation of "Neethi" but could find a complete working example or document to implement it. Ruchith, In my current project I have to create following format in the SOAP's Request Body <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy";> <wsa:EndpointReference> <wsa:Address>urn:mosw.test.com:target1</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> Please guide me how to create above format. Thanks a lot for being so helpful. Best Regards, Shyam Shukla -----Original Message----- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 18, 2006 12:24 PM To: Shyam Shukla Cc: [email protected] Subject: Re: WSHandler: Signature: unknown key identification Hi, Did you specify the private key password properly in your password callback handler class? Thanks, Ruchith On 7/18/06, Shyam Shukla <[EMAIL PROTECTED]> wrote: > Thanks Ruchith, > > I used "IssuerSerial" for signatureKeyIdentifier tag in axis2.xml and > verified the alias of the private key in my keystore which was same as I > have defined in <user> tag in axis2.xml. > Now I am getting following error: > > << Start of Error >> > > org.apache.axis2.AxisFault: WSHandler: Signature: error during message > procesing > org.apache.ws.security.WSSecurityException: Signature creation failed; > nested ex > ception is: > java.security.UnrecoverableKeyException: Cannot recover key; nested > exce > ption is: > org.apache.ws.security.WSSecurityException: WSHandler: Signature: > error > during message procesingorg.apache.ws.security.WSSecurityException: > Signature cr > eation failed; nested exception is: > java.security.UnrecoverableKeyException: Cannot recover key > at > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender. > java:255) > at > org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle > r.java:82) > at org.apache.axis2.engine.Phase.invoke(Phase.java:381) > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473) > at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572) > at > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO > peration.java:328) > at > org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx > isOperation.java:279) > at > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java: > 457) > at > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java: > 399) > at > sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja > va:60) > Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature: > err > or during message procesingorg.apache.ws.security.WSSecurityException: > Signature > creation failed; nested exception is: > java.security.UnrecoverableKeyException: Cannot recover key > at > org.apache.ws.security.action.SignatureAction.execute(SignatureAction > .java:57) > at > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav > a:191) > at > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender. > java:181) > ... 9 more > > << End of Error >> > > The relevant section of code from axis2.xml that I am using is as below: > > << Start of axis2.xml snippet >> > > <!-- Engage the addressing module --> > <module ref="addressing"/> > > <!-- Engage the security module --> > <module ref="rampart"/> > > <!-- Test with addressing and MTOM: Client's Configuration:START--> > > <parameter name="OutflowSecurity"> > <action> > <items>Timestamp Signature</items> > <user>wss4jclient</user> > > <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass> > <signaturePropFile>cryptoSender.properties</signaturePropFile> > <signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier> > > <signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{ > http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/200 > 5/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/o > asis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts> > > > <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimi > zeParts> > </action> > </parameter> > > <parameter name="InflowSecurity"> > <action> > <items>Timestamp Signature</items> > > <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass> > <signaturePropFile>cryptoSender.properties</signaturePropFile> > </action> > </parameter> > > << End of axis2.xml snippet >> > > Please also find below the contents of my keystore file: > > << Start of wss4jClient.jks file >> > > Keystore type: jks > Keystore provider: SUN > > Your keystore contains 2 entries > > Alias name: wss4jca > Creation date: Jun 26, 2006 > Entry type: trustedCertEntry > > Owner: [EMAIL PROTECTED], CN=wss4j ca, OU=Technical, > O=Persi > stent Systems, L=Pune, ST=Mah, C=IN > Issuer: [EMAIL PROTECTED], CN=wss4j ca, OU=Technical, > O=Pers > istent Systems, L=Pune, ST=Mah, C=IN > Serial number: f15acfb74d13af3c > Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53 > GMT+05 > :30 2016 > Certificate fingerprints: > MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A > SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5 > > > ******************************************* > ******************************************* > > > Alias name: wss4jclient > Creation date: Jun 26, 2006 > Entry type: keyEntry > Certificate chain length: 2 > Certificate[1]: > Owner: CN=wss4j client, OU=technical, O=Persistent Systems, L=Pune, ST=Mah, > C=IN > > Issuer: [EMAIL PROTECTED], CN=wss4j ca, OU=Technical, > O=Pers > istent Systems, L=Pune, ST=Mah, C=IN > Serial number: 2 > Valid from: Mon Jun 26 17:01:47 GMT+05:30 2006 until: Tue Jun 26 17:01:47 > GMT+05 > :30 2007 > Certificate fingerprints: > MD5: 3E:1C:C9:44:F0:17:64:40:8D:81:2B:87:4E:21:91:81 > SHA1: 70:BC:F1:EF:72:81:0A:69:50:03:00:7C:9F:AB:33:B0:EC:1D:F0:F6 > Certificate[2]: > Owner: [EMAIL PROTECTED], CN=wss4j ca, OU=Technical, > O=Persi > stent Systems, L=Pune, ST=Mah, C=IN > Issuer: [EMAIL PROTECTED], CN=wss4j ca, OU=Technical, > O=Pers > istent Systems, L=Pune, ST=Mah, C=IN > Serial number: f15acfb74d13af3c > Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53 > GMT+05 > :30 2016 > Certificate fingerprints: > MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A > SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5 > > > ******************************************* > ******************************************* > > << End of wss4jClient.jks file >> > > And contents of cryptoSender.properties file are as below: > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry > pto.Merlin > org.apache.ws.security.crypto.merlin.keystore.type=jks > org.apache.ws.security.crypto.merlin.keystore.password=security > org.apache.ws.security.crypto.merlin.file=wss4jClient.jks > > Please let me know what's going wrong?? > > Best Regards, > Shyam Shukla > -----Original Message----- > From: Ruchith Fernando [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 18, 2006 10:30 AM > To: Shyam Shukla > Cc: [email protected] > Subject: Re: WSHandler: Signature: unknown key identification > > Hi , > > Please try using any of the following values for the > "signatureKeyIdentifier": > > DirectReference > IssuerSerial > X509KeyIdentifier > SKIKeyIdentifier > Thumbprint > > These are different ways of referencing the signature key. > > The value of the "user" is the alias of the private key used for > signature and wss4j will extract and set the required key reference > info appropriately. Therefore you DON'T have to specify the value. > > Thanks, > Ruchith > > On 7/17/06, Shyam Shukla <[EMAIL PROTECTED]> wrote: > > > > > > > > > > Hi All, > > > > > > > > I am working with axis2 1.0 and wss4j 1.5 to implement WS-Security feature > > supported by this architecture. > > > > I am using rampart module to sign the soap messages. > > > > Now when I invoke a web service I get the following error message: > > > > > > > > << Start of Error Message>> > > > > > > > > org.apache.axis2.AxisFault: WSHandler: Signature: unknown key > > identification; ne > > > > sted exception is: > > > > org.apache.ws.security.WSSecurityException: > > WSHandler: Signature: unknow > > > > n key identification > > > > at > > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender. > > > > java:255) > > > > at > > org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle > > > > r.java:82) > > > > at > > org.apache.axis2.engine.Phase.invoke(Phase.java:381) > > > > at > > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473) > > > > at > > org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572) > > > > at > > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO > > > > peration.java:328) > > > > at > > org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx > > > > isOperation.java:279) > > > > at > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java: > > > > 457) > > > > at > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java: > > > > 399) > > > > at > > sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja > > > > va:60) > > > > Caused by: org.apache.ws.security.WSSecurityException: > > WSHandler: Signature: unk > > > > nown key identification > > > > at > > org.apache.ws.security.handler.WSHandler.decodeSignatureParameter(WSH > > > > andler.java:397) > > > > at > > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav > > > > a:124) > > > > at > > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender. > > > > java:181) > > > > ... 9 more > > > > > > > > << End of Error Message >> > > > > > > > > From error it looks like I am not giving correct "signatureKeyIdentifier" > in > > axis2.xml. As per the document, I came to know that value of > > "signatureKeyIdentifier" should be IssuerSerial number so I assigned CA's > > serial number to this tag but it did no work? > > > > Can anyone figure it out where I am going wrong? > > > > > > > > Best Regards, > > Shyam Shukla > > > > > > > > DISCLAIMER ========== This e-mail may contain privileged and > confidential > > information which is the property of Persistent Systems Pvt. Ltd. It is > > intended only for the use of the individual or entity to which it is > > addressed. If you are not the intended recipient, you are not authorized > to > > read, retain, copy, print, distribute or use this message. If you have > > received this communication in error, please notify the sender and delete > > all copies of this message. Persistent Systems Pvt. Ltd. does not accept > any > > liability for virus infected mails. > > > -- > www.ruchith.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > DISCLAIMER > ========== > This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. > -- www.ruchith.org DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
