Can you post your bob.properties config file?
Colm. ________________________________ From: Ostermueller, Erik [mailto:[EMAIL PROTECTED] Sent: 20 June 2008 14:57 To: [email protected] Subject: RE: Need help figuring out CryptoBase#getCertificates(alias) ..replying to self. Here are a few important details I forgot to include for this "Unexpected number of X509Data: for Signature" error. I'm trying to encrypt and sign a CXF 2.1 soap message with symmetric key. BounchCastle version is jdk15-139. This stack trace is on the client side -- it never gets to the server. [java] Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Security processing failed. [java] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:218) [java] at $Proxy29.creditLineInq2(Unknown Source) [java] at demo.hw.client.Client.main(Client.java:77) [java] Caused by: org.apache.cxf.binding.soap.SoapFault: Security processing failed. [java] at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor Internal.handleMessage(WSS4JOutInterceptor.java:213) [java] at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor Internal.handleMessage(WSS4JOutInterceptor.java:86) [java] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC hain.java:221) [java] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276) [java] at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222) [java] at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) [java] at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:177) [java] ... 2 more [java] Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature) [java] at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.ja va:61) [java] at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:1 97) [java] at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOut Interceptor.java:47) [java] at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor Internal.handleMessage(WSS4JOutInterceptor.java:198) [java] ... 8 more [java] Java Result: 1 Here is my configuration: <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:beans="http://www.springframework.org/schema/beans"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:cxf="http://cxf.apache.org/core"; xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <jaxws:endpoint id="jaxwsService" implementor="demo.hw.server.HelloWorldImpl" address="/hello_world" > <jaxws:inInterceptors> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <entry key="action" value="Timestamp Signature Encrypt"/> <entry key="signaturePropFile" value="bob.properties"/> <entry key="decryptionPropFile" value="bob.properties"/> <entry key="passwordCallbackClass" value="demo.hw.server.KeystorePasswordCallback"/> </map> </constructor-arg> </bean> </jaxws:inInterceptors> <jaxws:outInterceptors> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <entry key="action" value="Timestamp Signature Encrypt"/> <entry key="user" value="bob"/> <entry key="signaturePropFile" value="bob.properties"/> <entry key="encryptionPropFile" value="bob.properties"/> <entry key="encryptionUser" value="bob"/> <entry key="signatureKeyIdentifier" value="DirectReference"/> <entry key="passwordCallbackClass" value="org.jboss.test.ws.jaxws.samples.wsse.KeystorePasswordCallback"/> <entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss -wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.o rg/soap/envelope/}Body"/> <entry key="encryptionParts" value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{ http://schemas.xmlsoap.org/soap/envelope/}Body"/> <entry key="encryptionKeyTransportAlgorithm" value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/ <http://www.w3.org/2001/04/xmlenc#rsa-1_5> > <entry key="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/ <http://www.w3.org/2001/04/xmlenc#tripledes-cbc> > </map> </constructor-arg> </bean> </jaxws:outInterceptors> </jaxws:endpoint> <bean id="logInbound" class="org.apache.cxf.interceptor.LoggingInInterceptor"/> <bean id="logOutbound" class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> <cxf:bus> <cxf:features> <cxf:logging/> </cxf:features> </cxf:bus> </beans> ________________________________ From: Ostermueller, Erik [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2008 5:23 PM To: [email protected] Subject: Need help figuring out CryptoBase#getCertificates(alias) Hi, I'm having trouble getting wss4j/bouncyCastle/jce to find my certificate. Everything I've read on my error (below) says I've got something wrong with my alias. So, I added to debug code which seems to show I've got my alias stuff right. I learned the following from my debug code: Point A: keystore.getCertificateChain(alias) returns null Point B: keystore.containsAlias(alias) returns true. This is where I'm not understanding things, b/c my "Point A" and "Point B" (in my own head) seem mutually exclusive. Thanks all, --Erik Ostermueller #####Here is the error I'm getting: Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message processingorg.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature) #####Here is my key generation: %JAVA_HOME%\bin\keytool -genseckey -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider -storetype JCEKS -keyalg DESede -keystore .\conf\bob.jks -alias bob -validity 365 -storepass password -keypass password ###### I added the following debug code to the very top of CryptoBase#getCertificates(alias) from wss4j 1.5.4 try { Certificate[] etoCerts = keystore.getCertificateChain(alias); java.security.Key myKey = keystore.getKey(alias,"password".toCharArray() ); System.out.println("CryptoBase#getCertificates A -- keystore entries [" + keystore.size() + "] alias [" + alias + "] keystore.isKeyEntry [" + keystore.isKeyEntry(alias) + "] containsAlias [" + keystore.containsAlias(alias) + "] etoCerts [" + etoCerts + "] myKey[" + myKey + "] key algo [" + myKey.getAlgorithm() + "] format [" + myKey.getFormat() + "]"); for(Enumeration xenum = keystore.aliases(); xenum.hasMoreElements();) { Object objAlias = xenum.nextElement(); System.out.println("Found alias [" + objAlias + "]"); } } catch (Exception e) { System.out.println("error looking for the aliases ETO 6/19/2008 10:13:23 AM"); e.printStackTrace(); } ###### The above code produced the following output CryptoBase#getCertificates A -- keystore entries [1] alias [bob] keystore.isKeyEntry [true] containsAlias [true] etoCerts [null] [EMAIL PROTECTED] key algo [DESede] format [RAW] Found alias [bob] ______________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _____________ ______________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _____________ ---------------------------- IONA Technologies PLC (registered in Ireland) Registered Number: 171387 Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
