Thanks for the quick reply. I made that change (excellent catch, by the
way) and it did not make a difference -- probably because that is in the
server configuration, and it dies before it gets to the server.
Here is my client code.
public static void main(String args[]) throws Exception {
Service service = Service.create(SERVICE_NAME);
// Endpoint Address
String endpointAddress =
"http://localhost:9000/dfSoap/services/hello_world";;
JaxWsProxyFactoryBean factory = getFactory();
factory.setServiceClass(HelloWorld.class);
factory.setAddress(endpointAddress);
HelloWorld hw = (HelloWorld) factory.create();
CreditLineSummaryInqRs rs = hw.creditLineInq2( "AP18740",
getLiveRq() );
displayResponse( (CreditLineSummaryInqRs)rs );
}
public static JaxWsProxyFactoryBean getFactory() {
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
Map<String,Object> outProps = new HashMap<String,Object>();
outProps.put(WSHandlerConstants.ACTION, "Timestamp Signature
Encrypt");
//outProps.put("user", "alice");
outProps.put(WSHandlerConstants.USER,"bob");
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "bob.properties");
outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
"demo.hw.server.KeystorePasswordCallback");
outProps.put(WSHandlerConstants.SIGNATURE_PARTS,
"{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soa
p/envelope/}Body");
outProps.put(WSHandlerConstants.ENC_PROP_FILE, "bob.properties");
outProps.put(WSHandlerConstants.ENCRYPTION_USER, "bob");
outProps.put(WSHandlerConstants.ENCRYPTION_PARTS,
"{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http:/
/schemas.xmlsoap.org/soap/envelope/}Body");
outProps.put(WSHandlerConstants.ENC_SYM_ALGO,
"http://www.w3.org/2001/04/xmlenc#tripledes-cbc";);
outProps.put(WSHandlerConstants.ENC_KEY_TRANSPORT,
"http://www.w3.org/2001/04/xmlenc#rsa-1_5";);
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
//request
factory.getOutInterceptors().add(wssOut);
//factory.getOutInterceptors().add(new SAAJOutInterceptor());
Map<String,Object> inProps= new HashMap<String,Object>();
inProps.put(WSHandlerConstants.ACTION, "Timestamp Signature
Encrypt");
inProps.put(WSHandlerConstants.SIG_PROP_FILE, "bob.properties");
inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
"demo.hw.server.KeystorePasswordCallback");
inProps.put(WSHandlerConstants.DEC_PROP_FILE, "bob.properties");
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
//response
factory.getInInterceptors().add(wssIn);
//factory.getInInterceptors().add(new SAAJInInterceptor());
return factory;
}
________________________________
From: O hEigeartaigh, Colm [mailto:[EMAIL PROTECTED]
Sent: Friday, June 20, 2008 11:14 AM
To: Ostermueller, Erik; [email protected]
Subject: RE: Need help figuring out CryptoBase#getCertificates(alias)
> <jaxws:outInterceptors>
> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
You're attaching an "in" interceptor to the out interceptor list
there...try replacing it with WSS4JOutInterceptor.
Colm.
________________________________
From: Ostermueller, Erik [mailto:[EMAIL PROTECTED]
Sent: 20 June 2008 15:56
To: O hEigeartaigh, Colm; [email protected]
Subject: RE: Need help figuring out CryptoBase#getCertificates(alias)
Here is bob.properties. To no avail, I tried
'org.apache.ws.security.components.crypto.BouncyCastle' for the
org.apache.ws.security.crypto.provider.
org.apache.ws.security.crypto.provider=org.apache.ws.security.components
.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jceks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.alias.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=bob
org.apache.ws.security.crypto.merlin.file=bob.jks
--Erik
________________________________
From: O hEigeartaigh, Colm [mailto:[EMAIL PROTECTED]
Sent: Friday, June 20, 2008 9:34 AM
To: Ostermueller, Erik; [email protected]
Subject: RE: Need help figuring out CryptoBase#getCertificates(alias)
Can you post your bob.properties config file?
Colm.
________________________________
From: Ostermueller, Erik [mailto:[EMAIL PROTECTED]
Sent: 20 June 2008 14:57
To: [email protected]
Subject: RE: Need help figuring out CryptoBase#getCertificates(alias)
..replying to self. Here are a few important details I forgot to
include for this "Unexpected number of X509Data: for Signature" error.
I'm trying to encrypt and sign a CXF 2.1 soap message with symmetric
key. BounchCastle version is jdk15-139.
This stack trace is on the client side -- it never gets to the server.
[java] Exception in thread "main"
javax.xml.ws.soap.SOAPFaultException: Security processing failed.
[java] at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:218)
[java] at $Proxy29.creditLineInq2(Unknown Source)
[java] at demo.hw.client.Client.main(Client.java:77)
[java] Caused by: org.apache.cxf.binding.soap.SoapFault: Security
processing failed.
[java] at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
Internal.handleMessage(WSS4JOutInterceptor.java:213)
[java] at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
Internal.handleMessage(WSS4JOutInterceptor.java:86)
[java] at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
hain.java:221)
[java] at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
[java] at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
[java] at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
[java] at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:177)
[java] ... 2 more
[java] Caused by: org.apache.ws.security.WSSecurityException:
WSHandler: Signature: error during message
processingorg.apache.ws.security.WSSecurityException: General security
error (Unexpected number of X509Data: for Signature)
[java] at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.ja
va:61)
[java] at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:1
97)
[java] at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOut
Interceptor.java:47)
[java] at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
Internal.handleMessage(WSS4JOutInterceptor.java:198)
[java] ... 8 more
[java] Java Result: 1
Here is my configuration:
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:beans="http://www.springframework.org/schema/beans";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:cxf="http://cxf.apache.org/core";
xsi:schemaLocation="
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";>
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<jaxws:endpoint
id="jaxwsService"
implementor="demo.hw.server.HelloWorldImpl"
address="/hello_world" >
<jaxws:inInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature Encrypt"/>
<entry key="signaturePropFile" value="bob.properties"/>
<entry key="decryptionPropFile" value="bob.properties"/>
<entry key="passwordCallbackClass"
value="demo.hw.server.KeystorePasswordCallback"/>
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature Encrypt"/>
<entry key="user" value="bob"/>
<entry key="signaturePropFile" value="bob.properties"/>
<entry key="encryptionPropFile" value="bob.properties"/>
<entry key="encryptionUser" value="bob"/>
<entry key="signatureKeyIdentifier" value="DirectReference"/>
<entry key="passwordCallbackClass"
value="org.jboss.test.ws.jaxws.samples.wsse.KeystorePasswordCallback"/>
<entry key="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.o
rg/soap/envelope/}Body"/>
<entry key="encryptionParts"
value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{
http://schemas.xmlsoap.org/soap/envelope/}Body"/>
<entry key="encryptionKeyTransportAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/
<http://www.w3.org/2001/04/xmlenc#rsa-1_5> >
<entry key="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/
<http://www.w3.org/2001/04/xmlenc#tripledes-cbc> >
</map>
</constructor-arg>
</bean>
</jaxws:outInterceptors>
</jaxws:endpoint>
<bean id="logInbound"
class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
<bean id="logOutbound"
class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
<cxf:bus>
<cxf:features>
<cxf:logging/>
</cxf:features>
</cxf:bus>
</beans>
________________________________
From: Ostermueller, Erik [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 19, 2008 5:23 PM
To: [email protected]
Subject: Need help figuring out CryptoBase#getCertificates(alias)
Hi,
I'm having trouble getting wss4j/bouncyCastle/jce to find my
certificate.
Everything I've read on my error (below) says I've got something wrong
with my alias.
So, I added to debug code which seems to show I've got my alias stuff
right.
I learned the following from my debug code:
Point A: keystore.getCertificateChain(alias) returns null
Point B: keystore.containsAlias(alias) returns true.
This is where I'm not understanding things, b/c my "Point A" and "Point
B" (in my own head) seem mutually exclusive.
Thanks all,
--Erik Ostermueller
#####Here is the error I'm getting:
Caused by: org.apache.ws.security.WSSecurityException:
WSHandler: Signature: error during message
processingorg.apache.ws.security.WSSecurityException:
General security error (Unexpected number of X509Data: for
Signature)
#####Here is my key generation:
%JAVA_HOME%\bin\keytool -genseckey -providerClass
org.bouncycastle.jce.provider.BouncyCastleProvider -storetype JCEKS
-keyalg DESede -keystore .\conf\bob.jks -alias bob -validity 365
-storepass password -keypass password
###### I added the following debug code to the very top of
CryptoBase#getCertificates(alias) from wss4j 1.5.4
try {
Certificate[] etoCerts =
keystore.getCertificateChain(alias);
java.security.Key myKey =
keystore.getKey(alias,"password".toCharArray() );
System.out.println("CryptoBase#getCertificates A --
keystore entries [" + keystore.size() + "] alias [" + alias + "]
keystore.isKeyEntry [" + keystore.isKeyEntry(alias) + "] containsAlias
[" + keystore.containsAlias(alias) + "] etoCerts [" + etoCerts + "]
myKey[" + myKey + "] key algo [" + myKey.getAlgorithm() + "] format [" +
myKey.getFormat() + "]");
for(Enumeration xenum = keystore.aliases();
xenum.hasMoreElements();) {
Object objAlias = xenum.nextElement();
System.out.println("Found alias [" + objAlias +
"]");
}
} catch (Exception e) {
System.out.println("error looking for the aliases ETO
6/19/2008 10:13:23 AM");
e.printStackTrace();
}
###### The above code produced the following output
CryptoBase#getCertificates A -- keystore entries [1] alias [bob]
keystore.isKeyEntry [true] containsAlias [true] etoCerts [null]
[EMAIL PROTECTED] key algo [DESede] format
[RAW]
Found alias [bob]
______________
The information contained in this message is proprietary and/or
confidential. If you are not the
intended recipient, please: (i) delete the message and all copies; (ii)
do not disclose,
distribute or use the message in any manner; and (iii) notify the sender
immediately. In addition,
please be aware that any message addressed to our domain is subject to
archiving and review by
persons other than the intended recipient. Thank you.
_____________
______________
The information contained in this message is proprietary and/or
confidential. If you are not the
intended recipient, please: (i) delete the message and all copies; (ii)
do not disclose,
distribute or use the message in any manner; and (iii) notify the sender
immediately. In addition,
please be aware that any message addressed to our domain is subject to
archiving and review by
persons other than the intended recipient. Thank you.
_____________
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
Ireland
______________
The information contained in this message is proprietary and/or
confidential. If you are not the
intended recipient, please: (i) delete the message and all copies; (ii)
do not disclose,
distribute or use the message in any manner; and (iii) notify the sender
immediately. In addition,
please be aware that any message addressed to our domain is subject to
archiving and review by
persons other than the intended recipient. Thank you.
_____________
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
Ireland
______________
The information contained in this message is proprietary and/or confidential.
If you are not the
intended recipient, please: (i) delete the message and all copies; (ii) do not
disclose,
distribute or use the message in any manner; and (iii) notify the sender
immediately. In addition,
please be aware that any message addressed to our domain is subject to
archiving and review by
persons other than the intended recipient. Thank you.
_____________
