Hi NItin,
I tried to copy both privkeystore and crypto.properties to WEB-INF/classes.
And I also checked my keystore and as you can see bellow, this has both the
private key and trusted certificate.
Even with these two attempts the same exception is *thrown*.
I suspect that there is some limitation on the type of keystore I'm using
(jks) and the deployment environment (wss4j-1.5.7 + tomcat + axis1.4) - am
I right ?
Thanks for your help Nitin. I'll be very grateful for any support.
Best regards,
Alex
************************my privkeystore
------------------------------------------------------------------------------
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: privkey
Creation date: 17/Ago/2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=privkey
Issuer: CN=privkey
Serial number: 4a892d57
Valid from: Mon Aug 17 11:13:43 WEST 2009 until: Sun Nov 15 10:13:43 WET
2009
Certificate fingerprints:
MD5: 73:C3:F4:BA:7E:54:E1:4E:2F:1A:B3:4A:60:92:C9:56
SHA1: CE:CE:D9:0A:ED:47:34:70:5D:10:A3:2C:00:6B:8E:84:70:64:44:13
Signature algorithm name: SHA1withDSA
Version: 3
*******************************************
*******************************************
Alias name: pubcert
Creation date: 17/Ago/2009
Entry type: trustedCertEntry
Owner: CN=pubcert
Issuer: CN=pubcert
Serial number: 4a892d58
Valid from: Mon Aug 17 11:13:44 WEST 2009 until: Sun Nov 15 10:13:44 WET
2009
Certificate fingerprints:
MD5: 51:34:C6:D8:8D:27:9B:EB:35:8C:47:EE:AD:B8:A1:05
SHA1: 89:C2:CC:BF:F2:31:87:20:E7:AB:14:16:8B:B1:BE:8B:58:9A:D0:64
Signature algorithm name: SHA1withDSA
Version: 3
*******************************************
*******************************************
2009/8/17 Nitin Handa <[email protected]>
> Try copying your keystore and cryptp.properties to your WEB-INF/classes
> folder.
>
> Other thing to check out is your privkey should also have certificates in
> keystore apart from private key.
>
> HTH,
> Nitin
>
>
>
> Alexandre Veloso de Matos wrote:
>
>> Dear all,
>>
>> I suppose this a question already addressed before. However, even with the
>> help of former responses I couldn't achieve an answer to my problem.
>>
>> I have a web service. I want to sign any call to this web service. For
>> this I provided a keystore from where public and private keys should be
>> gathered. In fact, I tried to follow the guidelines from this tutorial:
>> http://www.devx.com/Java/Article/28816/1954?pf=true.
>>
>> I've been receiving constantly the following exception:
>>
>> org.apache.ws.security.WSSecurityException: Error during Signature: ;
>> nested exception is:
>> org.apache.ws.security.WSSecurityException: General security error (No
>> certificates for user privkey were found for signature)nothing
>> at
>> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:60)
>> at
>> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:201)
>> at
>> org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:168)
>> at
>> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
>> at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
>> at org.apache.axis.client.Call.invoke(Call.java:2767)
>> at org.apache.axis.client.Call.invoke(Call.java:2443)
>> at org.apache.axis.client.Call.invoke(Call.java:2366)
>> at org.apache.axis.client.Call.invoke(Call.java:1812)
>> at wss.client.PubCertClient.main(PubCertClient.java:57)
>> Caused by: org.apache.ws.security.WSSecurityException: General security
>> error (No certificates for user privkey were found for signature)
>> at
>> org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:311)
>> at
>> org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:748)
>> at
>> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
>> ... 12 more
>>
>> In order to clarify, my client deployment is guided by the following:
>>
>> <deployment name="ClientConfig" xmlns="http://xml.apache.org/axis/wsdd/";
>> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
>> <transport name="http"
>> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>> <globalConfiguration >
>> <requestFlow>
>> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
>> <parameter name="user" value="privkey"/>
>> <parameter name="passwordCallbackClass"
>> value="wss.client.PWCallback"/>
>> <parameter name="action" value="Signature Encrypt"/>
>> <parameter name="signaturePropFile" value="crypto.properties" />
>> </handler>
>> </requestFlow>
>> </globalConfiguration >
>> </deployment>
>>
>> and the server deployment descriptor is the following:
>>
>> <deployment
>> xmlns="http://xml.apache.org/axis/wsdd/";
>> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
>>
>> <!-- Services from SignService WSDL service -->
>>
>> <service name="wss_service" provider="java:RPC" style="rpc"
>> use="encoded">
>> <requestFlow>
>> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
>> <parameter name="passwordCallbackClass"
>> value="wss.server.PWCallback"/>
>> <parameter name="action" value="Signature Encrypt"/>
>> <parameter name="signaturePropFile" value="crypto.properties" />
>> </handler>
>> </requestFlow> <parameter name="wsdlTargetNamespace"
>> value="urn:wss"/>
>> <parameter name="wsdlServiceElement" value="SignService"/>
>> <parameter name="wsdlServicePort" value="wss_service"/>
>> <parameter name="className"
>> value="wss.ws.Wss_serviceSoapBindingImpl"/>
>> <parameter name="wsdlPortType" value="Sign"/>
>> <parameter name="typeMappingVersion" value="1.2"/>
>> <operation name="getPubCert" qname="operNS:getPubCert"
>> xmlns:operNS="urn:wss" returnQName="getPubCertReturn"
>> returnType="rtns:string" xmlns:rtns="
>> http://schemas.xmlsoap.org/soap/encoding/"; soapAction="" >
>> </operation>
>> <parameter name="allowedMethods" value="getPubCert"/>
>> <parameter name="scope" value="Session"/>
>>
>> </service>
>> </deployment>
>>
>> And my crypto.properties file:
>>
>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>> org.apache.ws.security.crypto.merlin.keystore.password=foobar
>> org.apache.ws.security.crypto.merlin.alias.password=foobar
>> org.apache.ws.security.crypto.merlin.keystore.alias=privkey
>> org.apache.ws.security.crypto.merlin.keystore.file=privkeystore
>>
>> My latter attempts to bypass these exceptions:
>> 1) privkeystore path is on classpath
>> 2) there is a callback that returns the password for the alias privkey
>> (foobar)
>> 3) the crypto.properties is also on classpath
>>
>> Thanks for any clue on what could be happening.
>>
>> Best regards,
>>
>> Alex
>>
>>
>> --
>> Alexandre Veloso de Matos
>> Phd Student - Informatics Engineering Department
>> University of Coimbra - Coimbra, Portugal
>>
>
>
--
Alexandre Veloso de Matos
Phd Student - Informatics Engineering Department
University of Coimbra - Coimbra, Portugal
