I changed this for the 1.6 release on trunk a while ago BTW just for consistency. The new config tag is:
org.apache.ws.security.crypto.merlin.keystore.file but the old tag works as well. Colm. ________________________________ From: Alexandre Veloso de Matos [mailto:[email protected]] Sent: 17 August 2009 17:54 To: Nitin Handa Cc: [email protected] Subject: Re: Newbie question Thanks Nitin, you were right. The problem was solely that word (keystore) at the crypto.properties entry. Thanks a lot for your support. Alex 2009/8/17 Nitin Handa <[email protected]> JKS and environment is perfectly fine.. I see your crypto.properties file is not something I am using.. For me this is working fine- org.apache.ws.security.crypto.provider=org.apache.ws.security.components .crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=welcome1 org.apache.ws.security.crypto.merlin.file=default-keystore.jks Please note the difference in the way i mentioned keystore file.. my - org.apache.ws.security.crypto.merlin.file=default-keystore.jks your - org.apache.ws.security.crypto.merlin.*keystore*.file=privkeystore Thanks Nitin Alexandre Veloso de Matos wrote: Hi NItin, I tried to copy both privkeystore and crypto.properties to WEB-INF/classes. And I also checked my keystore and as you can see bellow, this has both the private key and trusted certificate. Even with these two attempts the same exception is *thrown*. I suspect that there is some limitation on the type of keystore I'm using (jks) and the deployment environment (wss4j-1.5.7 + tomcat + axis1.4) - am I right ? Thanks for your help Nitin. I'll be very grateful for any support. Best regards, Alex ************************my privkeystore ------------------------------------------------------------------------ ------ Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Alias name: privkey Creation date: 17/Ago/2009 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=privkey Issuer: CN=privkey Serial number: 4a892d57 Valid from: Mon Aug 17 11:13:43 WEST 2009 until: Sun Nov 15 10:13:43 WET 2009 Certificate fingerprints: MD5: 73:C3:F4:BA:7E:54:E1:4E:2F:1A:B3:4A:60:92:C9:56 SHA1: CE:CE:D9:0A:ED:47:34:70:5D:10:A3:2C:00:6B:8E:84:70:64:44:13 Signature algorithm name: SHA1withDSA Version: 3 ******************************************* ******************************************* Alias name: pubcert Creation date: 17/Ago/2009 Entry type: trustedCertEntry Owner: CN=pubcert Issuer: CN=pubcert Serial number: 4a892d58 Valid from: Mon Aug 17 11:13:44 WEST 2009 until: Sun Nov 15 10:13:44 WET 2009 Certificate fingerprints: MD5: 51:34:C6:D8:8D:27:9B:EB:35:8C:47:EE:AD:B8:A1:05 SHA1: 89:C2:CC:BF:F2:31:87:20:E7:AB:14:16:8B:B1:BE:8B:58:9A:D0:64 Signature algorithm name: SHA1withDSA Version: 3 ******************************************* ******************************************* 2009/8/17 Nitin Handa <[email protected] <mailto:[email protected]>> Try copying your keystore and cryptp.properties to your WEB-INF/classes folder. Other thing to check out is your privkey should also have certificates in keystore apart from private key. HTH, Nitin Alexandre Veloso de Matos wrote: Dear all, I suppose this a question already addressed before. However, even with the help of former responses I couldn't achieve an answer to my problem. I have a web service. I want to sign any call to this web service. For this I provided a keystore from where public and private keys should be gathered. In fact, I tried to follow the guidelines from this tutorial: http://www.devx.com/Java/Article/28816/1954?pf=true. I've been receiving constantly the following exception: org.apache.ws.security.WSSecurityException: Error during Signature: ; nested exception is: org.apache.ws.security.WSSecurityException: General security error (No certificates for user privkey were found for signature)nothing at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.ja va:60) at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:2 01) at org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:168) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.j ava:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) at wss.client.PubCertClient.main(PubCertClient.java:57) Caused by: org.apache.ws.security.WSSecurityException: General security error (No certificates for user privkey were found for signature) at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.jav a:311) at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java: 748) at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.ja va:57) ... 12 more In order to clarify, my client deployment is guided by the following: <deployment name="ClientConfig" xmlns="http://xml.apache.org/axis/wsdd/"; xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";> <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/> <globalConfiguration > <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" > <parameter name="user" value="privkey"/> <parameter name="passwordCallbackClass" value="wss.client.PWCallback"/> <parameter name="action" value="Signature Encrypt"/> <parameter name="signaturePropFile" value="crypto.properties" /> </handler> </requestFlow> </globalConfiguration > </deployment> and the server deployment descriptor is the following: <deployment xmlns="http://xml.apache.org/axis/wsdd/"; xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";> <!-- Services from SignService WSDL service --> <service name="wss_service" provider="java:RPC" style="rpc" use="encoded"> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> <parameter name="passwordCallbackClass" value="wss.server.PWCallback"/> <parameter name="action" value="Signature Encrypt"/> <parameter name="signaturePropFile" value="crypto.properties" /> </handler> </requestFlow> <parameter name="wsdlTargetNamespace" value="urn:wss"/> <parameter name="wsdlServiceElement" value="SignService"/> <parameter name="wsdlServicePort" value="wss_service"/> <parameter name="className" value="wss.ws.Wss_serviceSoapBindingImpl"/> <parameter name="wsdlPortType" value="Sign"/> <parameter name="typeMappingVersion" value="1.2"/> <operation name="getPubCert" qname="operNS:getPubCert" xmlns:operNS="urn:wss" returnQName="getPubCertReturn" returnType="rtns:string" xmlns:rtns="http://schemas.xmlsoap.org/soap/encoding/"; soapAction="" > </operation> <parameter name="allowedMethods" value="getPubCert"/> <parameter name="scope" value="Session"/> </service> </deployment> And my crypto.properties file: org.apache.ws.security.crypto.provider=org.apache.ws.security.components .crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=foobar org.apache.ws.security.crypto.merlin.alias.password=foobar org.apache.ws.security.crypto.merlin.keystore.alias=privkey org.apache.ws.security.crypto.merlin.keystore.file=privkeystore My latter attempts to bypass these exceptions: 1) privkeystore path is on classpath 2) there is a callback that returns the password for the alias privkey (foobar) 3) the crypto.properties is also on classpath Thanks for any clue on what could be happening. Best regards, Alex -- Alexandre Veloso de Matos Phd Student - Informatics Engineering Department University of Coimbra - Coimbra, Portugal -- Alexandre Veloso de Matos Phd Student - Informatics Engineering Department University of Coimbra - Coimbra, Portugal -- Alexandre Veloso de Matos Phd Student - Informatics Engineering Department University of Coimbra - Coimbra, Portugal
