Please see here :
http://www.wso2.net/kb/116
Thanks,
Ruchith
On 11/23/06, Subash Devkota <[EMAIL PROTECTED]> wrote:
Hi all,
I am having problem in using my own certificate to implement WS-Security =
with Axis2 and rampart. I am using Axis2-1.0 and rampart-1.0 module.
When I used the certificate and keys available in provided samples, it=20
works fine. When using my own certificates and keys (generated through=20
keytool) I get the error:
org.apache.axis2.AxisFault: WSHandler: Signature: error during message=20
procesingorg.apache.ws.security.WSSecurityException: General security=20
error (Unexpected number of X509Data: for Signature); nested exception =
is:
org.apache.ws.security.WSSecurityException: WSHandler: Signature: error=20
during message procesingorg.apache.ws.security.WSSecurityException:=20
General security error (Unexpected number of X509Data: for Signature)
at=20
org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.java=
:255)=20
at=20
org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandler.ja=
va:82)=20
at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
at=20
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOpera=
tion.java:328)=20
.
.
.
Caused by: org.apache.ws.security.WSSecurityException: WSHandler:=20
Signature: error during message=20
procesingorg.apache.ws.security.WSSecurityException: General security=20
error (Unexpected number of X509Data: for Signature)
at=20
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.jav=
a:57)=20
at=20
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:19=
1)
at=20
org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.java=
:181)=20
... 41 more
I have following setting in axis2.xml file for outflow section:
<parameter name=3D"OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>agent</user>
=20
<passwordCallbackClass>myIntegration.PWCallback</passwordCallbackClass>
<signaturePropFile>sec.properties</signaturePropFile>
=
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
=
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionUser>server</encryptionUser>
=20
<signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Elemen=
t}{http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.o=
rg/2005/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/=
2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureP=
arts>
=20
<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</opt=
imizeParts>
</action>
</parameter>
In sec.properties file, i have following configuration:
org.apache.ws.security.crypto.provider=3Dorg.apache.ws.security.component=
s.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=3Djks
org.apache.ws.security.crypto.merlin.keystore.password=3DagentPassword
org.apache.ws.security.crypto.merlin.file=3DclientSide.jks
In the clientSide.jks file, there are two entries for the certificates=20
with the alias "agent" and "server" ( viewed through keytool). The error =
remains same even if i change the value of <user>Agent</user> in =
axis2.xml.
Can anyone please suggest me the solution. I searched the google but=20
found only the problems but no solutions.
Thanks in advance
Subash
PRIVACY NOTICE
This email and any attachments may be confidential and/or privileged. Use of
the information contained in this email by anyone other than the intended
recipient is strictly prohibited. If you have received this email in error,
please notify the sender by replying to this message and delete this email.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
