org.apache.ws.security.WSSecurityException: Error during Signature:
Caused by: org.apache.ws.security.WSSecurityException: General security
error (No certificates for user
1aebbd965b6a781985262f599706985279373c1c were found for signature)
I am using Axis 1.5 and WSS4j 1.5 (I know, old), and It can't find my
private key I've listed in my KeyStore. I have tried finding the
PrivateKey by SHA1 Hash, and also by Certificate Alias.
This question has been asked before on StackExhange, but their problem, was
that their certificate type in the KeyStore wasn't a "PrivateKeyEntry".
Mine is. See:
Alias name: public_cert
Creation date: Dec 17, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: Removed
Issuer: Removed
Serial number: 9eda2ff9da33db0e
Valid from: Fri Dec 06 14:34:49 EST 2013 until: Sat Dec 06 14:34:49 EST
2014
Certificate fingerprints:
MD5: B9:56:CB:18:8E:2F:CC:5B:50:E0:EE:CD:A1:39:B7:C6
SHA1:
1A:EB:BD:96:5B:6A:78:19:85:26:2F:59:97:06:98:52:79:37:3C:1C
SHA256:
DC:60:1D:7A:A8:93:70:EF:D2:C1:B4:A5:C3:91:92:D8:0B:FD:9D:88:3A:B0:F2:8D:4F:7C:1F:01:C3:72:71:4C
Signature algorithm name: SHA1withRSA
Version: 1
My Crypto File:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=JKS
org.apache.ws.security.crypto.merlin.keystore.alias=public_cert
org.apache.ws.security.crypto.merlin.keystore.file=C:\\Path\\my_keystore.jks
org.apache.ws.security.crypto.merlin.keystore.password=changeit
My WSDD:
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java
">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="user" value="public_cert"/>
<parameter name="passwordCallbackClass"
value="com.mypackage"/>
<parameter name="action" value="Signature"/>
<parameter name="signatureParts" value="{}{
http://schemas.xmlsoap.org/soap/envelope/}Body;STRTransform"; />
<parameter name="signatureKeyIdentifier"
value="DirectReference" />
<parameter name="signaturePropFile"
value="crypto.properties" />
<parameter name="mustUnderstand" value="0"/>
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
I have tried combinations of both
<parameter name="user" value="public_cert"/>
<parameter name="user"
value="1aebbd965b6a781985262f599706985279373c1c"/>
For both "user", and "signatureUser".
Here is my Password Callback Class:
public PasswordCallback implements CallbackHandler {
@Override
public void handle(javax.security.auth.callback.Callback[]
callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
pc.setPassword("changeit");
} else {
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
}
}
}
}
However, when I do all of this programatically (setup my own handlers,
initiate a WSSecBuilder, and do a Builder.setUserInfo(User, Pw), It can
find the PrivateKey O.K.
I have tried everything possible, has anyone else ever had this problem?
Or does anyone know something that I may be doing wrong? A known bug with
the older axis'? I've tried different keystore types, pkcs12, etc, and all
yield the same error.... "General security error (No certificates for user"
Any help would be greatly appreciated! I am pulling my hair out.
