WSS4j is a WS-Security Implementation Rampart configuration handles the security parameters
Martin Gainty ______________________________________________ Jogi és Bizalmassági kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Ez az üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet ezen üzenet tartalma miatt. Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Sun, 22 Dec 2013 14:28:57 -0500 Subject: Apache Axis + WSS4J Issue? From: [email protected] To: [email protected] org.apache.ws.security.WSSecurityException: Error during Signature: Caused by: org.apache.ws.security.WSSecurityException: General security error (No certificates for user 1aebbd965b6a781985262f599706985279373c1c were found for signature) I am using Axis 1.5 and WSS4j 1.5 (I know, old), and It can't find my private key I've listed in my KeyStore. I have tried finding the PrivateKey by SHA1 Hash, and also by Certificate Alias. This question has been asked before on StackExhange, but their problem, was that their certificate type in the KeyStore wasn't a "PrivateKeyEntry". Mine is. See: Alias name: public_cert Creation date: Dec 17, 2013 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: Removed Issuer: Removed Serial number: 9eda2ff9da33db0e Valid from: Fri Dec 06 14:34:49 EST 2013 until: Sat Dec 06 14:34:49 EST 2014 Certificate fingerprints: MD5: B9:56:CB:18:8E:2F:CC:5B:50:E0:EE:CD:A1:39:B7:C6 SHA1: 1A:EB:BD:96:5B:6A:78:19:85:26:2F:59:97:06:98:52:79:37:3C:1C SHA256: DC:60:1D:7A:A8:93:70:EF:D2:C1:B4:A5:C3:91:92:D8:0B:FD:9D:88:3A:B0:F2:8D:4F:7C:1F:01:C3:72:71:4C Signature algorithm name: SHA1withRSA Version: 1 My Crypto File: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=JKS org.apache.ws.security.crypto.merlin.keystore.alias=public_cert org.apache.ws.security.crypto.merlin.keystore.file=C:\\Path\\my_keystore.jks org.apache.ws.security.crypto.merlin.keystore.password=changeit My WSDD: <deployment xmlns="http://xml.apache.org/axis/wsdd/"; xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";> <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/> <globalConfiguration > <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" > <parameter name="user" value="public_cert"/> <parameter name="passwordCallbackClass" value="com.mypackage"/> <parameter name="action" value="Signature"/> <parameter name="signatureParts" value="{}{http://schemas.xmlsoap.org/soap/envelope/}Body;STRTransform"; /> <parameter name="signatureKeyIdentifier" value="DirectReference" /> <parameter name="signaturePropFile" value="crypto.properties" /> <parameter name="mustUnderstand" value="0"/> <!-- do you really want the SoapService to ignore the headers ? --> </handler> </requestFlow> </globalConfiguration> </deployment> <!-- so in rampart you can configure InflowSecurity to accept crypto.properties --> <!-- engage rampart --> <module ref="rampart" /> <!-- configure InflowSecurity to accept crypto.properties --> <parameter name="InflowSecurity"> <action> <items>Timestamp Signature</items> <signaturePropFile>crypto.properties</signaturePropFile> </action> </parameter> http://www.ibm.com/developerworks/webservices/library/ws-Axis2/ MG> I have tried combinations of both <parameter name="user" value="public_cert"/> <parameter name="user" value="1aebbd965b6a781985262f599706985279373c1c"/> For both "user", and "signatureUser". Here is my Password Callback Class: public PasswordCallback implements CallbackHandler { @Override public void handle(javax.security.auth.callback.Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof WSPasswordCallback) { WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; pc.setPassword("changeit"); } else { throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); } } } } However, when I do all of this programatically (setup my own handlers, initiate a WSSecBuilder, and do a Builder.setUserInfo(User, Pw), It can find the PrivateKey O.K. I have tried everything possible, has anyone else ever had this problem? Or does anyone know something that I may be doing wrong? A known bug with the older axis'? I've tried different keystore types, pkcs12, etc, and all yield the same error.... "General security error (No certificates for user" Any help would be greatly appreciated! I am pulling my hair out.
