Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Sorry no. How do I do that? -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

I added: LoggingOutInterceptor loi = new LoggingOutInterceptor(); LoggingInInterceptor lii = new LoggingInInterceptor(); response = isaleService.setSale(request); But the output to console does not look any different? Also the Logging intercepters are both flagged as

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Thanks for your help. I will get the certificate tomorrow and then need to connect using https - is there a guide somewhere on how to make what I have so far use https (it will be a new WSDL). -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

I have read: http://cxf.apache.org/docs/interceptors.html Its not making a whole lot of sense in terms of the Logging Intercepters. How do I add them to the chain? -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Ok - I looked here - http://cxf.apache.org/docs/debugging-and-logging.html . I am in intellij. I didnt see anything helpful? -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Hi, No I don't - I only have my private key and cert. I can get the server cert soon. I presume it needs to be imported into the java keystore - and then somehow referenced from the code? -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Alrightyprogress I get a response-code: 200 and I can see in the response the message goes through. Immediately after this response however I get the stack message: -- Jan 19, 2018 1:47:11 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

logging.properties # Default Logging Configuration File # # You can use a different file by specifying a filename # with the java.util.logging.config.file system property. # For example java

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Thanks guys but I am still confused. In my code: ((BindingProvider)iisrService).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, "client_sign.properties"); ((BindingProvider)iisrService).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME,

Is Apache-CXF right for this project?

Hello, I am pretty new to Web Services so no haters please. I need to write a client to send data to a web service which I have done using wsimport to generate the artifacts. I now need to add security, namely message signing and using HTTPS. Is CXF the right tool to add security to a client?

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

It looks like the wrong cert was used to verify the response from the server - now I have the correct cert (from the WSDL) the response is being verified - thank you so much for your patience. I now need to connect to essentially the same service but over https. I have the address of the https

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Ok, so at first glance it looks like I already have my client setup. They key bits I am guessing are: 1. Import certs - it will be mutual TLS 2. I already have : org.apache.cxf.endpoint.Client client = org.apache.cxf.frontend.ClientProxy.getClient(iisrService);

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

a search on the keyword cert on the debug log doesnt show up anything except the message I posted earlier about the SKI key not being found. -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Thanks. I looked at the link and see quite a few parameters but are not sure what/where how to apply them? Do I modify the instance of org.apache.cxf.endpoint.Client client in my code? Is there a working example I can be pointed to? Thank you -- Sent from:

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

I note from the log that it loads the truststore and the keystore, but only appears to search the truststore for the server cert to verify the signing on the response? DEBUG 2018-01-20 00:12:59,141 [Thread-2] org.apache.wss4j.common.util.Loader - Trying to find

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

I I comment out: //((BindingProvider)irsiService).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, //"client_sign.properties"); ((BindingProvider)irsiService).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

I think these are the signed parts: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy;> http://www.w3.org/2005/08/addressing"/> http://www.w3.org/2005/08/addressing"/> http://www.w3.org/2005/08/addressing"/> http://www.w3.org/2005/08/addressing"/> http://www.w3.org/2005/08/addressing"/>

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Yes the outgoing message is both signed and encrypted. -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

I have imported the server certificate into truststore.jks keytool -importcert -file CA-root.cer -alias CAcert -keystore truststore.jks -storepass password and added a reference to that file in my client_sign.properties:

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Hi, I couldn't find anything else in that module that referred to KayManager - the closest I can when I searched the github was : https://github.com/apache/cxf/blob/4142d44c4db7c9971829d15a4aa4b7056788e9e6/systests/transports/src/test/java/org/apache/cxf/systest/https/conduit/HTTPSClientTest.java

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Hi Colm, For the mutual tls I have two certificates (the client one which is already trusted by server) the server cert which I need to trust, and one private key. Do these get imported into the same trust stores and keystore as was used for the message signing? Do they need to be imported with

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Ok. I have followed on from the message signing with this code: // APACHE CXF CLIENT SETUP - MESSAGE SIGNING ((BindingProvider)irsiservice).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, "client_sign.properties");

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

But the links refer to X509 and you said not to use that. So I cant blindly copy that code. -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

I fear that getting Spring setup could be more pain than trying to complete it the way I have done so far. I have got to : // Setup TLS client params TLSClientParameters tlsParams = new TLSClientParameters(); X509TrustManager trustManager =new

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Something like this look better? My IDE doesn't complain about anything unresolved : org.apache.cxf.endpoint.Client client = org.apache.cxf.frontend.ClientProxy.getClient(irsiService); org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Ok - done. Now what? -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Hello, I am trying to develop a client to connect to a SOAP service. The messages I need to send to the service have to be signed by a certificate. I have imported the certificate into my keystore: c:\Program Files\Java\jdk1.7.0_80>keytool -list -v -keystore

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

I have tried this for my callbackhandler class, but still get a error: public class ClientCallbackHandler implements CallbackHandler { public void handle(Callback[] callbacks) { for (Callback callback : callbacks) { WSPasswordCallback pc = (WSPasswordCallback) callback;

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Thanks. You were right the key was missing - which I have fixed, but still not able to connect. The current Stack Error is: WARNING: Sign before encryption failed due to : Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

The relevant (I think code): SetSaleRequest request = new SetSaleRequest(); SetSaleResponse response = new SetSaleResponse(); // SENDS DATA request.setSale(Sale); request.getPeople().add(person); RSIService RSIService = new RSIService();

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

After fixing the cert/key issue I have changed my interceptor props from: Map outProps = new HashMap<>(); outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " +

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Ok I am now referencing the local copy of the https WSDL. THis is now the error: DEBUG 2018-01-31 17:26:18,007 [Thread-2] org.apache.cxf.common.logging.LogUtils - Using org.apache.cxf.common.logging.Log4jLogger for logging. DEBUG 2018-01-31 17:26:19,495 [Thread-2]

Re: relative path to WSDL in CXF

Better than in plain text!! On Fri, Feb 2, 2018 at 11:14 PM, Colm O hEigeartaigh <cohei...@apache.org> wrote: > Well it can be, I think, but that's not buying you much security. > > Colm. > > On Fri, Feb 2, 2018 at 10:03 AM, Al Grant <bigal...@gmail.com> wrote: >

Re: relative path to WSDL in CXF

This worked: @WebServiceClient(name = "SalesService", targetNamespace = "urn:sales.com.au/schema/common", wsdlLocation = "file:src/main/resources/SalesService.wsdl") public class SalesService extends Service { -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: relative path to WSDL in CXF

Can the crypto properties file use relative paths. Instead of: org.apache.ws.security.crypto.merlin.truststore.file=C:\\Users\\Owner\\IdeaProjects\\project1\\src\\main\\resources\\truststore.jks Something like:

Re: relative path to WSDL in CXF

I tried : wsdlLocation = ("file:/Service.wsdl") wsdlLocation = ("file:Service.wsdl") wsdlLocation = ("/Service.wsdl") wsdlLocation = ("Service.wsdl") Always file not found? -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

So I changed the service to point to https endpoint by editing the SaleService: @WebServiceClient(name = "SalesService", targetNamespace = "urn:test.sales.com/schema/common", wsdlLocation = "https://sales.com.au/ISRService.svc?singleWsdl;) public class SalesService extends Service { I

Client not sending proxy credentials

Hi All, I am trying to get my https client to get out through our proxy. I have configured the connection as outlined below but apparently no credentials are being sent to our proxy so I must be doing something wrong: org.apache.cxf.endpoint.Client client =

Re: relative path to WSDL in CXF

Similar to last post : ((BindingProvider)iisrService).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, "client_sign.properties"); ((BindingProvider)iisrService).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,

Re: Client not sending proxy credentials

Or like this? (I can't test it now as I have left the site with proxy): org.apache.cxf.endpoint.Client client = org.apache.cxf.frontend.ClientProxy.getClient(iisrService); org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();

Re: Client not sending proxy credentials

Thanks. So far I can't see how you set a username and password for a Proxy using that method? -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Client not sending proxy credentials

Actually just took a second look at your github Andy. More like this perhaps: HTTPClientPolicy policy = http.getClient(); policy.setProxyServer("someproxy.enterprise.au"); policy.setProxyServerPort(8080); http.getProxyAuthorization().setUserName("username");

relative path to WSDL in CXF

Hello, is there a way to get a relative path to the WSDL file? This code works: @WebServiceClient(name = "SalesService", targetNamespace = "urn:sales.com.au/schema/common", wsdlLocation = "file:/H:/Desktop/cmd/importer/src/main/resources/SalesService.wsdl") public class SalesService extends

Re: relative path to WSDL in CXF

So the crypto properties file cant be hidden in the jar file? -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Pretty Logging

How do I enable pretty output of the XML to the console? All the examples on StackOverflow seem to use a XML configuration file, but everything I am doing is in code. -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Here is the code that I have been using: SetSaleRequest request = new SetSaleRequest(); SetSaleResponse response = new SetSaleResponse(); // CXF CLIENT FOR MUTUAL TLS // Setup TLS client params TLSClientParameters tlsParams = new TLSClientParameters();

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

I move it to after the: HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); But the error is similar: DEBUG 2018-01-30 23:43:12,182 [Thread-2] org.apache.cxf.common.logging.LogUtils - Using org.apache.cxf.common.logging.Log4jLogger for logging. DEBUG 2018-01-30

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Main errors are: DEBUG 2018-01-30 22:38:04,635 [Thread-2] org.apache.cxf.common.logging.LogUtils - Using org.apache.cxf.common.logging.Log4jLogger for logging. DEBUG 2018-01-30 22:38:05,419 [Thread-2] org.apache.cxf.resource.DefaultResourceManager - resolving resource type DEBUG

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

That helped. Now the stack trace is : javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://sales.com.au/RSIService.svc?singleWsdl: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

So I can either save the WSDL or point my service to the copy which is not protected with security. I presume the wsdlLocation parameter that is passed in is either the file or a location without security/http? And then further down: url = new

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

I edited my post when you were posting. But can you confirm that I will need the wsdl for the endpoint I am connecting to, ie the SSL endpoint will be significantly different to the non SSL? Cheers AG -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Pretty Logging

Thanks. Do you actually mean to instantiate it: LoggingFeature logging = new LoggingFeature(); logging.setPrettyLogging(true); The github example is a Server - I want to do it in a client and print to log4j and console? So after the above two lines how do I write to console

Re: Pretty Logging

This is what worked for me for the benefit of anyone else: // LOGGING LoggingOutInterceptor loi = new LoggingOutInterceptor(); loi.setPrettyLogging(true); LoggingInInterceptor lii = new LoggingInInterceptor(); lii.setPrettyLogging(true);

Re: relative path to WSDL in CXF

Finally worked with: @WebServiceClient(name = "SalesService", targetNamespace = "urn:sales.test.au/schema/common", wsdlLocation = "classpath:SalesService.wsdl") public class SalesService extends Service { private final static URL SalesSERVICE_WSDL_LOCATION; private final static

Re: relative path to WSDL in CXF

Hi, This is getting very frustrating trying to get the project to find relative paths to the WDSL. Environment: Java 7 Build Tool: gradle IDE: Intellij The WSDL file runs fine in the IDE with : @WebServiceClient(name = "SalesService", targetNamespace = "urn:Sales.test.au/schema/common",

Re: Pretty Logging

Hi, This is the client created here : org.apache.cxf.endpoint.Client client = org.apache.cxf.frontend.ClientProxy.getClient(irsiService); org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint(); -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Client not sending proxy credentials

Thanks - yes it actually goes with this but I have to be very patient. For some reason it sits there trying to send the message for 10 minutes before it actually gets to send anything. It might be something to do with OCSP since i am using mutual TLS - unless anyone here has other ideas? Cheers

SOAP Fault

Hello, After changing over to a new set of certificates (and a new testing enpoint) code that was working is now generating: javax.xml.ws.soap.SOAPFaultException: Fault string, and possibly fault code, not set at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161) Does

Re: Client not sending proxy credentials

Hmm, its still not sending creds. Looking at a few examples online I think I am missing something. Anyone able to clarify what I am missing? HTTPConduit http = (HTTPConduit) client.getConduit(); if (PROXY) { HTTPClientPolicy policy = http.getClient();

Re: Client not sending proxy credentials

Even if i could work out which way to set proxy would be good. METHOD ONE: https://stackoverflow.com/questions/31550064/apache-cxf-client-proxy-settings Proxy is set with : http.getClient().setProxyServer("proxy"); I note the example code also has instantiated HelloPortType helloPort =

Re: Pretty Logging

I do actually get the message on the console, but its all run together, no new lines or indentation. Is that what the pretty part would do if i had it going? -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Alrightly then. How about something like this: // CXF CLIENT FOR MUTUAL TLS // Setup TLS client params TLSClientParameters tlsParams = new TLSClientParameters(); /* Get the JKS contents */ final char[] JKS_PASSWORD = "password".toCharArray(); final

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

So is that all that is needed to use mutual TLS? I also need to update the endpoint details in the service stubs - I don't think this can be done with wsimport with mutual tls? -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Sorry updated post above while you were posting. Latest stack Trace: Exception in thread "Thread-2" javax.xml.ws.soap.SOAPFaultException: The signature or decryption was invalid -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Hi, Full trace is : Jan 19, 2018 12:29:19 AM org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL INFO: Creating Service {urn:sale.test.au/schema/common}SaleService from WSDL: http://testsigningonly.com/SalesService.svc?singleWsdl Jan 19, 2018 12:29:20 AM

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Yes the WSDL does have security policies in it:-) -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Ok. Am I meant to be changing the values in the code you pasted? -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Ok so I have : ((BindingProvider)port).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, ""); ((BindingProvider)port).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME, "");

Jar deployment with keys

What is the best way to deploy a JAR but keep the keys safe? -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html