I am new to CXF. Because of this problem I moved away from axis, thinking
CXF would help me more.
*******************************************************************************
Here is the exception I get along with the stack trace:
[#|2009-01-15T12:57:57.162-0700|WARNING|sun-appserver-pe9.0|org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor|_ThreadID=12;_ThreadName=btpool0-1;_RequestID=315472c5-1803-40c7-b0bb-61fa9b1e3512;|
org.apache.ws.security.WSSecurityException: The signature or decryption was
invalid; nested exception is:
java.lang.Exception: alias is null
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:292)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:92)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:80)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:158)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:65)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:78)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:278)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:252)
at
org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
at
org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
at
org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:206)
at
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at
org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
at
org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:842)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at
org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
at
org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)
Caused by: java.lang.Exception: alias is null
at
org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBase.java:137)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:290)
... 22 more
|#]
[#|2009-01-15T12:57:57.162-0700|INFO|sun-appserver-pe9.0|org.apache.cxf.phase.PhaseInterceptorChain|_ThreadID=12;_ThreadName=btpool0-1;|Interceptor
has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
invalid; nested exception is:
java.lang.Exception: alias is null
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:405)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:256)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:65)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:78)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:278)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:252)
at
org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
at
org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
at
org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:206)
at
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at
org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
at
org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:842)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at
org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
at
org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)
Caused by: org.apache.ws.security.WSSecurityException: The signature or
decryption was invalid; nested exception is:
java.lang.Exception: alias is null
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:292)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:92)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:80)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:158)
... 17 more
Caused by: java.lang.Exception: alias is null
at
org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBase.java:137)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:290)
... 22 more
|#]
[#|2009-01-15T12:57:57.334-0700|INFO|sun-appserver-pe9.0|org.apache.cxf.interceptor.LoggingOutInterceptor|_ThreadID=12;_ThreadName=btpool0-1;|Outbound
Message
---------------------------
Encoding: UTF-8
Headers: {}
Messages:
Payload: <soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap:Fault><faultcode
xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>ns1:FailedCheck</faultcode><faultstring>The
signature or decryption was invalid; nested exception is:
java.lang.Exception: alias is
null</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------|#]
******************************************************************************
This is my inInterceptor
<jaxws:inInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature Encrypt"/>
<entry key="signaturePropFile"
value="service-client.properties"/>
<entry key="encryptionPropFile"
value="service-provider.properties"/>
<entry key="decryptionPropFile"
value="service-provider.properties"/>
<entry key="passwordCallbackClass"
value="test.ws.PasswordProvider"/>
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
*******************************************************************************
These are the contents of the service-client.properties file
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.file=keystore.jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=joe
org.apache.ws.security.crypto.merlin.keystore.alias.password=password
*******************************************************************************
These are the contents of the service-provider.properties file
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.file=keystore.jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=daniel
org.apache.ws.security.crypto.merlin.keystore.alias.password=password
*******************************************************************************
This is one of the requests with some data removed I get:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<s:Header>
<o:Security s:mustUnderstand="1"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<o:BinarySecurityToken u:Id="<!--Snip! -->"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";><!--Snip!
--></o:BinarySecurityToken>
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#";>
<e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<o:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName> MY_KEY_ISSUER_NAME</X509IssuerName>
<X509SerialNumber>MY_KEY_SERIAL_NUMBER</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue><!--Snip! --></e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"/>
</e:ReferenceList>
</e:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_1">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue><!--Snip! --></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue><!--Snip! --></SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
URI="#<!--Snip! -->"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_1">
<e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content";
xmlns:e="http://www.w3.org/2001/04/xmlenc#";>
<e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<e:CipherData>
<e:CipherValue><!-- Snip! --></e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>
*******************************************************************************
What I think the problem might, but I have no solution for it, is that my
key was created using the keytool command of the jdk. So the serial number
for it is a hexadecimal, but in the request MY_KEY_SERIAL_NUMBER value is a
decimal number. So because of this I think it cannot find it.
What object is responsible for translating the serial number in the request
to a hex number that can be found in my keystore?? How is that handled??
If the way I am thinking of it is wrong, please lead me in the right
direction.
Any help will be greatly appreciated.
--
View this message in context:
http://www.nabble.com/Cannot-understand-how-WSS4JInInterceptor-finds-a-key-in-my-keystore-tp21486027p21486027.html
Sent from the cxf-user mailing list archive at Nabble.com.
