I'm not sure if the alias is currently being pulled from the properties file.
You could try:
<jaxws:inInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature Encrypt"/>
<entry key="user" value="joe"/>
<entry key="encryptionUser" value="daniel"/>
<entry key="signaturePropFile"
value="service-client.properties"/>
<entry key="encryptionPropFile"
value="service-provider.properties"/>
<entry key="decryptionPropFile"
value="service-provider.properties"/>
<entry key="passwordCallbackClass"
value="test.ws.PasswordProvider"/>
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
and see if that helps at all.
Dan
On Thursday 15 January 2009 3:23:16 pm quiroda wrote:
> I am new to CXF. Because of this problem I moved away from axis, thinking
> CXF would help me more.
>
> ***************************************************************************
>**** Here is the exception I get along with the stack trace:
>
>
> [#|2009-01-15T12:57:57.162-0700|WARNING|sun-appserver-pe9.0|org.apache.cxf.
>ws.security.wss4j.WSS4JInInterceptor|_ThreadID=12;_ThreadName=btpool0-1;_Req
>uestID=315472c5-1803-40c7-b0bb-61fa9b1e3512;|
> org.apache.ws.security.WSSecurityException: The signature or decryption was
> invalid; nested exception is:
> java.lang.Exception: alias is null
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>ncryptedKeyProcessor.java:292) at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>ncryptedKeyProcessor.java:92) at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(Encrypte
>dKeyProcessor.java:80) at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEng
>ine.java:311) at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEng
>ine.java:228) at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
>terceptor.java:158) at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
>terceptor.java:65) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>n.java:220) at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationO
>bserver.java:78) at
> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(Jet
>tyHTTPDestination.java:278) at
> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTT
>PDestination.java:252) at
> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandle
>r.java:70) at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726) at
> org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCol
>lection.java:206) at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at
> org.mortbay.jetty.Server.handle(Server.java:324)
> at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
> at
> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java
>:842) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
> at
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395
>) at
> org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:
>450) Caused by: java.lang.Exception: alias is null
> at
> org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBas
>e.java:137) at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>ncryptedKeyProcessor.java:290) ... 22 more
>
> |#]
>
> [#|2009-01-15T12:57:57.162-0700|INFO|sun-appserver-pe9.0|org.apache.cxf.pha
>se.PhaseInterceptorChain|_ThreadID=12;_ThreadName=btpool0-1;|Interceptor has
> thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
> invalid; nested exception is:
> java.lang.Exception: alias is null
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JIn
>Interceptor.java:405) at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
>terceptor.java:256) at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
>terceptor.java:65) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>n.java:220) at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationO
>bserver.java:78) at
> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(Jet
>tyHTTPDestination.java:278) at
> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTT
>PDestination.java:252) at
> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandle
>r.java:70) at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726) at
> org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCol
>lection.java:206) at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at
> org.mortbay.jetty.Server.handle(Server.java:324)
> at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
> at
> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java
>:842) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
> at
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395
>) at
> org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:
>450) Caused by: org.apache.ws.security.WSSecurityException: The signature or
> decryption was invalid; nested exception is:
> java.lang.Exception: alias is null
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>ncryptedKeyProcessor.java:292) at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>ncryptedKeyProcessor.java:92) at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(Encrypte
>dKeyProcessor.java:80) at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEng
>ine.java:311) at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEng
>ine.java:228) at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
>terceptor.java:158) ... 17 more
> Caused by: java.lang.Exception: alias is null
> at
> org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBas
>e.java:137) at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>ncryptedKeyProcessor.java:290) ... 22 more
>
> |#]
>
> [#|2009-01-15T12:57:57.334-0700|INFO|sun-appserver-pe9.0|org.apache.cxf.int
>erceptor.LoggingOutInterceptor|_ThreadID=12;_ThreadName=btpool0-1;|Outbound
> Message
> ---------------------------
> Encoding: UTF-8
> Headers: {}
> Messages:
> Payload: <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap:Fau
>lt><faultcode
> xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
>ty-secext-1.0.xsd">ns1:FailedCheck</faultcode><faultstring>The signature or
> decryption was invalid; nested exception is:
> java.lang.Exception: alias is
> null</faultstring></soap:Fault></soap:Body></soap:Envelope>
> --------------------------------------|#]
>
> ***************************************************************************
>*** This is my inInterceptor
>
> <jaxws:inInterceptors>
> <bean
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="Signature Encrypt"/>
> <entry key="signaturePropFile"
> value="service-client.properties"/>
> <entry key="encryptionPropFile"
> value="service-provider.properties"/>
> <entry key="decryptionPropFile"
> value="service-provider.properties"/>
> <entry key="passwordCallbackClass"
> value="test.ws.PasswordProvider"/>
> </map>
> </constructor-arg>
> </bean>
> </jaxws:inInterceptors>
>
> ***************************************************************************
>**** These are the contents of the service-client.properties file
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cr
>ypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.file=keystore.jks
> org.apache.ws.security.crypto.merlin.keystore.password=password
> org.apache.ws.security.crypto.merlin.keystore.alias=joe
> org.apache.ws.security.crypto.merlin.keystore.alias.password=password
> ***************************************************************************
>**** These are the contents of the service-provider.properties file
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cr
>ypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.file=keystore.jks
> org.apache.ws.security.crypto.merlin.keystore.password=password
> org.apache.ws.security.crypto.merlin.keystore.alias=daniel
> org.apache.ws.security.crypto.merlin.keystore.alias.password=password
> ***************************************************************************
>**** This is one of the requests with some data removed I get:
>
> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity
>-utility-1.0.xsd">
>
> <s:Header>
>
> <o:Security s:mustUnderstand="1"
> xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity
>-secext-1.0.xsd">
>
> <o:BinarySecurityToken u:Id="<!--Snip! -->"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-tok
>en-profile-1.0#X509v3"
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-
>message-security-1.0#Base64Binary"><!--Snip! --></o:BinarySecurityToken>
>
> <e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#";>
>
> <e:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
>
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
>
> <o:SecurityTokenReference>
>
> <X509Data>
>
> <X509IssuerSerial>
>
> <X509IssuerName> MY_KEY_ISSUER_NAME</X509IssuerName>
>
> <X509SerialNumber>MY_KEY_SERIAL_NUMBER</X509SerialNumber>
>
> </X509IssuerSerial>
>
> </X509Data>
>
> </o:SecurityTokenReference>
>
> </KeyInfo>
>
> <e:CipherData>
>
> <e:CipherValue><!--Snip! --></e:CipherValue>
>
> </e:CipherData>
>
> <e:ReferenceList>
>
> <e:DataReference URI="#_2"/>
>
> </e:ReferenceList>
>
> </e:EncryptedKey>
>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
>
> <SignedInfo>
>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>
> <Reference URI="#_1">
>
> <Transforms>
>
> <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>
> </Transforms>
>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>
> <DigestValue><!--Snip! --></DigestValue>
>
> </Reference>
>
> </SignedInfo>
>
> <SignatureValue><!--Snip! --></SignatureValue>
>
> <KeyInfo>
>
> <o:SecurityTokenReference>
>
> <o:Reference
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-tok
>en-profile-1.0#X509v3" URI="#<!--Snip! -->"/>
>
> </o:SecurityTokenReference>
>
> </KeyInfo>
>
> </Signature>
>
> </o:Security>
>
> </s:Header>
>
> <s:Body u:Id="_1">
>
> <e:EncryptedData Id="_2"
> Type="http://www.w3.org/2001/04/xmlenc#Content";
> xmlns:e="http://www.w3.org/2001/04/xmlenc#";>
>
> <e:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
>
> <e:CipherData>
>
> <e:CipherValue><!-- Snip! --></e:CipherValue>
>
> </e:CipherData>
>
> </e:EncryptedData>
>
> </s:Body>
>
> </s:Envelope>
>
> ***************************************************************************
>****
>
> What I think the problem might, but I have no solution for it, is that my
> key was created using the keytool command of the jdk. So the serial number
> for it is a hexadecimal, but in the request MY_KEY_SERIAL_NUMBER value is a
> decimal number. So because of this I think it cannot find it.
>
> What object is responsible for translating the serial number in the request
> to a hex number that can be found in my keystore?? How is that handled??
> If the way I am thinking of it is wrong, please lead me in the right
> direction.
>
> Any help will be greatly appreciated.
--
Daniel Kulp
[email protected]
http://dankulp.com/blog
