Thanks dkulp for your response.
I tried the modifications suggested but I still get the same error. Any
other suggestions?..
Thanks again for helping me out
_________________________________________________________________________________________
dkulp wrote:
>
>
> I'm not sure if the alias is currently being pulled from the properties
> file.
> You could try:
> <jaxws:inInterceptors>
> <bean
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="Signature Encrypt"/>
> <entry key="user" value="joe"/>
> <entry key="encryptionUser" value="daniel"/>
> <entry key="signaturePropFile"
> value="service-client.properties"/>
> <entry key="encryptionPropFile"
> value="service-provider.properties"/>
> <entry key="decryptionPropFile"
> value="service-provider.properties"/>
> <entry key="passwordCallbackClass"
> value="test.ws.PasswordProvider"/>
> </map>
> </constructor-arg>
> </bean>
> </jaxws:inInterceptors>
>
> and see if that helps at all.
>
> Dan
>
>
>
> On Thursday 15 January 2009 3:23:16 pm quiroda wrote:
>> I am new to CXF. Because of this problem I moved away from axis,
>> thinking
>> CXF would help me more.
>>
>> ***************************************************************************
>>**** Here is the exception I get along with the stack trace:
>>
>>
>> [#|2009-01-15T12:57:57.162-0700|WARNING|sun-appserver-pe9.0|org.apache.cxf.
>>ws.security.wss4j.WSS4JInInterceptor|_ThreadID=12;_ThreadName=btpool0-1;_Req
>>uestID=315472c5-1803-40c7-b0bb-61fa9b1e3512;|
>> org.apache.ws.security.WSSecurityException: The signature or decryption
>> was
>> invalid; nested exception is:
>> java.lang.Exception: alias is null
>> at
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>>ncryptedKeyProcessor.java:292) at
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>>ncryptedKeyProcessor.java:92) at
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(Encrypte
>>dKeyProcessor.java:80) at
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEng
>>ine.java:311) at
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEng
>>ine.java:228) at
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
>>terceptor.java:158) at
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
>>terceptor.java:65) at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>>n.java:220) at
>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationO
>>bserver.java:78) at
>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(Jet
>>tyHTTPDestination.java:278) at
>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTT
>>PDestination.java:252) at
>> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandle
>>r.java:70) at
>> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
>> at
>> org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCol
>>lection.java:206) at
>> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
>> at
>> org.mortbay.jetty.Server.handle(Server.java:324)
>> at
>> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
>> at
>> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java
>>:842) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
>> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
>> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
>> at
>> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395
>>) at
>> org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:
>>450) Caused by: java.lang.Exception: alias is null
>> at
>> org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBas
>>e.java:137) at
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>>ncryptedKeyProcessor.java:290) ... 22 more
>>
>> |#]
>>
>> [#|2009-01-15T12:57:57.162-0700|INFO|sun-appserver-pe9.0|org.apache.cxf.pha
>>se.PhaseInterceptorChain|_ThreadID=12;_ThreadName=btpool0-1;|Interceptor
has
>> thrown exception, unwinding now
>> org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
>> invalid; nested exception is:
>> java.lang.Exception: alias is null
>> at
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JIn
>>Interceptor.java:405) at
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
>>terceptor.java:256) at
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
>>terceptor.java:65) at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>>n.java:220) at
>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationO
>>bserver.java:78) at
>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(Jet
>>tyHTTPDestination.java:278) at
>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTT
>>PDestination.java:252) at
>> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandle
>>r.java:70) at
>> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
>> at
>> org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCol
>>lection.java:206) at
>> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
>> at
>> org.mortbay.jetty.Server.handle(Server.java:324)
>> at
>> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
>> at
>> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java
>>:842) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
>> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
>> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
>> at
>> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395
>>) at
>> org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:
>>450) Caused by: org.apache.ws.security.WSSecurityException: The signature
or
>> decryption was invalid; nested exception is:
>> java.lang.Exception: alias is null
>> at
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>>ncryptedKeyProcessor.java:292) at
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>>ncryptedKeyProcessor.java:92) at
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(Encrypte
>>dKeyProcessor.java:80) at
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEng
>>ine.java:311) at
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEng
>>ine.java:228) at
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInIn
>>terceptor.java:158) ... 17 more
>> Caused by: java.lang.Exception: alias is null
>> at
>> org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBas
>>e.java:137) at
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>>ncryptedKeyProcessor.java:290) ... 22 more
>>
>> |#]
>>
>> [#|2009-01-15T12:57:57.334-0700|INFO|sun-appserver-pe9.0|org.apache.cxf.int
>>erceptor.LoggingOutInterceptor|_ThreadID=12;_ThreadName=btpool0-1;|Outbound
>> Message
>> ---------------------------
>> Encoding: UTF-8
>> Headers: {}
>> Messages:
>> Payload: <soap:Envelope
>> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap:Fau
>>lt><faultcode
>> xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
>>ty-secext-1.0.xsd">ns1:FailedCheck</faultcode><faultstring>The signature
or
>> decryption was invalid; nested exception is:
>> java.lang.Exception: alias is
>> null</faultstring></soap:Fault></soap:Body></soap:Envelope>
>> --------------------------------------|#]
>>
>> ***************************************************************************
>>*** This is my inInterceptor
>>
>> <jaxws:inInterceptors>
>> <bean
>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>> <constructor-arg>
>> <map>
>> <entry key="action" value="Signature Encrypt"/>
>> <entry key="signaturePropFile"
>> value="service-client.properties"/>
>> <entry key="encryptionPropFile"
>> value="service-provider.properties"/>
>> <entry key="decryptionPropFile"
>> value="service-provider.properties"/>
>> <entry key="passwordCallbackClass"
>> value="test.ws.PasswordProvider"/>
>> </map>
>> </constructor-arg>
>> </bean>
>> </jaxws:inInterceptors>
>>
>> ***************************************************************************
>>**** These are the contents of the service-client.properties file
>>
>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cr
>>ypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks
>> org.apache.ws.security.crypto.merlin.file=keystore.jks
>> org.apache.ws.security.crypto.merlin.keystore.password=password
>> org.apache.ws.security.crypto.merlin.keystore.alias=joe
>> org.apache.ws.security.crypto.merlin.keystore.alias.password=password
>> ***************************************************************************
>>**** These are the contents of the service-provider.properties file
>>
>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cr
>>ypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks
>> org.apache.ws.security.crypto.merlin.file=keystore.jks
>> org.apache.ws.security.crypto.merlin.keystore.password=password
>> org.apache.ws.security.crypto.merlin.keystore.alias=daniel
>> org.apache.ws.security.crypto.merlin.keystore.alias.password=password
>> ***************************************************************************
>>**** This is one of the requests with some data removed I get:
>>
>> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/";
>> xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity
>>-utility-1.0.xsd">
>>
>> <s:Header>
>>
>> <o:Security s:mustUnderstand="1"
>> xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity
>>-secext-1.0.xsd">
>>
>> <o:BinarySecurityToken u:Id="<!--Snip! -->"
>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-tok
>>en-profile-1.0#X509v3"
>> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-
>>message-security-1.0#Base64Binary"><!--Snip! --></o:BinarySecurityToken>
>>
>> <e:EncryptedKey Id="_0"
>> xmlns:e="http://www.w3.org/2001/04/xmlenc#";>
>>
>> <e:EncryptionMethod
>> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
>>
>> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
>>
>> <o:SecurityTokenReference>
>>
>> <X509Data>
>>
>> <X509IssuerSerial>
>>
>> <X509IssuerName> MY_KEY_ISSUER_NAME</X509IssuerName>
>>
>> <X509SerialNumber>MY_KEY_SERIAL_NUMBER</X509SerialNumber>
>>
>> </X509IssuerSerial>
>>
>> </X509Data>
>>
>> </o:SecurityTokenReference>
>>
>> </KeyInfo>
>>
>> <e:CipherData>
>>
>> <e:CipherValue><!--Snip! --></e:CipherValue>
>>
>> </e:CipherData>
>>
>> <e:ReferenceList>
>>
>> <e:DataReference URI="#_2"/>
>>
>> </e:ReferenceList>
>>
>> </e:EncryptedKey>
>>
>> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
>>
>> <SignedInfo>
>>
>> <CanonicalizationMethod
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>
>> <SignatureMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>>
>> <Reference URI="#_1">
>>
>> <Transforms>
>>
>> <Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>
>> </Transforms>
>>
>> <DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>
>> <DigestValue><!--Snip! --></DigestValue>
>>
>> </Reference>
>>
>> </SignedInfo>
>>
>> <SignatureValue><!--Snip! --></SignatureValue>
>>
>> <KeyInfo>
>>
>> <o:SecurityTokenReference>
>>
>> <o:Reference
>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-tok
>>en-profile-1.0#X509v3" URI="#<!--Snip! -->"/>
>>
>> </o:SecurityTokenReference>
>>
>> </KeyInfo>
>>
>> </Signature>
>>
>> </o:Security>
>>
>> </s:Header>
>>
>> <s:Body u:Id="_1">
>>
>> <e:EncryptedData Id="_2"
>> Type="http://www.w3.org/2001/04/xmlenc#Content";
>> xmlns:e="http://www.w3.org/2001/04/xmlenc#";>
>>
>> <e:EncryptionMethod
>> Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
>>
>> <e:CipherData>
>>
>> <e:CipherValue><!-- Snip! --></e:CipherValue>
>>
>> </e:CipherData>
>>
>> </e:EncryptedData>
>>
>> </s:Body>
>>
>> </s:Envelope>
>>
>> ***************************************************************************
>>****
>>
>> What I think the problem might, but I have no solution for it, is that my
>> key was created using the keytool command of the jdk. So the serial
>> number
>> for it is a hexadecimal, but in the request MY_KEY_SERIAL_NUMBER value is
>> a
>> decimal number. So because of this I think it cannot find it.
>>
>> What object is responsible for translating the serial number in the
>> request
>> to a hex number that can be found in my keystore?? How is that handled??
>> If the way I am thinking of it is wrong, please lead me in the right
>> direction.
>>
>> Any help will be greatly appreciated.
>
>
>
> --
> Daniel Kulp
> [email protected]
> http://dankulp.com/blog
>
>
--
View this message in context:
http://www.nabble.com/Cannot-understand-how-WSS4JInInterceptor-finds-a-key-in-my-keystore-tp21486027p21490005.html
Sent from the cxf-user mailing list archive at Nabble.com.
