Hello All, I've tried adapting the sample (client) and it doesn't work for
me. I use to test soapUI and the windows keystore (pfx) and it works.
The exception is:
Caused by: org.apache.ws.security.WSSecurityException: Error during
Signature: ; nested exception is:
org.apache.ws.security.WSSecurityException: General security error (No
certificates for user dnawsscliente were found for signature)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:67)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:205)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:50)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:257)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:134)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
... 2 more
Caused by: org.apache.ws.security.WSSecurityException: General security
error (No certificates for user dnawsscliente were found for signature)
at
org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:316)
at
org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:760)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:64)
... 12 more
My new code:
SpringBusFactory bf = new SpringBusFactory();
URL busFile = Client.class.getResource("wssec.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put("action", "Timestamp Signature");
outProps.put("passwordType", "PasswordDigest");
outProps.put("user", "dnawsscliente");
outProps.put("signatureUser", "dnawsscliente");
outProps.put("passwordCallbackClass",
com.casa.wss.demo.UTPasswordCallback.class.getName());
outProps.put("signaturePropFile", "Client_Sign.properties");
outProps.put("signatureKeyIdentifier", "DirectReference");
String signatureParts = "{}{
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;";
+
"{}{http://www.w3.org/2005/08/addressing}Action;"; +
"{}{http://www.w3.org/2005/08/addressing}ReplyTo;"; +
"{}{http://www.w3.org/2005/08/addressing}MessageID;"; +
"{}{http://www.w3.org/2005/08/addressing}To";;
outProps.put("signatureParts", signatureParts);
bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
final QName SERVICE_NAME = new QName("http://tempuri.org/";,
"MenStock");
MenStock ss = new MenStock(MenStock.WSDL_LOCATION,
SERVICE_NAME);
IStock port = ss.getCustomBindingIStock();
System.out.println("Invoking mensajeStock...");
org.datacontract.schemas._2004._07.wcf_stock.Stock stock = new
org.datacontract.schemas._2004._07.wcf_stock.Stock();
javax.xml.bind.JAXBElement<org.datacontract.schemas._2004._07.wcf_stock.ArrayOfStockEntrada>
stockEntradas = null;
stockEntradas = createArrayOfStockEntrada();
stock.setEntradas(stockEntradas);
Object response = port.mensajeStock(stock);
System.out.println("response: " + response + "\n");
My properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.file=DNAWSSCliente.pfx
org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
org.apache.ws.security.crypto.merlin.keystore.password=dnawsscliente2
org.apache.ws.security.crypto.merlin.keystore.alias=DNAWSSCliente
#org.apache.ws.security.crypto.merlin.alias.password=XXXX
I'm not understand what I'm doing wrong in my code, could you use a PFX with
CXF and singning (not encrypting)?. Why it works with soapUI and not with
CXF?
The service was constructed with C#.
Thanks.
JP
2010/12/9 Juan Pablo Pizarro <[email protected]>
> Hello Freeman,
>
> Thanks for your advice, I'll check it out. I've the merlin line into the
> properties file and I play with the alias name (I show the aliases in my
> keystore and play with the alias names).
>
> I'll check the example.
>
> Thanks!
>
>
> 2010/12/9 Freeman Fang <[email protected]>
>
> Hi,
>>
>> We actually have a ws_security/sign_enc example shipped with kit which
>> should exactly match your scenario, you may need check that example to see
>> the difference with your code and figure out why your code doesn't work.
>> And my other comment inline.
>>
>> On 2010-12-10, at 上午4:27, Juan Pablo Pizarro wrote:
>>
>> Hello everybody, I'm trying to use X509 certificate to sign/encrypt a
>>> request. I have JDK6 (of Oracle/Sun), Eclipse helios, LInux Ubuntu 9.4
>>> and
>>> CXF 2.4 SNAPSHOT.
>>>
>>> My config is:
>>>
>>> SpringBusFactory bf = new SpringBusFactory();
>>> URL busFile = Client.class.getResource("wssec.xml");
>>> Bus bus = bf.createBus(busFile.toString());
>>> SpringBusFactory.setDefaultBus(bus);
>>>
>>> Map<String,Object> outProps = new HashMap<String,Object>();
>>> outProps.put("action", "Timestamp Signature Encrypt");
>>> outProps.put("user", "DNAWSSCliente");
>>> outProps.put("signaturePropFile", "Client_Sign.properties");
>>> outProps.put("signatureKeyIdentifier", "DirectReference");
>>> outProps.put("passwordCallbackClass",
>>> com.casa.wss.demo.UTPasswordCallback.class.getName());
>>> outProps.put("signatureParts", "{Element}{
>>>
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd%7DTimestamp%3B%7BElement%7D%7Bhttp://schemas.xmlsoap.org/soap/envelope/%7DBody>
>>> ");
>>> outProps.put("encryptionPropFile", "Client_Sign.properties");
>>> outProps.put("encryptionUser", "DNAWSSCliente");
>>> outProps.put("signatureUser", "DNAWSS");
>>> outProps.put("encryptionParts", "{Element}{
>>>
>>> http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body<http://www.w3.org/2000/09/xmldsig#%7DSignature%3B%7BContent%7D%7Bhttp://schemas.xmlsoap.org/soap/envelope/%7DBody>
>>> ");
>>> outProps.put("encryptionSymAlgorithm", "
>>> http://www.w3.org/2001/04/xmlenc#tripledes-cbc";);
>>> outProps.put("encryptionKeyTransportAlgorithm", "
>>> http://www.w3.org/2001/04/xmlenc#rsa-1_5";);
>>> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
>>> //request
>>> bus.getInInterceptors().add(wssOut);
>>> bus.getInInterceptors().add(new SAAJOutInterceptor());
>>>
>>> Map<String,Object> inProps= new HashMap<String,Object>();
>>> inProps.put("action", "Timestamp Signature Encrypt");
>>> inProps.put("signaturePropFile", "Client_Sign.properties");
>>> inProps.put("passwordCallbackClass",
>>> com.casa.wss.demo.UTPasswordCallback.class.getName());
>>> inProps.put("decryptionPropFile", "Client_Sign.properties");
>>> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
>>> //response
>>> bus.getInInterceptors().add(wssIn);
>>> bus.getInInterceptors().add(new SAAJInInterceptor());
>>>
>>> The signature parts are not the correct, but the error is previus (in
>>> other
>>> test I put the correct parts).
>>>
>>> My properties file:
>>>
>> I think here you miss
>>
>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>>
>>
>>
>>> org.apache.ws.security.crypto.merlin.keystore.type=JKS
>>> org.apache.ws.security.crypto.merlin.keystore.password=dnawsscliente2
>>> org.apache.ws.security.crypto.merlin.keystore.alias=dnawss
>>>
>>
>> and how about change to
>> org.apache.ws.security.crypto.merlin.keystore.alias= DNAWSSCliente
>>
>> Freeman
>>
>>
>> org.apache.ws.security.crypto.merlin.file=DNAWSSCliente.jks
>>>
>>> The public and private key is into the same file.
>>>
>>> I google and up to now, i didn't found a solution.
>>>
>>> And the error:
>>>
>>> log4j:WARN No appenders could be found for logger
>>> (org.apache.cxf.bus.spring.BusApplicationContext).
>>> log4j:WARN Please initialize the log4j system properly.
>>> Dec 9, 2010 5:51:39 PM org.apache.cxf.bus.spring.BusApplicationContext
>>> getConfigResources
>>> INFO: Loaded configuration file
>>>
>>> file:/home/jpp/JAVA/workspace/pruebaDNA8/build/classes/com/casa/wss/demo/wssec.xml.
>>> Dec 9, 2010 5:55:39 PM
>>> org.apache.cxf.service.factory.ReflectionServiceFactoryBean
>>> buildServiceFromWSDL
>>> INFO: Creating Service
>>> {http://tempuri.org/}MenStock<http://tempuri.org/%7DMenStock>from WSDL:
>>> http://wss.aduanas.gub.uy/LuciaWsSecurity/Stock.svc?wsdl
>>> Dec 9, 2010 5:55:41 PM
>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler
>>> doSignBeforeEncrypt
>>> WARNING: Sign before encryption failed due to : No signature username
>>> found.
>>> Dec 9, 2010 5:55:41 PM org.apache.cxf.phase.PhaseInterceptorChain
>>> doDefaultLogging
>>> WARNING: Interceptor for {
>>> http://tempuri.org/}MenStock#{http://tempuri.org/}MensajeStock<http://tempuri.org/%7DMenStock#%7Bhttp://tempuri.org/%7DMensajeStock>has
>>> thrown
>>> exception, unwinding now
>>> org.apache.cxf.interceptor.Fault: No signature username found.
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:145)
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:90)
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:139)
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:77)
>>> at
>>>
>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
>>> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>>> at
>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
>>> at $Proxy43.mensajeStock(Unknown Source)
>>> at com.casa.wss.demo.Client.main(Client.java:177)
>>> Caused by: org.apache.cxf.ws.policy.PolicyException: No signature
>>> username
>>> found.
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:283)
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuider(AbstractBindingBuilder.java:1349)
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignature(AsymmetricBindingHandler.java:395)
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:107)
>>> ... 11 more
>>> javax.xml.ws.soap.SOAPFaultException: No signature username found.
>>> at
>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146)
>>> at $Proxy43.mensajeStock(Unknown Source)
>>> at com.casa.wss.demo.Client.main(Client.java:177)
>>> Caused by: org.apache.cxf.ws.policy.PolicyException: No signature
>>> username
>>> found.
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:283)
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuider(AbstractBindingBuilder.java:1349)
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignature(AsymmetricBindingHandler.java:395)
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:107)
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:90)
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:139)
>>> at
>>>
>>> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:77)
>>> at
>>>
>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
>>> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>>> at
>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
>>> ... 2 more
>>>
>>
>>
>> --
>> Freeman Fang
>>
>> ------------------------
>>
>> FuseSource: http://fusesource.com
>> blog: http://freemanfang.blogspot.com
>> twitter: http://twitter.com/freemanfang
>> Apache Servicemix:http://servicemix.apache.org
>> Apache Cxf: http://cxf.apache.org
>> Apache Karaf: http://karaf.apache.org
>> Apache Felix: http://felix.apache.org
>>
>>
>
