Hi,
First off, I hope this is the appropriate list for this type of inquiry. I
have recently taken over a project which is using Apache CXF (2.2.9). I came
across a strange use case and in all my online searches, I couldn't seem to
find anything that pointed me in the correct direction. The app makes two
calls to external services. One does not using the CXF framework, while the
other does (with WS-Security). The non-CXF one requires using SSL
mutual-auth, so it sets up the keystore like so:
System.setProperty("javax.net.
ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword",
trustStorePassword);
For my client using Apache CXF, it actually uses the same exact
store/password (same cert is used by the services to authenticate the user).
It sets up properties like so:
properties.put("org.apache.ws.security.crypto.provider",
"org.apache.ws.security.components.crypto.Merlin");
properties.put("org.apache.ws.security.crypto.merlin.keystore.type",
"pkcs12");
properties.put("org.apache.ws.security.crypto.merlin.keystore.base64.encoded",
"false");
properties.put("org.apache.ws.security.crypto.merlin.keystore.alias",
alias);
properties.put("org.apache.ws.security.crypto.merlin.keystore.password",
password);
properties.put("org.apache.ws.security.crypto.merlin.file",
clientCert);
In isolation, both of the clients work perfectly fine. However, when I need
to use the clients within the same application, the Apache CXF client begins
complaining it can't find my certificate:
"Caused by: org.apache.ws.security.WSSecurityException: General
security error (No certificates for user xyz were found for signature)"
If I simply comment out the setting up of the trustStore system properties,
the Apache CXF client works (obviously the other client fails mutual auth).
I've tried searching for the past few hours online and couldn't seem to find
anyone else with this problem. Does the alias/user I need to use change when
a trustStore is loaded?
Any help would be greatly appreciated!
Thanks,
DJ
