Re: Help loading signature properties

Tue, 23 Sep 2014 10:53:32 -0700

Did you add the required Spring dependencies (necessary to read your Spring config) to your code as part of the upgrade? CXF 2.3 automatically included dependencies that later versions do not. 

http://web-gmazza.rhcloud.com/blog/entry/cxf-usernametoken-profile#UTCXF2

Glen

On 09/23/2014 01:48 PM, [email protected] wrote:

I'm working on migrating some legacy code I've been stuck with from CXF 
2.3/WSS4J 1.5 up to CXF 2.7/WSS4J 1.6, and I'm having some troubles. The latest 
issue is something that I'm sure is obvious and I'm just not seeing ... I am 
getting this exception when I run one of my tests:

org.apache.cxf.binding.soap.SoapFault: Security processing failed.
         at 
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:280)
         at 
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:141)
         ....
Caused by: org.apache.ws.security.WSSecurityException: Error during Signature:
         at 
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:122)
         at 
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232)
         at 
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
         at 
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265)
         ... 47 more
Caused by: org.apache.ws.security.WSSecurityException: General security error 
(WSSecurityEngine: No crypto property file supplied to verify signature)
         at 
org.apache.ws.security.message.WSSecSignature.getSigningCerts(WSSecSignature.java:789)
         at 
org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:169)
         at 
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:71)
         ... 50 more

I've shortened the stack trace a bit but that should be the most important 
parts. Now the exception itself I think is clear - there's a problem with the 
crypto properties. It's the exact problem that eludes me. In my Spring 
configuration, the original developers referenced a Crypto bean rather than 
using an external file. This is the bean configuration:

   <bean id="wss4jOutInterceptor" 
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
     <constructor-arg>
       <map>
         <entry key="action" value="Timestamp Signature" />
         <entry key="user" value="test-user (test ca 1)" />
         <entry key="timeToLive" value="60" />
         <entry key="signatureUser" value="test-user (test ca 1)" />
         <entry key="signatureKeyIdentifier" value="DirectReference" />
         <entry key="SignaturePropRefId" value="signatureProperties" />
         <entry key="signatureProperties" value-ref="cryptoProperties" />
         <entry key="signatureParts" 
value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; 
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp";
 />
         <entry key="signatureAlgorithm" 
value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
         <entry key="signatureDigestAlgorithm" 
value="http://www.w3.org/2001/04/xmlenc#sha256"/>
         <entry key="passwordCallbackRef" value-ref="pwCallback" />
       </map>
     </constructor-arg>
   </bean>

   <bean id="wss4jInInterceptor" 
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
     <constructor-arg>
       <map>
         <entry key="action" value="Signature Timestamp Encrypt" />
         <entry key="SignaturePropRefId" value="cryptoProperties" />
         <entry key="decryptionPropRefId" value="cryptoProperties" />
         <entry key="cryptoProperties" value-ref="cryptoProperties" />
         <entry key="passwordCallbackRef" value-ref="pwCallback" />
       </map>
     </constructor-arg>
   </bean>

   <util:properties id="cryptoProperties">
     <prop 
key="org.apache.ws.security.crypto.provider">org.apache.ws.security.components.crypto.Merlin</prop>
     <prop 
key="org.apache.ws.security.crypto.merlin.keystore.file">test-user.jks</prop>
     <prop key="org.apache.ws.security.crypto.merlin.keystore.type">jks</prop>
     <prop key="org.apache.ws.security.crypto.merlin.keystore.provider"></prop> 
-->
     <prop 
key="org.apache.ws.security.crypto.merlin.keystore.password">xxxxx</prop>
     <prop key="org.apache.ws.security.crypto.merlin.load.cacerts">false</prop>
   </util:properties>

Does anyone have any ideas on what may be off here? Thanx,

Stephen W. Chappell

Reply via email to