Thus usually is due to that fact that the certifcate can be found.
Two reasons:
- the alias name for the key/vertificate does not exist
- the password to unlock the private key is not correct (this is
the password the callback class should return). This password
is different from the keystore's password and keytool usually
requests it during import.
In you case, according to the output you sent I would go for a wrong
alias name - watch upper- and lowcase when importing the cert and
when definig it n the WSDD file.
Regards,
Werner
Laurent COLLET wrote:
> Hi,
>
> Yesterday I make a mistake in my pb description:
>
> here is my error:
> 1 sept. 2005 09:21:42
> org.apache.ws.security.components.crypto.CryptoFactory loadClass
> INFO: Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
> WSDoAllSender: Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature)
> AxisFault
> faultCode:
> {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
> faultSubcode:
> faultString: WSDoAllSender: Signature: error during message procesing
> org.apache.ws.security.WSSecurityException: General security error
> (Unexpected number of X509Data: for Signature)
> faultActor:
> faultNode:
> faultDetail:
> {http://xml.apache.org/axis/}stackTrace:WSDoAllSender: Signature:
> error during message
> procesingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature)
> at
> org.apache.ws.axis.security.WSDoAllSender.performSIGNAction(WSDoAllSender.java:416)
>
> ...
>
>
> I don't understand this error, I hope you can help me.
>
>
> I have:
> - a client certificate given by a CA named client.cer
> - a server certificate ... server.cer
> - a CA certificate ... ca.cer
>
> here is the command I do:
> keytool -import -file client.cer -alias client -keystore client.jks
> keytool -import -file server.cer -alias server -keystore client.jks
> keytool -import -file ca.cer -alias ca -keystore client.jks
>
> (I tried to import only the client certificate and the result is the
> same. Even if for instance I just want to sign request, I will later
> encrypt datas)
>
> the next snipet show my crypto.properties
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=azerty
> org.apache.ws.security.crypto.merlin.keystore.alias=client
> org.apache.ws.security.crypto.merlin.alias.password=azerty
> org.apache.ws.security.crypto.merlin.file=conf/cert/client.jks
>
> and finally, my deply.wsdd:
> <?xml version="1.0" encoding="UTF-8"?>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/";
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration>
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
> <parameter name="action" value="Signature" />
> <parameter name="user" value="Client" />
> <parameter name="passwordCallbackClass"
> value="ws.PWCallback" />
> <parameter name="signaturePropFile"
> value="crypto.properties" />
> </handler>
> </requestFlow>
> </globalConfiguration>
> </deployment>
>
>
>
>
> Thanks in advance,
> Laurent
>
>
>
>
> Granqvist, Hans a écrit :
>
>> What is the error you get?
>>
>> Did you build the wss4j.jar and copy it to axis lib?
>>
>>
>>> -----Original Message-----
>>> From: Laurent COLLET [mailto:[EMAIL PROTECTED] Sent:
>>> Wednesday, August 31, 2005 8:23 AM
>>> To: [email protected]
>>> Subject: crypto provider
>>>
>>> I found in the crypto.properties file that the prgm use
>>> org.apache.ws.security.crypto.provider,
>>> org.apache.ws.security.crypto.merlin.* ... but I can't find any of
>>> these classes. I think I hadn't the well jar files, but I have
>>> already installed all the jar files written in the readme.txt:
>>> openSAML, BouncyCastle, XMLSec...
>>> (My aim is signing request from the client to the server)
>>>
>>> Can you tell me where I can find these classes?
>>>
>>> Thanks in advance,
>>> Laurent
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
