RE: Problem while decrypting soap message

[Pramod Pawar]

Hi Anpu,   Problem is solved. Include the following lines of code in your client-config.wsdd file.   <parameter name="encryptionUser" value="tomcat"/>     Where value is the public key that you will be use to decrypt the data. In short, it’s nothing but the name of the certificate that we are importing to server.keystore. Please find the detailed config file as given below,   <?xml version="1.0" encoding="UTF-8"?> <deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">  <service name="helloworld">   <requestFlow>    <handler name="DoSecuritySender" type="java:org.apache.ws.axis.security.WSDoAllSender" >     <parameter name="user" value="tomcat-cl"/>     <parameter name="passwordCallbackClass" value="PWCallback"/>     <parameter name="action" value="Signature Encrypt"/>     <parameter name="signaturePropFile" value="crypto.properties" />     <parameter name="signatureKeyIdentifier" value="DirectReference" />     <parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" />     <parameter name="encryptionUser" value="tomcat"/>    </handler>   </requestFlow>   <responseFlow>    <handler name="DoSecurityReceiver" type="java:org.apache.ws.axis.security.WSDoAllReceiver">     <parameter name="passwordCallbackClass" value="PWCallback"/>     <parameter name="action" value="Signature Encrypt"/>     <parameter name="signaturePropFile" value="crypto.properties" />    </handler>   </responseFlow>  </service>  <transport name="java" pivot="java:org.apache.axis.transport.java.JavaSender"/>  <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>  <transport name="local" pivot="java:org.apache.axis.transport.local.LocalSender"/> </deployment>     Thanks, Pramod   From: anpu selvan [mailto:[EMAIL PROTECTED] Sent: Sunday, January 15, 2006 7:52 PM To: wss4j-dev@ws.apache.org; Pramod Pawar Subject: Re: Problem while decrypting soap message   hi pramod,                i also had the same problem to configure the security handler programattically. but no one gave answer to my question. if u find any soluting let me know.   regards, anpu Pramod Pawar <[EMAIL PROTECTED]> wrote: Hi Werner,   I am using WSS4J and I have created my java key store using key tool java. I am successfully able to sign and verify soap messages. I am also able to encrypt the soap message using the same key store, but my service is not able to decrypt the soap message. It’s showing error message as mentioned below,           org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;  nested exception is:         java.lang.Exception: Cannot find key for alias: tomcat  faultActor:  faultNode:  faultDetail:         {http://xml.apache.org/axis/}hostname:ppawardev   WSDoAllReceiver: security processing failed; nested exception is:         org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;  nested exception is:         java.lang.Exception: Cannot find key for alias: tomcat         at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)     Is there anything that I am missing while creating the keystore? Please find the steps below that I have followed for creating the keystores   echo Generating the Server KeyStore in file server.keystore "%java_home%\bin\keytool" -genkey -alias tomcat-sv -dname "CN=localhost, OU=X, O=Y, L=Z, S=XY, C=YZ" -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore   echo Exporting the certificate from keystore to an external file server.cer "%java_home%\bin\keytool" -export -alias tomcat-sv -storepass changeit -file server.cer -keystore server.keystore   echo Generating the Client KeyStore in file client.keystore "%java_home%\bin\keytool" -genkey -alias tomcat-cl -dname "CN=Client, OU=X, O=Y, L=Z, S=XY, C=YZ" -keyalg RSA -keypass changeit -storepass changeit -keystore client.keystore   echo Exporting the certificate from keystore to external file client.cer "%java_home%\bin\keytool" -export -alias tomcat-cl -storepass changeit -file client.cer -keystore client.keystore   echo Importing Client's certificate into Server's keystore "%java_home%\bin\keytool" -import -v -trustcacerts -alias tomcat -file server.cer -keystore client.keystore -keypass changeit -storepass changeit   echo Importing Server's certificate into Client's keystore "%java_home%\bin\keytool" -import -v -trustcacerts -alias tomcat -file client.cer -keystore server.keystore -keypass changeit -storepass changeit     Please advice.   Thanks – Pramod           Yahoo! Photos Got holiday prints? See all the ways to get quality prints in your hands ASAP.