I think the answer may depend on how you are using Axis/WSS4J. I'm not using any config files, and doing everything in a handler. Here's an example of my code, but I'm no expert so this could be a really bad (but working) example ;-)
You can see I set the cert alias and password both in my Properties object for the Crypto, and via the WSSignEnvelope.setKeyIdentifier() method. Not sure if this is necessary or the best way, but it works for me. I haven't made time for "code cleanup" yet.
[...snip...]
Message requestMessage = msgContext.getRequestMessage();
SOAPEnvelope unsignedEnvelope = requestMessage.getSOAPEnvelope();
Document doc = unsignedEnvelope.getAsDocument();
// WSS4J Start ---------------------------------------------
/*
* Instantiate Crypto for WSS4J via dynamic methods. Domino agents
* can't see file resources, plus we need to compute the keystore
* location anyway.
*/
String cryptoClassName = "org.apache.ws.security.components.crypto.BouncyCastle"; // "org.apache.ws.security.components.crypto.Merlin"
Properties properties = new Properties();
properties.put("org.apache.ws.security.crypto.provider", cryptoClassName);
properties.put("org.apache.ws.security.crypto.merlin.keystore.type", keystoreType);
properties.put("org.apache.ws.security.crypto.merlin.keystore.password", keystorePass);
properties.put("org.apache.ws.security.crypto.merlin.keystore.alias", privateKeyAlias);
properties.put("org.apache.ws.security.crypto.merlin.alias.password", privateKeyPass);
properties.put("org.apache.ws.security.crypto.merlin.file", keystoreFile);
Crypto crypto = CryptoFactory.getInstance(cryptoClassName, properties);
WSSignEnvelope builder = new WSSignEnvelope();
builder.setUserInfo(privateKeyAlias, privateKeyPass);
// builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL); // Doesn't embed the certificate.
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); // This does embed the certificate.
WSSAddUsernameToken usernameToken = new WSSAddUsernameToken();
builder.setUsernameToken(usernameToken);
Document signedDoc = builder.build(doc, crypto);
/*
* Convert the resulting document into a message first. The
* toSOAPMessage() method performs the necessary c14n call to
* properly set up the signed document and convert it into a SOAP
* message.
*/
Message signedMsg = (Message) SOAPUtil.toSOAPMessage(signedDoc);
if (logger.isDebugEnabled()) {
logger.debug("Signed message:");
XMLUtils.PrettyElementToWriter(signedMsg.getSOAPEnvelope().getAsDOM(), new PrintWriter(System.out));
}
/*
* Extract as a document again if need further processing. signedDoc =
* signedMsg.getSOAPEnvelope().getAsDocument();
*/
/*
* Set signed message as current message.
*/
msgContext.setCurrentMessage(signedMsg);
// WSS4J End ---------------------------------------------
[...snip...]
| Emanuel Haisiuc <[EMAIL PROTECTED]>
02/08/2006 11:31 AM |
|
I have the same sense about this one.
My question is: how do I indicate to the client which key to use from the keystore?
Is the "user" parameter from the handler in the client's configuration wsdd file used to identify the certificate to be used from the keystore?
Hope my questins make sense.
Thank you!
Emanuel
On 2/8/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
When I got that error, it was because the machine I was running on didn't have the certificate in the keystore. In your case that would be the cert " ehpubcert".
| Emanuel Haisiuc <[EMAIL PROTECTED]>
02/08/2006 10:24 AM |
|
Hi!
I'm getting this exception when trying to run my client:
08.02.2006 18:16:30
org.apache.ws.security.components.crypto.CryptoFactory loadClass
INFO: Using Crypto Engine [ org.apache.ws.security.components.crypto.Merlin]
Unable to make the call to method: WSHandler: Signature: error during
message procesingorg.apache.ws.security.WSSecurity
Exception: General security error (Unexpected number of X509Data: for Signature)
My cliend's wsdd file is:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender" />
<globalConfiguration>
<requestFlow>
<handler type="java: org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature"
/>
<parameter name="signaturePropFile" value=" cx509sign.props"
/>
<parameter name="signatureKeyIdentifier" value="DirectReference"
/>
<parameter name="passwordCallbackClass"
value="javawsx509signingclient.PWCallback" />
<parameter name="user" value="manu" />
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
where cx509sign.props is:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=foobar
org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
org.apache.ws.security.crypto.merlin.alias.password=foobar
org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
Pubkeystore listing is:
C:\publicks>keytool -list -keystore pubkeystore
Enter keystore password: foobar
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
ehpubcert, 08.02.2006, keyEntry,
Certificate fingerprint (MD5): 5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
What should I look for and what, to make it work?
Thank you!
Emanuel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
