JKS and environment is perfectly fine..
I see your crypto.properties file is not something I am using..
For me this is working fine-
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=welcome1
org.apache.ws.security.crypto.merlin.file=default-keystore.jks
Please note the difference in the way i mentioned keystore file..
my - org.apache.ws.security.crypto.merlin.file=default-keystore.jks
your - org.apache.ws.security.crypto.merlin.*keystore*.file=privkeystore
Thanks
Nitin
Alexandre Veloso de Matos wrote:
Hi NItin,
I tried to copy both privkeystore and crypto.properties to
WEB-INF/classes. And I also checked my keystore and as you can see
bellow, this has both the private key and trusted certificate.
Even with these two attempts the same exception is *thrown*.
I suspect that there is some limitation on the type of keystore I'm
using (jks) and the deployment environment (wss4j-1.5.7 + tomcat +
axis1.4) - am I right ?
Thanks for your help Nitin. I'll be very grateful for any support.
Best regards,
Alex
************************my privkeystore
------------------------------------------------------------------------------
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: privkey
Creation date: 17/Ago/2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=privkey
Issuer: CN=privkey
Serial number: 4a892d57
Valid from: Mon Aug 17 11:13:43 WEST 2009 until: Sun Nov 15 10:13:43
WET 2009
Certificate fingerprints:
MD5: 73:C3:F4:BA:7E:54:E1:4E:2F:1A:B3:4A:60:92:C9:56
SHA1: CE:CE:D9:0A:ED:47:34:70:5D:10:A3:2C:00:6B:8E:84:70:64:44:13
Signature algorithm name: SHA1withDSA
Version: 3
*******************************************
*******************************************
Alias name: pubcert
Creation date: 17/Ago/2009
Entry type: trustedCertEntry
Owner: CN=pubcert
Issuer: CN=pubcert
Serial number: 4a892d58
Valid from: Mon Aug 17 11:13:44 WEST 2009 until: Sun Nov 15 10:13:44
WET 2009
Certificate fingerprints:
MD5: 51:34:C6:D8:8D:27:9B:EB:35:8C:47:EE:AD:B8:A1:05
SHA1: 89:C2:CC:BF:F2:31:87:20:E7:AB:14:16:8B:B1:BE:8B:58:9A:D0:64
Signature algorithm name: SHA1withDSA
Version: 3
*******************************************
*******************************************
2009/8/17 Nitin Handa <nitin.ha...@oracle.com
<mailto:nitin.ha...@oracle.com>>
Try copying your keystore and cryptp.properties to your
WEB-INF/classes folder.
Other thing to check out is your privkey should also have
certificates in keystore apart from private key.
HTH,
Nitin
Alexandre Veloso de Matos wrote:
Dear all,
I suppose this a question already addressed before. However,
even with the help of former responses I couldn't achieve an
answer to my problem.
I have a web service. I want to sign any call to this web
service. For this I provided a keystore from where public and
private keys should be gathered. In fact, I tried to follow
the guidelines from this tutorial:
http://www.devx.com/Java/Article/28816/1954?pf=true.
I've been receiving constantly the following exception:
org.apache.ws.security.WSSecurityException: Error during
Signature: ; nested exception is:
org.apache.ws.security.WSSecurityException: General
security error (No certificates for user privkey were found
for signature)nothing
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:60)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:201)
at
org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:168)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at
org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at wss.client.PubCertClient.main(PubCertClient.java:57)
Caused by: org.apache.ws.security.WSSecurityException: General
security error (No certificates for user privkey were found
for signature)
at
org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:311)
at
org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:748)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
... 12 more
In order to clarify, my client deployment is guided by the
following:
<deployment name="ClientConfig"
xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="user" value="privkey"/>
<parameter name="passwordCallbackClass"
value="wss.client.PWCallback"/>
<parameter name="action" value="Signature Encrypt"/>
<parameter name="signaturePropFile"
value="crypto.properties" />
</handler>
</requestFlow>
</globalConfiguration >
</deployment>
and the server deployment descriptor is the following:
<deployment
xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<!-- Services from SignService WSDL service -->
<service name="wss_service" provider="java:RPC" style="rpc"
use="encoded">
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="wss.server.PWCallback"/>
<parameter name="action" value="Signature Encrypt"/>
<parameter name="signaturePropFile"
value="crypto.properties" />
</handler>
</requestFlow> <parameter name="wsdlTargetNamespace"
value="urn:wss"/>
<parameter name="wsdlServiceElement" value="SignService"/>
<parameter name="wsdlServicePort" value="wss_service"/>
<parameter name="className"
value="wss.ws.Wss_serviceSoapBindingImpl"/>
<parameter name="wsdlPortType" value="Sign"/>
<parameter name="typeMappingVersion" value="1.2"/>
<operation name="getPubCert" qname="operNS:getPubCert"
xmlns:operNS="urn:wss" returnQName="getPubCertReturn"
returnType="rtns:string"
xmlns:rtns="http://schemas.xmlsoap.org/soap/encoding/";
soapAction="" >
</operation>
<parameter name="allowedMethods" value="getPubCert"/>
<parameter name="scope" value="Session"/>
</service>
</deployment>
And my crypto.properties file:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=foobar
org.apache.ws.security.crypto.merlin.alias.password=foobar
org.apache.ws.security.crypto.merlin.keystore.alias=privkey
org.apache.ws.security.crypto.merlin.keystore.file=privkeystore
My latter attempts to bypass these exceptions:
1) privkeystore path is on classpath
2) there is a callback that returns the password for the alias
privkey (foobar)
3) the crypto.properties is also on classpath
Thanks for any clue on what could be happening.
Best regards,
Alex
--
Alexandre Veloso de Matos
Phd Student - Informatics Engineering Department
University of Coimbra - Coimbra, Portugal
--
Alexandre Veloso de Matos
Phd Student - Informatics Engineering Department
University of Coimbra - Coimbra, Portugal
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org
