Thanks Nitin,

you were right. The problem was solely that word (keystore) at the
crypto.properties entry.

Thanks a lot for your support.

Alex

2009/8/17 Nitin Handa <nitin.ha...@oracle.com>

> JKS and environment is perfectly fine..
>
> I see your crypto.properties file is not something I am using..
>
> For me this is working fine-
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=welcome1
> org.apache.ws.security.crypto.merlin.file=default-keystore.jks
>
>
> Please note the difference in the way i mentioned keystore file..
> my - org.apache.ws.security.crypto.merlin.file=default-keystore.jks
> your - org.apache.ws.security.crypto.merlin.*keystore*.file=privkeystore
>
> Thanks
> Nitin
>
>
> Alexandre Veloso de Matos wrote:
>
>> Hi NItin,
>>
>> I tried to copy both privkeystore and crypto.properties to
>> WEB-INF/classes. And I also checked my keystore and as you can see bellow,
>> this has both the private key and trusted certificate.
>>
>> Even with these two attempts the same exception is *thrown*.
>>
>> I suspect that there is some limitation on the type of keystore I'm using
>> (jks) and the deployment environment  (wss4j-1.5.7 + tomcat + axis1.4) - am
>> I right ?
>>
>> Thanks for your help Nitin. I'll be very grateful for any support.
>>
>> Best regards,
>>
>> Alex
>>
>> ************************my privkeystore
>> ------------------------------------------------------------------------------
>> Keystore type: JKS
>> Keystore provider: SUN
>>
>> Your keystore contains 2 entries
>>
>> Alias name: privkey
>> Creation date: 17/Ago/2009
>> Entry type: PrivateKeyEntry
>> Certificate chain length: 1
>> Certificate[1]:
>> Owner: CN=privkey
>> Issuer: CN=privkey
>> Serial number: 4a892d57
>> Valid from: Mon Aug 17 11:13:43 WEST 2009 until: Sun Nov 15 10:13:43 WET
>> 2009
>> Certificate fingerprints:
>>     MD5:  73:C3:F4:BA:7E:54:E1:4E:2F:1A:B3:4A:60:92:C9:56
>>     SHA1: CE:CE:D9:0A:ED:47:34:70:5D:10:A3:2C:00:6B:8E:84:70:64:44:13
>>     Signature algorithm name: SHA1withDSA
>>     Version: 3
>>
>>
>> *******************************************
>> *******************************************
>>
>>
>> Alias name: pubcert
>> Creation date: 17/Ago/2009
>> Entry type: trustedCertEntry
>>
>> Owner: CN=pubcert
>> Issuer: CN=pubcert
>> Serial number: 4a892d58
>> Valid from: Mon Aug 17 11:13:44 WEST 2009 until: Sun Nov 15 10:13:44 WET
>> 2009
>> Certificate fingerprints:
>>     MD5:  51:34:C6:D8:8D:27:9B:EB:35:8C:47:EE:AD:B8:A1:05
>>     SHA1: 89:C2:CC:BF:F2:31:87:20:E7:AB:14:16:8B:B1:BE:8B:58:9A:D0:64
>>     Signature algorithm name: SHA1withDSA
>>     Version: 3
>>
>>
>> *******************************************
>> *******************************************
>>
>>
>> 2009/8/17 Nitin Handa <nitin.ha...@oracle.com <mailto:
>> nitin.ha...@oracle.com>>
>>
>>
>>    Try copying your keystore and cryptp.properties to your
>>    WEB-INF/classes folder.
>>
>>    Other thing to check out is your privkey should also have
>>    certificates in keystore apart from private key.
>>
>>    HTH,
>>    Nitin
>>
>>
>>
>>    Alexandre Veloso de Matos wrote:
>>
>>        Dear all,
>>
>>        I suppose this a question already addressed before. However,
>>        even with the help of former responses I couldn't achieve an
>>        answer to my problem.
>>
>>        I have a web service. I want to sign any call to this web
>>        service. For this I provided a keystore from where public and
>>        private keys should be gathered. In fact, I tried to follow
>>        the guidelines from this tutorial:
>>        http://www.devx.com/Java/Article/28816/1954?pf=true.
>>
>>        I've been receiving constantly the following exception:
>>
>>        org.apache.ws.security.WSSecurityException: Error during
>>        Signature: ; nested exception is:
>>           org.apache.ws.security.WSSecurityException: General
>>        security error (No certificates for user privkey were found
>>        for signature)nothing
>>           at
>>
>>  
>> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:60)
>>           at
>>
>>  org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:201)
>>           at
>>
>>  org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:168)
>>           at
>>
>>  
>> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>>           at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>>           at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>>           at
>>        org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
>>           at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
>>           at org.apache.axis.client.Call.invoke(Call.java:2767)
>>           at org.apache.axis.client.Call.invoke(Call.java:2443)
>>           at org.apache.axis.client.Call.invoke(Call.java:2366)
>>           at org.apache.axis.client.Call.invoke(Call.java:1812)
>>           at wss.client.PubCertClient.main(PubCertClient.java:57)
>>        Caused by: org.apache.ws.security.WSSecurityException: General
>>        security error (No certificates for user privkey were found
>>        for signature)
>>           at
>>
>>  
>> org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:311)
>>           at
>>
>>  org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:748)
>>           at
>>
>>  
>> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
>>           ... 12 more
>>
>>        In order to clarify, my client deployment is guided by the
>>        following:
>>
>>        <deployment name="ClientConfig"
>>        xmlns="http://xml.apache.org/axis/wsdd/";
>>        xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
>>         <transport name="http"
>>        pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>>         <globalConfiguration >
>>           <requestFlow>
>>             <handler
>>        type="java:org.apache.ws.axis.security.WSDoAllSender" >
>>               <parameter name="user" value="privkey"/>
>>               <parameter name="passwordCallbackClass"
>>        value="wss.client.PWCallback"/>
>>               <parameter name="action" value="Signature Encrypt"/>
>>               <parameter name="signaturePropFile"
>>        value="crypto.properties" />
>>             </handler>
>>           </requestFlow>
>>         </globalConfiguration >
>>        </deployment>
>>
>>        and the server deployment descriptor is the following:
>>
>>        <deployment
>>           xmlns="http://xml.apache.org/axis/wsdd/";
>>           xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
>>
>>         <!-- Services from SignService WSDL service -->
>>
>>         <service name="wss_service" provider="java:RPC" style="rpc"
>>        use="encoded">
>>           <requestFlow>
>>             <handler
>>        type="java:org.apache.ws.axis.security.WSDoAllReceiver">
>>               <parameter name="passwordCallbackClass"
>>        value="wss.server.PWCallback"/>
>>               <parameter name="action" value="Signature Encrypt"/>
>>               <parameter name="signaturePropFile"
>>        value="crypto.properties" />
>>             </handler>
>>           </requestFlow>      <parameter name="wsdlTargetNamespace"
>>        value="urn:wss"/>
>>             <parameter name="wsdlServiceElement" value="SignService"/>
>>             <parameter name="wsdlServicePort" value="wss_service"/>
>>             <parameter name="className"
>>        value="wss.ws.Wss_serviceSoapBindingImpl"/>
>>             <parameter name="wsdlPortType" value="Sign"/>
>>             <parameter name="typeMappingVersion" value="1.2"/>
>>             <operation name="getPubCert" qname="operNS:getPubCert"
>>        xmlns:operNS="urn:wss" returnQName="getPubCertReturn"
>>        returnType="rtns:string"
>>        xmlns:rtns="http://schemas.xmlsoap.org/soap/encoding/";
>>        soapAction="" >
>>             </operation>
>>             <parameter name="allowedMethods" value="getPubCert"/>
>>             <parameter name="scope" value="Session"/>
>>
>>         </service>
>>        </deployment>
>>
>>        And my crypto.properties file:
>>
>>  
>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>>        org.apache.ws.security.crypto.merlin.keystore.type=jks
>>        org.apache.ws.security.crypto.merlin.keystore.password=foobar
>>        org.apache.ws.security.crypto.merlin.alias.password=foobar
>>        org.apache.ws.security.crypto.merlin.keystore.alias=privkey
>>        org.apache.ws.security.crypto.merlin.keystore.file=privkeystore
>>
>>        My latter attempts to bypass these exceptions:
>>        1) privkeystore path is on classpath
>>        2) there is a callback that returns the password for the alias
>>        privkey (foobar)
>>        3) the crypto.properties is also on classpath
>>
>>        Thanks for any clue on what could be happening.
>>
>>        Best regards,
>>
>>        Alex
>>
>>
>>        --        Alexandre Veloso de Matos
>>        Phd Student - Informatics Engineering Department
>>        University of Coimbra - Coimbra, Portugal
>>
>>
>>
>>
>>
>> --
>> Alexandre Veloso de Matos
>> Phd Student - Informatics Engineering Department
>> University of Coimbra - Coimbra, Portugal
>>
>
>


-- 
Alexandre Veloso de Matos
Phd Student - Informatics Engineering Department
University of Coimbra - Coimbra, Portugal

Reply via email to