You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Alexandre Veloso de Matos <al...@gmail.com> on 2009/08/17 14:25:13 UTC
Newbie question
Dear all,
I suppose this a question already addressed before. However, even with the
help of former responses I couldn't achieve an answer to my problem.
I have a web service. I want to sign any call to this web service. For this
I provided a keystore from where public and private keys should be gathered.
In fact, I tried to follow the guidelines from this tutorial:
http://www.devx.com/Java/Article/28816/1954?pf=true.
I've been receiving constantly the following exception:
org.apache.ws.security.WSSecurityException: Error during Signature: ; nested
exception is:
org.apache.ws.security.WSSecurityException: General security error (No
certificates for user privkey were found for signature)nothing
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:60)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:201)
at
org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:168)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at wss.client.PubCertClient.main(PubCertClient.java:57)
Caused by: org.apache.ws.security.WSSecurityException: General security
error (No certificates for user privkey were found for signature)
at
org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:311)
at
org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:748)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
... 12 more
In order to clarify, my client deployment is guided by the following:
<deployment name="ClientConfig" xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="user" value="privkey"/>
<parameter name="passwordCallbackClass"
value="wss.client.PWCallback"/>
<parameter name="action" value="Signature Encrypt"/>
<parameter name="signaturePropFile" value="crypto.properties" />
</handler>
</requestFlow>
</globalConfiguration >
</deployment>
and the server deployment descriptor is the following:
<deployment
xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<!-- Services from SignService WSDL service -->
<service name="wss_service" provider="java:RPC" style="rpc" use="encoded">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="wss.server.PWCallback"/>
<parameter name="action" value="Signature Encrypt"/>
<parameter name="signaturePropFile" value="crypto.properties" />
</handler>
</requestFlow>
<parameter name="wsdlTargetNamespace" value="urn:wss"/>
<parameter name="wsdlServiceElement" value="SignService"/>
<parameter name="wsdlServicePort" value="wss_service"/>
<parameter name="className"
value="wss.ws.Wss_serviceSoapBindingImpl"/>
<parameter name="wsdlPortType" value="Sign"/>
<parameter name="typeMappingVersion" value="1.2"/>
<operation name="getPubCert" qname="operNS:getPubCert"
xmlns:operNS="urn:wss" returnQName="getPubCertReturn"
returnType="rtns:string" xmlns:rtns="
http://schemas.xmlsoap.org/soap/encoding/" soapAction="" >
</operation>
<parameter name="allowedMethods" value="getPubCert"/>
<parameter name="scope" value="Session"/>
</service>
</deployment>
And my crypto.properties file:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=foobar
org.apache.ws.security.crypto.merlin.alias.password=foobar
org.apache.ws.security.crypto.merlin.keystore.alias=privkey
org.apache.ws.security.crypto.merlin.keystore.file=privkeystore
My latter attempts to bypass these exceptions:
1) privkeystore path is on classpath
2) there is a callback that returns the password for the alias privkey
(foobar)
3) the crypto.properties is also on classpath
Thanks for any clue on what could be happening.
Best regards,
Alex
--
Alexandre Veloso de Matos
Phd Student - Informatics Engineering Department
University of Coimbra - Coimbra, Portugal
RE: Newbie question
Posted by Colm O hEigeartaigh <co...@progress.com>.
I changed this for the 1.6 release on trunk a while ago BTW just for
consistency. The new config tag is:
org.apache.ws.security.crypto.merlin.keystore.file
but the old tag works as well.
Colm.
________________________________
From: Alexandre Veloso de Matos [mailto:alexvmatos@gmail.com]
Sent: 17 August 2009 17:54
To: Nitin Handa
Cc: wss4j-dev@ws.apache.org
Subject: Re: Newbie question
Thanks Nitin,
you were right. The problem was solely that word (keystore) at the
crypto.properties entry.
Thanks a lot for your support.
Alex
2009/8/17 Nitin Handa <ni...@oracle.com>
JKS and environment is perfectly fine..
I see your crypto.properties file is not something I am using..
For me this is working fine-
org.apache.ws.security.crypto.provider=org.apache.ws.security.components
.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=welcome1
org.apache.ws.security.crypto.merlin.file=default-keystore.jks
Please note the difference in the way i mentioned keystore file..
my - org.apache.ws.security.crypto.merlin.file=default-keystore.jks
your - org.apache.ws.security.crypto.merlin.*keystore*.file=privkeystore
Thanks
Nitin
Alexandre Veloso de Matos wrote:
Hi NItin,
I tried to copy both privkeystore and crypto.properties to
WEB-INF/classes. And I also checked my keystore and as you can see
bellow, this has both the private key and trusted certificate.
Even with these two attempts the same exception is *thrown*.
I suspect that there is some limitation on the type of keystore
I'm using (jks) and the deployment environment (wss4j-1.5.7 + tomcat +
axis1.4) - am I right ?
Thanks for your help Nitin. I'll be very grateful for any
support.
Best regards,
Alex
************************my privkeystore
------------------------------------------------------------------------
------
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: privkey
Creation date: 17/Ago/2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=privkey
Issuer: CN=privkey
Serial number: 4a892d57
Valid from: Mon Aug 17 11:13:43 WEST 2009 until: Sun Nov 15
10:13:43 WET 2009
Certificate fingerprints:
MD5: 73:C3:F4:BA:7E:54:E1:4E:2F:1A:B3:4A:60:92:C9:56
SHA1:
CE:CE:D9:0A:ED:47:34:70:5D:10:A3:2C:00:6B:8E:84:70:64:44:13
Signature algorithm name: SHA1withDSA
Version: 3
*******************************************
*******************************************
Alias name: pubcert
Creation date: 17/Ago/2009
Entry type: trustedCertEntry
Owner: CN=pubcert
Issuer: CN=pubcert
Serial number: 4a892d58
Valid from: Mon Aug 17 11:13:44 WEST 2009 until: Sun Nov 15
10:13:44 WET 2009
Certificate fingerprints:
MD5: 51:34:C6:D8:8D:27:9B:EB:35:8C:47:EE:AD:B8:A1:05
SHA1:
89:C2:CC:BF:F2:31:87:20:E7:AB:14:16:8B:B1:BE:8B:58:9A:D0:64
Signature algorithm name: SHA1withDSA
Version: 3
*******************************************
*******************************************
2009/8/17 Nitin Handa <nitin.handa@oracle.com
<ma...@oracle.com>>
Try copying your keystore and cryptp.properties to your
WEB-INF/classes folder.
Other thing to check out is your privkey should also have
certificates in keystore apart from private key.
HTH,
Nitin
Alexandre Veloso de Matos wrote:
Dear all,
I suppose this a question already addressed before.
However,
even with the help of former responses I couldn't achieve
an
answer to my problem.
I have a web service. I want to sign any call to this web
service. For this I provided a keystore from where public
and
private keys should be gathered. In fact, I tried to
follow
the guidelines from this tutorial:
http://www.devx.com/Java/Article/28816/1954?pf=true.
I've been receiving constantly the following exception:
org.apache.ws.security.WSSecurityException: Error during
Signature: ; nested exception is:
org.apache.ws.security.WSSecurityException: General
security error (No certificates for user privkey were
found
for signature)nothing
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.ja
va:60)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:2
01)
at
org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:168)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.j
ava:32)
at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at
org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at
org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
at
org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at
wss.client.PubCertClient.main(PubCertClient.java:57)
Caused by: org.apache.ws.security.WSSecurityException:
General
security error (No certificates for user privkey were
found
for signature)
at
org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.jav
a:311)
at
org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:
748)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.ja
va:57)
... 12 more
In order to clarify, my client deployment is guided by
the
following:
<deployment name="ClientConfig"
xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="user" value="privkey"/>
<parameter name="passwordCallbackClass"
value="wss.client.PWCallback"/>
<parameter name="action" value="Signature
Encrypt"/>
<parameter name="signaturePropFile"
value="crypto.properties" />
</handler>
</requestFlow>
</globalConfiguration >
</deployment>
and the server deployment descriptor is the following:
<deployment
xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<!-- Services from SignService WSDL service -->
<service name="wss_service" provider="java:RPC"
style="rpc"
use="encoded">
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="wss.server.PWCallback"/>
<parameter name="action" value="Signature
Encrypt"/>
<parameter name="signaturePropFile"
value="crypto.properties" />
</handler>
</requestFlow> <parameter
name="wsdlTargetNamespace"
value="urn:wss"/>
<parameter name="wsdlServiceElement"
value="SignService"/>
<parameter name="wsdlServicePort"
value="wss_service"/>
<parameter name="className"
value="wss.ws.Wss_serviceSoapBindingImpl"/>
<parameter name="wsdlPortType" value="Sign"/>
<parameter name="typeMappingVersion" value="1.2"/>
<operation name="getPubCert"
qname="operNS:getPubCert"
xmlns:operNS="urn:wss" returnQName="getPubCertReturn"
returnType="rtns:string"
xmlns:rtns="http://schemas.xmlsoap.org/soap/encoding/"
soapAction="" >
</operation>
<parameter name="allowedMethods"
value="getPubCert"/>
<parameter name="scope" value="Session"/>
</service>
</deployment>
And my crypto.properties file:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components
.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=foobar
org.apache.ws.security.crypto.merlin.alias.password=foobar
org.apache.ws.security.crypto.merlin.keystore.alias=privkey
org.apache.ws.security.crypto.merlin.keystore.file=privkeystore
My latter attempts to bypass these exceptions:
1) privkeystore path is on classpath
2) there is a callback that returns the password for the
alias
privkey (foobar)
3) the crypto.properties is also on classpath
Thanks for any clue on what could be happening.
Best regards,
Alex
-- Alexandre Veloso de Matos
Phd Student - Informatics Engineering Department
University of Coimbra - Coimbra, Portugal
--
Alexandre Veloso de Matos
Phd Student - Informatics Engineering Department
University of Coimbra - Coimbra, Portugal
--
Alexandre Veloso de Matos
Phd Student - Informatics Engineering Department
University of Coimbra - Coimbra, Portugal
Re: Newbie question
Posted by Alexandre Veloso de Matos <al...@gmail.com>.
Thanks Nitin,
you were right. The problem was solely that word (keystore) at the
crypto.properties entry.
Thanks a lot for your support.
Alex
2009/8/17 Nitin Handa <ni...@oracle.com>
> JKS and environment is perfectly fine..
>
> I see your crypto.properties file is not something I am using..
>
> For me this is working fine-
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=welcome1
> org.apache.ws.security.crypto.merlin.file=default-keystore.jks
>
>
> Please note the difference in the way i mentioned keystore file..
> my - org.apache.ws.security.crypto.merlin.file=default-keystore.jks
> your - org.apache.ws.security.crypto.merlin.*keystore*.file=privkeystore
>
> Thanks
> Nitin
>
>
> Alexandre Veloso de Matos wrote:
>
>> Hi NItin,
>>
>> I tried to copy both privkeystore and crypto.properties to
>> WEB-INF/classes. And I also checked my keystore and as you can see bellow,
>> this has both the private key and trusted certificate.
>>
>> Even with these two attempts the same exception is *thrown*.
>>
>> I suspect that there is some limitation on the type of keystore I'm using
>> (jks) and the deployment environment (wss4j-1.5.7 + tomcat + axis1.4) - am
>> I right ?
>>
>> Thanks for your help Nitin. I'll be very grateful for any support.
>>
>> Best regards,
>>
>> Alex
>>
>> ************************my privkeystore
>> ------------------------------------------------------------------------------
>> Keystore type: JKS
>> Keystore provider: SUN
>>
>> Your keystore contains 2 entries
>>
>> Alias name: privkey
>> Creation date: 17/Ago/2009
>> Entry type: PrivateKeyEntry
>> Certificate chain length: 1
>> Certificate[1]:
>> Owner: CN=privkey
>> Issuer: CN=privkey
>> Serial number: 4a892d57
>> Valid from: Mon Aug 17 11:13:43 WEST 2009 until: Sun Nov 15 10:13:43 WET
>> 2009
>> Certificate fingerprints:
>> MD5: 73:C3:F4:BA:7E:54:E1:4E:2F:1A:B3:4A:60:92:C9:56
>> SHA1: CE:CE:D9:0A:ED:47:34:70:5D:10:A3:2C:00:6B:8E:84:70:64:44:13
>> Signature algorithm name: SHA1withDSA
>> Version: 3
>>
>>
>> *******************************************
>> *******************************************
>>
>>
>> Alias name: pubcert
>> Creation date: 17/Ago/2009
>> Entry type: trustedCertEntry
>>
>> Owner: CN=pubcert
>> Issuer: CN=pubcert
>> Serial number: 4a892d58
>> Valid from: Mon Aug 17 11:13:44 WEST 2009 until: Sun Nov 15 10:13:44 WET
>> 2009
>> Certificate fingerprints:
>> MD5: 51:34:C6:D8:8D:27:9B:EB:35:8C:47:EE:AD:B8:A1:05
>> SHA1: 89:C2:CC:BF:F2:31:87:20:E7:AB:14:16:8B:B1:BE:8B:58:9A:D0:64
>> Signature algorithm name: SHA1withDSA
>> Version: 3
>>
>>
>> *******************************************
>> *******************************************
>>
>>
>> 2009/8/17 Nitin Handa <nitin.handa@oracle.com <mailto:
>> nitin.handa@oracle.com>>
>>
>>
>> Try copying your keystore and cryptp.properties to your
>> WEB-INF/classes folder.
>>
>> Other thing to check out is your privkey should also have
>> certificates in keystore apart from private key.
>>
>> HTH,
>> Nitin
>>
>>
>>
>> Alexandre Veloso de Matos wrote:
>>
>> Dear all,
>>
>> I suppose this a question already addressed before. However,
>> even with the help of former responses I couldn't achieve an
>> answer to my problem.
>>
>> I have a web service. I want to sign any call to this web
>> service. For this I provided a keystore from where public and
>> private keys should be gathered. In fact, I tried to follow
>> the guidelines from this tutorial:
>> http://www.devx.com/Java/Article/28816/1954?pf=true.
>>
>> I've been receiving constantly the following exception:
>>
>> org.apache.ws.security.WSSecurityException: Error during
>> Signature: ; nested exception is:
>> org.apache.ws.security.WSSecurityException: General
>> security error (No certificates for user privkey were found
>> for signature)nothing
>> at
>>
>> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:60)
>> at
>>
>> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:201)
>> at
>>
>> org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:168)
>> at
>>
>> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>> at
>> org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
>> at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
>> at org.apache.axis.client.Call.invoke(Call.java:2767)
>> at org.apache.axis.client.Call.invoke(Call.java:2443)
>> at org.apache.axis.client.Call.invoke(Call.java:2366)
>> at org.apache.axis.client.Call.invoke(Call.java:1812)
>> at wss.client.PubCertClient.main(PubCertClient.java:57)
>> Caused by: org.apache.ws.security.WSSecurityException: General
>> security error (No certificates for user privkey were found
>> for signature)
>> at
>>
>> org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:311)
>> at
>>
>> org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:748)
>> at
>>
>> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
>> ... 12 more
>>
>> In order to clarify, my client deployment is guided by the
>> following:
>>
>> <deployment name="ClientConfig"
>> xmlns="http://xml.apache.org/axis/wsdd/"
>> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>> <transport name="http"
>> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>> <globalConfiguration >
>> <requestFlow>
>> <handler
>> type="java:org.apache.ws.axis.security.WSDoAllSender" >
>> <parameter name="user" value="privkey"/>
>> <parameter name="passwordCallbackClass"
>> value="wss.client.PWCallback"/>
>> <parameter name="action" value="Signature Encrypt"/>
>> <parameter name="signaturePropFile"
>> value="crypto.properties" />
>> </handler>
>> </requestFlow>
>> </globalConfiguration >
>> </deployment>
>>
>> and the server deployment descriptor is the following:
>>
>> <deployment
>> xmlns="http://xml.apache.org/axis/wsdd/"
>> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>>
>> <!-- Services from SignService WSDL service -->
>>
>> <service name="wss_service" provider="java:RPC" style="rpc"
>> use="encoded">
>> <requestFlow>
>> <handler
>> type="java:org.apache.ws.axis.security.WSDoAllReceiver">
>> <parameter name="passwordCallbackClass"
>> value="wss.server.PWCallback"/>
>> <parameter name="action" value="Signature Encrypt"/>
>> <parameter name="signaturePropFile"
>> value="crypto.properties" />
>> </handler>
>> </requestFlow> <parameter name="wsdlTargetNamespace"
>> value="urn:wss"/>
>> <parameter name="wsdlServiceElement" value="SignService"/>
>> <parameter name="wsdlServicePort" value="wss_service"/>
>> <parameter name="className"
>> value="wss.ws.Wss_serviceSoapBindingImpl"/>
>> <parameter name="wsdlPortType" value="Sign"/>
>> <parameter name="typeMappingVersion" value="1.2"/>
>> <operation name="getPubCert" qname="operNS:getPubCert"
>> xmlns:operNS="urn:wss" returnQName="getPubCertReturn"
>> returnType="rtns:string"
>> xmlns:rtns="http://schemas.xmlsoap.org/soap/encoding/"
>> soapAction="" >
>> </operation>
>> <parameter name="allowedMethods" value="getPubCert"/>
>> <parameter name="scope" value="Session"/>
>>
>> </service>
>> </deployment>
>>
>> And my crypto.properties file:
>>
>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>> org.apache.ws.security.crypto.merlin.keystore.password=foobar
>> org.apache.ws.security.crypto.merlin.alias.password=foobar
>> org.apache.ws.security.crypto.merlin.keystore.alias=privkey
>> org.apache.ws.security.crypto.merlin.keystore.file=privkeystore
>>
>> My latter attempts to bypass these exceptions:
>> 1) privkeystore path is on classpath
>> 2) there is a callback that returns the password for the alias
>> privkey (foobar)
>> 3) the crypto.properties is also on classpath
>>
>> Thanks for any clue on what could be happening.
>>
>> Best regards,
>>
>> Alex
>>
>>
>> -- Alexandre Veloso de Matos
>> Phd Student - Informatics Engineering Department
>> University of Coimbra - Coimbra, Portugal
>>
>>
>>
>>
>>
>> --
>> Alexandre Veloso de Matos
>> Phd Student - Informatics Engineering Department
>> University of Coimbra - Coimbra, Portugal
>>
>
>
--
Alexandre Veloso de Matos
Phd Student - Informatics Engineering Department
University of Coimbra - Coimbra, Portugal
Re: Newbie question
Posted by Nitin Handa <ni...@oracle.com>.
JKS and environment is perfectly fine..
I see your crypto.properties file is not something I am using..
For me this is working fine-
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=welcome1
org.apache.ws.security.crypto.merlin.file=default-keystore.jks
Please note the difference in the way i mentioned keystore file..
my - org.apache.ws.security.crypto.merlin.file=default-keystore.jks
your - org.apache.ws.security.crypto.merlin.*keystore*.file=privkeystore
Thanks
Nitin
Alexandre Veloso de Matos wrote:
> Hi NItin,
>
> I tried to copy both privkeystore and crypto.properties to
> WEB-INF/classes. And I also checked my keystore and as you can see
> bellow, this has both the private key and trusted certificate.
>
> Even with these two attempts the same exception is *thrown*.
>
> I suspect that there is some limitation on the type of keystore I'm
> using (jks) and the deployment environment (wss4j-1.5.7 + tomcat +
> axis1.4) - am I right ?
>
> Thanks for your help Nitin. I'll be very grateful for any support.
>
> Best regards,
>
> Alex
>
> ************************my privkeystore
> ------------------------------------------------------------------------------
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 2 entries
>
> Alias name: privkey
> Creation date: 17/Ago/2009
> Entry type: PrivateKeyEntry
> Certificate chain length: 1
> Certificate[1]:
> Owner: CN=privkey
> Issuer: CN=privkey
> Serial number: 4a892d57
> Valid from: Mon Aug 17 11:13:43 WEST 2009 until: Sun Nov 15 10:13:43
> WET 2009
> Certificate fingerprints:
> MD5: 73:C3:F4:BA:7E:54:E1:4E:2F:1A:B3:4A:60:92:C9:56
> SHA1: CE:CE:D9:0A:ED:47:34:70:5D:10:A3:2C:00:6B:8E:84:70:64:44:13
> Signature algorithm name: SHA1withDSA
> Version: 3
>
>
> *******************************************
> *******************************************
>
>
> Alias name: pubcert
> Creation date: 17/Ago/2009
> Entry type: trustedCertEntry
>
> Owner: CN=pubcert
> Issuer: CN=pubcert
> Serial number: 4a892d58
> Valid from: Mon Aug 17 11:13:44 WEST 2009 until: Sun Nov 15 10:13:44
> WET 2009
> Certificate fingerprints:
> MD5: 51:34:C6:D8:8D:27:9B:EB:35:8C:47:EE:AD:B8:A1:05
> SHA1: 89:C2:CC:BF:F2:31:87:20:E7:AB:14:16:8B:B1:BE:8B:58:9A:D0:64
> Signature algorithm name: SHA1withDSA
> Version: 3
>
>
> *******************************************
> *******************************************
>
>
> 2009/8/17 Nitin Handa <nitin.handa@oracle.com
> <ma...@oracle.com>>
>
> Try copying your keystore and cryptp.properties to your
> WEB-INF/classes folder.
>
> Other thing to check out is your privkey should also have
> certificates in keystore apart from private key.
>
> HTH,
> Nitin
>
>
>
> Alexandre Veloso de Matos wrote:
>
> Dear all,
>
> I suppose this a question already addressed before. However,
> even with the help of former responses I couldn't achieve an
> answer to my problem.
>
> I have a web service. I want to sign any call to this web
> service. For this I provided a keystore from where public and
> private keys should be gathered. In fact, I tried to follow
> the guidelines from this tutorial:
> http://www.devx.com/Java/Article/28816/1954?pf=true.
>
> I've been receiving constantly the following exception:
>
> org.apache.ws.security.WSSecurityException: Error during
> Signature: ; nested exception is:
> org.apache.ws.security.WSSecurityException: General
> security error (No certificates for user privkey were found
> for signature)nothing
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:60)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:201)
> at
> org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:168)
> at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> at
> org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
> at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
> at org.apache.axis.client.Call.invoke(Call.java:2767)
> at org.apache.axis.client.Call.invoke(Call.java:2443)
> at org.apache.axis.client.Call.invoke(Call.java:2366)
> at org.apache.axis.client.Call.invoke(Call.java:1812)
> at wss.client.PubCertClient.main(PubCertClient.java:57)
> Caused by: org.apache.ws.security.WSSecurityException: General
> security error (No certificates for user privkey were found
> for signature)
> at
> org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:311)
> at
> org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:748)
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
> ... 12 more
>
> In order to clarify, my client deployment is guided by the
> following:
>
> <deployment name="ClientConfig"
> xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration >
> <requestFlow>
> <handler
> type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="user" value="privkey"/>
> <parameter name="passwordCallbackClass"
> value="wss.client.PWCallback"/>
> <parameter name="action" value="Signature Encrypt"/>
> <parameter name="signaturePropFile"
> value="crypto.properties" />
> </handler>
> </requestFlow>
> </globalConfiguration >
> </deployment>
>
> and the server deployment descriptor is the following:
>
> <deployment
> xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>
> <!-- Services from SignService WSDL service -->
>
> <service name="wss_service" provider="java:RPC" style="rpc"
> use="encoded">
> <requestFlow>
> <handler
> type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> <parameter name="passwordCallbackClass"
> value="wss.server.PWCallback"/>
> <parameter name="action" value="Signature Encrypt"/>
> <parameter name="signaturePropFile"
> value="crypto.properties" />
> </handler>
> </requestFlow> <parameter name="wsdlTargetNamespace"
> value="urn:wss"/>
> <parameter name="wsdlServiceElement" value="SignService"/>
> <parameter name="wsdlServicePort" value="wss_service"/>
> <parameter name="className"
> value="wss.ws.Wss_serviceSoapBindingImpl"/>
> <parameter name="wsdlPortType" value="Sign"/>
> <parameter name="typeMappingVersion" value="1.2"/>
> <operation name="getPubCert" qname="operNS:getPubCert"
> xmlns:operNS="urn:wss" returnQName="getPubCertReturn"
> returnType="rtns:string"
> xmlns:rtns="http://schemas.xmlsoap.org/soap/encoding/"
> soapAction="" >
> </operation>
> <parameter name="allowedMethods" value="getPubCert"/>
> <parameter name="scope" value="Session"/>
>
> </service>
> </deployment>
>
> And my crypto.properties file:
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=foobar
> org.apache.ws.security.crypto.merlin.alias.password=foobar
> org.apache.ws.security.crypto.merlin.keystore.alias=privkey
> org.apache.ws.security.crypto.merlin.keystore.file=privkeystore
>
> My latter attempts to bypass these exceptions:
> 1) privkeystore path is on classpath
> 2) there is a callback that returns the password for the alias
> privkey (foobar)
> 3) the crypto.properties is also on classpath
>
> Thanks for any clue on what could be happening.
>
> Best regards,
>
> Alex
>
>
> --
> Alexandre Veloso de Matos
> Phd Student - Informatics Engineering Department
> University of Coimbra - Coimbra, Portugal
>
>
>
>
>
> --
> Alexandre Veloso de Matos
> Phd Student - Informatics Engineering Department
> University of Coimbra - Coimbra, Portugal
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Newbie question
Posted by Alexandre Veloso de Matos <al...@gmail.com>.
Hi NItin,
I tried to copy both privkeystore and crypto.properties to WEB-INF/classes.
And I also checked my keystore and as you can see bellow, this has both the
private key and trusted certificate.
Even with these two attempts the same exception is *thrown*.
I suspect that there is some limitation on the type of keystore I'm using
(jks) and the deployment environment (wss4j-1.5.7 + tomcat + axis1.4) - am
I right ?
Thanks for your help Nitin. I'll be very grateful for any support.
Best regards,
Alex
************************my privkeystore
------------------------------------------------------------------------------
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: privkey
Creation date: 17/Ago/2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=privkey
Issuer: CN=privkey
Serial number: 4a892d57
Valid from: Mon Aug 17 11:13:43 WEST 2009 until: Sun Nov 15 10:13:43 WET
2009
Certificate fingerprints:
MD5: 73:C3:F4:BA:7E:54:E1:4E:2F:1A:B3:4A:60:92:C9:56
SHA1: CE:CE:D9:0A:ED:47:34:70:5D:10:A3:2C:00:6B:8E:84:70:64:44:13
Signature algorithm name: SHA1withDSA
Version: 3
*******************************************
*******************************************
Alias name: pubcert
Creation date: 17/Ago/2009
Entry type: trustedCertEntry
Owner: CN=pubcert
Issuer: CN=pubcert
Serial number: 4a892d58
Valid from: Mon Aug 17 11:13:44 WEST 2009 until: Sun Nov 15 10:13:44 WET
2009
Certificate fingerprints:
MD5: 51:34:C6:D8:8D:27:9B:EB:35:8C:47:EE:AD:B8:A1:05
SHA1: 89:C2:CC:BF:F2:31:87:20:E7:AB:14:16:8B:B1:BE:8B:58:9A:D0:64
Signature algorithm name: SHA1withDSA
Version: 3
*******************************************
*******************************************
2009/8/17 Nitin Handa <ni...@oracle.com>
> Try copying your keystore and cryptp.properties to your WEB-INF/classes
> folder.
>
> Other thing to check out is your privkey should also have certificates in
> keystore apart from private key.
>
> HTH,
> Nitin
>
>
>
> Alexandre Veloso de Matos wrote:
>
>> Dear all,
>>
>> I suppose this a question already addressed before. However, even with the
>> help of former responses I couldn't achieve an answer to my problem.
>>
>> I have a web service. I want to sign any call to this web service. For
>> this I provided a keystore from where public and private keys should be
>> gathered. In fact, I tried to follow the guidelines from this tutorial:
>> http://www.devx.com/Java/Article/28816/1954?pf=true.
>>
>> I've been receiving constantly the following exception:
>>
>> org.apache.ws.security.WSSecurityException: Error during Signature: ;
>> nested exception is:
>> org.apache.ws.security.WSSecurityException: General security error (No
>> certificates for user privkey were found for signature)nothing
>> at
>> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:60)
>> at
>> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:201)
>> at
>> org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:168)
>> at
>> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
>> at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
>> at org.apache.axis.client.Call.invoke(Call.java:2767)
>> at org.apache.axis.client.Call.invoke(Call.java:2443)
>> at org.apache.axis.client.Call.invoke(Call.java:2366)
>> at org.apache.axis.client.Call.invoke(Call.java:1812)
>> at wss.client.PubCertClient.main(PubCertClient.java:57)
>> Caused by: org.apache.ws.security.WSSecurityException: General security
>> error (No certificates for user privkey were found for signature)
>> at
>> org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:311)
>> at
>> org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:748)
>> at
>> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
>> ... 12 more
>>
>> In order to clarify, my client deployment is guided by the following:
>>
>> <deployment name="ClientConfig" xmlns="http://xml.apache.org/axis/wsdd/"
>> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>> <transport name="http"
>> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>> <globalConfiguration >
>> <requestFlow>
>> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
>> <parameter name="user" value="privkey"/>
>> <parameter name="passwordCallbackClass"
>> value="wss.client.PWCallback"/>
>> <parameter name="action" value="Signature Encrypt"/>
>> <parameter name="signaturePropFile" value="crypto.properties" />
>> </handler>
>> </requestFlow>
>> </globalConfiguration >
>> </deployment>
>>
>> and the server deployment descriptor is the following:
>>
>> <deployment
>> xmlns="http://xml.apache.org/axis/wsdd/"
>> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>>
>> <!-- Services from SignService WSDL service -->
>>
>> <service name="wss_service" provider="java:RPC" style="rpc"
>> use="encoded">
>> <requestFlow>
>> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
>> <parameter name="passwordCallbackClass"
>> value="wss.server.PWCallback"/>
>> <parameter name="action" value="Signature Encrypt"/>
>> <parameter name="signaturePropFile" value="crypto.properties" />
>> </handler>
>> </requestFlow> <parameter name="wsdlTargetNamespace"
>> value="urn:wss"/>
>> <parameter name="wsdlServiceElement" value="SignService"/>
>> <parameter name="wsdlServicePort" value="wss_service"/>
>> <parameter name="className"
>> value="wss.ws.Wss_serviceSoapBindingImpl"/>
>> <parameter name="wsdlPortType" value="Sign"/>
>> <parameter name="typeMappingVersion" value="1.2"/>
>> <operation name="getPubCert" qname="operNS:getPubCert"
>> xmlns:operNS="urn:wss" returnQName="getPubCertReturn"
>> returnType="rtns:string" xmlns:rtns="
>> http://schemas.xmlsoap.org/soap/encoding/" soapAction="" >
>> </operation>
>> <parameter name="allowedMethods" value="getPubCert"/>
>> <parameter name="scope" value="Session"/>
>>
>> </service>
>> </deployment>
>>
>> And my crypto.properties file:
>>
>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>> org.apache.ws.security.crypto.merlin.keystore.password=foobar
>> org.apache.ws.security.crypto.merlin.alias.password=foobar
>> org.apache.ws.security.crypto.merlin.keystore.alias=privkey
>> org.apache.ws.security.crypto.merlin.keystore.file=privkeystore
>>
>> My latter attempts to bypass these exceptions:
>> 1) privkeystore path is on classpath
>> 2) there is a callback that returns the password for the alias privkey
>> (foobar)
>> 3) the crypto.properties is also on classpath
>>
>> Thanks for any clue on what could be happening.
>>
>> Best regards,
>>
>> Alex
>>
>>
>> --
>> Alexandre Veloso de Matos
>> Phd Student - Informatics Engineering Department
>> University of Coimbra - Coimbra, Portugal
>>
>
>
--
Alexandre Veloso de Matos
Phd Student - Informatics Engineering Department
University of Coimbra - Coimbra, Portugal
Re: Newbie question
Posted by Nitin Handa <ni...@oracle.com>.
Try copying your keystore and cryptp.properties to your WEB-INF/classes
folder.
Other thing to check out is your privkey should also have certificates
in keystore apart from private key.
HTH,
Nitin
Alexandre Veloso de Matos wrote:
> Dear all,
>
> I suppose this a question already addressed before. However, even with
> the help of former responses I couldn't achieve an answer to my problem.
>
> I have a web service. I want to sign any call to this web service. For
> this I provided a keystore from where public and private keys should
> be gathered. In fact, I tried to follow the guidelines from this
> tutorial: http://www.devx.com/Java/Article/28816/1954?pf=true.
>
> I've been receiving constantly the following exception:
>
> org.apache.ws.security.WSSecurityException: Error during Signature: ;
> nested exception is:
> org.apache.ws.security.WSSecurityException: General security error
> (No certificates for user privkey were found for signature)nothing
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:60)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:201)
> at
> org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:168)
> at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
> at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
> at org.apache.axis.client.Call.invoke(Call.java:2767)
> at org.apache.axis.client.Call.invoke(Call.java:2443)
> at org.apache.axis.client.Call.invoke(Call.java:2366)
> at org.apache.axis.client.Call.invoke(Call.java:1812)
> at wss.client.PubCertClient.main(PubCertClient.java:57)
> Caused by: org.apache.ws.security.WSSecurityException: General
> security error (No certificates for user privkey were found for signature)
> at
> org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:311)
> at
> org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:748)
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
> ... 12 more
>
> In order to clarify, my client deployment is guided by the following:
>
> <deployment name="ClientConfig"
> xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration >
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="user" value="privkey"/>
> <parameter name="passwordCallbackClass"
> value="wss.client.PWCallback"/>
> <parameter name="action" value="Signature Encrypt"/>
> <parameter name="signaturePropFile" value="crypto.properties" />
> </handler>
> </requestFlow>
> </globalConfiguration >
> </deployment>
>
> and the server deployment descriptor is the following:
>
> <deployment
> xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>
> <!-- Services from SignService WSDL service -->
>
> <service name="wss_service" provider="java:RPC" style="rpc"
> use="encoded">
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> <parameter name="passwordCallbackClass"
> value="wss.server.PWCallback"/>
> <parameter name="action" value="Signature Encrypt"/>
> <parameter name="signaturePropFile" value="crypto.properties" />
> </handler>
> </requestFlow>
> <parameter name="wsdlTargetNamespace" value="urn:wss"/>
> <parameter name="wsdlServiceElement" value="SignService"/>
> <parameter name="wsdlServicePort" value="wss_service"/>
> <parameter name="className"
> value="wss.ws.Wss_serviceSoapBindingImpl"/>
> <parameter name="wsdlPortType" value="Sign"/>
> <parameter name="typeMappingVersion" value="1.2"/>
> <operation name="getPubCert" qname="operNS:getPubCert"
> xmlns:operNS="urn:wss" returnQName="getPubCertReturn"
> returnType="rtns:string"
> xmlns:rtns="http://schemas.xmlsoap.org/soap/encoding/" soapAction="" >
> </operation>
> <parameter name="allowedMethods" value="getPubCert"/>
> <parameter name="scope" value="Session"/>
>
> </service>
> </deployment>
>
> And my crypto.properties file:
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=foobar
> org.apache.ws.security.crypto.merlin.alias.password=foobar
> org.apache.ws.security.crypto.merlin.keystore.alias=privkey
> org.apache.ws.security.crypto.merlin.keystore.file=privkeystore
>
> My latter attempts to bypass these exceptions:
> 1) privkeystore path is on classpath
> 2) there is a callback that returns the password for the alias privkey
> (foobar)
> 3) the crypto.properties is also on classpath
>
> Thanks for any clue on what could be happening.
>
> Best regards,
>
> Alex
>
>
> --
> Alexandre Veloso de Matos
> Phd Student - Informatics Engineering Department
> University of Coimbra - Coimbra, Portugal
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org