You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by Jason Hall <ja...@mchsi.com> on 2018/07/02 16:51:02 UTC

Re: standalone API

thanks Colm.

   I found another "rookie" mistake i made as well.  I accidentally included a couple of the "...test" jar files in my application.  once i corrected the properties file, it was reading different values than what i had set in my properties files when i tried to load it from the classpath.

   I finally printed out the classpath and saw i had also included some "...test" jars where the test crypto.properties files were in there.  it was grabbing those values from the classpath instead of mine.  i could have corrected this by specifying a different properties file name but in the long run - the "jars" shouldnt be in my project anyway.

   Anyway thanks for the help.  i am sure i will have other questions shortly.

   thanks,
      Jason




----- Original Message -----
From: "Colm O hEigeartaigh" <co...@apache.org>
To: dev@ws.apache.org
Sent: Thursday, June 28, 2018 7:41:21 AM
Subject: Re: standalone API

The problem is that you are mixing up the crypto property prefixes between
your properties file and your code. Up to WSS4J 1.6.x, the crypto property
prefix was "org.apache.ws.security.crypto". From WSS4J 2.0.0 onwards, the
crypto property prefix is "org.apache.wss4j.crypto". However, newer version
of WSS4J support the older crypto property prefix as well in the code. This
webpage explains it all:

http://ws.apache.org/wss4j/config.html

In your case, the crypto properties file contains properties like:

org.apache.wss4j.crypto.merlin.keystore.alias

However in your code you are trying to read:

prop.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias")

So you are getting null values back from the properties file. Incidentally,
"alias.password" is not used in WSS4J, only "private.password". In the
examples, the password for the private key for signing is typically read
using a CallbackHandler. But you can also specify it in the properties file
using "org.apache.wss4j.crypto.merlin.keystore.private.password".

Colm.

On Wed, Jun 27, 2018 at 6:50 PM, Jason Hall <ja...@mchsi.com> wrote:

> In version 2.1.3: the code below worked fine for me.
> java.util.Map<String, Object> config = new java.util.TreeMap<>();
>
>         config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
>
>         // Get alias and password from properties file used for signing
>         Properties prop = new Properties();
>
>         prop.load(getClass().getClassLoader().getResourceAsStream("crypto.
> properties"));
>         String keyAlias;
>         String keyPass;
>         keyAlias = prop.getProperty("org.apache.ws.security.crypto.merlin.
> keystore.alias");
>         keyPass=prop.getProperty("org.apache.ws.security.crypto.merlin.alias.password");
>
>
>         //Prepare for first signature
>         WSSecSignature builder = new WSSecSignature();
>         builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
>         builder.setSigCanonicalization(WSConstants.C14N_EXCL_OMIT_COMMENTS);
>
>
>         builder.setUserInfo(keyAlias, keyPass);
>         builder.setUseSingleCertificate(true);
>         builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
> ---------------------------------------------------------------------
>
> In 2.1.12, i can't get it to load the keystore correctly.
>
>    i even tryied to open the crypto from a properties file instead of the
> classpath using your example below:
>
> java.util.Map<String, Object> config = new java.util.TreeMap<String,
> Object>();
>
>                 String basedir = System.getProperty("basedir");
>                 if (basedir == null) {
>                     basedir = new File(".").getCanonicalPath();
>                 }
>                File propsFile = new File(basedir +
> "/src/crypto.properties");
>
>                 config.put(WSHandlerConstants.SIG_PROP_FILE,
> propsFile.getPath());
>                 config.put("password", "myKeyStorePassword");
>                 reqData.setMsgContext(config);
>
>                 final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.
> SAMPLE_SOAP_MSG);
>                CustomHandler handler = new CustomHandler();
>                 HandlerAction action = new HandlerAction(WSConstants.
> SIGN);
>               handler.send(.....
>
>    But using my keystore and passwords: it always tells me that "no
> certificates for user "facts.navy.mil" were found for signature.
>    i dont think it is reading my keystore properly.  also in your examples
> - i cant see where it is specifying the private key password.  I did type
> it the properties in the crypto.properties file, but cant it to work.
> don't think it is reading/finding the keystore correctly and/or properties
> file correctly to read the parameters.
>
>
> My properties file:
> org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin
> org.apache.wss4j.crypto.merlin.keystore.type=jks
> org.apache.wss4j.crypto.merlin.keystore.password=FA12345
> org.apache.wss4j.crypto.merlin.keystore.alias=facts.navy.mil
> org.apache.wss4j.crypto.merlin.keystore.alias.password=selfCerr
> org.apache.wss4j.crypto.merlin.keystore.private.password=selfCerr
> org.apache.wss4j.crypto.merlin.keystore.file=
> WebServicesDoDKeyStore2014.jks
>
> I saw reference to both these lines for the private key password.  didnt
> know which is correct - so i added both.
> org.apache.wss4j.crypto.merlin.keystore.alias.password=selfCerr
> org.apache.wss4j.crypto.merlin.keystore.private.password=selfCerr
>
>    thanks,
>       Jason
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: dev-help@ws.apache.org
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org