You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Subash Devkota <SD...@D2Hawkeye.com> on 2006/11/23 15:37:53 UTC

[Axis2] General security error (Unexpected number of X509Data: for Signature)

Hi all,

I am having problem in using my own certificate to implement WS-Security =

with Axis2 and rampart. I am using Axis2-1.0 and  rampart-1.0 module.
When I used the certificate and keys available in provided samples, it=20
works fine. When using my own certificates and keys (generated through=20
keytool) I get the error:

org.apache.axis2.AxisFault: WSHandler: Signature: error during message=20
procesingorg.apache.ws.security.WSSecurityException: General security=20
error (Unexpected number of X509Data: for Signature); nested exception =
is:
org.apache.ws.security.WSSecurityException: WSHandler: Signature: error=20
during message procesingorg.apache.ws.security.WSSecurityException:=20
General security error (Unexpected number of X509Data: for Signature)
at=20
org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.java=
:255)=20

at=20
org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandler.ja=
va:82)=20

at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
at=20
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOpera=
tion.java:328)=20

.
.
.
Caused by: org.apache.ws.security.WSSecurityException: WSHandler:=20
Signature: error during message=20
procesingorg.apache.ws.security.WSSecurityException: General security=20
error (Unexpected number of X509Data: for Signature)
at=20
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.jav=
a:57)=20

at=20
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:19=
1)
at=20
org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.java=
:181)=20

... 41 more

I have following setting in axis2.xml file for outflow section:
<parameter name=3D"OutflowSecurity">
      <action>
        <items>Timestamp   Signature Encrypt</items>
        <user>agent</user>
       =20
<passwordCallbackClass>myIntegration.PWCallback</passwordCallbackClass>
        <signaturePropFile>sec.properties</signaturePropFile>
        =
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
        =
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
        <encryptionUser>server</encryptionUser>
       =20
<signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Elemen=
t}{http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.o=
rg/2005/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/=
2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureP=
arts>

       =20
<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</opt=
imizeParts>
      </action>
    </parameter>

In sec.properties file, i have following configuration:

org.apache.ws.security.crypto.provider=3Dorg.apache.ws.security.component=
s.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=3Djks
org.apache.ws.security.crypto.merlin.keystore.password=3DagentPassword
org.apache.ws.security.crypto.merlin.file=3DclientSide.jks

In the clientSide.jks file, there are two entries for the certificates=20
with the alias "agent" and "server" ( viewed through keytool). The error =

remains same even if i change the value of <user>Agent</user> in =
axis2.xml.

Can anyone please suggest me the solution. I searched the google but=20
found only the problems but no solutions.

Thanks in advance
Subash 
 
 
PRIVACY NOTICE

This email and any attachments may be confidential and/or privileged. Use of the information contained in this email by anyone other than the intended recipient is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and delete this email.

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org

Re: [Axis2] General security error (Unexpected number of X509Data: for Signature)

Posted by Ruchith Fernando <ru...@gmail.com>.

Please see here :
http://www.wso2.net/kb/116

Thanks,
Ruchith

On 11/23/06, Subash Devkota <SD...@d2hawkeye.com> wrote:
> Hi all,
>
> I am having problem in using my own certificate to implement WS-Security =
>
> with Axis2 and rampart. I am using Axis2-1.0 and  rampart-1.0 module.
> When I used the certificate and keys available in provided samples, it=20
> works fine. When using my own certificates and keys (generated through=20
> keytool) I get the error:
>
> org.apache.axis2.AxisFault: WSHandler: Signature: error during message=20
> procesingorg.apache.ws.security.WSSecurityException: General security=20
> error (Unexpected number of X509Data: for Signature); nested exception =
> is:
> org.apache.ws.security.WSSecurityException: WSHandler: Signature: error=20
> during message procesingorg.apache.ws.security.WSSecurityException:=20
> General security error (Unexpected number of X509Data: for Signature)
> at=20
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.java=
> :255)=20
>
> at=20
> org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandler.ja=
> va:82)=20
>
> at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
> at=20
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOpera=
> tion.java:328)=20
>
> .
> .
> .
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler:=20
> Signature: error during message=20
> procesingorg.apache.ws.security.WSSecurityException: General security=20
> error (Unexpected number of X509Data: for Signature)
> at=20
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.jav=
> a:57)=20
>
> at=20
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:19=
> 1)
> at=20
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.java=
> :181)=20
>
> ... 41 more
>
> I have following setting in axis2.xml file for outflow section:
> <parameter name=3D"OutflowSecurity">
>       <action>
>         <items>Timestamp   Signature Encrypt</items>
>         <user>agent</user>
>        =20
> <passwordCallbackClass>myIntegration.PWCallback</passwordCallbackClass>
>         <signaturePropFile>sec.properties</signaturePropFile>
>         =
> <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
>         =
> <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
>         <encryptionUser>server</encryptionUser>
>        =20
> <signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Elemen=
> t}{http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.o=
> rg/2005/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/=
> 2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureP=
> arts>
>
>        =20
> <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</opt=
> imizeParts>
>       </action>
>     </parameter>
>
> In sec.properties file, i have following configuration:
>
> org.apache.ws.security.crypto.provider=3Dorg.apache.ws.security.component=
> s.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=3Djks
> org.apache.ws.security.crypto.merlin.keystore.password=3DagentPassword
> org.apache.ws.security.crypto.merlin.file=3DclientSide.jks
>
> In the clientSide.jks file, there are two entries for the certificates=20
> with the alias "agent" and "server" ( viewed through keytool). The error =
>
> remains same even if i change the value of <user>Agent</user> in =
> axis2.xml.
>
> Can anyone please suggest me the solution. I searched the google but=20
> found only the problems but no solutions.
>
> Thanks in advance
> Subash
>
>
> PRIVACY NOTICE
>
> This email and any attachments may be confidential and/or privileged. Use of the information contained in this email by anyone other than the intended recipient is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and delete this email.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>


-- 
www.ruchith.org

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org