You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Emanuel Haisiuc <em...@gmail.com> on 2006/02/08 17:24:42 UTC
Exception: General security error (Unexpected number of X509Data: for Signature)
Hi!
I'm getting this exception when trying to run my client:
08.02.2006 18:16:30
org.apache.ws.security.components.crypto.CryptoFactory loadClass
INFO: Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
Unable to make the call to method: WSHandler: Signature: error during
message procesingorg.apache.ws.security.WSSecurity
Exception: General security error (Unexpected number of X509Data: for Signature)
My cliend's wsdd file is:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender" />
<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature" />
<parameter name="signaturePropFile" value="cx509sign.props" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="passwordCallbackClass"
value="javawsx509signingclient.PWCallback" />
<parameter name="user" value="manu" />
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
where cx509sign.props is:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=foobar
org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
org.apache.ws.security.crypto.merlin.alias.password=foobar
org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
Pubkeystore listing is:
C:\publicks>keytool -list -keystore pubkeystore
Enter keystore password: foobar
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
ehpubcert, 08.02.2006, keyEntry,
Certificate fingerprint (MD5): 5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
What should I look for and what, to make it work?
Thank you!
Emanuel
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Exception: General security error (Unexpected number of X509Data:
for Signature)
Posted by Alessandro Gilardoni <a....@alice.it>.
Thanks Emanuel,
is there anone that have done signature and encryption programmatically
verifying succesfully on the server side ?
is there a possibility to decrypt a soapmessage programmatically ? i
found many errors, but probably i don't do the right way.
best regards.
Alessandro
Emanuel Haisiuc ha scritto:
> Hi Alessandro,
>
> I'm sorry, but I cannot answer to your question. I'm new to wss4j
> (about a week) and I'm trying now to do something programatically. All
> I've managed to do is to set the parameter's through the wsdd
> configuration files, and make it work.
>
> I hope someone with more experience will read this thread and answer to you.
>
> Regards,
> Emanuel
>
> On 2/9/06, Alessandro Gilardoni <a....@alice.it> wrote:
>
>> Hi Emanuel,
>> i'm trying to sign a message (programmatically with 2ss4j) and to send
>> to a server that must verify it with wss4j.
>> I sign the message programmatically while the server is deployed with a
>> deployment descriptor. I always have a signature verification fault.
>> To sign the message and verify it on the client side i need to set up
>> the actor (WSSignEnvelope builder = new WSSignEnvelope("some sort of
>> actor"); ) otherwise the verification fails also on the client side
>> if i do on the client side:
>>
>> Document doc =
>> unsignedEnvelope.getSOAPEnvelope().getAsDocument();
>> WSSignEnvelope builder = new WSSignEnvelope();
>> builder.setUserInfo(privateKeyAlias,
>> privateKeyPass);
>>
>> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); // This
>> does embed the certificate.
>> Document signedDoc = builder.build(doc, crypto);
>> Message signedMsg = (Message)
>> SOAPUtil.toSOAPMessage(signedDoc);
>> Document Doc1 =
>> signedMsg.getSOAPEnvelope().getAsDocument();
>> verify(Doc1);
>>
>> i have a signature verification fault, but if a put an actor
>> (WSSignEnvelope builder = new WSSignEnvelope("client");) the signature
>> verification it's ok .....but not on the server side....
>> any hints ?
>> sorry to send a very long e-mail but no one answer to my previous emails...
>> best regards.
>> last question: it's possible to decrypt a soapmessage programmatically ?
>> HOW ?
>>
>>
>> Alessandro
>>
>>
>>
>>
>>
>> Emanuel Haisiuc ha scritto:
>>
>>> I've managed to get it working by setting the user parameter in the
>>> wsdd file to match the alias of the searched certificate in the
>>> keystore. In the PWCallback class I'm setting the password for that
>>> certificate. And it works fine :)
>>>
>>> Emanuel
>>>
>>>
>>>
>>> On 2/8/06, *DFrahm@teamhuber.com <ma...@teamhuber.com>*
>>> <DFrahm@teamhuber.com <ma...@teamhuber.com>> wrote:
>>>
>>>
>>> I think the answer may depend on how you are using Axis/WSS4J.
>>> I'm not using any config files, and doing everything in a
>>> handler. Here's an example of my code, but I'm no expert so this
>>> could be a really bad (but working) example ;-)
>>>
>>> You can see I set the cert alias and password both in my
>>> Properties object for the Crypto, and via the
>>> WSSignEnvelope.setKeyIdentifier() method. Not sure if this is
>>> necessary or the best way, but it works for me. I haven't made
>>> time for "code cleanup" yet.
>>>
>>> [...snip...]
>>> Message requestMessage =
>>> msgContext.getRequestMessage();
>>> SOAPEnvelope unsignedEnvelope =
>>> requestMessage.getSOAPEnvelope();
>>> Document doc =
>>> unsignedEnvelope.getAsDocument ();
>>>
>>> // WSS4J Start
>>> ---------------------------------------------
>>>
>>> /*
>>> * Instantiate Crypto for WSS4J via
>>> dynamic methods. Domino agents
>>> * can't see file resources, plus we need
>>> to compute the keystore
>>> * location anyway.
>>> */
>>> String cryptoClassName = "
>>> org.apache.ws.security.components.crypto.BouncyCastle"; //
>>> "org.apache.ws.security.components.crypto.Merlin"
>>> Properties properties = new Properties();
>>>
>>> properties.put("org.apache.ws.security.crypto.provider",
>>> cryptoClassName);
>>>
>>> properties.put("org.apache.ws.security.crypto.merlin.keystore.type",
>>> keystoreType);
>>>
>>> properties.put("org.apache.ws.security.crypto.merlin.keystore.password
>>> ", keystorePass);
>>>
>>> properties.put("org.apache.ws.security.crypto.merlin.keystore.alias",
>>> privateKeyAlias);
>>>
>>> properties.put("org.apache.ws.security.crypto.merlin.alias.password",
>>> privateKeyPass);
>>>
>>> properties.put("org.apache.ws.security.crypto.merlin.file ",
>>> keystoreFile);
>>> Crypto crypto =
>>> CryptoFactory.getInstance(cryptoClassName, properties);
>>>
>>> WSSignEnvelope builder = new
>>> WSSignEnvelope();
>>> builder.setUserInfo(privateKeyAlias,
>>> privateKeyPass);
>>> // builder.setKeyIdentifierType
>>> (WSConstants.ISSUER_SERIAL); // Doesn't embed the certificate.
>>>
>>> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); //
>>> This does embed the certificate.
>>> WSSAddUsernameToken usernameToken = new
>>> WSSAddUsernameToken();
>>> builder.setUsernameToken (usernameToken);
>>> Document signedDoc = builder.build(doc,
>>> crypto);
>>>
>>> /*
>>> * Convert the resulting document into a
>>> message first. The
>>> * toSOAPMessage() method performs the
>>> necessary c14n call to
>>> * properly set up the signed document and
>>> convert it into a SOAP
>>> * message.
>>> */
>>> Message signedMsg = (Message)
>>> SOAPUtil.toSOAPMessage(signedDoc);
>>> if ( logger.isDebugEnabled()) {
>>> logger.debug("Signed message:");
>>>
>>> XMLUtils.PrettyElementToWriter(signedMsg.getSOAPEnvelope().getAsDOM(),
>>> new PrintWriter(System.out));
>>> }
>>>
>>> /*
>>> * Extract as a document again if need
>>> further processing. signedDoc =
>>> * signedMsg.getSOAPEnvelope
>>> ().getAsDocument();
>>> */
>>>
>>> /*
>>> * Set signed message as current message.
>>> */
>>> msgContext.setCurrentMessage(signedMsg);
>>>
>>> // WSS4J End
>>> ---------------------------------------------
>>> [...snip...]
>>>
>>>
>>>
>>>
>>> *Emanuel Haisiuc <emanuel.haisiuc@gmail.com
>>> <ma...@gmail.com>>*
>>>
>>> 02/08/2006 11:31 AM
>>>
>>>
>>> To
>>> "DFrahm@teamhuber.com <ma...@teamhuber.com>" <
>>> DFrahm@teamhuber.com <ma...@teamhuber.com>>,
>>> wss4j-dev@ws.apache.org <ma...@ws.apache.org>
>>> cc
>>>
>>> Subject
>>> Re: Exception: General security error (Unexpected number of
>>> X509Data: for Signature)
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> I have the same sense about this one.
>>>
>>> My question is: how do I indicate to the client which key to use
>>> from the keystore?
>>>
>>> Is the "user" parameter from the handler in the client's
>>> configuration wsdd file used to identify the certificate to be
>>> used from the keystore?
>>>
>>> Hope my questins make sense.
>>>
>>> Thank you!
>>>
>>> Emanuel
>>>
>>>
>>> On 2/8/06, *_DFrahm@teamhuber.com_* <ma...@teamhuber.com>
>>> < _DFrahm@teamhuber.com_ <ma...@teamhuber.com>> wrote:
>>>
>>> When I got that error, it was because the machine I was running on
>>> didn't have the certificate in the keystore. In your case that
>>> would be the cert " ehpubcert".
>>>
>>>
>>>
>>> *Emanuel Haisiuc <* *_emanuel.haisiuc@gmail.com_*
>>> <ma...@gmail.com>*>*
>>>
>>> 02/08/2006 10:24 AM
>>>
>>>
>>> To
>>> _wss4j-dev@ws.apache.org_ <ma...@ws.apache.org>
>>> cc
>>>
>>>
>>> Subject
>>> Exception: General security error (Unexpected number of X509Data:
>>> for Signature)
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Hi!
>>>
>>> I'm getting this exception when trying to run my client:
>>>
>>> 08.02.2006 18:16:30
>>> org.apache.ws.security.components.crypto.CryptoFactory loadClass
>>> INFO: Using Crypto Engine [
>>> org.apache.ws.security.components.crypto.Merlin]
>>> Unable to make the call to method: WSHandler: Signature: error during
>>> message procesingorg.apache.ws.security.WSSecurity
>>> Exception: General security error (Unexpected number of X509Data:
>>> for Signature)
>>>
>>> My cliend's wsdd file is:
>>>
>>> <deployment xmlns=" _http://xml.apache.org/axis/wsdd/_"
>>> xmlns:java=" _http://xml.apache.org/axis/wsdd/providers/java_">
>>> <transport name="http"
>>> pivot="java:org.apache.axis.transport.http.HTTPSender " />
>>> <globalConfiguration>
>>> <requestFlow>
>>> <handler
>>> type="java: org.apache.ws.axis.security.WSDoAllSender ">
>>>
>>> <parameter name="action" value="Signature" />
>>>
>>> <parameter name="signaturePropFile" value=" cx509sign.props" />
>>>
>>> <parameter name="signatureKeyIdentifier" value="DirectReference" />
>>>
>>> <parameter name="passwordCallbackClass"
>>> value="javawsx509signingclient.PWCallback" />
>>>
>>> <parameter name="user" value="manu" />
>>> </handler>
>>> </requestFlow>
>>> </globalConfiguration>
>>> </deployment>
>>>
>>> where cx509sign.props is:
>>>
>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>>>
>>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>>> org.apache.ws.security.crypto.merlin.keystore.password=foobar
>>> org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
>>> org.apache.ws.security.crypto.merlin.alias.password=foobar
>>> org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
>>>
>>> Pubkeystore listing is:
>>>
>>> C:\publicks>keytool -list -keystore pubkeystore
>>> Enter keystore password: foobar
>>>
>>> Keystore type: jks
>>> Keystore provider: SUN
>>>
>>> Your keystore contains 1 entry
>>>
>>> ehpubcert, 08.02.2006, keyEntry,
>>> Certificate fingerprint (MD5):
>>> 5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
>>>
>>> What should I look for and what, to make it work?
>>>
>>> Thank you!
>>>
>>> Emanuel
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: _wss4j-dev-unsubscribe@ws.apache.org_
>>> <ma...@ws.apache.org>
>>> For additional commands, e-mail: _wss4j-dev-help@ws.apache.org _
>>> <ma...@ws.apache.org>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> No virus found in this incoming message.
>>> Checked by AVG Free Edition.
>>> Version: 7.1.375 / Virus Database: 267.15.3/254 - Release Date: 08/02/2006
>>>
>>>
>>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Exception: General security error (Unexpected number of X509Data:
for Signature)
Posted by Alessandro Gilardoni <a....@alice.it>.
Thanks Emanuel,
is there anone that have done signature and encryption programmatically
verifying succesfully on the server side ?
is there a possibility to decrypt a soapmessage programmatically ? i
found many errors, but probably i don't do the right way.
best regards.
Alessandro
Emanuel Haisiuc ha scritto:
> Hi Alessandro,
>
> I'm sorry, but I cannot answer to your question. I'm new to wss4j
> (about a week) and I'm trying now to do something programatically. All
> I've managed to do is to set the parameter's through the wsdd
> configuration files, and make it work.
>
> I hope someone with more experience will read this thread and answer to you.
>
> Regards,
> Emanuel
>
> On 2/9/06, Alessandro Gilardoni <a....@alice.it> wrote:
>
>> Hi Emanuel,
>> i'm trying to sign a message (programmatically with 2ss4j) and to send
>> to a server that must verify it with wss4j.
>> I sign the message programmatically while the server is deployed with a
>> deployment descriptor. I always have a signature verification fault.
>> To sign the message and verify it on the client side i need to set up
>> the actor (WSSignEnvelope builder = new WSSignEnvelope("some sort of
>> actor"); ) otherwise the verification fails also on the client side
>> if i do on the client side:
>>
>> Document doc =
>> unsignedEnvelope.getSOAPEnvelope().getAsDocument();
>> WSSignEnvelope builder = new WSSignEnvelope();
>> builder.setUserInfo(privateKeyAlias,
>> privateKeyPass);
>>
>> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); // This
>> does embed the certificate.
>> Document signedDoc = builder.build(doc, crypto);
>> Message signedMsg = (Message)
>> SOAPUtil.toSOAPMessage(signedDoc);
>> Document Doc1 =
>> signedMsg.getSOAPEnvelope().getAsDocument();
>> verify(Doc1);
>>
>> i have a signature verification fault, but if a put an actor
>> (WSSignEnvelope builder = new WSSignEnvelope("client");) the signature
>> verification it's ok .....but not on the server side....
>> any hints ?
>> sorry to send a very long e-mail but no one answer to my previous emails...
>> best regards.
>> last question: it's possible to decrypt a soapmessage programmatically ?
>> HOW ?
>>
>>
>> Alessandro
>>
>>
>>
>>
>>
>> Emanuel Haisiuc ha scritto:
>>
>>> I've managed to get it working by setting the user parameter in the
>>> wsdd file to match the alias of the searched certificate in the
>>> keystore. In the PWCallback class I'm setting the password for that
>>> certificate. And it works fine :)
>>>
>>> Emanuel
>>>
>>>
>>>
>>> On 2/8/06, *DFrahm@teamhuber.com <ma...@teamhuber.com>*
>>> <DFrahm@teamhuber.com <ma...@teamhuber.com>> wrote:
>>>
>>>
>>> I think the answer may depend on how you are using Axis/WSS4J.
>>> I'm not using any config files, and doing everything in a
>>> handler. Here's an example of my code, but I'm no expert so this
>>> could be a really bad (but working) example ;-)
>>>
>>> You can see I set the cert alias and password both in my
>>> Properties object for the Crypto, and via the
>>> WSSignEnvelope.setKeyIdentifier() method. Not sure if this is
>>> necessary or the best way, but it works for me. I haven't made
>>> time for "code cleanup" yet.
>>>
>>> [...snip...]
>>> Message requestMessage =
>>> msgContext.getRequestMessage();
>>> SOAPEnvelope unsignedEnvelope =
>>> requestMessage.getSOAPEnvelope();
>>> Document doc =
>>> unsignedEnvelope.getAsDocument ();
>>>
>>> // WSS4J Start
>>> ---------------------------------------------
>>>
>>> /*
>>> * Instantiate Crypto for WSS4J via
>>> dynamic methods. Domino agents
>>> * can't see file resources, plus we need
>>> to compute the keystore
>>> * location anyway.
>>> */
>>> String cryptoClassName = "
>>> org.apache.ws.security.components.crypto.BouncyCastle"; //
>>> "org.apache.ws.security.components.crypto.Merlin"
>>> Properties properties = new Properties();
>>>
>>> properties.put("org.apache.ws.security.crypto.provider",
>>> cryptoClassName);
>>>
>>> properties.put("org.apache.ws.security.crypto.merlin.keystore.type",
>>> keystoreType);
>>>
>>> properties.put("org.apache.ws.security.crypto.merlin.keystore.password
>>> ", keystorePass);
>>>
>>> properties.put("org.apache.ws.security.crypto.merlin.keystore.alias",
>>> privateKeyAlias);
>>>
>>> properties.put("org.apache.ws.security.crypto.merlin.alias.password",
>>> privateKeyPass);
>>>
>>> properties.put("org.apache.ws.security.crypto.merlin.file ",
>>> keystoreFile);
>>> Crypto crypto =
>>> CryptoFactory.getInstance(cryptoClassName, properties);
>>>
>>> WSSignEnvelope builder = new
>>> WSSignEnvelope();
>>> builder.setUserInfo(privateKeyAlias,
>>> privateKeyPass);
>>> // builder.setKeyIdentifierType
>>> (WSConstants.ISSUER_SERIAL); // Doesn't embed the certificate.
>>>
>>> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); //
>>> This does embed the certificate.
>>> WSSAddUsernameToken usernameToken = new
>>> WSSAddUsernameToken();
>>> builder.setUsernameToken (usernameToken);
>>> Document signedDoc = builder.build(doc,
>>> crypto);
>>>
>>> /*
>>> * Convert the resulting document into a
>>> message first. The
>>> * toSOAPMessage() method performs the
>>> necessary c14n call to
>>> * properly set up the signed document and
>>> convert it into a SOAP
>>> * message.
>>> */
>>> Message signedMsg = (Message)
>>> SOAPUtil.toSOAPMessage(signedDoc);
>>> if ( logger.isDebugEnabled()) {
>>> logger.debug("Signed message:");
>>>
>>> XMLUtils.PrettyElementToWriter(signedMsg.getSOAPEnvelope().getAsDOM(),
>>> new PrintWriter(System.out));
>>> }
>>>
>>> /*
>>> * Extract as a document again if need
>>> further processing. signedDoc =
>>> * signedMsg.getSOAPEnvelope
>>> ().getAsDocument();
>>> */
>>>
>>> /*
>>> * Set signed message as current message.
>>> */
>>> msgContext.setCurrentMessage(signedMsg);
>>>
>>> // WSS4J End
>>> ---------------------------------------------
>>> [...snip...]
>>>
>>>
>>>
>>>
>>> *Emanuel Haisiuc <emanuel.haisiuc@gmail.com
>>> <ma...@gmail.com>>*
>>>
>>> 02/08/2006 11:31 AM
>>>
>>>
>>> To
>>> "DFrahm@teamhuber.com <ma...@teamhuber.com>" <
>>> DFrahm@teamhuber.com <ma...@teamhuber.com>>,
>>> wss4j-dev@ws.apache.org <ma...@ws.apache.org>
>>> cc
>>>
>>> Subject
>>> Re: Exception: General security error (Unexpected number of
>>> X509Data: for Signature)
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> I have the same sense about this one.
>>>
>>> My question is: how do I indicate to the client which key to use
>>> from the keystore?
>>>
>>> Is the "user" parameter from the handler in the client's
>>> configuration wsdd file used to identify the certificate to be
>>> used from the keystore?
>>>
>>> Hope my questins make sense.
>>>
>>> Thank you!
>>>
>>> Emanuel
>>>
>>>
>>> On 2/8/06, *_DFrahm@teamhuber.com_* <ma...@teamhuber.com>
>>> < _DFrahm@teamhuber.com_ <ma...@teamhuber.com>> wrote:
>>>
>>> When I got that error, it was because the machine I was running on
>>> didn't have the certificate in the keystore. In your case that
>>> would be the cert " ehpubcert".
>>>
>>>
>>>
>>> *Emanuel Haisiuc <* *_emanuel.haisiuc@gmail.com_*
>>> <ma...@gmail.com>*>*
>>>
>>> 02/08/2006 10:24 AM
>>>
>>>
>>> To
>>> _wss4j-dev@ws.apache.org_ <ma...@ws.apache.org>
>>> cc
>>>
>>>
>>> Subject
>>> Exception: General security error (Unexpected number of X509Data:
>>> for Signature)
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Hi!
>>>
>>> I'm getting this exception when trying to run my client:
>>>
>>> 08.02.2006 18:16:30
>>> org.apache.ws.security.components.crypto.CryptoFactory loadClass
>>> INFO: Using Crypto Engine [
>>> org.apache.ws.security.components.crypto.Merlin]
>>> Unable to make the call to method: WSHandler: Signature: error during
>>> message procesingorg.apache.ws.security.WSSecurity
>>> Exception: General security error (Unexpected number of X509Data:
>>> for Signature)
>>>
>>> My cliend's wsdd file is:
>>>
>>> <deployment xmlns=" _http://xml.apache.org/axis/wsdd/_"
>>> xmlns:java=" _http://xml.apache.org/axis/wsdd/providers/java_">
>>> <transport name="http"
>>> pivot="java:org.apache.axis.transport.http.HTTPSender " />
>>> <globalConfiguration>
>>> <requestFlow>
>>> <handler
>>> type="java: org.apache.ws.axis.security.WSDoAllSender ">
>>>
>>> <parameter name="action" value="Signature" />
>>>
>>> <parameter name="signaturePropFile" value=" cx509sign.props" />
>>>
>>> <parameter name="signatureKeyIdentifier" value="DirectReference" />
>>>
>>> <parameter name="passwordCallbackClass"
>>> value="javawsx509signingclient.PWCallback" />
>>>
>>> <parameter name="user" value="manu" />
>>> </handler>
>>> </requestFlow>
>>> </globalConfiguration>
>>> </deployment>
>>>
>>> where cx509sign.props is:
>>>
>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>>>
>>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>>> org.apache.ws.security.crypto.merlin.keystore.password=foobar
>>> org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
>>> org.apache.ws.security.crypto.merlin.alias.password=foobar
>>> org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
>>>
>>> Pubkeystore listing is:
>>>
>>> C:\publicks>keytool -list -keystore pubkeystore
>>> Enter keystore password: foobar
>>>
>>> Keystore type: jks
>>> Keystore provider: SUN
>>>
>>> Your keystore contains 1 entry
>>>
>>> ehpubcert, 08.02.2006, keyEntry,
>>> Certificate fingerprint (MD5):
>>> 5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
>>>
>>> What should I look for and what, to make it work?
>>>
>>> Thank you!
>>>
>>> Emanuel
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: _wss4j-dev-unsubscribe@ws.apache.org_
>>> <ma...@ws.apache.org>
>>> For additional commands, e-mail: _wss4j-dev-help@ws.apache.org _
>>> <ma...@ws.apache.org>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> No virus found in this incoming message.
>>> Checked by AVG Free Edition.
>>> Version: 7.1.375 / Virus Database: 267.15.3/254 - Release Date: 08/02/2006
>>>
>>>
>>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Exception: General security error (Unexpected number of X509Data: for Signature)
Posted by Emanuel Haisiuc <em...@gmail.com>.
Hi Alessandro,
I'm sorry, but I cannot answer to your question. I'm new to wss4j
(about a week) and I'm trying now to do something programatically. All
I've managed to do is to set the parameter's through the wsdd
configuration files, and make it work.
I hope someone with more experience will read this thread and answer to you.
Regards,
Emanuel
On 2/9/06, Alessandro Gilardoni <a....@alice.it> wrote:
> Hi Emanuel,
> i'm trying to sign a message (programmatically with 2ss4j) and to send
> to a server that must verify it with wss4j.
> I sign the message programmatically while the server is deployed with a
> deployment descriptor. I always have a signature verification fault.
> To sign the message and verify it on the client side i need to set up
> the actor (WSSignEnvelope builder = new WSSignEnvelope("some sort of
> actor"); ) otherwise the verification fails also on the client side
> if i do on the client side:
>
> Document doc =
> unsignedEnvelope.getSOAPEnvelope().getAsDocument();
> WSSignEnvelope builder = new WSSignEnvelope();
> builder.setUserInfo(privateKeyAlias,
> privateKeyPass);
>
> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); // This
> does embed the certificate.
> Document signedDoc = builder.build(doc, crypto);
> Message signedMsg = (Message)
> SOAPUtil.toSOAPMessage(signedDoc);
> Document Doc1 =
> signedMsg.getSOAPEnvelope().getAsDocument();
> verify(Doc1);
>
> i have a signature verification fault, but if a put an actor
> (WSSignEnvelope builder = new WSSignEnvelope("client");) the signature
> verification it's ok .....but not on the server side....
> any hints ?
> sorry to send a very long e-mail but no one answer to my previous emails...
> best regards.
> last question: it's possible to decrypt a soapmessage programmatically ?
> HOW ?
>
>
> Alessandro
>
>
>
>
>
> Emanuel Haisiuc ha scritto:
> > I've managed to get it working by setting the user parameter in the
> > wsdd file to match the alias of the searched certificate in the
> > keystore. In the PWCallback class I'm setting the password for that
> > certificate. And it works fine :)
> >
> > Emanuel
> >
> >
> >
> > On 2/8/06, *DFrahm@teamhuber.com <ma...@teamhuber.com>*
> > <DFrahm@teamhuber.com <ma...@teamhuber.com>> wrote:
> >
> >
> > I think the answer may depend on how you are using Axis/WSS4J.
> > I'm not using any config files, and doing everything in a
> > handler. Here's an example of my code, but I'm no expert so this
> > could be a really bad (but working) example ;-)
> >
> > You can see I set the cert alias and password both in my
> > Properties object for the Crypto, and via the
> > WSSignEnvelope.setKeyIdentifier() method. Not sure if this is
> > necessary or the best way, but it works for me. I haven't made
> > time for "code cleanup" yet.
> >
> > [...snip...]
> > Message requestMessage =
> > msgContext.getRequestMessage();
> > SOAPEnvelope unsignedEnvelope =
> > requestMessage.getSOAPEnvelope();
> > Document doc =
> > unsignedEnvelope.getAsDocument ();
> >
> > // WSS4J Start
> > ---------------------------------------------
> >
> > /*
> > * Instantiate Crypto for WSS4J via
> > dynamic methods. Domino agents
> > * can't see file resources, plus we need
> > to compute the keystore
> > * location anyway.
> > */
> > String cryptoClassName = "
> > org.apache.ws.security.components.crypto.BouncyCastle"; //
> > "org.apache.ws.security.components.crypto.Merlin"
> > Properties properties = new Properties();
> >
> > properties.put("org.apache.ws.security.crypto.provider",
> > cryptoClassName);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.keystore.type",
> > keystoreType);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.keystore.password
> > ", keystorePass);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.keystore.alias",
> > privateKeyAlias);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.alias.password",
> > privateKeyPass);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.file ",
> > keystoreFile);
> > Crypto crypto =
> > CryptoFactory.getInstance(cryptoClassName, properties);
> >
> > WSSignEnvelope builder = new
> > WSSignEnvelope();
> > builder.setUserInfo(privateKeyAlias,
> > privateKeyPass);
> > // builder.setKeyIdentifierType
> > (WSConstants.ISSUER_SERIAL); // Doesn't embed the certificate.
> >
> > builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); //
> > This does embed the certificate.
> > WSSAddUsernameToken usernameToken = new
> > WSSAddUsernameToken();
> > builder.setUsernameToken (usernameToken);
> > Document signedDoc = builder.build(doc,
> > crypto);
> >
> > /*
> > * Convert the resulting document into a
> > message first. The
> > * toSOAPMessage() method performs the
> > necessary c14n call to
> > * properly set up the signed document and
> > convert it into a SOAP
> > * message.
> > */
> > Message signedMsg = (Message)
> > SOAPUtil.toSOAPMessage(signedDoc);
> > if ( logger.isDebugEnabled()) {
> > logger.debug("Signed message:");
> >
> > XMLUtils.PrettyElementToWriter(signedMsg.getSOAPEnvelope().getAsDOM(),
> > new PrintWriter(System.out));
> > }
> >
> > /*
> > * Extract as a document again if need
> > further processing. signedDoc =
> > * signedMsg.getSOAPEnvelope
> > ().getAsDocument();
> > */
> >
> > /*
> > * Set signed message as current message.
> > */
> > msgContext.setCurrentMessage(signedMsg);
> >
> > // WSS4J End
> > ---------------------------------------------
> > [...snip...]
> >
> >
> >
> >
> > *Emanuel Haisiuc <emanuel.haisiuc@gmail.com
> > <ma...@gmail.com>>*
> >
> > 02/08/2006 11:31 AM
> >
> >
> > To
> > "DFrahm@teamhuber.com <ma...@teamhuber.com>" <
> > DFrahm@teamhuber.com <ma...@teamhuber.com>>,
> > wss4j-dev@ws.apache.org <ma...@ws.apache.org>
> > cc
> >
> > Subject
> > Re: Exception: General security error (Unexpected number of
> > X509Data: for Signature)
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > I have the same sense about this one.
> >
> > My question is: how do I indicate to the client which key to use
> > from the keystore?
> >
> > Is the "user" parameter from the handler in the client's
> > configuration wsdd file used to identify the certificate to be
> > used from the keystore?
> >
> > Hope my questins make sense.
> >
> > Thank you!
> >
> > Emanuel
> >
> >
> > On 2/8/06, *_DFrahm@teamhuber.com_* <ma...@teamhuber.com>
> > < _DFrahm@teamhuber.com_ <ma...@teamhuber.com>> wrote:
> >
> > When I got that error, it was because the machine I was running on
> > didn't have the certificate in the keystore. In your case that
> > would be the cert " ehpubcert".
> >
> >
> >
> > *Emanuel Haisiuc <* *_emanuel.haisiuc@gmail.com_*
> > <ma...@gmail.com>*>*
> >
> > 02/08/2006 10:24 AM
> >
> >
> > To
> > _wss4j-dev@ws.apache.org_ <ma...@ws.apache.org>
> > cc
> >
> >
> > Subject
> > Exception: General security error (Unexpected number of X509Data:
> > for Signature)
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Hi!
> >
> > I'm getting this exception when trying to run my client:
> >
> > 08.02.2006 18:16:30
> > org.apache.ws.security.components.crypto.CryptoFactory loadClass
> > INFO: Using Crypto Engine [
> > org.apache.ws.security.components.crypto.Merlin]
> > Unable to make the call to method: WSHandler: Signature: error during
> > message procesingorg.apache.ws.security.WSSecurity
> > Exception: General security error (Unexpected number of X509Data:
> > for Signature)
> >
> > My cliend's wsdd file is:
> >
> > <deployment xmlns=" _http://xml.apache.org/axis/wsdd/_"
> > xmlns:java=" _http://xml.apache.org/axis/wsdd/providers/java_">
> > <transport name="http"
> > pivot="java:org.apache.axis.transport.http.HTTPSender " />
> > <globalConfiguration>
> > <requestFlow>
> > <handler
> > type="java: org.apache.ws.axis.security.WSDoAllSender ">
> >
> > <parameter name="action" value="Signature" />
> >
> > <parameter name="signaturePropFile" value=" cx509sign.props" />
> >
> > <parameter name="signatureKeyIdentifier" value="DirectReference" />
> >
> > <parameter name="passwordCallbackClass"
> > value="javawsx509signingclient.PWCallback" />
> >
> > <parameter name="user" value="manu" />
> > </handler>
> > </requestFlow>
> > </globalConfiguration>
> > </deployment>
> >
> > where cx509sign.props is:
> >
> > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> >
> > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > org.apache.ws.security.crypto.merlin.keystore.password=foobar
> > org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
> > org.apache.ws.security.crypto.merlin.alias.password=foobar
> > org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
> >
> > Pubkeystore listing is:
> >
> > C:\publicks>keytool -list -keystore pubkeystore
> > Enter keystore password: foobar
> >
> > Keystore type: jks
> > Keystore provider: SUN
> >
> > Your keystore contains 1 entry
> >
> > ehpubcert, 08.02.2006, keyEntry,
> > Certificate fingerprint (MD5):
> > 5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
> >
> > What should I look for and what, to make it work?
> >
> > Thank you!
> >
> > Emanuel
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: _wss4j-dev-unsubscribe@ws.apache.org_
> > <ma...@ws.apache.org>
> > For additional commands, e-mail: _wss4j-dev-help@ws.apache.org _
> > <ma...@ws.apache.org>
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.375 / Virus Database: 267.15.3/254 - Release Date: 08/02/2006
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Exception: General security error (Unexpected number of X509Data: for Signature)
Posted by Emanuel Haisiuc <em...@gmail.com>.
Hi Alessandro,
I'm sorry, but I cannot answer to your question. I'm new to wss4j
(about a week) and I'm trying now to do something programatically. All
I've managed to do is to set the parameter's through the wsdd
configuration files, and make it work.
I hope someone with more experience will read this thread and answer to you.
Regards,
Emanuel
On 2/9/06, Alessandro Gilardoni <a....@alice.it> wrote:
> Hi Emanuel,
> i'm trying to sign a message (programmatically with 2ss4j) and to send
> to a server that must verify it with wss4j.
> I sign the message programmatically while the server is deployed with a
> deployment descriptor. I always have a signature verification fault.
> To sign the message and verify it on the client side i need to set up
> the actor (WSSignEnvelope builder = new WSSignEnvelope("some sort of
> actor"); ) otherwise the verification fails also on the client side
> if i do on the client side:
>
> Document doc =
> unsignedEnvelope.getSOAPEnvelope().getAsDocument();
> WSSignEnvelope builder = new WSSignEnvelope();
> builder.setUserInfo(privateKeyAlias,
> privateKeyPass);
>
> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); // This
> does embed the certificate.
> Document signedDoc = builder.build(doc, crypto);
> Message signedMsg = (Message)
> SOAPUtil.toSOAPMessage(signedDoc);
> Document Doc1 =
> signedMsg.getSOAPEnvelope().getAsDocument();
> verify(Doc1);
>
> i have a signature verification fault, but if a put an actor
> (WSSignEnvelope builder = new WSSignEnvelope("client");) the signature
> verification it's ok .....but not on the server side....
> any hints ?
> sorry to send a very long e-mail but no one answer to my previous emails...
> best regards.
> last question: it's possible to decrypt a soapmessage programmatically ?
> HOW ?
>
>
> Alessandro
>
>
>
>
>
> Emanuel Haisiuc ha scritto:
> > I've managed to get it working by setting the user parameter in the
> > wsdd file to match the alias of the searched certificate in the
> > keystore. In the PWCallback class I'm setting the password for that
> > certificate. And it works fine :)
> >
> > Emanuel
> >
> >
> >
> > On 2/8/06, *DFrahm@teamhuber.com <ma...@teamhuber.com>*
> > <DFrahm@teamhuber.com <ma...@teamhuber.com>> wrote:
> >
> >
> > I think the answer may depend on how you are using Axis/WSS4J.
> > I'm not using any config files, and doing everything in a
> > handler. Here's an example of my code, but I'm no expert so this
> > could be a really bad (but working) example ;-)
> >
> > You can see I set the cert alias and password both in my
> > Properties object for the Crypto, and via the
> > WSSignEnvelope.setKeyIdentifier() method. Not sure if this is
> > necessary or the best way, but it works for me. I haven't made
> > time for "code cleanup" yet.
> >
> > [...snip...]
> > Message requestMessage =
> > msgContext.getRequestMessage();
> > SOAPEnvelope unsignedEnvelope =
> > requestMessage.getSOAPEnvelope();
> > Document doc =
> > unsignedEnvelope.getAsDocument ();
> >
> > // WSS4J Start
> > ---------------------------------------------
> >
> > /*
> > * Instantiate Crypto for WSS4J via
> > dynamic methods. Domino agents
> > * can't see file resources, plus we need
> > to compute the keystore
> > * location anyway.
> > */
> > String cryptoClassName = "
> > org.apache.ws.security.components.crypto.BouncyCastle"; //
> > "org.apache.ws.security.components.crypto.Merlin"
> > Properties properties = new Properties();
> >
> > properties.put("org.apache.ws.security.crypto.provider",
> > cryptoClassName);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.keystore.type",
> > keystoreType);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.keystore.password
> > ", keystorePass);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.keystore.alias",
> > privateKeyAlias);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.alias.password",
> > privateKeyPass);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.file ",
> > keystoreFile);
> > Crypto crypto =
> > CryptoFactory.getInstance(cryptoClassName, properties);
> >
> > WSSignEnvelope builder = new
> > WSSignEnvelope();
> > builder.setUserInfo(privateKeyAlias,
> > privateKeyPass);
> > // builder.setKeyIdentifierType
> > (WSConstants.ISSUER_SERIAL); // Doesn't embed the certificate.
> >
> > builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); //
> > This does embed the certificate.
> > WSSAddUsernameToken usernameToken = new
> > WSSAddUsernameToken();
> > builder.setUsernameToken (usernameToken);
> > Document signedDoc = builder.build(doc,
> > crypto);
> >
> > /*
> > * Convert the resulting document into a
> > message first. The
> > * toSOAPMessage() method performs the
> > necessary c14n call to
> > * properly set up the signed document and
> > convert it into a SOAP
> > * message.
> > */
> > Message signedMsg = (Message)
> > SOAPUtil.toSOAPMessage(signedDoc);
> > if ( logger.isDebugEnabled()) {
> > logger.debug("Signed message:");
> >
> > XMLUtils.PrettyElementToWriter(signedMsg.getSOAPEnvelope().getAsDOM(),
> > new PrintWriter(System.out));
> > }
> >
> > /*
> > * Extract as a document again if need
> > further processing. signedDoc =
> > * signedMsg.getSOAPEnvelope
> > ().getAsDocument();
> > */
> >
> > /*
> > * Set signed message as current message.
> > */
> > msgContext.setCurrentMessage(signedMsg);
> >
> > // WSS4J End
> > ---------------------------------------------
> > [...snip...]
> >
> >
> >
> >
> > *Emanuel Haisiuc <emanuel.haisiuc@gmail.com
> > <ma...@gmail.com>>*
> >
> > 02/08/2006 11:31 AM
> >
> >
> > To
> > "DFrahm@teamhuber.com <ma...@teamhuber.com>" <
> > DFrahm@teamhuber.com <ma...@teamhuber.com>>,
> > wss4j-dev@ws.apache.org <ma...@ws.apache.org>
> > cc
> >
> > Subject
> > Re: Exception: General security error (Unexpected number of
> > X509Data: for Signature)
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > I have the same sense about this one.
> >
> > My question is: how do I indicate to the client which key to use
> > from the keystore?
> >
> > Is the "user" parameter from the handler in the client's
> > configuration wsdd file used to identify the certificate to be
> > used from the keystore?
> >
> > Hope my questins make sense.
> >
> > Thank you!
> >
> > Emanuel
> >
> >
> > On 2/8/06, *_DFrahm@teamhuber.com_* <ma...@teamhuber.com>
> > < _DFrahm@teamhuber.com_ <ma...@teamhuber.com>> wrote:
> >
> > When I got that error, it was because the machine I was running on
> > didn't have the certificate in the keystore. In your case that
> > would be the cert " ehpubcert".
> >
> >
> >
> > *Emanuel Haisiuc <* *_emanuel.haisiuc@gmail.com_*
> > <ma...@gmail.com>*>*
> >
> > 02/08/2006 10:24 AM
> >
> >
> > To
> > _wss4j-dev@ws.apache.org_ <ma...@ws.apache.org>
> > cc
> >
> >
> > Subject
> > Exception: General security error (Unexpected number of X509Data:
> > for Signature)
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Hi!
> >
> > I'm getting this exception when trying to run my client:
> >
> > 08.02.2006 18:16:30
> > org.apache.ws.security.components.crypto.CryptoFactory loadClass
> > INFO: Using Crypto Engine [
> > org.apache.ws.security.components.crypto.Merlin]
> > Unable to make the call to method: WSHandler: Signature: error during
> > message procesingorg.apache.ws.security.WSSecurity
> > Exception: General security error (Unexpected number of X509Data:
> > for Signature)
> >
> > My cliend's wsdd file is:
> >
> > <deployment xmlns=" _http://xml.apache.org/axis/wsdd/_"
> > xmlns:java=" _http://xml.apache.org/axis/wsdd/providers/java_">
> > <transport name="http"
> > pivot="java:org.apache.axis.transport.http.HTTPSender " />
> > <globalConfiguration>
> > <requestFlow>
> > <handler
> > type="java: org.apache.ws.axis.security.WSDoAllSender ">
> >
> > <parameter name="action" value="Signature" />
> >
> > <parameter name="signaturePropFile" value=" cx509sign.props" />
> >
> > <parameter name="signatureKeyIdentifier" value="DirectReference" />
> >
> > <parameter name="passwordCallbackClass"
> > value="javawsx509signingclient.PWCallback" />
> >
> > <parameter name="user" value="manu" />
> > </handler>
> > </requestFlow>
> > </globalConfiguration>
> > </deployment>
> >
> > where cx509sign.props is:
> >
> > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> >
> > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > org.apache.ws.security.crypto.merlin.keystore.password=foobar
> > org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
> > org.apache.ws.security.crypto.merlin.alias.password=foobar
> > org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
> >
> > Pubkeystore listing is:
> >
> > C:\publicks>keytool -list -keystore pubkeystore
> > Enter keystore password: foobar
> >
> > Keystore type: jks
> > Keystore provider: SUN
> >
> > Your keystore contains 1 entry
> >
> > ehpubcert, 08.02.2006, keyEntry,
> > Certificate fingerprint (MD5):
> > 5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
> >
> > What should I look for and what, to make it work?
> >
> > Thank you!
> >
> > Emanuel
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: _wss4j-dev-unsubscribe@ws.apache.org_
> > <ma...@ws.apache.org>
> > For additional commands, e-mail: _wss4j-dev-help@ws.apache.org _
> > <ma...@ws.apache.org>
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.375 / Virus Database: 267.15.3/254 - Release Date: 08/02/2006
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Exception: General security error (Unexpected number of X509Data: for Signature)
Posted by Emanuel Haisiuc <em...@gmail.com>.
I've managed to get it working by setting the user parameter in the wsdd
file to match the alias of the searched certificate in the keystore. In the
PWCallback class I'm setting the password for that certificate. And it works
fine :)
Emanuel
On 2/8/06, DFrahm@teamhuber.com <DF...@teamhuber.com> wrote:
>
>
> I think the answer may depend on how you are using Axis/WSS4J. I'm not
> using any config files, and doing everything in a handler. Here's an
> example of my code, but I'm no expert so this could be a really bad (but
> working) example ;-)
>
> You can see I set the cert alias and password both in my Properties object
> for the Crypto, and via the WSSignEnvelope.setKeyIdentifier() method. Not
> sure if this is necessary or the best way, but it works for me. I haven't
> made time for "code cleanup" yet.
>
> [...snip...]
> Message requestMessage =
> msgContext.getRequestMessage();
> SOAPEnvelope unsignedEnvelope =
> requestMessage.getSOAPEnvelope();
> Document doc = unsignedEnvelope.getAsDocument();
>
> // WSS4J Start
> ---------------------------------------------
>
> /*
> * Instantiate Crypto for WSS4J via dynamic
> methods. Domino agents
> * can't see file resources, plus we need to
> compute the keystore
> * location anyway.
> */
> String cryptoClassName = "
> org.apache.ws.security.components.crypto.BouncyCastle"; // "
> org.apache.ws.security.components.crypto.Merlin"
> Properties properties = new Properties();
> properties.put("
> org.apache.ws.security.crypto.provider", cryptoClassName);
> properties.put("
> org.apache.ws.security.crypto.merlin.keystore.type", keystoreType);
> properties.put("
> org.apache.ws.security.crypto.merlin.keystore.password", keystorePass);
> properties.put("
> org.apache.ws.security.crypto.merlin.keystore.alias", privateKeyAlias);
> properties.put("
> org.apache.ws.security.crypto.merlin.alias.password", privateKeyPass);
> properties.put("
> org.apache.ws.security.crypto.merlin.file", keystoreFile);
> Crypto crypto = CryptoFactory.getInstance(cryptoClassName,
> properties);
>
> WSSignEnvelope builder = new WSSignEnvelope();
> builder.setUserInfo(privateKeyAlias,
> privateKeyPass);
> // builder.setKeyIdentifierType(
> WSConstants.ISSUER_SERIAL); // Doesn't embed the certificate.
> builder.setKeyIdentifierType(
> WSConstants.BST_DIRECT_REFERENCE); // This does embed the certificate.
> WSSAddUsernameToken usernameToken = new
> WSSAddUsernameToken();
> builder.setUsernameToken(usernameToken);
> Document signedDoc = builder.build(doc, crypto);
>
> /*
> * Convert the resulting document into a message
> first. The
> * toSOAPMessage() method performs the necessary
> c14n call to
> * properly set up the signed document and convert
> it into a SOAP
> * message.
> */
> Message signedMsg = (Message)
> SOAPUtil.toSOAPMessage(signedDoc);
> if (logger.isDebugEnabled()) {
> logger.debug("Signed message:");
> XMLUtils.PrettyElementToWriter(
> signedMsg.getSOAPEnvelope().getAsDOM(), new PrintWriter(System.out));
> }
>
> /*
> * Extract as a document again if need further
> processing. signedDoc =
> * signedMsg.getSOAPEnvelope().getAsDocument();
> */
>
> /*
> * Set signed message as current message.
> */
> msgContext.setCurrentMessage(signedMsg);
>
> // WSS4J End
> ---------------------------------------------
> [...snip...]
>
>
>
>
> *Emanuel Haisiuc <em...@gmail.com>*
>
> 02/08/2006 11:31 AM
> To
> "DFrahm@teamhuber.com" <DF...@teamhuber.com>, wss4j-dev@ws.apache.org cc
> Subject
> Re: Exception: General security error (Unexpected number of X509Data: for
> Signature)
>
>
>
>
> I have the same sense about this one.
>
> My question is: how do I indicate to the client which key to use from the
> keystore?
>
> Is the "user" parameter from the handler in the client's configuration
> wsdd file used to identify the certificate to be used from the keystore?
>
> Hope my questins make sense.
>
> Thank you!
>
> Emanuel
>
>
> On 2/8/06, *DFrahm@teamhuber.com* <DF...@teamhuber.com> <*
> DFrahm@teamhuber.com* <DF...@teamhuber.com>> wrote:
>
> When I got that error, it was because the machine I was running on didn't
> have the certificate in the keystore. In your case that would be the cert "
> ehpubcert".
>
>
>
> *Emanuel Haisiuc <**...@gmail.com>
> *>*
>
> 02/08/2006 10:24 AM
>
> To
> *wss4j-dev@ws.apache.org* <ws...@ws.apache.org> cc
> Subject
> Exception: General security error (Unexpected number of X509Data: for
> Signature)
>
>
>
>
>
> Hi!
>
> I'm getting this exception when trying to run my client:
>
> 08.02.2006 18:16:30
> org.apache.ws.security.components.crypto.CryptoFactory loadClass
> INFO: Using Crypto Engine [
> org.apache.ws.security.components.crypto.Merlin]
> Unable to make the call to method: WSHandler: Signature: error during
> message procesingorg.apache.ws.security.WSSecurity
> Exception: General security error (Unexpected number of X509Data: for
> Signature)
>
> My cliend's wsdd file is:
>
> <deployment xmlns="*http://xml.apache.org/axis/wsdd/*<http://xml.apache.org/axis/wsdd/>"
>
> xmlns:java="*http://xml.apache.org/axis/wsdd/providers/java*<http://xml.apache.org/axis/wsdd/providers/java>
> ">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender" />
> <globalConfiguration>
> <requestFlow>
> <handler type="java:
> org.apache.ws.axis.security.WSDoAllSender">
>
> <parameter name="action" value="Signature" />
>
> <parameter name="signaturePropFile" value=" cx509sign.props" />
>
> <parameter name="signatureKeyIdentifier" value="DirectReference" />
>
> <parameter name="passwordCallbackClass"
> value="javawsx509signingclient.PWCallback" />
>
> <parameter name="user" value="manu" />
> </handler>
> </requestFlow>
> </globalConfiguration>
> </deployment>
>
> where cx509sign.props is:
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=foobar
> org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
> org.apache.ws.security.crypto.merlin.alias.password=foobar
> org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
>
> Pubkeystore listing is:
>
> C:\publicks>keytool -list -keystore pubkeystore
> Enter keystore password: foobar
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 1 entry
>
> ehpubcert, 08.02.2006, keyEntry,
> Certificate fingerprint (MD5):
> 5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
>
> What should I look for and what, to make it work?
>
> Thank you!
>
> Emanuel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: *wss4j-dev-unsubscribe@ws.apache.org*<ws...@ws.apache.org>
> For additional commands, e-mail: *wss4j-dev-help@ws.apache.org *<ws...@ws.apache.org>
>
>
>
>
Re: Exception: General security error (Unexpected number of X509Data: for Signature)
Posted by Emanuel Haisiuc <em...@gmail.com>.
I've managed to get it working by setting the user parameter in the wsdd
file to match the alias of the searched certificate in the keystore. In the
PWCallback class I'm setting the password for that certificate. And it works
fine :)
Emanuel
On 2/8/06, DFrahm@teamhuber.com <DF...@teamhuber.com> wrote:
>
>
> I think the answer may depend on how you are using Axis/WSS4J. I'm not
> using any config files, and doing everything in a handler. Here's an
> example of my code, but I'm no expert so this could be a really bad (but
> working) example ;-)
>
> You can see I set the cert alias and password both in my Properties object
> for the Crypto, and via the WSSignEnvelope.setKeyIdentifier() method. Not
> sure if this is necessary or the best way, but it works for me. I haven't
> made time for "code cleanup" yet.
>
> [...snip...]
> Message requestMessage =
> msgContext.getRequestMessage();
> SOAPEnvelope unsignedEnvelope =
> requestMessage.getSOAPEnvelope();
> Document doc = unsignedEnvelope.getAsDocument();
>
> // WSS4J Start
> ---------------------------------------------
>
> /*
> * Instantiate Crypto for WSS4J via dynamic
> methods. Domino agents
> * can't see file resources, plus we need to
> compute the keystore
> * location anyway.
> */
> String cryptoClassName = "
> org.apache.ws.security.components.crypto.BouncyCastle"; // "
> org.apache.ws.security.components.crypto.Merlin"
> Properties properties = new Properties();
> properties.put("
> org.apache.ws.security.crypto.provider", cryptoClassName);
> properties.put("
> org.apache.ws.security.crypto.merlin.keystore.type", keystoreType);
> properties.put("
> org.apache.ws.security.crypto.merlin.keystore.password", keystorePass);
> properties.put("
> org.apache.ws.security.crypto.merlin.keystore.alias", privateKeyAlias);
> properties.put("
> org.apache.ws.security.crypto.merlin.alias.password", privateKeyPass);
> properties.put("
> org.apache.ws.security.crypto.merlin.file", keystoreFile);
> Crypto crypto = CryptoFactory.getInstance(cryptoClassName,
> properties);
>
> WSSignEnvelope builder = new WSSignEnvelope();
> builder.setUserInfo(privateKeyAlias,
> privateKeyPass);
> // builder.setKeyIdentifierType(
> WSConstants.ISSUER_SERIAL); // Doesn't embed the certificate.
> builder.setKeyIdentifierType(
> WSConstants.BST_DIRECT_REFERENCE); // This does embed the certificate.
> WSSAddUsernameToken usernameToken = new
> WSSAddUsernameToken();
> builder.setUsernameToken(usernameToken);
> Document signedDoc = builder.build(doc, crypto);
>
> /*
> * Convert the resulting document into a message
> first. The
> * toSOAPMessage() method performs the necessary
> c14n call to
> * properly set up the signed document and convert
> it into a SOAP
> * message.
> */
> Message signedMsg = (Message)
> SOAPUtil.toSOAPMessage(signedDoc);
> if (logger.isDebugEnabled()) {
> logger.debug("Signed message:");
> XMLUtils.PrettyElementToWriter(
> signedMsg.getSOAPEnvelope().getAsDOM(), new PrintWriter(System.out));
> }
>
> /*
> * Extract as a document again if need further
> processing. signedDoc =
> * signedMsg.getSOAPEnvelope().getAsDocument();
> */
>
> /*
> * Set signed message as current message.
> */
> msgContext.setCurrentMessage(signedMsg);
>
> // WSS4J End
> ---------------------------------------------
> [...snip...]
>
>
>
>
> *Emanuel Haisiuc <em...@gmail.com>*
>
> 02/08/2006 11:31 AM
> To
> "DFrahm@teamhuber.com" <DF...@teamhuber.com>, wss4j-dev@ws.apache.org cc
> Subject
> Re: Exception: General security error (Unexpected number of X509Data: for
> Signature)
>
>
>
>
> I have the same sense about this one.
>
> My question is: how do I indicate to the client which key to use from the
> keystore?
>
> Is the "user" parameter from the handler in the client's configuration
> wsdd file used to identify the certificate to be used from the keystore?
>
> Hope my questins make sense.
>
> Thank you!
>
> Emanuel
>
>
> On 2/8/06, *DFrahm@teamhuber.com* <DF...@teamhuber.com> <*
> DFrahm@teamhuber.com* <DF...@teamhuber.com>> wrote:
>
> When I got that error, it was because the machine I was running on didn't
> have the certificate in the keystore. In your case that would be the cert "
> ehpubcert".
>
>
>
> *Emanuel Haisiuc <**...@gmail.com>
> *>*
>
> 02/08/2006 10:24 AM
>
> To
> *wss4j-dev@ws.apache.org* <ws...@ws.apache.org> cc
> Subject
> Exception: General security error (Unexpected number of X509Data: for
> Signature)
>
>
>
>
>
> Hi!
>
> I'm getting this exception when trying to run my client:
>
> 08.02.2006 18:16:30
> org.apache.ws.security.components.crypto.CryptoFactory loadClass
> INFO: Using Crypto Engine [
> org.apache.ws.security.components.crypto.Merlin]
> Unable to make the call to method: WSHandler: Signature: error during
> message procesingorg.apache.ws.security.WSSecurity
> Exception: General security error (Unexpected number of X509Data: for
> Signature)
>
> My cliend's wsdd file is:
>
> <deployment xmlns="*http://xml.apache.org/axis/wsdd/*<http://xml.apache.org/axis/wsdd/>"
>
> xmlns:java="*http://xml.apache.org/axis/wsdd/providers/java*<http://xml.apache.org/axis/wsdd/providers/java>
> ">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender" />
> <globalConfiguration>
> <requestFlow>
> <handler type="java:
> org.apache.ws.axis.security.WSDoAllSender">
>
> <parameter name="action" value="Signature" />
>
> <parameter name="signaturePropFile" value=" cx509sign.props" />
>
> <parameter name="signatureKeyIdentifier" value="DirectReference" />
>
> <parameter name="passwordCallbackClass"
> value="javawsx509signingclient.PWCallback" />
>
> <parameter name="user" value="manu" />
> </handler>
> </requestFlow>
> </globalConfiguration>
> </deployment>
>
> where cx509sign.props is:
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=foobar
> org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
> org.apache.ws.security.crypto.merlin.alias.password=foobar
> org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
>
> Pubkeystore listing is:
>
> C:\publicks>keytool -list -keystore pubkeystore
> Enter keystore password: foobar
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 1 entry
>
> ehpubcert, 08.02.2006, keyEntry,
> Certificate fingerprint (MD5):
> 5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
>
> What should I look for and what, to make it work?
>
> Thank you!
>
> Emanuel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: *wss4j-dev-unsubscribe@ws.apache.org*<ws...@ws.apache.org>
> For additional commands, e-mail: *wss4j-dev-help@ws.apache.org *<ws...@ws.apache.org>
>
>
>
>
Re: Exception: General security error (Unexpected number of X509Data: for
Signature)
Posted by DF...@teamhuber.com.
I think the answer may depend on how you are using Axis/WSS4J. I'm not
using any config files, and doing everything in a handler. Here's an
example of my code, but I'm no expert so this could be a really bad (but
working) example ;-)
You can see I set the cert alias and password both in my Properties object
for the Crypto, and via the WSSignEnvelope.setKeyIdentifier() method. Not
sure if this is necessary or the best way, but it works for me. I haven't
made time for "code cleanup" yet.
[...snip...]
Message requestMessage =
msgContext.getRequestMessage();
SOAPEnvelope unsignedEnvelope =
requestMessage.getSOAPEnvelope();
Document doc = unsignedEnvelope.getAsDocument();
// WSS4J Start
---------------------------------------------
/*
* Instantiate Crypto for WSS4J via dynamic
methods. Domino agents
* can't see file resources, plus we need to
compute the keystore
* location anyway.
*/
String cryptoClassName =
"org.apache.ws.security.components.crypto.BouncyCastle"; //
"org.apache.ws.security.components.crypto.Merlin"
Properties properties = new Properties();
properties.put("org.apache.ws.security.crypto.provider",
cryptoClassName);
properties.put("org.apache.ws.security.crypto.merlin.keystore.type",
keystoreType);
properties.put("org.apache.ws.security.crypto.merlin.keystore.password",
keystorePass);
properties.put("org.apache.ws.security.crypto.merlin.keystore.alias",
privateKeyAlias);
properties.put("org.apache.ws.security.crypto.merlin.alias.password",
privateKeyPass);
properties.put("org.apache.ws.security.crypto.merlin.file",
keystoreFile);
Crypto crypto =
CryptoFactory.getInstance(cryptoClassName, properties);
WSSignEnvelope builder = new WSSignEnvelope();
builder.setUserInfo(privateKeyAlias,
privateKeyPass);
//
builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL); // Doesn't embed
the certificate.
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); // This
does embed the certificate.
WSSAddUsernameToken usernameToken = new
WSSAddUsernameToken();
builder.setUsernameToken(usernameToken);
Document signedDoc = builder.build(doc, crypto);
/*
* Convert the resulting document into a message
first. The
* toSOAPMessage() method performs the necessary
c14n call to
* properly set up the signed document and convert
it into a SOAP
* message.
*/
Message signedMsg = (Message)
SOAPUtil.toSOAPMessage(signedDoc);
if (logger.isDebugEnabled()) {
logger.debug("Signed message:");
XMLUtils.PrettyElementToWriter(signedMsg.getSOAPEnvelope().getAsDOM(),
new PrintWriter(System.out));
}
/*
* Extract as a document again if need further
processing. signedDoc =
* signedMsg.getSOAPEnvelope().getAsDocument();
*/
/*
* Set signed message as current message.
*/
msgContext.setCurrentMessage(signedMsg);
// WSS4J End
---------------------------------------------
[...snip...]
Emanuel Haisiuc <em...@gmail.com>
02/08/2006 11:31 AM
To
"DFrahm@teamhuber.com" <DF...@teamhuber.com>, wss4j-dev@ws.apache.org
cc
Subject
Re: Exception: General security error (Unexpected number of X509Data: for
Signature)
I have the same sense about this one.
My question is: how do I indicate to the client which key to use from the
keystore?
Is the "user" parameter from the handler in the client's configuration
wsdd file used to identify the certificate to be used from the keystore?
Hope my questins make sense.
Thank you!
Emanuel
On 2/8/06, DFrahm@teamhuber.com <DF...@teamhuber.com> wrote:
When I got that error, it was because the machine I was running on didn't
have the certificate in the keystore. In your case that would be the cert
" ehpubcert".
Emanuel Haisiuc <em...@gmail.com>
02/08/2006 10:24 AM
To
wss4j-dev@ws.apache.org
cc
Subject
Exception: General security error (Unexpected number of X509Data: for
Signature)
Hi!
I'm getting this exception when trying to run my client:
08.02.2006 18:16:30
org.apache.ws.security.components.crypto.CryptoFactory loadClass
INFO: Using Crypto Engine [
org.apache.ws.security.components.crypto.Merlin]
Unable to make the call to method: WSHandler: Signature: error during
message procesingorg.apache.ws.security.WSSecurity
Exception: General security error (Unexpected number of X509Data: for
Signature)
My cliend's wsdd file is:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender" />
<globalConfiguration>
<requestFlow>
<handler type="java:
org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature" />
<parameter name="signaturePropFile" value=" cx509sign.props" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="passwordCallbackClass"
value="javawsx509signingclient.PWCallback" />
<parameter name="user" value="manu" />
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
where cx509sign.props is:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=foobar
org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
org.apache.ws.security.crypto.merlin.alias.password=foobar
org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
Pubkeystore listing is:
C:\publicks>keytool -list -keystore pubkeystore
Enter keystore password: foobar
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
ehpubcert, 08.02.2006, keyEntry,
Certificate fingerprint (MD5):
5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
What should I look for and what, to make it work?
Thank you!
Emanuel
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Exception: General security error (Unexpected number of X509Data: for
Signature)
Posted by DF...@teamhuber.com.
I think the answer may depend on how you are using Axis/WSS4J. I'm not
using any config files, and doing everything in a handler. Here's an
example of my code, but I'm no expert so this could be a really bad (but
working) example ;-)
You can see I set the cert alias and password both in my Properties object
for the Crypto, and via the WSSignEnvelope.setKeyIdentifier() method. Not
sure if this is necessary or the best way, but it works for me. I haven't
made time for "code cleanup" yet.
[...snip...]
Message requestMessage =
msgContext.getRequestMessage();
SOAPEnvelope unsignedEnvelope =
requestMessage.getSOAPEnvelope();
Document doc = unsignedEnvelope.getAsDocument();
// WSS4J Start
---------------------------------------------
/*
* Instantiate Crypto for WSS4J via dynamic
methods. Domino agents
* can't see file resources, plus we need to
compute the keystore
* location anyway.
*/
String cryptoClassName =
"org.apache.ws.security.components.crypto.BouncyCastle"; //
"org.apache.ws.security.components.crypto.Merlin"
Properties properties = new Properties();
properties.put("org.apache.ws.security.crypto.provider",
cryptoClassName);
properties.put("org.apache.ws.security.crypto.merlin.keystore.type",
keystoreType);
properties.put("org.apache.ws.security.crypto.merlin.keystore.password",
keystorePass);
properties.put("org.apache.ws.security.crypto.merlin.keystore.alias",
privateKeyAlias);
properties.put("org.apache.ws.security.crypto.merlin.alias.password",
privateKeyPass);
properties.put("org.apache.ws.security.crypto.merlin.file",
keystoreFile);
Crypto crypto =
CryptoFactory.getInstance(cryptoClassName, properties);
WSSignEnvelope builder = new WSSignEnvelope();
builder.setUserInfo(privateKeyAlias,
privateKeyPass);
//
builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL); // Doesn't embed
the certificate.
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); // This
does embed the certificate.
WSSAddUsernameToken usernameToken = new
WSSAddUsernameToken();
builder.setUsernameToken(usernameToken);
Document signedDoc = builder.build(doc, crypto);
/*
* Convert the resulting document into a message
first. The
* toSOAPMessage() method performs the necessary
c14n call to
* properly set up the signed document and convert
it into a SOAP
* message.
*/
Message signedMsg = (Message)
SOAPUtil.toSOAPMessage(signedDoc);
if (logger.isDebugEnabled()) {
logger.debug("Signed message:");
XMLUtils.PrettyElementToWriter(signedMsg.getSOAPEnvelope().getAsDOM(),
new PrintWriter(System.out));
}
/*
* Extract as a document again if need further
processing. signedDoc =
* signedMsg.getSOAPEnvelope().getAsDocument();
*/
/*
* Set signed message as current message.
*/
msgContext.setCurrentMessage(signedMsg);
// WSS4J End
---------------------------------------------
[...snip...]
Emanuel Haisiuc <em...@gmail.com>
02/08/2006 11:31 AM
To
"DFrahm@teamhuber.com" <DF...@teamhuber.com>, wss4j-dev@ws.apache.org
cc
Subject
Re: Exception: General security error (Unexpected number of X509Data: for
Signature)
I have the same sense about this one.
My question is: how do I indicate to the client which key to use from the
keystore?
Is the "user" parameter from the handler in the client's configuration
wsdd file used to identify the certificate to be used from the keystore?
Hope my questins make sense.
Thank you!
Emanuel
On 2/8/06, DFrahm@teamhuber.com <DF...@teamhuber.com> wrote:
When I got that error, it was because the machine I was running on didn't
have the certificate in the keystore. In your case that would be the cert
" ehpubcert".
Emanuel Haisiuc <em...@gmail.com>
02/08/2006 10:24 AM
To
wss4j-dev@ws.apache.org
cc
Subject
Exception: General security error (Unexpected number of X509Data: for
Signature)
Hi!
I'm getting this exception when trying to run my client:
08.02.2006 18:16:30
org.apache.ws.security.components.crypto.CryptoFactory loadClass
INFO: Using Crypto Engine [
org.apache.ws.security.components.crypto.Merlin]
Unable to make the call to method: WSHandler: Signature: error during
message procesingorg.apache.ws.security.WSSecurity
Exception: General security error (Unexpected number of X509Data: for
Signature)
My cliend's wsdd file is:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender" />
<globalConfiguration>
<requestFlow>
<handler type="java:
org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature" />
<parameter name="signaturePropFile" value=" cx509sign.props" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="passwordCallbackClass"
value="javawsx509signingclient.PWCallback" />
<parameter name="user" value="manu" />
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
where cx509sign.props is:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=foobar
org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
org.apache.ws.security.crypto.merlin.alias.password=foobar
org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
Pubkeystore listing is:
C:\publicks>keytool -list -keystore pubkeystore
Enter keystore password: foobar
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
ehpubcert, 08.02.2006, keyEntry,
Certificate fingerprint (MD5):
5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
What should I look for and what, to make it work?
Thank you!
Emanuel
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Exception: General security error (Unexpected number of X509Data: for Signature)
Posted by Emanuel Haisiuc <em...@gmail.com>.
I have the same sense about this one.
My question is: how do I indicate to the client which key to use from the
keystore?
Is the "user" parameter from the handler in the client's configuration wsdd
file used to identify the certificate to be used from the keystore?
Hope my questins make sense.
Thank you!
Emanuel
On 2/8/06, DFrahm@teamhuber.com <DF...@teamhuber.com> wrote:
>
>
> When I got that error, it was because the machine I was running on didn't
> have the certificate in the keystore. In your case that would be the cert "
> ehpubcert".
>
>
>
>
> *Emanuel Haisiuc <em...@gmail.com>*
>
> 02/08/2006 10:24 AM
> To
> wss4j-dev@ws.apache.org cc
> Subject
> Exception: General security error (Unexpected number of X509Data: for
> Signature)
>
>
>
>
>
> Hi!
>
> I'm getting this exception when trying to run my client:
>
> 08.02.2006 18:16:30
> org.apache.ws.security.components.crypto.CryptoFactory loadClass
> INFO: Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin
> ]
> Unable to make the call to method: WSHandler: Signature: error during
> message procesingorg.apache.ws.security.WSSecurity
> Exception: General security error (Unexpected number of X509Data: for
> Signature)
>
> My cliend's wsdd file is:
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender" />
> <globalConfiguration>
> <requestFlow>
> <handler type="java:
> org.apache.ws.axis.security.WSDoAllSender">
>
> <parameter name="action" value="Signature" />
>
> <parameter name="signaturePropFile" value="cx509sign.props" />
>
> <parameter name="signatureKeyIdentifier" value="DirectReference" />
>
> <parameter name="passwordCallbackClass"
> value="javawsx509signingclient.PWCallback" />
>
> <parameter name="user" value="manu" />
> </handler>
> </requestFlow>
> </globalConfiguration>
> </deployment>
>
> where cx509sign.props is:
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=foobar
> org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
> org.apache.ws.security.crypto.merlin.alias.password=foobar
> org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
>
> Pubkeystore listing is:
>
> C:\publicks>keytool -list -keystore pubkeystore
> Enter keystore password: foobar
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 1 entry
>
> ehpubcert, 08.02.2006, keyEntry,
> Certificate fingerprint (MD5):
> 5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
>
> What should I look for and what, to make it work?
>
> Thank you!
>
> Emanuel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
Re: Exception: General security error (Unexpected number of X509Data: for Signature)
Posted by Emanuel Haisiuc <em...@gmail.com>.
I have the same sense about this one.
My question is: how do I indicate to the client which key to use from the
keystore?
Is the "user" parameter from the handler in the client's configuration wsdd
file used to identify the certificate to be used from the keystore?
Hope my questins make sense.
Thank you!
Emanuel
On 2/8/06, DFrahm@teamhuber.com <DF...@teamhuber.com> wrote:
>
>
> When I got that error, it was because the machine I was running on didn't
> have the certificate in the keystore. In your case that would be the cert "
> ehpubcert".
>
>
>
>
> *Emanuel Haisiuc <em...@gmail.com>*
>
> 02/08/2006 10:24 AM
> To
> wss4j-dev@ws.apache.org cc
> Subject
> Exception: General security error (Unexpected number of X509Data: for
> Signature)
>
>
>
>
>
> Hi!
>
> I'm getting this exception when trying to run my client:
>
> 08.02.2006 18:16:30
> org.apache.ws.security.components.crypto.CryptoFactory loadClass
> INFO: Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin
> ]
> Unable to make the call to method: WSHandler: Signature: error during
> message procesingorg.apache.ws.security.WSSecurity
> Exception: General security error (Unexpected number of X509Data: for
> Signature)
>
> My cliend's wsdd file is:
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender" />
> <globalConfiguration>
> <requestFlow>
> <handler type="java:
> org.apache.ws.axis.security.WSDoAllSender">
>
> <parameter name="action" value="Signature" />
>
> <parameter name="signaturePropFile" value="cx509sign.props" />
>
> <parameter name="signatureKeyIdentifier" value="DirectReference" />
>
> <parameter name="passwordCallbackClass"
> value="javawsx509signingclient.PWCallback" />
>
> <parameter name="user" value="manu" />
> </handler>
> </requestFlow>
> </globalConfiguration>
> </deployment>
>
> where cx509sign.props is:
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=foobar
> org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
> org.apache.ws.security.crypto.merlin.alias.password=foobar
> org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
>
> Pubkeystore listing is:
>
> C:\publicks>keytool -list -keystore pubkeystore
> Enter keystore password: foobar
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 1 entry
>
> ehpubcert, 08.02.2006, keyEntry,
> Certificate fingerprint (MD5):
> 5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
>
> What should I look for and what, to make it work?
>
> Thank you!
>
> Emanuel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
Re: Exception: General security error (Unexpected number of X509Data: for
Signature)
Posted by DF...@teamhuber.com.
When I got that error, it was because the machine I was running on didn't
have the certificate in the keystore. In your case that would be the cert
"ehpubcert".
Emanuel Haisiuc <em...@gmail.com>
02/08/2006 10:24 AM
To
wss4j-dev@ws.apache.org
cc
Subject
Exception: General security error (Unexpected number of X509Data: for
Signature)
Hi!
I'm getting this exception when trying to run my client:
08.02.2006 18:16:30
org.apache.ws.security.components.crypto.CryptoFactory loadClass
INFO: Using Crypto Engine
[org.apache.ws.security.components.crypto.Merlin]
Unable to make the call to method: WSHandler: Signature: error during
message procesingorg.apache.ws.security.WSSecurity
Exception: General security error (Unexpected number of X509Data: for
Signature)
My cliend's wsdd file is:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender" />
<globalConfiguration>
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature" />
<parameter name="signaturePropFile" value="cx509sign.props" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="passwordCallbackClass"
value="javawsx509signingclient.PWCallback" />
<parameter name="user" value="manu" />
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
where cx509sign.props is:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=foobar
org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
org.apache.ws.security.crypto.merlin.alias.password=foobar
org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
Pubkeystore listing is:
C:\publicks>keytool -list -keystore pubkeystore
Enter keystore password: foobar
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
ehpubcert, 08.02.2006, keyEntry,
Certificate fingerprint (MD5):
5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
What should I look for and what, to make it work?
Thank you!
Emanuel
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Exception: General security error (Unexpected number of X509Data: for
Signature)
Posted by DF...@teamhuber.com.
When I got that error, it was because the machine I was running on didn't
have the certificate in the keystore. In your case that would be the cert
"ehpubcert".
Emanuel Haisiuc <em...@gmail.com>
02/08/2006 10:24 AM
To
wss4j-dev@ws.apache.org
cc
Subject
Exception: General security error (Unexpected number of X509Data: for
Signature)
Hi!
I'm getting this exception when trying to run my client:
08.02.2006 18:16:30
org.apache.ws.security.components.crypto.CryptoFactory loadClass
INFO: Using Crypto Engine
[org.apache.ws.security.components.crypto.Merlin]
Unable to make the call to method: WSHandler: Signature: error during
message procesingorg.apache.ws.security.WSSecurity
Exception: General security error (Unexpected number of X509Data: for
Signature)
My cliend's wsdd file is:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender" />
<globalConfiguration>
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature" />
<parameter name="signaturePropFile" value="cx509sign.props" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="passwordCallbackClass"
value="javawsx509signingclient.PWCallback" />
<parameter name="user" value="manu" />
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
where cx509sign.props is:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=foobar
org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
org.apache.ws.security.crypto.merlin.alias.password=foobar
org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
Pubkeystore listing is:
C:\publicks>keytool -list -keystore pubkeystore
Enter keystore password: foobar
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
ehpubcert, 08.02.2006, keyEntry,
Certificate fingerprint (MD5):
5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
What should I look for and what, to make it work?
Thank you!
Emanuel
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org