You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Chris Long <ch...@gmail.com> on 2008/11/25 21:03:23 UTC
Help needed in manually loading a certificate using WSHandler
Hello:
I'm currently running into some issues while attempting to manually load a
certificate to sign a SOAP message with instead of using a certificate
loaded in a keystore. Currently I am attempting to do the following:
1) create a Crypto object by using:
Crypto crypt = CryptoFactory.getInstance("D:/crypto-testclient.properties");
Where the crypto-testclient.properties file looks like this:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=test
org.apache.ws.security.crypto.merlin.file=D://testclient-keystore
2) load the certificate into the Crypto object:
String filePath = "D:\\chris-testclient.crt";
FileInputStream fis = new FileInputStream(filePath);
crypt.loadCertificate(fis);
3) set the following:
RequestData reqData = new RequestData();
reqData.setMsgContext(msgContext);
reqData.getSignatureParts().removeAllElements();
reqData.getEncryptParts().removeAllElements();
reqData.setNoSerialization(false);
reqData.setUsername("chris-testclient");
int doAction = WSSecurityUtil.decodeAction("Signature", actions);
4) Create a Document object and store the SOAP envelope in it.
5) At this point I've overloaded the doSenderAction to pass my Crypto object
along. Since the only action I care about is the Signature I've modified
if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {...} block to the
following:
if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
Crypto crypto = (Crypto) cryptos.get(sigPropFile);
if (crypto == null) {
try {
String filePath = "D:\\chris-testclient.crt";
FileInputStream fis = new FileInputStream(filePath);
crypto =
CryptoFactory.getInstance("D://crypto-testclient.properties",
this.getClassLoader(reqData.getMsgContext()));
crypto.loadCertificate(fis);
cryptos.put(sigPropFile, crypto);
} catch (Exception e) {System.out.println("Exception in
doAction");}
}
reqData.setSigCrypto(crypto);
decodeSignatureParameter(reqData);
}
Once doSenderAction gets to: wssConfig.getAction(actionToDo).execute(this,
actionToDo, doc, reqData); I get the following error:
Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature:
error during message procesingorg.apache.ws.security.WSSecurityException:
General security error (Unexpected number of X509Data: for Signature)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
Can anyone tell me what I'm doing wrong? Or if I need to provide more
information to get an answer?
Thanks,
Christopher Long
Re: Help needed in manually loading a certificate using WSHandler
Posted by Chris Long <ch...@gmail.com>.
Hi Colm:
Thanks for the response. The reason I'm using this is because I'm just
updating an already existing application and massive changes are not so
easily approved. I did, however, just recently find out my issue at hand.
All I was doing was loading the public and SignatureAction was unable to
find the private key since it did not exist. As soon as I loaded the
private key into the keystore it worked perfectly.
Thanks,
Chris
On Mon, Dec 1, 2008 at 12:04 PM, Colm O hEigeartaigh
<co...@progress.com>wrote:
> Hi Chris,
>
>
>
> Can you try running this against a SNAPSHOT version of trunk? I updated the
> exception propagation in SignatureAction to throw the exception, rather than
> just the message, so it might give you more information than what you're
> seeing.
>
>
>
> Why not just write your own crypto implementation rather than use Merlin
> btw?
>
>
>
> Colm.
>
>
> ------------------------------
>
> *From:* Chris Long [mailto:chlong2@gmail.com]
> *Sent:* 25 November 2008 20:03
> *To:* wss4j-dev@ws.apache.org
> *Subject:* Help needed in manually loading a certificate using WSHandler
>
>
>
> Hello:
>
> I'm currently running into some issues while attempting to manually load a
> certificate to sign a SOAP message with instead of using a certificate
> loaded in a keystore. Currently I am attempting to do the following:
>
> 1) create a Crypto object by using:
> Crypto crypt =
> CryptoFactory.getInstance("D:/crypto-testclient.properties");
>
> Where the crypto-testclient.properties file looks like this:
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=test
> org.apache.ws.security.crypto.merlin.file=D://testclient-keystore
>
> 2) load the certificate into the Crypto object:
> String filePath = "D:\\chris-testclient.crt";
> FileInputStream fis = new FileInputStream(filePath);
> crypt.loadCertificate(fis);
>
> 3) set the following:
> RequestData reqData = new RequestData();
> reqData.setMsgContext(msgContext);
> reqData.getSignatureParts().removeAllElements();
> reqData.getEncryptParts().removeAllElements();
> reqData.setNoSerialization(false);
> reqData.setUsername("chris-testclient");
> int doAction = WSSecurityUtil.decodeAction("Signature", actions);
>
> 4) Create a Document object and store the SOAP envelope in it.
>
> 5) At this point I've overloaded the doSenderAction to pass my Crypto
> object along. Since the only action I care about is the Signature I've
> modified if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {...} block
> to the following:
>
> if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
> Crypto crypto = (Crypto) cryptos.get(sigPropFile);
> if (crypto == null) {
> try {
> String filePath = "D:\\chris-testclient.crt";
> FileInputStream fis = new FileInputStream(filePath);
> crypto =
> CryptoFactory.getInstance("D://crypto-testclient.properties",
> this.getClassLoader(reqData.getMsgContext()));
> crypto.loadCertificate(fis);
> cryptos.put(sigPropFile, crypto);
> } catch (Exception e) {System.out.println("Exception in
> doAction");}
> }
> reqData.setSigCrypto(crypto);
> decodeSignatureParameter(reqData);
> }
>
> Once doSenderAction gets to: wssConfig.getAction(actionToDo).execute(this,
> actionToDo, doc, reqData); I get the following error:
>
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
> Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException: General security error
> (Unexpected number of X509Data: for Signature)
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
>
>
> Can anyone tell me what I'm doing wrong? Or if I need to provide more
> information to get an answer?
>
> Thanks,
>
> Christopher Long
>
RE: Help needed in manually loading a certificate using WSHandler
Posted by Colm O hEigeartaigh <co...@progress.com>.
Hi Chris,
Can you try running this against a SNAPSHOT version of trunk? I updated
the exception propagation in SignatureAction to throw the exception,
rather than just the message, so it might give you more information than
what you're seeing.
Why not just write your own crypto implementation rather than use Merlin
btw?
Colm.
________________________________
From: Chris Long [mailto:chlong2@gmail.com]
Sent: 25 November 2008 20:03
To: wss4j-dev@ws.apache.org
Subject: Help needed in manually loading a certificate using WSHandler
Hello:
I'm currently running into some issues while attempting to manually load
a certificate to sign a SOAP message with instead of using a certificate
loaded in a keystore. Currently I am attempting to do the following:
1) create a Crypto object by using:
Crypto crypt =
CryptoFactory.getInstance("D:/crypto-testclient.properties");
Where the crypto-testclient.properties file looks like this:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components
.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=test
org.apache.ws.security.crypto.merlin.file=D://testclient-keystore
2) load the certificate into the Crypto object:
String filePath = "D:\\chris-testclient.crt";
FileInputStream fis = new FileInputStream(filePath);
crypt.loadCertificate(fis);
3) set the following:
RequestData reqData = new RequestData();
reqData.setMsgContext(msgContext);
reqData.getSignatureParts().removeAllElements();
reqData.getEncryptParts().removeAllElements();
reqData.setNoSerialization(false);
reqData.setUsername("chris-testclient");
int doAction = WSSecurityUtil.decodeAction("Signature", actions);
4) Create a Document object and store the SOAP envelope in it.
5) At this point I've overloaded the doSenderAction to pass my Crypto
object along. Since the only action I care about is the Signature I've
modified if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {...}
block to the following:
if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
Crypto crypto = (Crypto) cryptos.get(sigPropFile);
if (crypto == null) {
try {
String filePath = "D:\\chris-testclient.crt";
FileInputStream fis = new
FileInputStream(filePath);
crypto =
CryptoFactory.getInstance("D://crypto-testclient.properties",
this.getClassLoader(reqData.getMsgContext()));
crypto.loadCertificate(fis);
cryptos.put(sigPropFile, crypto);
} catch (Exception e) {System.out.println("Exception in
doAction");}
}
reqData.setSigCrypto(crypto);
decodeSignatureParameter(reqData);
}
Once doSenderAction gets to:
wssConfig.getAction(actionToDo).execute(this, actionToDo, doc, reqData);
I get the following error:
Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
Signature: error during message
procesingorg.apache.ws.security.WSSecurityException: General security
error (Unexpected number of X509Data: for Signature)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.ja
va:57)
Can anyone tell me what I'm doing wrong? Or if I need to provide more
information to get an answer?
Thanks,
Christopher Long