You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Laurent COLLET <la...@predict.fr> on 2005/09/01 09:36:19 UTC
Unexpected number of X509Data
Hi,
Yesterday I make a mistake in my pb description:
here is my error:
1 sept. 2005 09:21:42
org.apache.ws.security.components.crypto.CryptoFactory loadClass
INFO: Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
WSDoAllSender: Signature: error during message
procesingorg.apache.ws.security.WSSecurityException: General security
error (Unexpected number of X509Data: for Signature)
AxisFault
faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: WSDoAllSender: Signature: error during message procesing
org.apache.ws.security.WSSecurityException: General security error
(Unexpected number of X509Data: for Signature)
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:WSDoAllSender: Signature:
error during message
procesingorg.apache.ws.security.WSSecurityException: General security
error (Unexpected number of X509Data: for Signature)
at
org.apache.ws.axis.security.WSDoAllSender.performSIGNAction(WSDoAllSender.java:416)
...
I don't understand this error, I hope you can help me.
I have:
- a client certificate given by a CA named client.cer
- a server certificate ... server.cer
- a CA certificate ... ca.cer
here is the command I do:
keytool -import -file client.cer -alias client -keystore client.jks
keytool -import -file server.cer -alias server -keystore client.jks
keytool -import -file ca.cer -alias ca -keystore client.jks
(I tried to import only the client certificate and the result is the
same. Even if for instance I just want to sign request, I will later
encrypt datas)
the next snipet show my crypto.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=azerty
org.apache.ws.security.crypto.merlin.keystore.alias=client
org.apache.ws.security.crypto.merlin.alias.password=azerty
org.apache.ws.security.crypto.merlin.file=conf/cert/client.jks
and finally, my deply.wsdd:
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature" />
<parameter name="user" value="Client" />
<parameter name="passwordCallbackClass"
value="ws.PWCallback" />
<parameter name="signaturePropFile"
value="crypto.properties" />
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
Thanks in advance,
Laurent
Granqvist, Hans a écrit :
>What is the error you get?
>
>Did you build the wss4j.jar and copy it to axis lib?
>
>
>
>>-----Original Message-----
>>From: Laurent COLLET [mailto:laurent.collet@predict.fr]
>>Sent: Wednesday, August 31, 2005 8:23 AM
>>To: wss4j-dev@ws.apache.org
>>Subject: crypto provider
>>
>>I found in the crypto.properties file that the prgm use
>>org.apache.ws.security.crypto.provider,
>>org.apache.ws.security.crypto.merlin.* ... but I can't find
>>any of these classes. I think I hadn't the well jar files,
>>but I have already installed all the jar files written in the
>>readme.txt: openSAML, BouncyCastle, XMLSec...
>>(My aim is signing request from the client to the server)
>>
>>Can you tell me where I can find these classes?
>>
>>Thanks in advance,
>>Laurent
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>>
>>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Unexpected number of X509Data
Posted by Werner Dittmann <We...@t-online.de>.
Thus usually is due to that fact that the certifcate can be found.
Two reasons:
- the alias name for the key/vertificate does not exist
- the password to unlock the private key is not correct (this is
the password the callback class should return). This password
is different from the keystore's password and keytool usually
requests it during import.
In you case, according to the output you sent I would go for a wrong
alias name - watch upper- and lowcase when importing the cert and
when definig it n the WSDD file.
Regards,
Werner
Laurent COLLET wrote:
> Hi,
>
> Yesterday I make a mistake in my pb description:
>
> here is my error:
> 1 sept. 2005 09:21:42
> org.apache.ws.security.components.crypto.CryptoFactory loadClass
> INFO: Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
> WSDoAllSender: Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature)
> AxisFault
> faultCode:
> {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
> faultSubcode:
> faultString: WSDoAllSender: Signature: error during message procesing
> org.apache.ws.security.WSSecurityException: General security error
> (Unexpected number of X509Data: for Signature)
> faultActor:
> faultNode:
> faultDetail:
> {http://xml.apache.org/axis/}stackTrace:WSDoAllSender: Signature:
> error during message
> procesingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature)
> at
> org.apache.ws.axis.security.WSDoAllSender.performSIGNAction(WSDoAllSender.java:416)
>
> ...
>
>
> I don't understand this error, I hope you can help me.
>
>
> I have:
> - a client certificate given by a CA named client.cer
> - a server certificate ... server.cer
> - a CA certificate ... ca.cer
>
> here is the command I do:
> keytool -import -file client.cer -alias client -keystore client.jks
> keytool -import -file server.cer -alias server -keystore client.jks
> keytool -import -file ca.cer -alias ca -keystore client.jks
>
> (I tried to import only the client certificate and the result is the
> same. Even if for instance I just want to sign request, I will later
> encrypt datas)
>
> the next snipet show my crypto.properties
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=azerty
> org.apache.ws.security.crypto.merlin.keystore.alias=client
> org.apache.ws.security.crypto.merlin.alias.password=azerty
> org.apache.ws.security.crypto.merlin.file=conf/cert/client.jks
>
> and finally, my deply.wsdd:
> <?xml version="1.0" encoding="UTF-8"?>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration>
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
> <parameter name="action" value="Signature" />
> <parameter name="user" value="Client" />
> <parameter name="passwordCallbackClass"
> value="ws.PWCallback" />
> <parameter name="signaturePropFile"
> value="crypto.properties" />
> </handler>
> </requestFlow>
> </globalConfiguration>
> </deployment>
>
>
>
>
> Thanks in advance,
> Laurent
>
>
>
>
> Granqvist, Hans a écrit :
>
>> What is the error you get?
>>
>> Did you build the wss4j.jar and copy it to axis lib?
>>
>>
>>> -----Original Message-----
>>> From: Laurent COLLET [mailto:laurent.collet@predict.fr] Sent:
>>> Wednesday, August 31, 2005 8:23 AM
>>> To: wss4j-dev@ws.apache.org
>>> Subject: crypto provider
>>>
>>> I found in the crypto.properties file that the prgm use
>>> org.apache.ws.security.crypto.provider,
>>> org.apache.ws.security.crypto.merlin.* ... but I can't find any of
>>> these classes. I think I hadn't the well jar files, but I have
>>> already installed all the jar files written in the readme.txt:
>>> openSAML, BouncyCastle, XMLSec...
>>> (My aim is signing request from the client to the server)
>>>
>>> Can you tell me where I can find these classes?
>>>
>>> Thanks in advance,
>>> Laurent
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Unexpected number of X509Data
Posted by Werner Dittmann <We...@t-online.de>.
Thus usually is due to that fact that the certifcate can be found.
Two reasons:
- the alias name for the key/vertificate does not exist
- the password to unlock the private key is not correct (this is
the password the callback class should return). This password
is different from the keystore's password and keytool usually
requests it during import.
In you case, according to the output you sent I would go for a wrong
alias name - watch upper- and lowcase when importing the cert and
when definig it n the WSDD file.
Regards,
Werner
Laurent COLLET wrote:
> Hi,
>
> Yesterday I make a mistake in my pb description:
>
> here is my error:
> 1 sept. 2005 09:21:42
> org.apache.ws.security.components.crypto.CryptoFactory loadClass
> INFO: Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
> WSDoAllSender: Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature)
> AxisFault
> faultCode:
> {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
> faultSubcode:
> faultString: WSDoAllSender: Signature: error during message procesing
> org.apache.ws.security.WSSecurityException: General security error
> (Unexpected number of X509Data: for Signature)
> faultActor:
> faultNode:
> faultDetail:
> {http://xml.apache.org/axis/}stackTrace:WSDoAllSender: Signature:
> error during message
> procesingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature)
> at
> org.apache.ws.axis.security.WSDoAllSender.performSIGNAction(WSDoAllSender.java:416)
>
> ...
>
>
> I don't understand this error, I hope you can help me.
>
>
> I have:
> - a client certificate given by a CA named client.cer
> - a server certificate ... server.cer
> - a CA certificate ... ca.cer
>
> here is the command I do:
> keytool -import -file client.cer -alias client -keystore client.jks
> keytool -import -file server.cer -alias server -keystore client.jks
> keytool -import -file ca.cer -alias ca -keystore client.jks
>
> (I tried to import only the client certificate and the result is the
> same. Even if for instance I just want to sign request, I will later
> encrypt datas)
>
> the next snipet show my crypto.properties
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=azerty
> org.apache.ws.security.crypto.merlin.keystore.alias=client
> org.apache.ws.security.crypto.merlin.alias.password=azerty
> org.apache.ws.security.crypto.merlin.file=conf/cert/client.jks
>
> and finally, my deply.wsdd:
> <?xml version="1.0" encoding="UTF-8"?>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration>
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
> <parameter name="action" value="Signature" />
> <parameter name="user" value="Client" />
> <parameter name="passwordCallbackClass"
> value="ws.PWCallback" />
> <parameter name="signaturePropFile"
> value="crypto.properties" />
> </handler>
> </requestFlow>
> </globalConfiguration>
> </deployment>
>
>
>
>
> Thanks in advance,
> Laurent
>
>
>
>
> Granqvist, Hans a écrit :
>
>> What is the error you get?
>>
>> Did you build the wss4j.jar and copy it to axis lib?
>>
>>
>>> -----Original Message-----
>>> From: Laurent COLLET [mailto:laurent.collet@predict.fr] Sent:
>>> Wednesday, August 31, 2005 8:23 AM
>>> To: wss4j-dev@ws.apache.org
>>> Subject: crypto provider
>>>
>>> I found in the crypto.properties file that the prgm use
>>> org.apache.ws.security.crypto.provider,
>>> org.apache.ws.security.crypto.merlin.* ... but I can't find any of
>>> these classes. I think I hadn't the well jar files, but I have
>>> already installed all the jar files written in the readme.txt:
>>> openSAML, BouncyCastle, XMLSec...
>>> (My aim is signing request from the client to the server)
>>>
>>> Can you tell me where I can find these classes?
>>>
>>> Thanks in advance,
>>> Laurent
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org