You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Miha Zoubek <mz...@gmail.com> on 2020/10/28 12:56:46 UTC
Issue with decrypting soap request
Hello
so my error is this:
HelloImplService has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Message part {http://www.w3.org/2001/04/xmlenc#}EncryptedData was not recognized. (Does it exist in service WSDL?)
Which is I guess due to my configuration of cfx part for deceyption. Signature, Timestamp are working perfectly.
public WSS4JStaxInInterceptor wss4JStaxInInterceptor() throws Exception {
WSSSecurityProperties inProperties = new WSSSecurityProperties();
//inProperties.addAction(WSSConstants.USERNAMETOKEN);
inProperties.addAction(WSSConstants.TIMESTAMP);
inProperties.addAction(WSSConstants.SIGNATURE);
inProperties.addAction(WSSConstants.ENCRYPTION);
inProperties.setEncryptionUser("xxx");
inProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("\"C:\\\\Users\\\\miha_\\\\OneDrive\\\\Dokumenti\\\\Job\\\\Lj\\\\Spring\\\\demo\\\\src\\\\main\\\\resources\\\\xxxx.jks"),"softnet_keystore_passwordo".toCharArray());;
inProperties.setMustUnderstand(false);
inProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("\"C:\\\\Users\\\\miha_\\\\OneDrive\\\\Dokumenti\\\\Job\\\\Lj\\\\Spring\\\\demo\\\\src\\\\main\\\\resources\\\\xxxx.jks"),"softnet_keystore_passwordo".toCharArray());
inProperties.setSignatureUser("cbd");
//inProperties.setSignatureVerificationCryptoProperties(wss4jInProperties());
//inProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST);
inProperties.setCallbackHandler(new ClientKeystorePasswordCallback());
WSS4JStaxInInterceptor wss4JStaxInInterceptor = new WSS4JStaxInInterceptor(inProperties);
return wss4JStaxInInterceptor;
}
I guess i will need also to provide secret for private key which is in jks (i have now only provided password to access jks store).
thank you
miha
Re: Issue with decrypting soap request
Posted by Miha Zoubek <mz...@gmail.com>.
Hi
on endpoint i have this:
properties.put("faultStackTraceEnabled", Boolean.TRUE);
properties.put("exceptionMessageCauseEnabled", Boolean.TRUE);
here is my full log (where you see in DECRPYT it is println in callback, to know that is triggered):
2020-11-04 08:11:01.043 INFO 45168 --- [nio-9010-exec-1] org.ehcache.core.EhcacheManager : Cache 'ws-security.timestamp.cache.instance-2067294935' created in EhcacheManager.
2020-11-04 08:11:01.221 INFO 45168 --- [nio-9010-exec-1] org.ehcache.core.EhcacheManager : Cache 'org.apache.cxf.ws.security.tokenstore.TokenStore-2067294935' created in EhcacheManager.
tessss
DECRPYT
passowrd: xxxx
2020-11-04 08:11:01.395 WARN 45168 --- [nio-9010-exec-1] o.a.cxf.phase.PhaseInterceptorChain : Interceptor for {http://operator.services.np.aek.seavus.com/}HelloImplService has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader: org.apache.wss4j.common.ext.WSSecurityException: A security error was encountered when verifying the message
at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:67) ~[cxf-rt-bindings-soap-3.4.0.jar:3.4.0]
at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:38) ~[cxf-rt-bindings-soap-3.4.0.jar:3.4.0]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) ~[cxf-core-3.4.0.jar:3.4.0]
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) ~[cxf-core-3.4.0.jar:3.4.0]
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0]
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0]
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:296) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:215) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:652) ~[tomcat-embed-core-9.0.38.jar:4.0.FR]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:271) ~[cxf-rt-transports-http-3.4.0.jar:3.4.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-embed-websocket-9.0.38.jar:9.0.38]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.38.jar:9.0.38]
at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
Caused by: javax.xml.stream.XMLStreamException: org.apache.wss4j.common.ext.WSSecurityException: A security error was encountered when verifying the message
at org.apache.wss4j.stax.impl.WSSecurityStreamReader.next(WSSecurityStreamReader.java:56) ~[wss4j-ws-security-stax-2.3.0.jar:2.3.0]
at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:60) ~[cxf-rt-bindings-soap-3.4.0.jar:3.4.0]
... 45 common frames omitted
Caused by: org.apache.wss4j.common.ext.WSSecurityException: A security error was encountered when verifying the message
... 47 common frames omitted
2020-11-04 08:11:01.408 INFO 45168 --- [nio-9010-exec-1] o.a.c.b.s.i.Soap12FaultOutInterceptor : class org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor$Soap12FaultOutInterceptorInternalapplication/soap+xml
On 2020/11/03 14:18:47, Colm O hEigeartaigh <co...@apache.org> wrote:
> You should enable debug logging to get the root cause of the failure.
>
> Colm.
>
> On Tue, Nov 3, 2020 at 9:47 AM Miha Zoubek <mz...@gmail.com> wrote:
>
> > Hello
> >
> > no, i have found what was the cause. It was the wrong path to jks file.
> > But now I am having different problem. Callback is now called but I get
> > error:
> >
> > <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
> > <soap:Body>
> > <soap:Fault>
> > <soap:Code>
> > <soap:Value>soap:Sender</soap:Value>
> > </soap:Code>
> > <soap:Reason>
> > <soap:Text xml:lang="en">Error reading XMLStreamReader:
> > org.apache.wss4j.common.ext.WSSecurityException: A security error was
> > encountered when verifying the message</soap:Text>
> > </soap:Reason>
> > <soap:Detail>
> > <stackTrace xmlns="http://cxf.apache.org/fault">Caused by:
> > javax.xml.stream.XMLStreamException:
> > org.apache.wss4j.common.ext.WSSecurityException: A security error was
> > encountered when verifying the message
> >
> > #*#org.apache.wss4j.stax.impl.WSSecurityStreamReader!next!WSSecurityStreamReader.java!56#*#org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor!handleMessage!StartBodyInterceptor.java!60#*#org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor!handleMessage!StartBodyInterceptor.java!38#*#org.apache.cxf.phase.PhaseInterceptorChain!doIntercept!PhaseInterceptorChain.java!308#*#org.apache.cxf.transport.ChainInitiationObserver!onMessage!ChainInitiationObserver.java!121#*#org.apache.cxf.transport.http.AbstractHTTPDestination!invoke!AbstractHTTPDestination.java!267#*#org.apache.cxf.transport.servlet.ServletController!invokeDestination!ServletController.java!234#*#org.apache.cxf.transport.servlet.ServletController!invoke!ServletController.java!208#*#org.apache.cxf.transport.servlet.ServletController!invoke!ServletController.java!160#*#org.apache.cxf.transport.servlet.CXFNonSpringServlet!invoke!CXFNonSpringServlet.java!225#*#org.apache.cxf.transport.servlet.AbstractHTTPServl
et!h
> >
> > andleRequest!AbstractHTTPServlet.java!296#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!doPost!AbstractHTTPServlet.java!215#*#javax.servlet.http.HttpServlet!service!HttpServlet.java!652#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!service!AbstractHTTPServlet.java!271#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!231#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.apache.tomcat.websocket.server.WsFilter!doFilter!WsFilter.java!53#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.RequestContextFilter!doFilterInternal!RequestContextFilter.java!100#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDo
Filt
> >
> > er!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.FormContentFilter!doFilterInternal!FormContentFilter.java!93#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.CharacterEncodingFilter!doFilterInternal!CharacterEncodingFilter.java!201#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.apache.catalina.core.StandardWrapperValve!invoke!StandardWrapperValve.java!202#*#org.apache.ca
tali
> >
> > na.core.StandardContextValve!invoke!StandardContextValve.java!97#*#org.apache.catalina.authenticator.AuthenticatorBase!invoke!AuthenticatorBase.java!541#*#org.apache.catalina.core.StandardHostValve!invoke!StandardHostValve.java!143#*#org.apache.catalina.valves.ErrorReportValve!invoke!ErrorReportValve.java!92#*#org.apache.catalina.core.StandardEngineValve!invoke!StandardEngineValve.java!78#*#org.apache.catalina.connector.CoyoteAdapter!service!CoyoteAdapter.java!343#*#org.apache.coyote.http11.Http11Processor!service!Http11Processor.java!374#*#org.apache.coyote.AbstractProcessorLight!process!AbstractProcessorLight.java!65#*#org.apache.coyote.AbstractProtocol$ConnectionHandler!process!AbstractProtocol.java!868#*#
> > org.apache.tomcat.util.net
> > .NioEndpoint$SocketProcessor!doRun!NioEndpoint.java!1590#*#
> > org.apache.tomcat.util.net
> > .SocketProcessorBase!run!SocketProcessorBase.java!49#*#java.util.concurrent.ThreadPoolExecutor!runWorker!ThreadPoolExecutor.java!1128#*#java.util.concurrent.ThreadPoolE
> > xecutor$Worker!run!ThreadPoolExecutor.java!628#*#org.apache.tomcat.util.threads.TaskThread$WrappingRunnable!run!TaskThread.java!61#*#java.lang.Thread!run!Thread.java!834#*#Caused
> > by: org.apache.wss4j.common.ext.WSSecurityException : A security error was
> > encountered when verifying the
> > message#*#org.apache.wss4j.stax.impl.WSSecurityStreamReader!next!WSSecurityStreamReader.java!56#*#org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor!handleMessage!StartBodyInterceptor.java!60#*#org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor!handleMessage!StartBodyInterceptor.java!38#*#org.apache.cxf.phase.PhaseInterceptorChain!doIntercept!PhaseInterceptorChain.java!308#*#org.apache.cxf.transport.ChainInitiationObserver!onMessage!ChainInitiationObserver.java!121#*#org.apache.cxf.transport.http.AbstractHTTPDestination!invoke!AbstractHTTPDestination.java!267#*#org.apache.cxf.transport.servlet.ServletController!invokeDestination!ServletController.java!234#*#org.apache.cxf.transport.s
> >
> > ervlet.ServletController!invoke!ServletController.java!208#*#org.apache.cxf.transport.servlet.ServletController!invoke!ServletController.java!160#*#org.apache.cxf.transport.servlet.CXFNonSpringServlet!invoke!CXFNonSpringServlet.java!225#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!handleRequest!AbstractHTTPServlet.java!296#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!doPost!AbstractHTTPServlet.java!215#*#javax.servlet.http.HttpServlet!service!HttpServlet.java!652#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!service!AbstractHTTPServlet.java!271#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!231#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.apache.tomcat.websocket.server.WsFilter!doFilter!WsFilter.java!53#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!do
Filt
> >
> > er!ApplicationFilterChain.java!166#*#org.springframework.web.filter.RequestContextFilter!doFilterInternal!RequestContextFilter.java!100#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.FormContentFilter!doFilterInternal!FormContentFilter.java!93#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.CharacterEncodingFilter!doFilterInternal!CharacterEncodingFilter.java!201#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!1
19#*
> >
> > #org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.apache.catalina.core.StandardWrapperValve!invoke!StandardWrapperValve.java!202#*#org.apache.catalina.core.StandardContextValve!invoke!StandardContextValve.java!97#*#org.apache.catalina.authenticator.AuthenticatorBase!invoke!AuthenticatorBase.java!541#*#org.apache.catalina.core.StandardHostValve!invoke!StandardHostValve.java!143#*#org.apache.catalina.valves.ErrorReportValve!invoke!ErrorReportValve.java!92#*#org.apache.catalina.core.StandardEngineValve!invoke!StandardEngineValve.java!78#*#org.apache.catalina.connector.CoyoteAdapter!service!CoyoteAdapter.java!343#*#org.apache.coyote.http11.Http11Processor!service!Http11Processor.java!374#*#org.apache.coyote.AbstractProcessorLight!process!AbstractProcessorLight.java!65#*#org.apache.coyote.AbstractProtocol$ConnectionHandler!process!AbstractPr
otoc
> >
> > ol.java!868#*#org.apache.tomcat.util.net.NioEndpoint$SocketProcessor!doRun!NioEndpoint.java!1590#*#org.
> > apache.tomcat.util.net
> > .SocketProcessorBase!run!SocketProcessorBase.java!49#*#java.util.concurrent.ThreadPoolExecutor!runWorker!ThreadPoolExecutor.java!1128#*#java.util.concurrent.ThreadPoolExecutor$Worker!run!ThreadPoolExecutor.java!628#*#org.apache.tomcat.util.threads.TaskThread$WrappingRunnable!run!TaskThread.java!61#*#java.lang.Thread!run!Thread.java!834#*#</stackTrace>
> > </soap:Detail>
> > </soap:Fault>
> > </soap:Body>
> > </soap:Envelope>
> >
> >
> > From what i can see it is this part of code:
> >
> > public void handleMessage(SoapMessage message) throws Fault {
> > if (this.isGET(message)) {
> > LOG.fine("StartBodyInterceptor skipped in HTTP GET method");
> > } else {
> > XMLStreamReader xmlReader =
> > (XMLStreamReader)message.getContent(XMLStreamReader.class);
> >
> > try {
> > for(int i = xmlReader.next(); i == 13 || i == 10; i =
> > xmlReader.next()) {
> > }
> >
> > } catch (XMLStreamException var4) {
> > throw new SoapFault(new Message("XML_STREAM_EXC", LOG, new
> > Object[]{var4.getMessage()}), var4, message.getVersion().getSender());
> > }
> > }
> > }
> >
> >
> > @Bean
> > public WSS4JStaxInInterceptor wss4JStaxInInterceptor() throws Exception
> > {
> > Properties properties;
> > Crypto crypto = CryptoFactory.getInstance(wss4jInProperties());
> >
> > WSSSecurityProperties inProperties = new WSSSecurityProperties();
> > inProperties.addAction(WSSConstants.TIMESTAMP);
> > inProperties.addAction(WSSConstants.SIGNATURE);
> > inProperties.setSoap12(true);
> > inProperties.addAction(WSSConstants.ENCRYPTION);
> >
> > inProperties.setEncryptionUser("xxx");
> >
> > inProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("xxx_keystore.jks"),"xxx_keystore_passwordo".toCharArray());
> > inProperties.setSignatureUser("softnet");
> >
> > inProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("xxx_keystore.jks"),"xxxx".toCharArray());
> >
> > inProperties.setCallbackHandler(new
> > ClientKeystorePasswordENCallback());
> >
> > WSS4JStaxInInterceptor wss4JStaxInInterceptor = new
> > WSS4JStaxInInterceptor(inProperties);
> >
> > return wss4JStaxInInterceptor;
> >
> > }
> >
> >
> >
> > On 2020/11/02 07:28:43, Colm O hEigeartaigh <co...@apache.org> wrote:
> > > If it's still a problem please consider creating a test-case that we can
> > > use to reproduce the issue.
> > >
> > > Colm.
> > >
> > > On Wed, Oct 28, 2020 at 2:21 PM Miha Zoubek <mz...@gmail.com> wrote:
> > >
> > > > Hello
> > > >
> > > > so my error is this:
> > > >
> > > > HelloImplService has thrown exception, unwinding now
> > > > org.apache.cxf.interceptor.Fault: Message part {
> > > > http://www.w3.org/2001/04/xmlenc#}EncryptedData was not recognized.
> > > > (Does it exist in service WSDL?)
> > > >
> > > > Which is I guess due to my configuration of cfx part for deceyption.
> > > > Signature, Timestamp are working perfectly.
> > > >
> > > > public WSS4JStaxInInterceptor wss4JStaxInInterceptor() throws
> > Exception {
> > > >
> > > > WSSSecurityProperties inProperties = new
> > WSSSecurityProperties();
> > > > //inProperties.addAction(WSSConstants.USERNAMETOKEN);
> > > > inProperties.addAction(WSSConstants.TIMESTAMP);
> > > > inProperties.addAction(WSSConstants.SIGNATURE);
> > > > inProperties.addAction(WSSConstants.ENCRYPTION);
> > > > inProperties.setEncryptionUser("xxx");
> > > >
> > > >
> > inProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("\"C:\\\\Users\\\\miha_\\\\OneDrive\\\\Dokumenti\\\\Job\\\\Lj\\\\Spring\\\\demo\\\\src\\\\main\\\\resources\\\\xxxx.jks"),"softnet_keystore_passwordo".toCharArray());;
> > > > inProperties.setMustUnderstand(false);
> > > >
> > > >
> > inProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("\"C:\\\\Users\\\\miha_\\\\OneDrive\\\\Dokumenti\\\\Job\\\\Lj\\\\Spring\\\\demo\\\\src\\\\main\\\\resources\\\\xxxx.jks"),"softnet_keystore_passwordo".toCharArray());
> > > > inProperties.setSignatureUser("cbd");
> > > >
> > > >
> > //inProperties.setSignatureVerificationCryptoProperties(wss4jInProperties());
> > > >
> > > >
> > > >
> > //inProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST);
> > > > inProperties.setCallbackHandler(new
> > > > ClientKeystorePasswordCallback());
> > > >
> > > > WSS4JStaxInInterceptor wss4JStaxInInterceptor = new
> > > > WSS4JStaxInInterceptor(inProperties);
> > > >
> > > > return wss4JStaxInInterceptor;
> > > >
> > > > }
> > > >
> > > > I guess i will need also to provide secret for private key which is in
> > jks
> > > > (i have now only provided password to access jks store).
> > > >
> > > > thank you
> > > > miha
> > > >
> > >
> >
>
Re: Issue with decrypting soap request
Posted by Colm O hEigeartaigh <co...@apache.org>.
You should enable debug logging to get the root cause of the failure.
Colm.
On Tue, Nov 3, 2020 at 9:47 AM Miha Zoubek <mz...@gmail.com> wrote:
> Hello
>
> no, i have found what was the cause. It was the wrong path to jks file.
> But now I am having different problem. Callback is now called but I get
> error:
>
> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
> <soap:Body>
> <soap:Fault>
> <soap:Code>
> <soap:Value>soap:Sender</soap:Value>
> </soap:Code>
> <soap:Reason>
> <soap:Text xml:lang="en">Error reading XMLStreamReader:
> org.apache.wss4j.common.ext.WSSecurityException: A security error was
> encountered when verifying the message</soap:Text>
> </soap:Reason>
> <soap:Detail>
> <stackTrace xmlns="http://cxf.apache.org/fault">Caused by:
> javax.xml.stream.XMLStreamException:
> org.apache.wss4j.common.ext.WSSecurityException: A security error was
> encountered when verifying the message
>
> #*#org.apache.wss4j.stax.impl.WSSecurityStreamReader!next!WSSecurityStreamReader.java!56#*#org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor!handleMessage!StartBodyInterceptor.java!60#*#org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor!handleMessage!StartBodyInterceptor.java!38#*#org.apache.cxf.phase.PhaseInterceptorChain!doIntercept!PhaseInterceptorChain.java!308#*#org.apache.cxf.transport.ChainInitiationObserver!onMessage!ChainInitiationObserver.java!121#*#org.apache.cxf.transport.http.AbstractHTTPDestination!invoke!AbstractHTTPDestination.java!267#*#org.apache.cxf.transport.servlet.ServletController!invokeDestination!ServletController.java!234#*#org.apache.cxf.transport.servlet.ServletController!invoke!ServletController.java!208#*#org.apache.cxf.transport.servlet.ServletController!invoke!ServletController.java!160#*#org.apache.cxf.transport.servlet.CXFNonSpringServlet!invoke!CXFNonSpringServlet.java!225#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!h
>
> andleRequest!AbstractHTTPServlet.java!296#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!doPost!AbstractHTTPServlet.java!215#*#javax.servlet.http.HttpServlet!service!HttpServlet.java!652#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!service!AbstractHTTPServlet.java!271#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!231#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.apache.tomcat.websocket.server.WsFilter!doFilter!WsFilter.java!53#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.RequestContextFilter!doFilterInternal!RequestContextFilter.java!100#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilt
>
> er!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.FormContentFilter!doFilterInternal!FormContentFilter.java!93#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.CharacterEncodingFilter!doFilterInternal!CharacterEncodingFilter.java!201#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.apache.catalina.core.StandardWrapperValve!invoke!StandardWrapperValve.java!202#*#org.apache.catali
>
> na.core.StandardContextValve!invoke!StandardContextValve.java!97#*#org.apache.catalina.authenticator.AuthenticatorBase!invoke!AuthenticatorBase.java!541#*#org.apache.catalina.core.StandardHostValve!invoke!StandardHostValve.java!143#*#org.apache.catalina.valves.ErrorReportValve!invoke!ErrorReportValve.java!92#*#org.apache.catalina.core.StandardEngineValve!invoke!StandardEngineValve.java!78#*#org.apache.catalina.connector.CoyoteAdapter!service!CoyoteAdapter.java!343#*#org.apache.coyote.http11.Http11Processor!service!Http11Processor.java!374#*#org.apache.coyote.AbstractProcessorLight!process!AbstractProcessorLight.java!65#*#org.apache.coyote.AbstractProtocol$ConnectionHandler!process!AbstractProtocol.java!868#*#
> org.apache.tomcat.util.net
> .NioEndpoint$SocketProcessor!doRun!NioEndpoint.java!1590#*#
> org.apache.tomcat.util.net
> .SocketProcessorBase!run!SocketProcessorBase.java!49#*#java.util.concurrent.ThreadPoolExecutor!runWorker!ThreadPoolExecutor.java!1128#*#java.util.concurrent.ThreadPoolE
> xecutor$Worker!run!ThreadPoolExecutor.java!628#*#org.apache.tomcat.util.threads.TaskThread$WrappingRunnable!run!TaskThread.java!61#*#java.lang.Thread!run!Thread.java!834#*#Caused
> by: org.apache.wss4j.common.ext.WSSecurityException : A security error was
> encountered when verifying the
> message#*#org.apache.wss4j.stax.impl.WSSecurityStreamReader!next!WSSecurityStreamReader.java!56#*#org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor!handleMessage!StartBodyInterceptor.java!60#*#org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor!handleMessage!StartBodyInterceptor.java!38#*#org.apache.cxf.phase.PhaseInterceptorChain!doIntercept!PhaseInterceptorChain.java!308#*#org.apache.cxf.transport.ChainInitiationObserver!onMessage!ChainInitiationObserver.java!121#*#org.apache.cxf.transport.http.AbstractHTTPDestination!invoke!AbstractHTTPDestination.java!267#*#org.apache.cxf.transport.servlet.ServletController!invokeDestination!ServletController.java!234#*#org.apache.cxf.transport.s
>
> ervlet.ServletController!invoke!ServletController.java!208#*#org.apache.cxf.transport.servlet.ServletController!invoke!ServletController.java!160#*#org.apache.cxf.transport.servlet.CXFNonSpringServlet!invoke!CXFNonSpringServlet.java!225#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!handleRequest!AbstractHTTPServlet.java!296#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!doPost!AbstractHTTPServlet.java!215#*#javax.servlet.http.HttpServlet!service!HttpServlet.java!652#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!service!AbstractHTTPServlet.java!271#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!231#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.apache.tomcat.websocket.server.WsFilter!doFilter!WsFilter.java!53#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilt
>
> er!ApplicationFilterChain.java!166#*#org.springframework.web.filter.RequestContextFilter!doFilterInternal!RequestContextFilter.java!100#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.FormContentFilter!doFilterInternal!FormContentFilter.java!93#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.CharacterEncodingFilter!doFilterInternal!CharacterEncodingFilter.java!201#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*
>
> #org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.apache.catalina.core.StandardWrapperValve!invoke!StandardWrapperValve.java!202#*#org.apache.catalina.core.StandardContextValve!invoke!StandardContextValve.java!97#*#org.apache.catalina.authenticator.AuthenticatorBase!invoke!AuthenticatorBase.java!541#*#org.apache.catalina.core.StandardHostValve!invoke!StandardHostValve.java!143#*#org.apache.catalina.valves.ErrorReportValve!invoke!ErrorReportValve.java!92#*#org.apache.catalina.core.StandardEngineValve!invoke!StandardEngineValve.java!78#*#org.apache.catalina.connector.CoyoteAdapter!service!CoyoteAdapter.java!343#*#org.apache.coyote.http11.Http11Processor!service!Http11Processor.java!374#*#org.apache.coyote.AbstractProcessorLight!process!AbstractProcessorLight.java!65#*#org.apache.coyote.AbstractProtocol$ConnectionHandler!process!AbstractProtoc
>
> ol.java!868#*#org.apache.tomcat.util.net.NioEndpoint$SocketProcessor!doRun!NioEndpoint.java!1590#*#org.
> apache.tomcat.util.net
> .SocketProcessorBase!run!SocketProcessorBase.java!49#*#java.util.concurrent.ThreadPoolExecutor!runWorker!ThreadPoolExecutor.java!1128#*#java.util.concurrent.ThreadPoolExecutor$Worker!run!ThreadPoolExecutor.java!628#*#org.apache.tomcat.util.threads.TaskThread$WrappingRunnable!run!TaskThread.java!61#*#java.lang.Thread!run!Thread.java!834#*#</stackTrace>
> </soap:Detail>
> </soap:Fault>
> </soap:Body>
> </soap:Envelope>
>
>
> From what i can see it is this part of code:
>
> public void handleMessage(SoapMessage message) throws Fault {
> if (this.isGET(message)) {
> LOG.fine("StartBodyInterceptor skipped in HTTP GET method");
> } else {
> XMLStreamReader xmlReader =
> (XMLStreamReader)message.getContent(XMLStreamReader.class);
>
> try {
> for(int i = xmlReader.next(); i == 13 || i == 10; i =
> xmlReader.next()) {
> }
>
> } catch (XMLStreamException var4) {
> throw new SoapFault(new Message("XML_STREAM_EXC", LOG, new
> Object[]{var4.getMessage()}), var4, message.getVersion().getSender());
> }
> }
> }
>
>
> @Bean
> public WSS4JStaxInInterceptor wss4JStaxInInterceptor() throws Exception
> {
> Properties properties;
> Crypto crypto = CryptoFactory.getInstance(wss4jInProperties());
>
> WSSSecurityProperties inProperties = new WSSSecurityProperties();
> inProperties.addAction(WSSConstants.TIMESTAMP);
> inProperties.addAction(WSSConstants.SIGNATURE);
> inProperties.setSoap12(true);
> inProperties.addAction(WSSConstants.ENCRYPTION);
>
> inProperties.setEncryptionUser("xxx");
>
> inProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("xxx_keystore.jks"),"xxx_keystore_passwordo".toCharArray());
> inProperties.setSignatureUser("softnet");
>
> inProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("xxx_keystore.jks"),"xxxx".toCharArray());
>
> inProperties.setCallbackHandler(new
> ClientKeystorePasswordENCallback());
>
> WSS4JStaxInInterceptor wss4JStaxInInterceptor = new
> WSS4JStaxInInterceptor(inProperties);
>
> return wss4JStaxInInterceptor;
>
> }
>
>
>
> On 2020/11/02 07:28:43, Colm O hEigeartaigh <co...@apache.org> wrote:
> > If it's still a problem please consider creating a test-case that we can
> > use to reproduce the issue.
> >
> > Colm.
> >
> > On Wed, Oct 28, 2020 at 2:21 PM Miha Zoubek <mz...@gmail.com> wrote:
> >
> > > Hello
> > >
> > > so my error is this:
> > >
> > > HelloImplService has thrown exception, unwinding now
> > > org.apache.cxf.interceptor.Fault: Message part {
> > > http://www.w3.org/2001/04/xmlenc#}EncryptedData was not recognized.
> > > (Does it exist in service WSDL?)
> > >
> > > Which is I guess due to my configuration of cfx part for deceyption.
> > > Signature, Timestamp are working perfectly.
> > >
> > > public WSS4JStaxInInterceptor wss4JStaxInInterceptor() throws
> Exception {
> > >
> > > WSSSecurityProperties inProperties = new
> WSSSecurityProperties();
> > > //inProperties.addAction(WSSConstants.USERNAMETOKEN);
> > > inProperties.addAction(WSSConstants.TIMESTAMP);
> > > inProperties.addAction(WSSConstants.SIGNATURE);
> > > inProperties.addAction(WSSConstants.ENCRYPTION);
> > > inProperties.setEncryptionUser("xxx");
> > >
> > >
> inProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("\"C:\\\\Users\\\\miha_\\\\OneDrive\\\\Dokumenti\\\\Job\\\\Lj\\\\Spring\\\\demo\\\\src\\\\main\\\\resources\\\\xxxx.jks"),"softnet_keystore_passwordo".toCharArray());;
> > > inProperties.setMustUnderstand(false);
> > >
> > >
> inProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("\"C:\\\\Users\\\\miha_\\\\OneDrive\\\\Dokumenti\\\\Job\\\\Lj\\\\Spring\\\\demo\\\\src\\\\main\\\\resources\\\\xxxx.jks"),"softnet_keystore_passwordo".toCharArray());
> > > inProperties.setSignatureUser("cbd");
> > >
> > >
> //inProperties.setSignatureVerificationCryptoProperties(wss4jInProperties());
> > >
> > >
> > >
> //inProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST);
> > > inProperties.setCallbackHandler(new
> > > ClientKeystorePasswordCallback());
> > >
> > > WSS4JStaxInInterceptor wss4JStaxInInterceptor = new
> > > WSS4JStaxInInterceptor(inProperties);
> > >
> > > return wss4JStaxInInterceptor;
> > >
> > > }
> > >
> > > I guess i will need also to provide secret for private key which is in
> jks
> > > (i have now only provided password to access jks store).
> > >
> > > thank you
> > > miha
> > >
> >
>
Re: Issue with decrypting soap request
Posted by Miha Zoubek <mz...@gmail.com>.
Hello
no, i have found what was the cause. It was the wrong path to jks file. But now I am having different problem. Callback is now called but I get error:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Body>
<soap:Fault>
<soap:Code>
<soap:Value>soap:Sender</soap:Value>
</soap:Code>
<soap:Reason>
<soap:Text xml:lang="en">Error reading XMLStreamReader: org.apache.wss4j.common.ext.WSSecurityException: A security error was encountered when verifying the message</soap:Text>
</soap:Reason>
<soap:Detail>
<stackTrace xmlns="http://cxf.apache.org/fault">Caused by: javax.xml.stream.XMLStreamException: org.apache.wss4j.common.ext.WSSecurityException: A security error was encountered when verifying the message
#*#org.apache.wss4j.stax.impl.WSSecurityStreamReader!next!WSSecurityStreamReader.java!56#*#org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor!handleMessage!StartBodyInterceptor.java!60#*#org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor!handleMessage!StartBodyInterceptor.java!38#*#org.apache.cxf.phase.PhaseInterceptorChain!doIntercept!PhaseInterceptorChain.java!308#*#org.apache.cxf.transport.ChainInitiationObserver!onMessage!ChainInitiationObserver.java!121#*#org.apache.cxf.transport.http.AbstractHTTPDestination!invoke!AbstractHTTPDestination.java!267#*#org.apache.cxf.transport.servlet.ServletController!invokeDestination!ServletController.java!234#*#org.apache.cxf.transport.servlet.ServletController!invoke!ServletController.java!208#*#org.apache.cxf.transport.servlet.ServletController!invoke!ServletController.java!160#*#org.apache.cxf.transport.servlet.CXFNonSpringServlet!invoke!CXFNonSpringServlet.java!225#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!h
andleRequest!AbstractHTTPServlet.java!296#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!doPost!AbstractHTTPServlet.java!215#*#javax.servlet.http.HttpServlet!service!HttpServlet.java!652#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!service!AbstractHTTPServlet.java!271#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!231#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.apache.tomcat.websocket.server.WsFilter!doFilter!WsFilter.java!53#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.RequestContextFilter!doFilterInternal!RequestContextFilter.java!100#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilt
er!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.FormContentFilter!doFilterInternal!FormContentFilter.java!93#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.CharacterEncodingFilter!doFilterInternal!CharacterEncodingFilter.java!201#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.apache.catalina.core.StandardWrapperValve!invoke!StandardWrapperValve.java!202#*#org.apache.catali
na.core.StandardContextValve!invoke!StandardContextValve.java!97#*#org.apache.catalina.authenticator.AuthenticatorBase!invoke!AuthenticatorBase.java!541#*#org.apache.catalina.core.StandardHostValve!invoke!StandardHostValve.java!143#*#org.apache.catalina.valves.ErrorReportValve!invoke!ErrorReportValve.java!92#*#org.apache.catalina.core.StandardEngineValve!invoke!StandardEngineValve.java!78#*#org.apache.catalina.connector.CoyoteAdapter!service!CoyoteAdapter.java!343#*#org.apache.coyote.http11.Http11Processor!service!Http11Processor.java!374#*#org.apache.coyote.AbstractProcessorLight!process!AbstractProcessorLight.java!65#*#org.apache.coyote.AbstractProtocol$ConnectionHandler!process!AbstractProtocol.java!868#*#org.apache.tomcat.util.net.NioEndpoint$SocketProcessor!doRun!NioEndpoint.java!1590#*#org.apache.tomcat.util.net.SocketProcessorBase!run!SocketProcessorBase.java!49#*#java.util.concurrent.ThreadPoolExecutor!runWorker!ThreadPoolExecutor.java!1128#*#java.util.concurrent.ThreadPoolE
xecutor$Worker!run!ThreadPoolExecutor.java!628#*#org.apache.tomcat.util.threads.TaskThread$WrappingRunnable!run!TaskThread.java!61#*#java.lang.Thread!run!Thread.java!834#*#Caused by: org.apache.wss4j.common.ext.WSSecurityException : A security error was encountered when verifying the message#*#org.apache.wss4j.stax.impl.WSSecurityStreamReader!next!WSSecurityStreamReader.java!56#*#org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor!handleMessage!StartBodyInterceptor.java!60#*#org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor!handleMessage!StartBodyInterceptor.java!38#*#org.apache.cxf.phase.PhaseInterceptorChain!doIntercept!PhaseInterceptorChain.java!308#*#org.apache.cxf.transport.ChainInitiationObserver!onMessage!ChainInitiationObserver.java!121#*#org.apache.cxf.transport.http.AbstractHTTPDestination!invoke!AbstractHTTPDestination.java!267#*#org.apache.cxf.transport.servlet.ServletController!invokeDestination!ServletController.java!234#*#org.apache.cxf.transport.s
ervlet.ServletController!invoke!ServletController.java!208#*#org.apache.cxf.transport.servlet.ServletController!invoke!ServletController.java!160#*#org.apache.cxf.transport.servlet.CXFNonSpringServlet!invoke!CXFNonSpringServlet.java!225#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!handleRequest!AbstractHTTPServlet.java!296#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!doPost!AbstractHTTPServlet.java!215#*#javax.servlet.http.HttpServlet!service!HttpServlet.java!652#*#org.apache.cxf.transport.servlet.AbstractHTTPServlet!service!AbstractHTTPServlet.java!271#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!231#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.apache.tomcat.websocket.server.WsFilter!doFilter!WsFilter.java!53#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilt
er!ApplicationFilterChain.java!166#*#org.springframework.web.filter.RequestContextFilter!doFilterInternal!RequestContextFilter.java!100#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.FormContentFilter!doFilterInternal!FormContentFilter.java!93#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.springframework.web.filter.CharacterEncodingFilter!doFilterInternal!CharacterEncodingFilter.java!201#*#org.springframework.web.filter.OncePerRequestFilter!doFilter!OncePerRequestFilter.java!119#*
#org.apache.catalina.core.ApplicationFilterChain!internalDoFilter!ApplicationFilterChain.java!193#*#org.apache.catalina.core.ApplicationFilterChain!doFilter!ApplicationFilterChain.java!166#*#org.apache.catalina.core.StandardWrapperValve!invoke!StandardWrapperValve.java!202#*#org.apache.catalina.core.StandardContextValve!invoke!StandardContextValve.java!97#*#org.apache.catalina.authenticator.AuthenticatorBase!invoke!AuthenticatorBase.java!541#*#org.apache.catalina.core.StandardHostValve!invoke!StandardHostValve.java!143#*#org.apache.catalina.valves.ErrorReportValve!invoke!ErrorReportValve.java!92#*#org.apache.catalina.core.StandardEngineValve!invoke!StandardEngineValve.java!78#*#org.apache.catalina.connector.CoyoteAdapter!service!CoyoteAdapter.java!343#*#org.apache.coyote.http11.Http11Processor!service!Http11Processor.java!374#*#org.apache.coyote.AbstractProcessorLight!process!AbstractProcessorLight.java!65#*#org.apache.coyote.AbstractProtocol$ConnectionHandler!process!AbstractProtoc
ol.java!868#*#org.apache.tomcat.util.net.NioEndpoint$SocketProcessor!doRun!NioEndpoint.java!1590#*#org.apache.tomcat.util.net.SocketProcessorBase!run!SocketProcessorBase.java!49#*#java.util.concurrent.ThreadPoolExecutor!runWorker!ThreadPoolExecutor.java!1128#*#java.util.concurrent.ThreadPoolExecutor$Worker!run!ThreadPoolExecutor.java!628#*#org.apache.tomcat.util.threads.TaskThread$WrappingRunnable!run!TaskThread.java!61#*#java.lang.Thread!run!Thread.java!834#*#</stackTrace>
</soap:Detail>
</soap:Fault>
</soap:Body>
</soap:Envelope>
From what i can see it is this part of code:
public void handleMessage(SoapMessage message) throws Fault {
if (this.isGET(message)) {
LOG.fine("StartBodyInterceptor skipped in HTTP GET method");
} else {
XMLStreamReader xmlReader = (XMLStreamReader)message.getContent(XMLStreamReader.class);
try {
for(int i = xmlReader.next(); i == 13 || i == 10; i = xmlReader.next()) {
}
} catch (XMLStreamException var4) {
throw new SoapFault(new Message("XML_STREAM_EXC", LOG, new Object[]{var4.getMessage()}), var4, message.getVersion().getSender());
}
}
}
@Bean
public WSS4JStaxInInterceptor wss4JStaxInInterceptor() throws Exception {
Properties properties;
Crypto crypto = CryptoFactory.getInstance(wss4jInProperties());
WSSSecurityProperties inProperties = new WSSSecurityProperties();
inProperties.addAction(WSSConstants.TIMESTAMP);
inProperties.addAction(WSSConstants.SIGNATURE);
inProperties.setSoap12(true);
inProperties.addAction(WSSConstants.ENCRYPTION);
inProperties.setEncryptionUser("xxx");
inProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("xxx_keystore.jks"),"xxx_keystore_passwordo".toCharArray());
inProperties.setSignatureUser("softnet");
inProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("xxx_keystore.jks"),"xxxx".toCharArray());
inProperties.setCallbackHandler(new ClientKeystorePasswordENCallback());
WSS4JStaxInInterceptor wss4JStaxInInterceptor = new WSS4JStaxInInterceptor(inProperties);
return wss4JStaxInInterceptor;
}
On 2020/11/02 07:28:43, Colm O hEigeartaigh <co...@apache.org> wrote:
> If it's still a problem please consider creating a test-case that we can
> use to reproduce the issue.
>
> Colm.
>
> On Wed, Oct 28, 2020 at 2:21 PM Miha Zoubek <mz...@gmail.com> wrote:
>
> > Hello
> >
> > so my error is this:
> >
> > HelloImplService has thrown exception, unwinding now
> > org.apache.cxf.interceptor.Fault: Message part {
> > http://www.w3.org/2001/04/xmlenc#}EncryptedData was not recognized.
> > (Does it exist in service WSDL?)
> >
> > Which is I guess due to my configuration of cfx part for deceyption.
> > Signature, Timestamp are working perfectly.
> >
> > public WSS4JStaxInInterceptor wss4JStaxInInterceptor() throws Exception {
> >
> > WSSSecurityProperties inProperties = new WSSSecurityProperties();
> > //inProperties.addAction(WSSConstants.USERNAMETOKEN);
> > inProperties.addAction(WSSConstants.TIMESTAMP);
> > inProperties.addAction(WSSConstants.SIGNATURE);
> > inProperties.addAction(WSSConstants.ENCRYPTION);
> > inProperties.setEncryptionUser("xxx");
> >
> > inProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("\"C:\\\\Users\\\\miha_\\\\OneDrive\\\\Dokumenti\\\\Job\\\\Lj\\\\Spring\\\\demo\\\\src\\\\main\\\\resources\\\\xxxx.jks"),"softnet_keystore_passwordo".toCharArray());;
> > inProperties.setMustUnderstand(false);
> >
> > inProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("\"C:\\\\Users\\\\miha_\\\\OneDrive\\\\Dokumenti\\\\Job\\\\Lj\\\\Spring\\\\demo\\\\src\\\\main\\\\resources\\\\xxxx.jks"),"softnet_keystore_passwordo".toCharArray());
> > inProperties.setSignatureUser("cbd");
> >
> > //inProperties.setSignatureVerificationCryptoProperties(wss4jInProperties());
> >
> >
> > //inProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST);
> > inProperties.setCallbackHandler(new
> > ClientKeystorePasswordCallback());
> >
> > WSS4JStaxInInterceptor wss4JStaxInInterceptor = new
> > WSS4JStaxInInterceptor(inProperties);
> >
> > return wss4JStaxInInterceptor;
> >
> > }
> >
> > I guess i will need also to provide secret for private key which is in jks
> > (i have now only provided password to access jks store).
> >
> > thank you
> > miha
> >
>
Re: Issue with decrypting soap request
Posted by Colm O hEigeartaigh <co...@apache.org>.
If it's still a problem please consider creating a test-case that we can
use to reproduce the issue.
Colm.
On Wed, Oct 28, 2020 at 2:21 PM Miha Zoubek <mz...@gmail.com> wrote:
> Hello
>
> so my error is this:
>
> HelloImplService has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Message part {
> http://www.w3.org/2001/04/xmlenc#}EncryptedData was not recognized.
> (Does it exist in service WSDL?)
>
> Which is I guess due to my configuration of cfx part for deceyption.
> Signature, Timestamp are working perfectly.
>
> public WSS4JStaxInInterceptor wss4JStaxInInterceptor() throws Exception {
>
> WSSSecurityProperties inProperties = new WSSSecurityProperties();
> //inProperties.addAction(WSSConstants.USERNAMETOKEN);
> inProperties.addAction(WSSConstants.TIMESTAMP);
> inProperties.addAction(WSSConstants.SIGNATURE);
> inProperties.addAction(WSSConstants.ENCRYPTION);
> inProperties.setEncryptionUser("xxx");
>
> inProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("\"C:\\\\Users\\\\miha_\\\\OneDrive\\\\Dokumenti\\\\Job\\\\Lj\\\\Spring\\\\demo\\\\src\\\\main\\\\resources\\\\xxxx.jks"),"softnet_keystore_passwordo".toCharArray());;
> inProperties.setMustUnderstand(false);
>
> inProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("\"C:\\\\Users\\\\miha_\\\\OneDrive\\\\Dokumenti\\\\Job\\\\Lj\\\\Spring\\\\demo\\\\src\\\\main\\\\resources\\\\xxxx.jks"),"softnet_keystore_passwordo".toCharArray());
> inProperties.setSignatureUser("cbd");
>
> //inProperties.setSignatureVerificationCryptoProperties(wss4jInProperties());
>
>
> //inProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST);
> inProperties.setCallbackHandler(new
> ClientKeystorePasswordCallback());
>
> WSS4JStaxInInterceptor wss4JStaxInInterceptor = new
> WSS4JStaxInInterceptor(inProperties);
>
> return wss4JStaxInInterceptor;
>
> }
>
> I guess i will need also to provide secret for private key which is in jks
> (i have now only provided password to access jks store).
>
> thank you
> miha
>