You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by Mark White <as...@gmail.com> on 2013/12/22 20:28:57 UTC
Apache Axis + WSS4J Issue?
org.apache.ws.security.WSSecurityException: Error during Signature:
Caused by: org.apache.ws.security.WSSecurityException: General security
error (No certificates for user
1aebbd965b6a781985262f599706985279373c1c were found for signature)
I am using Axis 1.5 and WSS4j 1.5 (I know, old), and It can't find my
private key I've listed in my KeyStore. I have tried finding the
PrivateKey by SHA1 Hash, and also by Certificate Alias.
This question has been asked before on StackExhange, but their problem, was
that their certificate type in the KeyStore wasn't a "PrivateKeyEntry".
Mine is. See:
Alias name: public_cert
Creation date: Dec 17, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: Removed
Issuer: Removed
Serial number: 9eda2ff9da33db0e
Valid from: Fri Dec 06 14:34:49 EST 2013 until: Sat Dec 06 14:34:49 EST
2014
Certificate fingerprints:
MD5: B9:56:CB:18:8E:2F:CC:5B:50:E0:EE:CD:A1:39:B7:C6
SHA1:
1A:EB:BD:96:5B:6A:78:19:85:26:2F:59:97:06:98:52:79:37:3C:1C
SHA256:
DC:60:1D:7A:A8:93:70:EF:D2:C1:B4:A5:C3:91:92:D8:0B:FD:9D:88:3A:B0:F2:8D:4F:7C:1F:01:C3:72:71:4C
Signature algorithm name: SHA1withRSA
Version: 1
My Crypto File:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=JKS
org.apache.ws.security.crypto.merlin.keystore.alias=public_cert
org.apache.ws.security.crypto.merlin.keystore.file=C:\\Path\\my_keystore.jks
org.apache.ws.security.crypto.merlin.keystore.password=changeit
My WSDD:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java
">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="user" value="public_cert"/>
<parameter name="passwordCallbackClass"
value="com.mypackage"/>
<parameter name="action" value="Signature"/>
<parameter name="signatureParts" value="{}{
http://schemas.xmlsoap.org/soap/envelope/}Body;STRTransform" />
<parameter name="signatureKeyIdentifier"
value="DirectReference" />
<parameter name="signaturePropFile"
value="crypto.properties" />
<parameter name="mustUnderstand" value="0"/>
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
I have tried combinations of both
<parameter name="user" value="public_cert"/>
<parameter name="user"
value="1aebbd965b6a781985262f599706985279373c1c"/>
For both "user", and "signatureUser".
Here is my Password Callback Class:
public PasswordCallback implements CallbackHandler {
@Override
public void handle(javax.security.auth.callback.Callback[]
callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
pc.setPassword("changeit");
} else {
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
}
}
}
}
However, when I do all of this programatically (setup my own handlers,
initiate a WSSecBuilder, and do a Builder.setUserInfo(User, Pw), It can
find the PrivateKey O.K.
I have tried everything possible, has anyone else ever had this problem?
Or does anyone know something that I may be doing wrong? A known bug with
the older axis'? I've tried different keystore types, pkcs12, etc, and all
yield the same error.... "General security error (No certificates for user"
Any help would be greatly appreciated! I am pulling my hair out.
RE: Apache Axis + WSS4J Issue?
Posted by Martin Gainty <mg...@hotmail.com>.
WSS4j is a WS-Security Implementation
Rampart configuration handles the security parameters
Martin Gainty
______________________________________________
Jogi és Bizalmassági kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Ez az üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet ezen üzenet tartalma miatt.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
Date: Sun, 22 Dec 2013 14:28:57 -0500
Subject: Apache Axis + WSS4J Issue?
From: asdfkirby@gmail.com
To: dev@ws.apache.org
org.apache.ws.security.WSSecurityException: Error during Signature:
Caused by: org.apache.ws.security.WSSecurityException: General security error (No certificates for user 1aebbd965b6a781985262f599706985279373c1c were found for signature)
I am using Axis 1.5 and WSS4j 1.5 (I know, old), and It can't find my private key I've listed in my KeyStore. I have tried finding the PrivateKey by SHA1 Hash, and also by Certificate Alias.
This question has been asked before on StackExhange, but their problem, was that their certificate type in the KeyStore wasn't a "PrivateKeyEntry". Mine is. See:
Alias name: public_cert
Creation date: Dec 17, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: Removed
Issuer: Removed
Serial number: 9eda2ff9da33db0e
Valid from: Fri Dec 06 14:34:49 EST 2013 until: Sat Dec 06 14:34:49 EST 2014
Certificate fingerprints:
MD5: B9:56:CB:18:8E:2F:CC:5B:50:E0:EE:CD:A1:39:B7:C6
SHA1: 1A:EB:BD:96:5B:6A:78:19:85:26:2F:59:97:06:98:52:79:37:3C:1C
SHA256: DC:60:1D:7A:A8:93:70:EF:D2:C1:B4:A5:C3:91:92:D8:0B:FD:9D:88:3A:B0:F2:8D:4F:7C:1F:01:C3:72:71:4C
Signature algorithm name: SHA1withRSA
Version: 1
My Crypto File:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=JKS
org.apache.ws.security.crypto.merlin.keystore.alias=public_cert
org.apache.ws.security.crypto.merlin.keystore.file=C:\\Path\\my_keystore.jks
org.apache.ws.security.crypto.merlin.keystore.password=changeit
My WSDD:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="user" value="public_cert"/>
<parameter name="passwordCallbackClass" value="com.mypackage"/>
<parameter name="action" value="Signature"/>
<parameter name="signatureParts" value="{}{http://schemas.xmlsoap.org/soap/envelope/}Body;STRTransform" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="mustUnderstand" value="0"/>
<!-- do you really want the SoapService to ignore the headers ? -->
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
<!-- so in rampart you can configure InflowSecurity to accept crypto.properties -->
<!-- engage rampart -->
<module ref="rampart" />
<!-- configure InflowSecurity to accept crypto.properties -->
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature</items>
<signaturePropFile>crypto.properties</signaturePropFile>
</action>
</parameter>
http://www.ibm.com/developerworks/webservices/library/ws-Axis2/
MG>
I have tried combinations of both
<parameter name="user" value="public_cert"/>
<parameter name="user" value="1aebbd965b6a781985262f599706985279373c1c"/>
For both "user", and "signatureUser".
Here is my Password Callback Class:
public PasswordCallback implements CallbackHandler {
@Override
public void handle(javax.security.auth.callback.Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
pc.setPassword("changeit");
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
}
}
}
However, when I do all of this programatically (setup my own handlers, initiate a WSSecBuilder, and do a Builder.setUserInfo(User, Pw), It can find the PrivateKey O.K.
I have tried everything possible, has anyone else ever had this problem? Or does anyone know something that I may be doing wrong? A known bug with the older axis'? I've tried different keystore types, pkcs12, etc, and all yield the same error.... "General security error (No certificates for user"
Any help would be greatly appreciated! I am pulling my hair out.