axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruchith Fernando" <ruchith.ferna...@gmail.com>
Subject Re: General security error (Unexpected number of X509Data: for Signature)
Date Wed, 05 Dec 2007 06:46:00 GMT
Yep ... everything looks fine ... However I'm wondering whether you
have any other client_crypto.properties file in your classpath that
causes the wrong keystore to be picked where there's no key with alias
test123.

Therefore can you please rename the keystore file and the .properties
file and check.

Thanks,
Ruchith

On Dec 5, 2007 5:50 AM, Rachel Primrose <rachel.primrose@gmail.com> wrote:
> Hello,
>
> I've been having trouble signing my messages as they go out, and the
> usual "is the alias the right one" solution I've been reading about
> does not work!
>
> Here is my keystore:
>
> Keystore type: PKCS12
> Keystore provider: SunJSSE
>
> Your keystore contains 1 entry
>
> Alias name: test123
> Creation date: 5/12/2007
> Entry type: PrivateKeyEntry
> Certificate chain length: 3
> Certificate[1]:
>
> Here is my axis2.xml security outflow:
>
> <parameter name="OutflowSecurity">
>       <action>
>         <items>Timestamp Signature</items>
>         <user>test123</user>
>         <passwordCallbackClass>test.oot.PWCallback</passwordCallbackClass>
>         <signaturePropFile>client_crypto.properties</signaturePropFile>
>         <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
>         <parameter name="referencePropertyNames"
> value="{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To"
> />
>         <parameter name="signatureParts" value="
>                       {Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;
>                       {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;
>                       {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;
>                       {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;
>                       {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From;
>                       {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;
>                       {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp"
> />
>       </action>
>     </parameter>
>
> Here is my client_crypto.properties file:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> org.apache.ws.security.crypto.merlin.keystore.password=test
> org.apache.ws.security.crypto.merlin.keystore.alias=test123
> org.apache.ws.security.crypto.merlin.file=oot-stage.p12
>
> And my pwcallback class:
>
>  pc.setPassword("test");
>
> The error I get is:
>
> org.apache.axis2.AxisFault: WSHandler: Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature); nested exception
> is:
>         org.apache.ws.security.WSSecurityException: WSHandler: Signature:
> error during message
> procesingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature)
>         at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:92)
>         at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74)
>         at org.apache.axis2.engine.Phase.invoke(Phase.java:382)
>         at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)
>         at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:655)
>         at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:237)
>         at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202)
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
> Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature)
>         at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
>         at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
>         at org.apache.rampart.handler.WSDoAllSender.processBasic(WSDoAllSender.java:254)
>         at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:86)
>         ... 8 more
>
> And when I set level=DEBUG in my log4j.properties:
>
> 985  [main] DEBUG org.apache.ws.security.util.Loader  - Trying to find
> [client_crypto.properties] using
> sun.misc.Launcher$AppClassLoader@11b86e7 class loader.
> 1000 [main] DEBUG
> org.apache.ws.security.components.crypto.CryptoFactory  - Using Crypto
> Engine [org.apache.ws.security.components.crypto.Merlin]
> 1000 [main] DEBUG org.apache.ws.security.util.Loader  - Trying to find
> [oot-stage.p12] using sun.misc.Launcher$AppClassLoader@11b86e7 class
> loader.
> 1000 [main] DEBUG org.apache.ws.security.util.Loader  - Trying to find
> [oot-stage.p12] using sun.misc.Launcher$AppClassLoader@11b86e7 class
> loader.
> 1000 [main] DEBUG org.apache.ws.security.util.Loader  - Trying to find
> [oot-stage.p12] using ClassLoader.getSystemResource().
> 1563 [main] DEBUG org.apache.ws.security.handler.WSHandler  -
> Performing Action: 32
> 1563 [main] DEBUG org.apache.ws.security.message.WSSecTimestamp  -
> Begin add timestamp...
> 1578 [main] DEBUG org.apache.ws.security.handler.WSHandler  -
> Performing Action: 2
> 1578 [main] DEBUG org.apache.ws.security.message.WSSecSignature  -
> Beginning signing...
>
>
> As you can see, all matches up, but the actual signing fails!
>
> Any help would be greatly appreciated.
>
> Thanks.
>
>
> Kind regards,
>
> Rachel Primrose
> E: rachel.primrose@gmail.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>



-- 
http://blog.ruchith.org
http://wso2.org

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message