cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: No signature username found.
Date Mon, 13 Dec 2010 11:27:28 GMT
It might be a problem with the pkcs12 keystore, in that the user name
you're supplying does not correspond with the keystore alias. Some pfx
files do not have the alias set properly, and hence the alias shows up
in keytool as "1" or "2".

Can you post the output from the following command?

keytool -list -keystore DNAWSSCliente.pfx -storetype pkcs12 -v

There is more information on this archived thread:

http://www.opensubscriber.com/message/wss4j-dev@ws.apache.org/9523959.html

Colm.

On Fri, Dec 10, 2010 at 9:17 PM, Juan Pablo Pizarro
<juanpablo.pizarro@gmail.com> wrote:
> Hello All, I've tried adapting the sample (client) and it doesn't work for
> me. I use to test soapUI and the windows keystore (pfx) and it works.
>
> The exception is:
>
> Caused by: org.apache.ws.security.WSSecurityException: Error during
> Signature: ; nested exception is:
>    org.apache.ws.security.WSSecurityException: General security error (No
> certificates for user dnawsscliente were found for signature)
>    at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:67)
>    at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:205)
>    at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:50)
>    at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:257)
>    at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:134)
>    at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
>    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
>    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
>    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
>    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>    at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
>    ... 2 more
> Caused by: org.apache.ws.security.WSSecurityException: General security
> error (No certificates for user dnawsscliente were found for signature)
>    at
> org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:316)
>    at
> org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:760)
>    at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:64)
>    ... 12 more
>
>
> My new code:
>
>            SpringBusFactory bf = new SpringBusFactory();
>            URL busFile = Client.class.getResource("wssec.xml");
>            Bus bus = bf.createBus(busFile.toString());
>            SpringBusFactory.setDefaultBus(bus);
>
>            Map<String, Object> outProps = new HashMap<String, Object>();
>            outProps.put("action", "Timestamp Signature");
>
>            outProps.put("passwordType", "PasswordDigest");
>            outProps.put("user", "dnawsscliente");
>            outProps.put("signatureUser", "dnawsscliente");
>            outProps.put("passwordCallbackClass",
> com.casa.wss.demo.UTPasswordCallback.class.getName());
>
>            outProps.put("signaturePropFile", "Client_Sign.properties");
>            outProps.put("signatureKeyIdentifier", "DirectReference");
>            String signatureParts = "{}{
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"
> +
>                "{}{http://www.w3.org/2005/08/addressing}Action;" +
>                "{}{http://www.w3.org/2005/08/addressing}ReplyTo;" +
>                "{}{http://www.w3.org/2005/08/addressing}MessageID;" +
>                "{}{http://www.w3.org/2005/08/addressing}To";
>            outProps.put("signatureParts", signatureParts);
>
>            bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
>
>            final QName SERVICE_NAME = new QName("http://tempuri.org/",
> "MenStock");
>            MenStock ss = new MenStock(MenStock.WSDL_LOCATION,
> SERVICE_NAME);
>            IStock port = ss.getCustomBindingIStock();
>
>            System.out.println("Invoking mensajeStock...");
>            org.datacontract.schemas._2004._07.wcf_stock.Stock stock = new
> org.datacontract.schemas._2004._07.wcf_stock.Stock();
>
>
> javax.xml.bind.JAXBElement<org.datacontract.schemas._2004._07.wcf_stock.ArrayOfStockEntrada>
> stockEntradas = null;
>            stockEntradas = createArrayOfStockEntrada();
>            stock.setEntradas(stockEntradas);
>            Object response = port.mensajeStock(stock);
>            System.out.println("response: " + response + "\n");
>
> My properties:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.file=DNAWSSCliente.pfx
> org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
> org.apache.ws.security.crypto.merlin.keystore.password=dnawsscliente2
> org.apache.ws.security.crypto.merlin.keystore.alias=DNAWSSCliente
> #org.apache.ws.security.crypto.merlin.alias.password=XXXX
>
>
> I'm not understand what I'm doing wrong in my code, could you use a PFX with
> CXF and singning (not encrypting)?. Why it works with soapUI and not with
> CXF?
>
> The service was constructed with C#.
>
> Thanks.
>
> JP
>
>
>
> 2010/12/9 Juan Pablo Pizarro <juanpablo.pizarro@gmail.com>
>
>> Hello Freeman,
>>
>> Thanks for your advice, I'll check it out. I've the merlin line into the
>> properties file and I play with the alias name (I show the aliases in my
>> keystore and play with the alias names).
>>
>> I'll check the example.
>>
>> Thanks!
>>
>>
>> 2010/12/9 Freeman Fang <freeman.fang@gmail.com>
>>
>> Hi,
>>>
>>> We actually have a ws_security/sign_enc example shipped with kit which
>>> should exactly match your scenario, you may need check that example to see
>>> the difference with your code and figure out why your code doesn't work.
>>> And my other comment inline.
>>>
>>> On 2010-12-10, at 上午4:27, Juan Pablo Pizarro wrote:
>>>
>>>  Hello everybody, I'm trying to use X509 certificate to sign/encrypt a
>>>> request. I have JDK6 (of Oracle/Sun), Eclipse helios, LInux Ubuntu 9.4
>>>> and
>>>> CXF 2.4 SNAPSHOT.
>>>>
>>>> My config is:
>>>>
>>>>           SpringBusFactory bf = new SpringBusFactory();
>>>>           URL busFile = Client.class.getResource("wssec.xml");
>>>>           Bus bus = bf.createBus(busFile.toString());
>>>>           SpringBusFactory.setDefaultBus(bus);
>>>>
>>>>           Map<String,Object> outProps = new HashMap<String,Object>();
>>>>           outProps.put("action", "Timestamp Signature Encrypt");
>>>>           outProps.put("user", "DNAWSSCliente");
>>>>           outProps.put("signaturePropFile", "Client_Sign.properties");
>>>>           outProps.put("signatureKeyIdentifier", "DirectReference");
>>>>           outProps.put("passwordCallbackClass",
>>>> com.casa.wss.demo.UTPasswordCallback.class.getName());
>>>>           outProps.put("signatureParts", "{Element}{
>>>>
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd%7DTimestamp%3B%7BElement%7D%7Bhttp://schemas.xmlsoap.org/soap/envelope/%7DBody>
>>>> ");
>>>>           outProps.put("encryptionPropFile", "Client_Sign.properties");
>>>>           outProps.put("encryptionUser", "DNAWSSCliente");
>>>>           outProps.put("signatureUser", "DNAWSS");
>>>>           outProps.put("encryptionParts", "{Element}{
>>>>
>>>> http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body<http://www.w3.org/2000/09/xmldsig#%7DSignature%3B%7BContent%7D%7Bhttp://schemas.xmlsoap.org/soap/envelope/%7DBody>
>>>> ");
>>>>           outProps.put("encryptionSymAlgorithm", "
>>>> http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
>>>>           outProps.put("encryptionKeyTransportAlgorithm", "
>>>> http://www.w3.org/2001/04/xmlenc#rsa-1_5");
>>>>           WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
>>>> //request
>>>>           bus.getInInterceptors().add(wssOut);
>>>>           bus.getInInterceptors().add(new SAAJOutInterceptor());
>>>>
>>>>           Map<String,Object> inProps= new HashMap<String,Object>();
>>>>           inProps.put("action", "Timestamp Signature Encrypt");
>>>>           inProps.put("signaturePropFile", "Client_Sign.properties");
>>>>           inProps.put("passwordCallbackClass",
>>>> com.casa.wss.demo.UTPasswordCallback.class.getName());
>>>>           inProps.put("decryptionPropFile", "Client_Sign.properties");
>>>>           WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
>>>> //response
>>>>           bus.getInInterceptors().add(wssIn);
>>>>           bus.getInInterceptors().add(new SAAJInInterceptor());
>>>>
>>>> The signature parts are not the correct, but the error is previus (in
>>>> other
>>>> test I put the correct parts).
>>>>
>>>> My properties file:
>>>>
>>> I think here you miss
>>>
>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>>>
>>>
>>>
>>>> org.apache.ws.security.crypto.merlin.keystore.type=JKS
>>>> org.apache.ws.security.crypto.merlin.keystore.password=dnawsscliente2
>>>> org.apache.ws.security.crypto.merlin.keystore.alias=dnawss
>>>>
>>>
>>> and how about change to
>>> org.apache.ws.security.crypto.merlin.keystore.alias= DNAWSSCliente
>>>
>>> Freeman
>>>
>>>
>>>  org.apache.ws.security.crypto.merlin.file=DNAWSSCliente.jks
>>>>
>>>> The public and private key is into the same file.
>>>>
>>>> I google and up to now, i didn't found a solution.
>>>>
>>>> And the error:
>>>>
>>>> log4j:WARN No appenders could be found for logger
>>>> (org.apache.cxf.bus.spring.BusApplicationContext).
>>>> log4j:WARN Please initialize the log4j system properly.
>>>> Dec 9, 2010 5:51:39 PM org.apache.cxf.bus.spring.BusApplicationContext
>>>> getConfigResources
>>>> INFO: Loaded configuration file
>>>>
>>>> file:/home/jpp/JAVA/workspace/pruebaDNA8/build/classes/com/casa/wss/demo/wssec.xml.
>>>> Dec 9, 2010 5:55:39 PM
>>>> org.apache.cxf.service.factory.ReflectionServiceFactoryBean
>>>> buildServiceFromWSDL
>>>> INFO: Creating Service {http://tempuri.org/}MenStock<http://tempuri.org/%7DMenStock>from
WSDL:
>>>> http://wss.aduanas.gub.uy/LuciaWsSecurity/Stock.svc?wsdl
>>>> Dec 9, 2010 5:55:41 PM
>>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler
>>>> doSignBeforeEncrypt
>>>> WARNING: Sign before encryption failed due to : No signature username
>>>> found.
>>>> Dec 9, 2010 5:55:41 PM org.apache.cxf.phase.PhaseInterceptorChain
>>>> doDefaultLogging
>>>> WARNING: Interceptor for {
>>>> http://tempuri.org/}MenStock#{http://tempuri.org/}MensajeStock<http://tempuri.org/%7DMenStock#%7Bhttp://tempuri.org/%7DMensajeStock>has
thrown
>>>> exception, unwinding now
>>>> org.apache.cxf.interceptor.Fault: No signature username found.
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:145)
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:90)
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:139)
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:77)
>>>>   at
>>>>
>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
>>>>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
>>>>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
>>>>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
>>>>   at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>>>>   at
>>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
>>>>   at $Proxy43.mensajeStock(Unknown Source)
>>>>   at com.casa.wss.demo.Client.main(Client.java:177)
>>>> Caused by: org.apache.cxf.ws.policy.PolicyException: No signature
>>>> username
>>>> found.
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:283)
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuider(AbstractBindingBuilder.java:1349)
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignature(AsymmetricBindingHandler.java:395)
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:107)
>>>>   ... 11 more
>>>> javax.xml.ws.soap.SOAPFaultException: No signature username found.
>>>>   at
>>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146)
>>>>   at $Proxy43.mensajeStock(Unknown Source)
>>>>   at com.casa.wss.demo.Client.main(Client.java:177)
>>>> Caused by: org.apache.cxf.ws.policy.PolicyException: No signature
>>>> username
>>>> found.
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:283)
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuider(AbstractBindingBuilder.java:1349)
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignature(AsymmetricBindingHandler.java:395)
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:107)
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:90)
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:139)
>>>>   at
>>>>
>>>> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:77)
>>>>   at
>>>>
>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
>>>>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
>>>>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
>>>>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
>>>>   at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>>>>   at
>>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
>>>>   ... 2 more
>>>>
>>>
>>>
>>> --
>>> Freeman Fang
>>>
>>> ------------------------
>>>
>>> FuseSource: http://fusesource.com
>>> blog: http://freemanfang.blogspot.com
>>> twitter: http://twitter.com/freemanfang
>>> Apache Servicemix:http://servicemix.apache.org
>>> Apache Cxf: http://cxf.apache.org
>>> Apache Karaf: http://karaf.apache.org
>>> Apache Felix: http://felix.apache.org
>>>
>>>
>>
>

Mime
View raw message