cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: CXF client to .NET web service attempting to create BinarySecurityToken (BST)
Date Thu, 11 Apr 2013 16:28:50 GMT
It looks like either your Crypto properties file isn't being found, or else
it can't find the KeyStore referenced in the file, or perhaps that one of
the passwords isn't correct.

First of all, what version of CXF are you using?


On Thu, Apr 11, 2013 at 5:20 PM, Rubicon <rneuendorff@gmail.com> wrote:

> Greetings all,  I am attempting to connect to a .NET web service using CXF.
> The requirements for the request's security headers are a Timestamp and a
> BinarySecurityToken from an X509 Certificate.  The response only includes a
> Timestamp.  I think it is important to note that I do not have any control
> over the web service, and we were provided a public key by the vendor to
> use
> for generating the BST, so we do not have the private key, nor a password
> for the key.
>
> I have been working from the CXF samples and have read every blog and
> mailing list post I can find, but am still having trouble.  I can
> successfully generate the Timestamp, and even a UsernameToken (which is not
> needed for this project), but I cannot get a BinarySecurityToken to
> generate.  When I add the 'Signature' action, I get this
> NullPointerException:
>
> /java.lang.NullPointerException at
>
> org.apache.ws.security.message.WSSecSignature.getSigningCerts(WSSecSignature.java:786)/
>
> I have read other posts that imply this error indicates the keystore either
> cannot be found, or cannot be opened.  I have tried putting the keystore in
> my JAR as a resource, in the local directory I am running from, in a
> different directory, explicitly referencing it in my classpath, etc., but
> to
> no avail.  If I include 'Signature' in the action, I get this error.
>
> I would greatly appreciate any help I can get on this.  Our team attempted
> this task using Axis2 for several weeks, and now I'm just starting a new
> approach using CXF and need to get it done ASAP.  Now I seem to be at about
> the same roadblock the Axis2 route got to...
>
> Thank you all.
>
> Note: in my source snippets, I have used {} to indicate masked items to
> protect sensitive information
> *Here is my cxf.xml file:*
>
> /<beans xmlns="http://www.springframework.org/schema/beans"
>    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>    xmlns:jaxws="http://cxf.apache.org/jaxws"
>    xsi:schemaLocation="http://www.springframework.org/schema/beans
>    http://www.springframework.org/schema/beans/spring-beans.xsd
>    http://cxf.apache.org/jaxws
>    http://cxf.apache.org/schemas/jaxws.xsd">
>
>     <jaxws:client name="STWebService-CXF" createdFromAPI="true">
>
>         <jaxws:inInterceptors>
>             <ref bean="Timestamp_Response"/>
>             <bean
> class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker"/>
>         </jaxws:inInterceptors>
>         <jaxws:outInterceptors>
>             <ref bean="Timestamp_Request"/>
>         </jaxws:outInterceptors>
>     </jaxws:client>
>
>     <bean
>         class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
>         id="Timestamp_Request">
>         <constructor-arg>
>             <map>
>                 <entry key="action" value="Timestamp Signature"/>
>                 <entry key="user" value="{key alias with spaces}"/>
>                 <entry key="passwordType" value="PasswordDigest"/>
>                 <entry key="signaturePropFile"
> value="clientKeystore.properties"/>
>             </map>
>         </constructor-arg>
>     </bean>
>
>     <bean
>         class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
>         id="Timestamp_Response">
>         <constructor-arg>
>             <map>
>                 <entry key="action" value="Timestamp"/>
>             </map>
>         </constructor-arg>
>     </bean>
> </beans>
> /
>
> *Here is my clientKeystore.properties file:*
> /
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.file=public_cert.jks
> org.apache.ws.security.crypto.merlin.keystore.password={keystorepass}
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.alias={key alias with spaces}
> /
>
> *Here is a snippet of my client, using the CXF-generated client until I can
> get it working, then will be moving logic into my own classes:*
> /
> ...
>         SpringBusFactory bf = new SpringBusFactory();
>         URL busFile = {Client}.class.getResource("/wssec.xml");
>         Bus bus = bf.createBus(busFile.toString());
>         BusFactory.setDefaultBus(bus);
>
>                 // Out Interceptor
>         Map<String, Object> outProps = new HashMap<String, Object>();
>         outProps.put("action", "Timestamp Signature");
>
>         outProps.put("passwordType", "PasswordDigest");
>         outProps.put("user", "{key alias with spaces}");
>         outProps.put("passwordCallbackClass",
> "{package}.KeystorePasswordCallback");
>
>         bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
>
>                 // In Interceptor
>         Map<String, Object> inProps = new HashMap<String, Object>();
>         inProps.put("action", "Timestamp");
>
>         bus.getInInterceptors().add(new WSS4JInInterceptor(inProps));
>
>         SynchMethod ss = new SynchMethod(wsdlURL, SERVICE_NAME);
>         SynchMethodSoap port = ss.getSynchMethodSoap();
>
>         System.out.println("Invoking web service method...");
>         {package}.ArrayOfResponse _return = port.{method}({params...});
>         System.out.println("_rerturn=" + _return);
> ...
> /
> *
> Here is my 'standard' KeystorePasswordCallback class:*
> /
> package {package}
>
> import java.io.IOException;
> import java.util.HashMap;
> import java.util.Map;
> import javax.security.auth.callback.Callback;
> import javax.security.auth.callback.CallbackHandler;
> import javax.security.auth.callback.UnsupportedCallbackException;
> import org.apache.ws.security.WSPasswordCallback;
>
> /**
>  * Really callback for key passwords.  Configure it with a map
>  * of key-alias-to-password mappings.  Obviously this could
>  * be extended to encrypt or obfuscate these passwords if desired.
>  */
> public class KeystorePasswordCallback implements CallbackHandler
> {
>     private Map<String, String> passwords = new HashMap<String, String>();
>     /**
>      * {@inheritDoc}
>      *
>      * @see
>
> javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
>      */
>     public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
>         for (Callback callback : callbacks) {
>             if (callback instanceof WSPasswordCallback) {
>                 WSPasswordCallback pc = (WSPasswordCallback)callback;
>
>                 String pass = passwords.get(pc.getIdentifier());
>                 if (pass != null) {
>                     pc.setPassword(pass);
>                     return;
>                 }
>             }
>         }
>     }
>     /**
>      * @return the passwords
>      */
>     public Map<String, String> getPasswords() {
>         return passwords;
>     }
>     /**
>      * @param passwords the passwords to set
>      */
>     public void setPasswords(Map<String, String> passwords) {
>         this.passwords = passwords;
>     }
> }
> /
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-client-to-NET-web-service-attempting-to-create-BinarySecurityToken-BST-tp5726168.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message