Return-Path: X-Original-To: apmail-cxf-users-archive@www.apache.org Delivered-To: apmail-cxf-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AD1A9F0ED for ; Thu, 11 Apr 2013 16:28:53 +0000 (UTC) Received: (qmail 38844 invoked by uid 500); 11 Apr 2013 16:28:52 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 38690 invoked by uid 500); 11 Apr 2013 16:28:52 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 38682 invoked by uid 99); 11 Apr 2013 16:28:52 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Apr 2013 16:28:52 +0000 Received: from localhost (HELO mail-wi0-f169.google.com) (127.0.0.1) (smtp-auth username coheigea, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Apr 2013 16:28:52 +0000 Received: by mail-wi0-f169.google.com with SMTP id c10so794936wiw.4 for ; Thu, 11 Apr 2013 09:28:50 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.194.122.199 with SMTP id lu7mr11981098wjb.34.1365697730637; Thu, 11 Apr 2013 09:28:50 -0700 (PDT) Reply-To: coheigea@apache.org Received: by 10.195.18.36 with HTTP; Thu, 11 Apr 2013 09:28:50 -0700 (PDT) In-Reply-To: <1365697209515-5726168.post@n5.nabble.com> References: <1365697209515-5726168.post@n5.nabble.com> Date: Thu, 11 Apr 2013 17:28:50 +0100 Message-ID: Subject: Re: CXF client to .NET web service attempting to create BinarySecurityToken (BST) From: Colm O hEigeartaigh To: "users@cxf.apache.org" Content-Type: multipart/alternative; boundary=089e012292e41b03a604da184824 --089e012292e41b03a604da184824 Content-Type: text/plain; charset=ISO-8859-1 It looks like either your Crypto properties file isn't being found, or else it can't find the KeyStore referenced in the file, or perhaps that one of the passwords isn't correct. First of all, what version of CXF are you using? On Thu, Apr 11, 2013 at 5:20 PM, Rubicon wrote: > Greetings all, I am attempting to connect to a .NET web service using CXF. > The requirements for the request's security headers are a Timestamp and a > BinarySecurityToken from an X509 Certificate. The response only includes a > Timestamp. I think it is important to note that I do not have any control > over the web service, and we were provided a public key by the vendor to > use > for generating the BST, so we do not have the private key, nor a password > for the key. > > I have been working from the CXF samples and have read every blog and > mailing list post I can find, but am still having trouble. I can > successfully generate the Timestamp, and even a UsernameToken (which is not > needed for this project), but I cannot get a BinarySecurityToken to > generate. When I add the 'Signature' action, I get this > NullPointerException: > > /java.lang.NullPointerException at > > org.apache.ws.security.message.WSSecSignature.getSigningCerts(WSSecSignature.java:786)/ > > I have read other posts that imply this error indicates the keystore either > cannot be found, or cannot be opened. I have tried putting the keystore in > my JAR as a resource, in the local directory I am running from, in a > different directory, explicitly referencing it in my classpath, etc., but > to > no avail. If I include 'Signature' in the action, I get this error. > > I would greatly appreciate any help I can get on this. Our team attempted > this task using Axis2 for several weeks, and now I'm just starting a new > approach using CXF and need to get it done ASAP. Now I seem to be at about > the same roadblock the Axis2 route got to... > > Thank you all. > > Note: in my source snippets, I have used {} to indicate masked items to > protect sensitive information > *Here is my cxf.xml file:* > > / xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xmlns:jaxws="http://cxf.apache.org/jaxws" > xsi:schemaLocation="http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans.xsd > http://cxf.apache.org/jaxws > http://cxf.apache.org/schemas/jaxws.xsd"> > > > > > > class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker"/> > > > > > > > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor" > id="Timestamp_Request"> > > > > > > value="clientKeystore.properties"/> > > > > > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" > id="Timestamp_Response"> > > > > > > > > / > > *Here is my clientKeystore.properties file:* > / > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin > org.apache.ws.security.crypto.merlin.keystore.file=public_cert.jks > org.apache.ws.security.crypto.merlin.keystore.password={keystorepass} > org.apache.ws.security.crypto.merlin.keystore.type=jks > org.apache.ws.security.crypto.merlin.keystore.alias={key alias with spaces} > / > > *Here is a snippet of my client, using the CXF-generated client until I can > get it working, then will be moving logic into my own classes:* > / > ... > SpringBusFactory bf = new SpringBusFactory(); > URL busFile = {Client}.class.getResource("/wssec.xml"); > Bus bus = bf.createBus(busFile.toString()); > BusFactory.setDefaultBus(bus); > > // Out Interceptor > Map outProps = new HashMap(); > outProps.put("action", "Timestamp Signature"); > > outProps.put("passwordType", "PasswordDigest"); > outProps.put("user", "{key alias with spaces}"); > outProps.put("passwordCallbackClass", > "{package}.KeystorePasswordCallback"); > > bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps)); > > // In Interceptor > Map inProps = new HashMap(); > inProps.put("action", "Timestamp"); > > bus.getInInterceptors().add(new WSS4JInInterceptor(inProps)); > > SynchMethod ss = new SynchMethod(wsdlURL, SERVICE_NAME); > SynchMethodSoap port = ss.getSynchMethodSoap(); > > System.out.println("Invoking web service method..."); > {package}.ArrayOfResponse _return = port.{method}({params...}); > System.out.println("_rerturn=" + _return); > ... > / > * > Here is my 'standard' KeystorePasswordCallback class:* > / > package {package} > > import java.io.IOException; > import java.util.HashMap; > import java.util.Map; > import javax.security.auth.callback.Callback; > import javax.security.auth.callback.CallbackHandler; > import javax.security.auth.callback.UnsupportedCallbackException; > import org.apache.ws.security.WSPasswordCallback; > > /** > * Really callback for key passwords. Configure it with a map > * of key-alias-to-password mappings. Obviously this could > * be extended to encrypt or obfuscate these passwords if desired. > */ > public class KeystorePasswordCallback implements CallbackHandler > { > private Map passwords = new HashMap(); > /** > * {@inheritDoc} > * > * @see > > javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[]) > */ > public void handle(Callback[] callbacks) throws IOException, > UnsupportedCallbackException { > for (Callback callback : callbacks) { > if (callback instanceof WSPasswordCallback) { > WSPasswordCallback pc = (WSPasswordCallback)callback; > > String pass = passwords.get(pc.getIdentifier()); > if (pass != null) { > pc.setPassword(pass); > return; > } > } > } > } > /** > * @return the passwords > */ > public Map getPasswords() { > return passwords; > } > /** > * @param passwords the passwords to set > */ > public void setPasswords(Map passwords) { > this.passwords = passwords; > } > } > / > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/CXF-client-to-NET-web-service-attempting-to-create-BinarySecurityToken-BST-tp5726168.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com --089e012292e41b03a604da184824--