cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Stephen.CTR.Chapp...@faa.gov>
Subject RE: Help loading signature properties
Date Tue, 23 Sep 2014 19:07:03 GMT
Solved, again. Same problem, different file. Sorry about that.

Stephen W. Chappell

-----Original Message-----
From: Chappell, Stephen CTR (FAA) 
Sent: Tuesday, September 23, 2014 2:54 PM
To: users@cxf.apache.org
Subject: RE: Help loading signature properties

As usual, I spoke too soon. The problem has moved, not been solved. Now I have this (very
similar) exception, against the inInterceptor this time:

org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No crypto
property file supplied to verify signature)
        at org.apache.ws.security.validate.SignatureTrustValidator.validate(SignatureTrustValidator.java:64)
        at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:186)
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:402)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:270)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
        at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:355)
        at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:319)
        at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:65)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1088)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1024)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
        at org.eclipse.jetty.server.Server.handle(Server.java:370)
        at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
        at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
        at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:957)
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
        at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
        at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
        at java.lang.Thread.run(Thread.java:662)

Stephen W. Chappell

-----Original Message-----
From: Chappell, Stephen CTR (FAA) 
Sent: Tuesday, September 23, 2014 2:41 PM
To: users@cxf.apache.org
Subject: RE: Help loading signature properties

Problem solved. I found a discussion here on a similar problem: http://cxf.547215.n5.nabble.com/WS-Security-Properties-Reference-td5505704.html.
For anyone who is interested, "SignaturePropRefId" was used in WSS4J 1.5, but was changed
to "signaturePropRefId" in WSS4J 1.6.

Thanx,

Stephen W. Chappell

-----Original Message-----
From: Chappell, Stephen CTR (FAA) 
Sent: Tuesday, September 23, 2014 2:04 PM
To: users@cxf.apache.org
Subject: RE: Help loading signature properties

Thanx, Glen. I think the dependencies are there. There are several layers of pom file to decode,
but the pom file building this bit has this:

    <dependency>
      <groupId>org.apache.cxf</groupId>
      <artifactId>cxf-rt-ws-security</artifactId>
      <version>${cxf-version}</version>
      <scope>test</scope>
    </dependency>

And it's parent pom file has this:

     <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-context</artifactId>
      <version>${spring-version}</version>
      <scope>test</scope>
    </dependency>

So I think I'm covered dependency-wise. I've specified Spring 3.1.0, because I was having
issues with ehCache that seemed to warrant it.

Stephen W. Chappell

-----Original Message-----
From: Glen Mazza [mailto:glen.mazza@gmail.com] 
Sent: Tuesday, September 23, 2014 1:53 PM
To: users@cxf.apache.org
Subject: Re: Help loading signature properties

Did you add the required Spring dependencies (necessary to read your Spring config) to your
code as part of the upgrade?  CXF 2.3 automatically included dependencies that later versions
do not.

http://web-gmazza.rhcloud.com/blog/entry/cxf-usernametoken-profile#UTCXF2

Glen

On 09/23/2014 01:48 PM, Stephen.CTR.Chappell@faa.gov wrote:
> I'm working on migrating some legacy code I've been stuck with from CXF 2.3/WSS4J 1.5
up to CXF 2.7/WSS4J 1.6, and I'm having some troubles. The latest issue is something that
I'm sure is obvious and I'm just not seeing ... I am getting this exception when I run one
of my tests:
>
> org.apache.cxf.binding.soap.SoapFault: Security processing failed.
>          at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:280)
>          at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:141)
>          ....
> Caused by: org.apache.ws.security.WSSecurityException: Error during Signature:
>          at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:122)
>          at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232)
>          at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
>          at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265)
>          ... 47 more
> Caused by: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine:
No crypto property file supplied to verify signature)
>          at org.apache.ws.security.message.WSSecSignature.getSigningCerts(WSSecSignature.java:789)
>          at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:169)
>          at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:71)
>          ... 50 more
>
> I've shortened the stack trace a bit but that should be the most important parts. Now
the exception itself I think is clear - there's a problem with the crypto properties. It's
the exact problem that eludes me. In my Spring configuration, the original developers referenced
a Crypto bean rather than using an external file. This is the bean configuration:
>
>    <bean id="wss4jOutInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>      <constructor-arg>
>        <map>
>          <entry key="action" value="Timestamp Signature" />
>          <entry key="user" value="test-user (test ca 1)" />
>          <entry key="timeToLive" value="60" />
>          <entry key="signatureUser" value="test-user (test ca 1)" />
>          <entry key="signatureKeyIdentifier" value="DirectReference" />
>          <entry key="SignaturePropRefId" value="signatureProperties" />
>          <entry key="signatureProperties" value-ref="cryptoProperties" />
>          <entry key="signatureParts" value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp"
/>
>          <entry key="signatureAlgorithm" value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>          <entry key="signatureDigestAlgorithm" value="http://www.w3.org/2001/04/xmlenc#sha256"/>
>          <entry key="passwordCallbackRef" value-ref="pwCallback" />
>        </map>
>      </constructor-arg>
>    </bean>
>
>    <bean id="wss4jInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>      <constructor-arg>
>        <map>
>          <entry key="action" value="Signature Timestamp Encrypt" />
>          <entry key="SignaturePropRefId" value="cryptoProperties" />
>          <entry key="decryptionPropRefId" value="cryptoProperties" />
>          <entry key="cryptoProperties" value-ref="cryptoProperties" />
>          <entry key="passwordCallbackRef" value-ref="pwCallback" />
>        </map>
>      </constructor-arg>
>    </bean>
>
>    <util:properties id="cryptoProperties">
>      <prop key="org.apache.ws.security.crypto.provider">org.apache.ws.security.components.crypto.Merlin</prop>
>      <prop key="org.apache.ws.security.crypto.merlin.keystore.file">test-user.jks</prop>
>      <prop key="org.apache.ws.security.crypto.merlin.keystore.type">jks</prop>
>      <prop key="org.apache.ws.security.crypto.merlin.keystore.provider"></prop>
-->
>      <prop key="org.apache.ws.security.crypto.merlin.keystore.password">xxxxx</prop>
>      <prop key="org.apache.ws.security.crypto.merlin.load.cacerts">false</prop>
>    </util:properties>
>
> Does anyone have any ideas on what may be off here? Thanx,
>
> Stephen W. Chappell
>


Mime
View raw message