Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

classic Classic list List threaded Threaded
85 messages Options
12345
Reply | Threaded
Open this post in threaded view
|

Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Al Grant
Hello,

I am trying to develop a client to connect to a SOAP service. The messages
I need to send to the service have to be signed by a certificate. I have
imported the certificate into my keystore:

c:\Program Files\Java\jdk1.7.0_80>keytool -list -v -keystore
C:\Users\Owner\IdeaProjects\import\keystore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: devstore
Creation date: 17/01/2018
Entry type: trustedCertEntry

Owner: CN=***.******.****.au
Issuer: CN=RapidSSL ****** CA, O=GeoTrust Inc., C=US
Serial number: *******************************8
Valid from: Fri Oct 21 13:00:00 ***** 2016 until: Tue Oct 22 12:59:59 *****
Certificate fingerprints:
         MD5:  ....
         SHA1: .....
         SHA256: .....
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
0000: .....
0010: .....
0020: ......

I think this is related to the :

Map<String, Object> outProps = new HashMap<>();
outProps.put(WSHandlerConstants.ACTION, "Signature");
outProps.put(WSHandlerConstants.USER, "devstore");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientCallbackHandler.class.getName());
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "client_sign.properties");

Because I created ClientCallbackHandler but was not sure how to pass it the
keystore password. I presume it can't find devstore because I haven't
supplied the code to correctly pass the password for the keystore?

public class ClientCallbackHandler implements CallbackHandler {

    @Override
    public void handle(Callback[] callbacks) throws IOException,
            UnsupportedCallbackException {

        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

        // set the password for our message.
        pc.setPassword("mysecretpassword");
    }
}

The Strack Trace is:

Jan 17, 2018 1:57:46 PM
org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean
buildServiceFromWSDL
INFO: Creating Service {http://tempuri.org/}****** from WSDL: http://******
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further
details.
Jan 17, 2018 1:57:47 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://tempuri.org/}*****Service#{urn:******/schema/common}SetEpisode has
thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: Security processing failed.
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessageInternal(WSS4JOutInterceptor.java:272)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:123)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
at com.sun.proxy.$Proxy39.setEpisode(Unknown Source)
at com.CmsExport.createEpisode(CmsExport.java:113)
at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Error during
Signature:
Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
Cannot find key for alias: [devstore]
Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
Cannot find key for alias: [devstore]
at
org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:163)
at org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$100(WSS4JOutInterceptor.java:55)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessageInternal(WSS4JOutInterceptor.java:264)
... 13 more
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find key
for alias: [devstore]
Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
Cannot find key for alias: [devstore]
at
org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:595)
at
org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:155)
... 16 more
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find key
for alias: [devstore]
at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:728)
at
org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:538)
... 17 more

Exception in thread "Thread-2" javax.xml.ws.soap.SOAPFaultException:
Security processing failed.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
at com.sun.proxy.$Proxy39.setEpisode(Unknown Source)
at com.CmsExport.createEpisode(CmsExport.java:113)
at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Error during
Signature:
Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
Cannot find key for alias: [devstore]
Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
Cannot find key for alias: [devstore]
at
org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:163)
at org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$100(WSS4JOutInterceptor.java:55)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessageInternal(WSS4JOutInterceptor.java:264)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:123)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
... 4 more
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find key
for alias: [devstore]
Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
Cannot find key for alias: [devstore]
at
org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:595)
at
org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:155)
... 16 more
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find key
for alias: [devstore]
at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:728)
at
org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:538)
... 17 more


Thanks

AG
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Al Grant
I have tried this for my callbackhandler class, but still get a error:

public class ClientCallbackHandler implements CallbackHandler {

    public void handle(Callback[] callbacks) {
        for (Callback callback : callbacks) {
            WSPasswordCallback pc = (WSPasswordCallback) callback;
            if (pc.getIdentifier().equals("devstore")) {
                pc.setPassword("mysecret");
                return;
            }
        }
    }
}

I still get:

WARNING: Interceptor for
{http://tempuri.org/}Service#{urn:***.****.**/schema/common}Set***** has
thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: Security processing failed.
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessageInternal(WSS4JOutInterceptor.java:272)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:123)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
        at com.sun.proxy.$Proxy39.setEpisode(Unknown Source)
        at com.CmsExport.createEpisode(CmsExport.java:113)
        at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
        at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Error during
Signature:
Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
Cannot find key for alias: [devstore]
Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
Cannot find key for alias: [devstore]
        at
org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:163)
        at
org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$100(WSS4JOutInterceptor.java:55)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessageInternal(WSS4JOutInterceptor.java:264)
        ... 13 more
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find key
for alias: [devstore]
Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
Cannot find key for alias: [devstore]
        at
org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:595)
        at
org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:155)
        ... 16 more
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find key
for alias: [devstore]
        at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:728)
        at
org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:538)
        ... 17 more

Exception in thread "Thread-2" javax.xml.ws.soap.SOAPFaultException:
Security processing failed.
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
        at com.sun.proxy.$Proxy39.setEpisode(Unknown Source)
        at com.CmsExport.createEpisode(CmsExport.java:113)
        at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
        at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Error during
Signature:
Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
Cannot find key for alias: [devstore]
Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
Cannot find key for alias: [devstore]
        at
org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:163)
        at
org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$100(WSS4JOutInterceptor.java:55)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessageInternal(WSS4JOutInterceptor.java:264)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:123)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
        ... 4 more
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find key
for alias: [devstore]
Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
Cannot find key for alias: [devstore]
        at
org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:595)
        at
org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:155)
        ... 16 more
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find key
for alias: [devstore]
        at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:728)
        at
org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:538)
        ... 17 more



--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

coheigea
Administrator
The problem appears to be that your keystore only contains the certificate
and not the private key:

Alias name: devstore
Creation date: 17/01/2018
Entry type: trustedCertEntry
                  ^^^^^^^^^^^^^^^^
Instead you need an entry of type "PrivateKeyEntry" to get the private key
with which to sign the message.

Colm.

On Wed, Jan 17, 2018 at 8:45 AM, Al Grant <[hidden email]> wrote:

> I have tried this for my callbackhandler class, but still get a error:
>
> public class ClientCallbackHandler implements CallbackHandler {
>
>     public void handle(Callback[] callbacks) {
>         for (Callback callback : callbacks) {
>             WSPasswordCallback pc = (WSPasswordCallback) callback;
>             if (pc.getIdentifier().equals("devstore")) {
>                 pc.setPassword("mysecret");
>                 return;
>             }
>         }
>     }
> }
>
> I still get:
>
> WARNING: Interceptor for
> {http://tempuri.org/}Service#{urn:***.****.**/schema/common}Set***** has
> thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: Security processing failed.
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessageInternal(
> WSS4JOutInterceptor.java:272)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:123)
>         at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308)
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(
> ClientImpl.java:516)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
>         at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
>         at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:139)
>         at com.sun.proxy.$Proxy39.setEpisode(Unknown Source)
>         at com.CmsExport.createEpisode(CmsExport.java:113)
>         at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
>         at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: Error during
> Signature:
> Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
> Cannot find key for alias: [devstore]
> Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
> Cannot find key for alias: [devstore]
>         at
> org.apache.wss4j.dom.action.SignatureAction.execute(
> SignatureAction.java:163)
>         at
> org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$100(
> WSS4JOutInterceptor.java:55)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessageInternal(
> WSS4JOutInterceptor.java:264)
>         ... 13 more
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find
> key
> for alias: [devstore]
> Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
> Cannot find key for alias: [devstore]
>         at
> org.apache.wss4j.dom.message.WSSecSignature.computeSignature(
> WSSecSignature.java:595)
>         at
> org.apache.wss4j.dom.action.SignatureAction.execute(
> SignatureAction.java:155)
>         ... 16 more
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find
> key
> for alias: [devstore]
>         at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(
> Merlin.java:728)
>         at
> org.apache.wss4j.dom.message.WSSecSignature.computeSignature(
> WSSecSignature.java:538)
>         ... 17 more
>
> Exception in thread "Thread-2" javax.xml.ws.soap.SOAPFaultException:
> Security processing failed.
>         at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:161)
>         at com.sun.proxy.$Proxy39.setEpisode(Unknown Source)
>         at com.CmsExport.createEpisode(CmsExport.java:113)
>         at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
>         at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: Error during
> Signature:
> Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
> Cannot find key for alias: [devstore]
> Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
> Cannot find key for alias: [devstore]
>         at
> org.apache.wss4j.dom.action.SignatureAction.execute(
> SignatureAction.java:163)
>         at
> org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$100(
> WSS4JOutInterceptor.java:55)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessageInternal(
> WSS4JOutInterceptor.java:264)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:123)
>         at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308)
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(
> ClientImpl.java:516)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
>         at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
>         at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:139)
>         ... 4 more
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find
> key
> for alias: [devstore]
> Original Exception was org.apache.wss4j.common.ext.WSSecurityException:
> Cannot find key for alias: [devstore]
>         at
> org.apache.wss4j.dom.message.WSSecSignature.computeSignature(
> WSSecSignature.java:595)
>         at
> org.apache.wss4j.dom.action.SignatureAction.execute(
> SignatureAction.java:155)
>         ... 16 more
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot find
> key
> for alias: [devstore]
>         at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(
> Merlin.java:728)
>         at
> org.apache.wss4j.dom.message.WSSecSignature.computeSignature(
> WSSecSignature.java:538)
>         ... 17 more
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Al Grant
Thanks. You were right the key was missing - which I have fixed, but still
not able to connect.

The current Stack Error is:

WARNING: Sign before encryption failed due to : Security configuration could
not be detected. Potential cause: Make sure jaxws:client element with name
attribute value matching endpoint port is defined as well as a
security.signature.properties element within it.
Jan 18, 2018 11:35:09 AM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging

I am not sure where to check?

Thanks

AG




--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Al Grant
In reply to this post by coheigea
The relevant (I think code):
        SetSaleRequest request = new SetSaleRequest();
        SetSaleResponse response = new SetSaleResponse();

        // SENDS DATA
        request.setSale(Sale);
        request.getPeople().add(person);
        RSIService RSIService = new RSIService();
        IRSIService iRSIService = RSIService.getPort(IRSIService.class);

        Map<String, Object> outProps = new HashMap<>();
        outProps.put(WSHandlerConstants.ACTION, "Signature");
        outProps.put(WSHandlerConstants.USER, "signingonly");
        outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientCallbackHandler.class.getName());
        outProps.put(WSHandlerConstants.SIG_PROP_FILE,
"client_sign.properties");

        org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(iRSIService);
        org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
        WSS4JInInterceptor wss4jin = new WSS4JInInterceptor(outProps);
        WSS4JOutInterceptor wss4jout = new WSS4JOutInterceptor(outProps);

        cxfEndpoint.getOutInterceptors().add(wss4jout);
        cxfEndpoint.getInInterceptors().add(wss4jin);

        response = iRSIService.setSale(request);

        System.out.println(response.isSuccess());
        System.out.println("Sent");



--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Al Grant
This post was updated on .
In reply to this post by coheigea
After fixing the cert/key issue I have changed my interceptor props from:

        Map<String, Object> outProps = new HashMap<>();
        outProps.put(WSHandlerConstants.ACTION,
                WSHandlerConstants.TIMESTAMP + " " +
                WSHandlerConstants.SIGNATURE + " " +
                WSHandlerConstants.ENCRYPT);
        outProps.put(WSHandlerConstants.USER, "signingonly");
        outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientCallbackHandler.class.getName());
        outProps.put(WSHandlerConstants.SIG_PROP_FILE,
"client_sign.properties");

        org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(irsiService);
        org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
        WSS4JInInterceptor wss4jin = new WSS4JInInterceptor(outProps);
        WSS4JOutInterceptor wss4jout = new WSS4JOutInterceptor(outProps);

        cxfEndpoint.getOutInterceptors().add(wss4jout);
        cxfEndpoint.getInInterceptors().add(wss4jin);

        response = irsiService.setSale(request);

        System.out.println(response.isSuccess());
        System.out.println("Sent");

I am closer now - the stack trace now is:

WARNING: Interceptor for
{urn:rsi.govt.au/schema/common}RSIService#{urn:rsi.govt.au/schema/common}SetSale
has thrown exception, unwinding now
java.lang.NullPointerException
        at org.apache.wss4j.dom.message.WSSecEncrypt.prepare(WSSecEncrypt.java:137)
        at org.apache.wss4j.dom.message.WSSecEncrypt.build(WSSecEncrypt.java:170)
        at
org.apache.wss4j.dom.action.EncryptionAction.execute(EncryptionAction.java:126)
        at
org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$100(WSS4JOutInterceptor.java:55)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessageInternal(WSS4JOutInterceptor.java:264)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:123)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
        at com.sun.proxy.$Proxy39.setEpisode(Unknown Source)
        at com.CmsExport.createEpisode(CmsExport.java:116)
        at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
        at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)

Exception in thread "Thread-2" javax.xml.ws.soap.SOAPFaultException: Fault
string, and possibly fault code, not set
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
        at com.sun.proxy.$Proxy39.setSale(Unknown Source)
        at com.CmsExport.createSale(CmsExport.java:116)
        at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
        at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)
Caused by: java.lang.NullPointerException
        at org.apache.wss4j.dom.message.WSSecEncrypt.prepare(WSSecEncrypt.java:137)
        at org.apache.wss4j.dom.message.WSSecEncrypt.build(WSSecEncrypt.java:170)
        at
org.apache.wss4j.dom.action.EncryptionAction.execute(EncryptionAction.java:126)
        at
org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$100(WSS4JOutInterceptor.java:55)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessageInternal(WSS4JOutInterceptor.java:264)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:123)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)

Any clues as to what this Intercepter/Null Pointer might be caused by?



--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

coheigea
Administrator
The problem here is that you have specified an "Encryption" action as well,
but you have not specified any encryption properties file. So WSS4J can't
find the key to use to encrypt the message.

I would take a step back a bit first. The stacktrace you gave earlier in
this thread (" Sign before encryption failed due to ...") indicates that
there is a security policy in place. Can you confirm if there is as
security policy in the WSDL of the service you are invoking? If so then you
configure security differently than you are currently doing. To explain,
there are two ways of configuring WS-Security in CXF. One is when you have
no security policy, then you have to explicitly tell CXF what to do (sign
this message part, add a Timestamp, encrypt this other part, etc.),
basically like you've been doing above.

The second way is if you have a WS-SecurityPolicy fragment attached to the
service which can tell CXF what to do to secure the message. All you need
in this case is to configure CXF with the user + signature/encryption
properties files. See here:
http://cxf.apache.org/docs/ws-securitypolicy.html

So the first step is to figure out which approach you need to use.

Colm.

On Thu, Jan 18, 2018 at 8:18 AM, Al Grant <[hidden email]> wrote:

> After fixing the cert/key issue I have changed my interceptor props from:
>
>         Map<String, Object> outProps = new HashMap<>();
>         outProps.put(WSHandlerConstants.ACTION,
>                 WSHandlerConstants.TIMESTAMP + " " +
>                 WSHandlerConstants.SIGNATURE + " " +
>                 WSHandlerConstants.ENCRYPT);
>         outProps.put(WSHandlerConstants.USER, "signingonly");
>         outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ClientCallbackHandler.class.getName());
>         outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> "client_sign.properties");
>
>         org.apache.cxf.endpoint.Client client =
> org.apache.cxf.frontend.ClientProxy.getClient(irsiService);
>         org.apache.cxf.endpoint.Endpoint cxfEndpoint =
> client.getEndpoint();
>         WSS4JInInterceptor wss4jin = new WSS4JInInterceptor(outProps);
>         WSS4JOutInterceptor wss4jout = new WSS4JOutInterceptor(outProps);
>
>         cxfEndpoint.getOutInterceptors().add(wss4jout);
>         cxfEndpoint.getInInterceptors().add(wss4jin);
>
>         response = iisrService.setEpisode(request);
>
>         System.out.println(response.isSuccess());
>         System.out.println("Sent");
>
> I am closer now - the stack trace now is:
>
> WARNING: Interceptor for
> {urn:rsi.govt.au/schema/common}RSIService#{urn:rsi.
> govt.au/schema/common}SetSale
> has thrown exception, unwinding now
> java.lang.NullPointerException
>         at org.apache.wss4j.dom.message.WSSecEncrypt.prepare(
> WSSecEncrypt.java:137)
>         at org.apache.wss4j.dom.message.WSSecEncrypt.build(
> WSSecEncrypt.java:170)
>         at
> org.apache.wss4j.dom.action.EncryptionAction.execute(
> EncryptionAction.java:126)
>         at
> org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$100(
> WSS4JOutInterceptor.java:55)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessageInternal(
> WSS4JOutInterceptor.java:264)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:123)
>         at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308)
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(
> ClientImpl.java:516)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
>         at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
>         at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:139)
>         at com.sun.proxy.$Proxy39.setEpisode(Unknown Source)
>         at com.CmsExport.createEpisode(CmsExport.java:116)
>         at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
>         at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)
>
> Exception in thread "Thread-2" javax.xml.ws.soap.SOAPFaultException: Fault
> string, and possibly fault code, not set
>         at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:161)
>         at com.sun.proxy.$Proxy39.setSale(Unknown Source)
>         at com.CmsExport.createSale(CmsExport.java:116)
>         at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
>         at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)
> Caused by: java.lang.NullPointerException
>         at org.apache.wss4j.dom.message.WSSecEncrypt.prepare(
> WSSecEncrypt.java:137)
>         at org.apache.wss4j.dom.message.WSSecEncrypt.build(
> WSSecEncrypt.java:170)
>         at
> org.apache.wss4j.dom.action.EncryptionAction.execute(
> EncryptionAction.java:126)
>         at
> org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$100(
> WSS4JOutInterceptor.java:55)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessageInternal(
> WSS4JOutInterceptor.java:264)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$
> WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:123)
>         at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308)
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(
> ClientImpl.java:516)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
>         at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
>         at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:139)
>
> Any clues as to what this Intercepter/Null Pointer might be caused by?
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Al Grant
This post was updated on .
Yes the WSDL does have policies in it where the elements appear to be related to security, like <sp:WssX509V3Token10/> and <wsp:Policy wsu:Id="CustomBinding_ISaleService_policy">but it doesnt have any elements <WS-SecurityPolicy

Should I be using policies? I did read the link on policies but I am none the wiser on how to approach it?

Cheers

AG






--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

coheigea
Administrator
OK well then you don't need to add the
WSS4JOutInterceptor/WSS4JInInterceptor like you've been doing. Simply add
in the properties that are required. If you need to sign and encrypt the
message, then typically all you'll need are the following. You can set them
on the JAX-WS port in code as follows:

((BindingProvider)port).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
"receiver.properties");
((BindingProvider)port).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME,
"receiver");
((BindingProvider)port).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
"sender.properties");
((BindingProvider)port).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME,
"sender");
((BindingProvider)port).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
"CallbackHandlerClass");

Colm.

On Thu, Jan 18, 2018 at 10:47 AM, Al Grant <[hidden email]> wrote:

> Yes the WSDL does have security policies in it:-)
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Al Grant
This post was updated on .
Ok. Am I meant to be changing the values in the code you pasted?

And is the import for SecurityConstraints cxf-rt-ws-security or just cxf-rt-security ?

Cheers





--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

coheigea
Administrator
Yes, you need to specify the signature and encryption crypto files which
contain the details of the keystores used for signature and encryption, the
CallbackHandler class to get the password for the private key for
signature, and the signature/encryption keystore aliases for these
properties.

Colm.

On Thu, Jan 18, 2018 at 10:57 AM, Al Grant <[hidden email]> wrote:

> Ok. Am I meant to be changing the values in the code you pasted?
>
>
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Al Grant
This post was updated on .
Ok so I have :

               // SENDS DATA
        request.setSale(Sale);
        request.getPeople().add(person);
        RSIService RSIService = new RSIService();
        IRSIService iRSIService = RSIService.getPort(IRSIService.class);

        ((BindingProvider)iRSIService).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
                "client_sign.properties");
        ((BindingProvider)iRSIService).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME,
                "signingonly");
        ((BindingProvider)iRSIService).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
                "client_sign.properties");
        ((BindingProvider)iRSIService).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME,
                "signingonly");
        ((BindingProvider)iRSIService).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
                ClientCallbackHandler.class.getName());

        response = iRSIService.setSale(request);
        System.out.println(response.isSuccess());
        System.out.println("Sent");

1. Most people seem to use same file for encrp and sig properties - so thats what I have done too.

2. I only ever used 1 alias - so again I use the same username for sig and crypto.

The stack trace is now:

Exception in thread "Thread-2" javax.xml.ws.soap.SOAPFaultException: The signature or decryption was invalid
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

coheigea
Administrator
In a previous post you had:

IRSIService iRSIService = RSIService.getPort(IRSIService.class);

You should be able to use "iRSIService" instead of "port" in the example
above.

Colm.

On Thu, Jan 18, 2018 at 11:12 AM, Al Grant <[hidden email]> wrote:

> Ok so I have :
>
>
> ((BindingProvider)port).getRequestContext().put(SecurityConstants.ENCRYPT_
> PROPERTIES,
>                 "????");
>
> ((BindingProvider)port).getRequestContext().put(SecurityConstants.ENCRYPT_
> USERNAME,
>                 "????");
>
> ((BindingProvider)port).getRequestContext().put(
> SecurityConstants.SIGNATURE_PROPERTIES,
>                 "client_sign.properties");
>
> ((BindingProvider)port).getRequestContext().put(
> SecurityConstants.SIGNATURE_USERNAME,
>                 "signingonly");
>
> ((BindingProvider)port).getRequestContext().put(
> SecurityConstants.CALLBACK_HANDLER,
>                 ClientCallbackHandler.class.getName());
>
> The client_sign.properties file contains the details of the keystore file
> location.
>
> I do not think I have a corresponding "encrypt" file.
>
> also the word "port" is unresolved?
>
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Al Grant
Sorry updated post above while you were posting. Latest stack Trace:

Exception in thread "Thread-2" javax.xml.ws.soap.SOAPFaultException: The
signature or decryption was invalid




--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

coheigea
Administrator
That error is normally thrown when processing a message. What is the full
stack trace? Does the client manage to send the message successfully to the
service? Is the error thrown by the service or when the client is
processing the reply from the service?

Colm.

On Thu, Jan 18, 2018 at 11:35 AM, Al Grant <[hidden email]> wrote:

> Sorry updated post above while you were posting. Latest stack Trace:
>
> Exception in thread "Thread-2" javax.xml.ws.soap.SOAPFaultException: The
> signature or decryption was invalid
>
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Al Grant
This post was updated on .
Hi,

Full trace is :

Jan 19, 2018 12:29:19 AM
org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean
buildServiceFromWSDL
INFO: Creating Service {urn:sale.test.au/schema/common}SaleService from
WSDL: http://testsigningonly.com/SalesService.svc?singleWsdl
Jan 19, 2018 12:29:20 AM
org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean
buildServiceFromWSDL
INFO: Creating Service {urn:sale.test.au/schema/common}SaleService from
WSDL: http://testsigningonly.com/SalesService.svc?singleWsdl
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further
details.
Jan 19, 2018 12:29:42 AM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for
{urn:sale.test.au/schema/common}SaleService#{urn:sale.test.au/schema/common}SetSale
has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
invalid
        at
org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:236)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:340)
        at
org.apache.cxf.ws.security.wss4j.handleMessage(WSS4JInInterceptor.java:175)
        at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:79)
        at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:66)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
        at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:797)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1680)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1557)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1358)
        at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
        at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:658)
        at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
        at com.sun.proxy.$Proxy39.setSale(Unknown Source)
        at com.CmsExport.createSale(CmsExport.java:132)
        at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
        at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: The signature or
decryption was invalid
        at
org.apache.wss4j.dom.processor.SignatureProcessor.handleToken(SignatureProcessor.java:205)
        at
org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:340)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:284)
        ... 22 more

Exception in thread "Thread-2" javax.xml.ws.soap.SOAPFaultException: The
signature or decryption was invalid
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
        at com.sun.proxy.$Proxy39.setSale(Unknown Source)
        at com.CmsExport.createSale(CmsExport.java:132)
        at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
        at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: The signature or
decryption was invalid
        at
org.apache.wss4j.dom.processor.SignatureProcessor.handleToken(SignatureProcessor.java:205)
        at
org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:340)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:284)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:175)
        at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:79)
        at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:66)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
        at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:797)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1680)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1557)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1358)
        at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
        at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:658)
        at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
        ... 4 more


I only have access to the client - so I dont know what if any output on the
server there is.

I am not sure how to check if this is before or after the message is
sent...tcpdump shows encrypted data going out and some encrypted data coming back in?

One of my ToDo's is to get a log of messages working.



--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

coheigea
Administrator
Looks like your signature keystore doesn't contain the certificate required
to verify trust in the signed response from the server. You will need to
either have the server's signing cert in your keystore, or more typically
the issuing CA certificate of that cert.

If you turn on debug logging it should tell you more.

You can log the messages by adding new LoggingOutInterceptor() or new
LoggingInInterceptor() to the interceptor chain.

Colm.

On Thu, Jan 18, 2018 at 11:46 AM, Al Grant <[hidden email]> wrote:

> Hi,
>
> Full trace is :
>
> Jan 19, 2018 12:29:19 AM
> org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean
> buildServiceFromWSDL
> INFO: Creating Service {urn:sale.test.au/schema/common}SaleService from
> WSDL: http://testsigningonly.com/SalesService.svc?singleWsdl
> Jan 19, 2018 12:29:20 AM
> org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean
> buildServiceFromWSDL
> INFO: Creating Service {urn:sale.test.au/schema/common}SaleService from
> WSDL: http://testsigningonly.com/SalesService.svc?singleWsdl
> SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
> SLF4J: Defaulting to no-operation (NOP) logger implementation
> SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further
> details.
> Jan 19, 2018 12:29:42 AM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for
> {urn:sale.test.au/schema/common}SaleService#{urn:sale.
> test.au/schema/common}SetEpisode
> has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
> invalid
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.
> java:236)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(
> WSS4JInInterceptor.java:340)
>         at
> org.apache.cxf.ws.security.wss4j.handleMessage(
> WSS4JInInterceptor.java:175)
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.
> handleMessage(PolicyBasedWSS4JInInterceptor.java:79)
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.
> handleMessage(PolicyBasedWSS4JInInterceptor.java:66)
>         at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308)
>         at org.apache.cxf.endpoint.ClientImpl.onMessage(
> ClientImpl.java:797)
>         at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
> handleResponseInternal(HTTPConduit.java:1680)
>         at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
> handleResponse(HTTPConduit.java:1557)
>         at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> HTTPConduit.java:1358)
>         at org.apache.cxf.transport.AbstractConduit.close(
> AbstractConduit.java:56)
>         at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.
> java:658)
>         at
> org.apache.cxf.interceptor.MessageSenderInterceptor$
> MessageSenderEndingInterceptor.handleMessage(
> MessageSenderInterceptor.java:62)
>         at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308)
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(
> ClientImpl.java:516)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
>         at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
>         at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:139)
>         at com.sun.proxy.$Proxy39.setEpisode(Unknown Source)
>         at com.CmsExport.createEpisode(CmsExport.java:132)
>         at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
>         at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: The signature
> or
> decryption was invalid
>         at
> org.apache.wss4j.dom.processor.SignatureProcessor.handleToken(
> SignatureProcessor.java:205)
>         at
> org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(
> WSSecurityEngine.java:340)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(
> WSS4JInInterceptor.java:284)
>         ... 22 more
>
> Exception in thread "Thread-2" javax.xml.ws.soap.SOAPFaultException: The
> signature or decryption was invalid
>         at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:161)
>         at com.sun.proxy.$Proxy39.setEpisode(Unknown Source)
>         at com.CmsExport.createEpisode(CmsExport.java:132)
>         at com.JFrameTest.writefiletoDB(JFrameTest.java:180)
>         at com.JFrameTest$FileWorkerThread.run(JFrameTest.java:994)
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: The signature
> or
> decryption was invalid
>         at
> org.apache.wss4j.dom.processor.SignatureProcessor.handleToken(
> SignatureProcessor.java:205)
>         at
> org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(
> WSSecurityEngine.java:340)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(
> WSS4JInInterceptor.java:284)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(
> WSS4JInInterceptor.java:175)
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.
> handleMessage(PolicyBasedWSS4JInInterceptor.java:79)
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.
> handleMessage(PolicyBasedWSS4JInInterceptor.java:66)
>         at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308)
>         at org.apache.cxf.endpoint.ClientImpl.onMessage(
> ClientImpl.java:797)
>         at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
> handleResponseInternal(HTTPConduit.java:1680)
>         at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
> handleResponse(HTTPConduit.java:1557)
>         at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> HTTPConduit.java:1358)
>         at org.apache.cxf.transport.AbstractConduit.close(
> AbstractConduit.java:56)
>         at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.
> java:658)
>         at
> org.apache.cxf.interceptor.MessageSenderInterceptor$
> MessageSenderEndingInterceptor.handleMessage(
> MessageSenderInterceptor.java:62)
>         at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308)
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(
> ClientImpl.java:516)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
>         at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
>         at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:139)
>         ... 4 more
>
>
> I only have access to the client - so I dont know what if any output on the
> server there is.
>
> I am not sure how to check if this is before or after the message is
> sent...tcpdump or? One of my ToDo's is to get a log of messages.
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Al Grant
This post was updated on .
I added:

        LoggingOutInterceptor loi = new LoggingOutInterceptor();
        LoggingInInterceptor lii = new LoggingInInterceptor();

        response = isaleService.setSale(request);

But the output to console does not look any different? Also the Logging
intercepters are both flagged as depreciated by the IDE?

The rest of my project uses log4j.



--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

Al Grant
logging.properties

############################################################
#   Default Logging Configuration File
#
# You can use a different file by specifying a filename
# with the java.util.logging.config.file system property.  
# For example java -Djava.util.logging.config.file=myfile
############################################################

############################################################
#   Global properties
############################################################

# "handlers" specifies a comma separated list of log Handler
# classes.  These handlers will be installed during VM startup.
# Note that these classes must be on the system classpath.
# By default we only configure a ConsoleHandler, which will only
# show messages at the INFO and above levels.
handlers= java.util.logging.ConsoleHandler

# To also add the FileHandler, use the following line instead.
#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler

# Default global logging level.
# This specifies which kinds of events are logged across
# all loggers.  For any given facility this global level
# can be overriden by a facility specific level
# Note that the ConsoleHandler also has a separate level
# setting to limit messages printed to the console.
.level= DEBUG

############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################

# default file output is in user's home directory.
java.util.logging.FileHandler.pattern = %h/java%u.log
java.util.logging.FileHandler.limit = 50000
java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter

# Limit the message that are printed on the console to INFO and above.
java.util.logging.ConsoleHandler.level = DEBUG
java.util.logging.ConsoleHandler.formatter =
java.util.logging.SimpleFormatter

# Example to customize the SimpleFormatter output format
# to print one-line log message like this:
#     <level>: <log message> [<date/time>]
#
# java.util.logging.SimpleFormatter.format=%4$s: %5$s [%1$tc]%n

############################################################
# Facility specific properties.
# Provides extra control for each logger.
############################################################

# For example, set the com.xyz.foo logger to only log SEVERE
# messages:
com.xyz.foo.level = SEVERE




--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Reply | Threaded
Open this post in threaded view
|

Re: Original Exception was org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [devstore]

coheigea
Administrator
In reply to this post by Al Grant
Are you also adding the Logging interceptors to the interceptor chain?

Colm.

On Thu, Jan 18, 2018 at 12:11 PM, Al Grant <[hidden email]> wrote:

> I added:
>
>         LoggingOutInterceptor loi = new LoggingOutInterceptor();
>         LoggingInInterceptor lii = new LoggingInInterceptor();
>
>         response = isaleService.setSale(request);
>
> But the output to console does not look any different? Also the Logging
> intercepters are both flagged as depreciated by the IDE?
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
12345