ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: standalone API
Date Thu, 28 Jun 2018 11:41:21 GMT
The problem is that you are mixing up the crypto property prefixes between
your properties file and your code. Up to WSS4J 1.6.x, the crypto property
prefix was "org.apache.ws.security.crypto". From WSS4J 2.0.0 onwards, the
crypto property prefix is "org.apache.wss4j.crypto". However, newer version
of WSS4J support the older crypto property prefix as well in the code. This
webpage explains it all:

http://ws.apache.org/wss4j/config.html

In your case, the crypto properties file contains properties like:

org.apache.wss4j.crypto.merlin.keystore.alias

However in your code you are trying to read:

prop.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias")

So you are getting null values back from the properties file. Incidentally,
"alias.password" is not used in WSS4J, only "private.password". In the
examples, the password for the private key for signing is typically read
using a CallbackHandler. But you can also specify it in the properties file
using "org.apache.wss4j.crypto.merlin.keystore.private.password".

Colm.

On Wed, Jun 27, 2018 at 6:50 PM, Jason Hall <jason.hall@mchsi.com> wrote:

> In version 2.1.3: the code below worked fine for me.
> java.util.Map<String, Object> config = new java.util.TreeMap<>();
>
>         config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
>
>         // Get alias and password from properties file used for signing
>         Properties prop = new Properties();
>
>         prop.load(getClass().getClassLoader().getResourceAsStream("crypto.
> properties"));
>         String keyAlias;
>         String keyPass;
>         keyAlias = prop.getProperty("org.apache.ws.security.crypto.merlin.
> keystore.alias");
>         keyPass=prop.getProperty("org.apache.ws.security.crypto.merlin.alias.password");
>
>
>         //Prepare for first signature
>         WSSecSignature builder = new WSSecSignature();
>         builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
>         builder.setSigCanonicalization(WSConstants.C14N_EXCL_OMIT_COMMENTS);
>
>
>         builder.setUserInfo(keyAlias, keyPass);
>         builder.setUseSingleCertificate(true);
>         builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
> ---------------------------------------------------------------------
>
> In 2.1.12, i can't get it to load the keystore correctly.
>
>    i even tryied to open the crypto from a properties file instead of the
> classpath using your example below:
>
> java.util.Map<String, Object> config = new java.util.TreeMap<String,
> Object>();
>
>                 String basedir = System.getProperty("basedir");
>                 if (basedir == null) {
>                     basedir = new File(".").getCanonicalPath();
>                 }
>                File propsFile = new File(basedir +
> "/src/crypto.properties");
>
>                 config.put(WSHandlerConstants.SIG_PROP_FILE,
> propsFile.getPath());
>                 config.put("password", "myKeyStorePassword");
>                 reqData.setMsgContext(config);
>
>                 final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.
> SAMPLE_SOAP_MSG);
>                CustomHandler handler = new CustomHandler();
>                 HandlerAction action = new HandlerAction(WSConstants.
> SIGN);
>               handler.send(.....
>
>    But using my keystore and passwords: it always tells me that "no
> certificates for user "facts.navy.mil" were found for signature.
>    i dont think it is reading my keystore properly.  also in your examples
> - i cant see where it is specifying the private key password.  I did type
> it the properties in the crypto.properties file, but cant it to work.
> don't think it is reading/finding the keystore correctly and/or properties
> file correctly to read the parameters.
>
>
> My properties file:
> org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin
> org.apache.wss4j.crypto.merlin.keystore.type=jks
> org.apache.wss4j.crypto.merlin.keystore.password=FA12345
> org.apache.wss4j.crypto.merlin.keystore.alias=facts.navy.mil
> org.apache.wss4j.crypto.merlin.keystore.alias.password=selfCerr
> org.apache.wss4j.crypto.merlin.keystore.private.password=selfCerr
> org.apache.wss4j.crypto.merlin.keystore.file=
> WebServicesDoDKeyStore2014.jks
>
> I saw reference to both these lines for the private key password.  didnt
> know which is correct - so i added both.
> org.apache.wss4j.crypto.merlin.keystore.alias.password=selfCerr
> org.apache.wss4j.crypto.merlin.keystore.private.password=selfCerr
>
>    thanks,
>       Jason
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: dev-help@ws.apache.org
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message