[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlrpc-user
Subject: Re: standalone API
From: Colm O hEigeartaigh <coheigea () apache ! org>
Date: 2018-06-28 11:41:21
Message-ID: CAB8XdGDMGyP1jU4iWDS_UzaUPM8LA1h6jx9TBmx3yH8=ZPZp=g () mail ! gmail ! com
[Download RAW message or body]
The problem is that you are mixing up the crypto property prefixes between
your properties file and your code. Up to WSS4J 1.6.x, the crypto property
prefix was "org.apache.ws.security.crypto". From WSS4J 2.0.0 onwards, the
crypto property prefix is "org.apache.wss4j.crypto". However, newer version
of WSS4J support the older crypto property prefix as well in the code. This
webpage explains it all:
http://ws.apache.org/wss4j/config.html
In your case, the crypto properties file contains properties like:
org.apache.wss4j.crypto.merlin.keystore.alias
However in your code you are trying to read:
prop.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias")
So you are getting null values back from the properties file. Incidentally,
"alias.password" is not used in WSS4J, only "private.password". In the
examples, the password for the private key for signing is typically read
using a CallbackHandler. But you can also specify it in the properties file
using "org.apache.wss4j.crypto.merlin.keystore.private.password".
Colm.
On Wed, Jun 27, 2018 at 6:50 PM, Jason Hall <jason.hall@mchsi.com> wrote:
> In version 2.1.3: the code below worked fine for me.
> java.util.Map<String, Object> config = new java.util.TreeMap<>();
>
> config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
>
> // Get alias and password from properties file used for signing
> Properties prop = new Properties();
>
> prop.load(getClass().getClassLoader().getResourceAsStream("crypto.
> properties"));
> String keyAlias;
> String keyPass;
> keyAlias = prop.getProperty("org.apache.ws.security.crypto.merlin.
> keystore.alias");
> keyPass=prop.getProperty("org.apache.ws.security.crypto.merlin.alias.password");
>
>
> //Prepare for first signature
> WSSecSignature builder = new WSSecSignature();
> builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
> builder.setSigCanonicalization(WSConstants.C14N_EXCL_OMIT_COMMENTS);
>
>
> builder.setUserInfo(keyAlias, keyPass);
> builder.setUseSingleCertificate(true);
> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
> ---------------------------------------------------------------------
>
> In 2.1.12, i can't get it to load the keystore correctly.
>
> i even tryied to open the crypto from a properties file instead of the
> classpath using your example below:
>
> java.util.Map<String, Object> config = new java.util.TreeMap<String,
> Object>();
>
> String basedir = System.getProperty("basedir");
> if (basedir == null) {
> basedir = new File(".").getCanonicalPath();
> }
> File propsFile = new File(basedir +
> "/src/crypto.properties");
>
> config.put(WSHandlerConstants.SIG_PROP_FILE,
> propsFile.getPath());
> config.put("password", "myKeyStorePassword");
> reqData.setMsgContext(config);
>
> final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.
> SAMPLE_SOAP_MSG);
> CustomHandler handler = new CustomHandler();
> HandlerAction action = new HandlerAction(WSConstants.
> SIGN);
> handler.send(.....
>
> But using my keystore and passwords: it always tells me that "no
> certificates for user "facts.navy.mil" were found for signature.
> i dont think it is reading my keystore properly. also in your examples
> - i cant see where it is specifying the private key password. I did type
> it the properties in the crypto.properties file, but cant it to work.
> don't think it is reading/finding the keystore correctly and/or properties
> file correctly to read the parameters.
>
>
> My properties file:
> org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin
> org.apache.wss4j.crypto.merlin.keystore.type=jks
> org.apache.wss4j.crypto.merlin.keystore.password=FA12345
> org.apache.wss4j.crypto.merlin.keystore.alias=facts.navy.mil
> org.apache.wss4j.crypto.merlin.keystore.alias.password=selfCerr
> org.apache.wss4j.crypto.merlin.keystore.private.password=selfCerr
> org.apache.wss4j.crypto.merlin.keystore.file=
> WebServicesDoDKeyStore2014.jks
>
> I saw reference to both these lines for the private key password. didnt
> know which is correct - so i added both.
> org.apache.wss4j.crypto.merlin.keystore.alias.password=selfCerr
> org.apache.wss4j.crypto.merlin.keystore.private.password=selfCerr
>
> thanks,
> Jason
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: dev-help@ws.apache.org
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
[Attachment #3 (text/html)]
<div dir="ltr"><div>The problem is that you are mixing up the crypto property \
prefixes between your properties file and your code. Up to WSS4J 1.6.x, the crypto \
property prefix was "org.apache.ws.security.crypto". From WSS4J 2.0.0 \
onwards, the crypto property prefix is "org.apache.wss4j.crypto". However, \
newer version of WSS4J support the older crypto property prefix as well in the code. \
This webpage explains it all:</div><div><br></div><div><a \
href="http://ws.apache.org/wss4j/config.html">http://ws.apache.org/wss4j/config.html</a></div><div><br></div><div>In \
your case, the crypto properties file contains properties \
like:</div><div><br></div><div>org.apache.wss4j.crypto.<wbr>merlin.keystore.alias</div><div><br></div><div>However \
in your code you are trying to \
read:</div><div><br></div><div>prop.getProperty("org.apache.<wbr>ws.security.crypto.merlin.<wbr>keystore.alias")</div><div><br></div><div>So \
you are getting null values back from the properties file. Incidentally, \
"alias.password" is not used in WSS4J, only "private.password". \
In the examples, the password for the private key for signing is typically read using \
a CallbackHandler. But you can also specify it in the properties file using \
"org.apache.wss4j.crypto.merlin.keystore.private.password".</div><div><br></div><div>Colm.<br></div><div><div><div \
class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 27, 2018 at 6:50 PM, \
Jason Hall <span dir="ltr"><<a href="mailto:jason.hall@mchsi.com" \
target="_blank">jason.hall@mchsi.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">In version 2.1.3: the code below worked fine for \
me.<br> java.util.Map<String, Object> config = new \
java.util.TreeMap<>();<br> <br>
config.put(WSHandlerConstants.<wbr>SIG_PROP_FILE, \
"crypto.properties");<br> <br>
// Get alias and password from properties file used for signing<br>
Properties prop = new Properties(); <br>
<br>
prop.load(getClass().<wbr>getClassLoader().<wbr>getResourceAsStream("crypto.<wbr>properties"));<br>
String keyAlias;<br>
String keyPass;<br>
keyAlias = \
prop.getProperty("org.apache.<wbr>ws.security.crypto.merlin.<wbr>keystore.alias");<br>
keyPass=prop.getProperty("org.<wbr>apache.ws.security.crypto.<wbr>merlin.alias.password"); \
<br> <br>
//Prepare for first signature<br>
WSSecSignature builder = new WSSecSignature(); <br>
builder.setKeyIdentifierType(<wbr>WSConstants.ISSUER_SERIAL);<br>
builder.<wbr>setSigCanonicalization(<wbr>WSConstants.C14N_EXCL_OMIT_<wbr>COMMENTS); \
<br> <br>
builder.setUserInfo(keyAlias, keyPass);<br>
builder.<wbr>setUseSingleCertificate(true);<br>
builder.setKeyIdentifierType(<wbr>WSConstants.BST_DIRECT_<wbr>REFERENCE);<br>
------------------------------<wbr>------------------------------<wbr>---------<br>
<br>
In 2.1.12, i can't get it to load the keystore correctly.<br>
<br>
i even tryied to open the crypto from a properties file instead of the classpath \
using your example below:<br> <br>
java.util.Map<String, Object> config = new java.util.TreeMap<String, \
Object>();<br> <br>
String basedir = System.getProperty("basedir");<br>
if (basedir == null) {<br>
basedir = new \
File(".").getCanonicalPath();<br> }<br>
File propsFile = new File(basedir + \
"/src/crypto.properties");<br> <br>
config.put(WSHandlerConstants.<wbr>SIG_PROP_FILE, \
propsFile.getPath());<br>
config.put("password", \
"myKeyStorePassword");<br> reqData.setMsgContext(config);<br>
<br>
final Document doc = \
SOAPUtil.toSOAPPart(SOAPUtil.<wbr>SAMPLE_SOAP_MSG);<br> CustomHandler handler = new \
CustomHandler();<br>
HandlerAction action = new \
HandlerAction(WSConstants.<wbr>SIGN);<br> handler.send(.....<br>
<br>
But using my keystore and passwords: it always tells me that "no \
certificates for user "<a href="http://facts.navy.mil" rel="noreferrer" \
target="_blank">facts.navy.mil</a>" were found for signature.<br> i dont think \
it is reading my keystore properly. also in your examples - i cant see where it is \
specifying the private key password. I did type it the properties in the \
crypto.properties file, but cant it to work. don't think it is reading/finding \
the keystore correctly and/or properties file correctly to read the parameters.<br> \
<br> <br>
My properties file:<br>
org.apache.wss4j.crypto.<wbr>provider=org.apache.wss4j.<wbr>common.crypto.Merlin<br>
org.apache.wss4j.crypto.<wbr>merlin.keystore.type=jks<br>
org.apache.wss4j.crypto.<wbr>merlin.keystore.password=<wbr>FA12345<br>
org.apache.wss4j.crypto.<wbr>merlin.keystore.alias=<a href="http://facts.navy.mil" \
rel="noreferrer" target="_blank">facts.<wbr>navy.mil</a><br> \
org.apache.wss4j.crypto.<wbr>merlin.keystore.alias.<wbr>password=selfCerr<br> \
org.apache.wss4j.crypto.<wbr>merlin.keystore.private.<wbr>password=selfCerr<br> \
org.apache.wss4j.crypto.<wbr>merlin.keystore.file=<wbr>WebServicesDoDKeyStore2014.jks<br>
<br>
I saw reference to both these lines for the private key password. didnt know which \
is correct - so i added both.<br> \
org.apache.wss4j.crypto.<wbr>merlin.keystore.alias.<wbr>password=selfCerr<br> \
org.apache.wss4j.crypto.<wbr>merlin.keystore.private.<wbr>password=selfCerr<br> <br>
thanks,<br>
Jason<br>
<br>
------------------------------<wbr>------------------------------<wbr>---------<br>
To unsubscribe, e-mail: <a \
href="mailto:dev-unsubscribe@ws.apache.org">dev-unsubscribe@ws.apache.org</a><br> For \
additional commands, e-mail: <a \
href="mailto:dev-help@ws.apache.org">dev-help@ws.apache.org</a><br> <br>
</blockquote></div><br></div><br clear="all"><br>-- <br><div \
class="gmail_signature">Colm O hEigeartaigh<br><br>Talend Community Coder<br><a \
href="http://coders.talend.com" \
target="_blank">http://coders.talend.com</a><br></div></div></div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic