- This topic has 2 replies, 2 voices, and was last updated 17 years, 6 months ago by
.
Viewing 3 posts - 1 through 3 (of 3 total)
-
Posts
-
I am trying to use an encrypted and signed web service. It seems the client portion creates a message correctly (when looking at it in the TCP/IP monitor. The In and Out handlers are as follows:
The properties for the client are specified as such
/** Configures the client WS-Security parameters * @param properties */ protected void configureOutProperties(Properties properties) { properties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.SIGNATURE); // User in keystore properties.setProperty(WSHandlerConstants.USER, "client-344-839"); // This callback is used to specify password for given user for keystore properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, gov.opm.security.PasswordHandler.class.getName()); // Configuration for accessing private key in keystore properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,"xxx/xxx/security/outsecurity_sign.properties"); properties.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial"); } protected void configureOutEncProperties(Properties properties) { properties.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT); properties.setProperty(WSHandlerConstants.USER, "serveralias"); //Configuration of public key used to encrypt message goes to properties file. properties.setProperty(WSHandlerConstants.ENC_PROP_FILE, "xxx/xxx/security/outsecurity_enc.properties"); } private void configureInProperties(Properties inProperties) { inProperties.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT ); inProperties.setProperty(WSHandlerConstants.USER, "client-344-839"); inProperties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, gov.opm.security.PasswordHandler.class .getName()); inProperties.setProperty(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION,"false"); inProperties.setProperty(WSHandlerConstants.DEC_PROP_FILE, "xxx/xxx/security/insecurity_enc.properties"); }and attached to the client as follows
Client client = Client.getInstance(myPort); client.addOutHandler(new DOMOutHandler()); client.addInHandler(new DOMInHandler()); // Output encryption handler Properties outEncProperties = new Properties(); configureOutEncProperties(outEncProperties); client.addOutHandler(new WSS4JOutHandler(outEncProperties)); // Output signature handler Properties outProperties = new Properties(); configureOutProperties(outProperties); client.addOutHandler(new WSS4JOutHandler(outProperties)); Properties inProperties = new Properties(); configureInProperties(inProperties); client.addInHandler(new WSS4JInHandler(inProperties));and on the server side the handlers are specified as follows in the services.xml file
<inHandlers> <handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" /> <bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns=""> <property name="properties"> <props> <prop key="action">Signature</prop> <prop key="signaturePropFile">META-INF/xfire/insecurity_sign.properties</prop> <prop key="passwordCallbackClass">xxx.xxx.security.PasswordHandler</prop> </props> </property> </bean> </inHandlers> <inHandlers> <handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" /> <bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns=""> <property name="properties"> <props> <prop key="action">Encrypt</prop> <prop key="decryptionPropFile">META-INF/xfire/insecurity_enc.properties</prop> <prop key="passwordCallbackClass">xxx.xxx.security.PasswordHandler</prop> </props> </property> </bean> </inHandlers>The insecurity_sign looks like this
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keystorePass #org.apache.ws.security.crypto.merlin.alias.password=aliaspass org.apache.ws.security.crypto.merlin.keystore.alias=serveralias org.apache.ws.security.crypto.merlin.file=META-INF/xfire/serverStore.jksand the insecurity_enc properties looks like this:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keystorePass org.apache.ws.security.crypto.merlin.alias.password=aliaspass org.apache.ws.security.crypto.merlin.keystore.alias=serveralias org.apache.ws.security.crypto.merlin.file=META-INF/xfire/serverStore.jksyet when running the client I get the following error
08:52:40,936 INFO [STDOUT] 08:52:40,936 INFO [SecurityTokenReference] X509IssuerSerial alias: serveralias 08:52:41,451 INFO [STDOUT] 08:52:41,436 ERROR [DefaultFaultHandler] Fault occurred! java.lang.NullPointerException at org.apache.ws.security.message.token.SecurityTokenReference.getX509IssuerSerialAlias(SecurityTokenReference.java:410) at org.apache.ws.security.message.token.SecurityTokenReference.getX509IssuerSerial(SecurityTokenReference.java:388) at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:223) at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:269) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:191) at org.codehaus.xfire.security.wss4j.WSS4JInHandler.invoke(WSS4JInHandler.java:136) at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:110) at org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:61)Any clue why this error is showing up? I’ve stared at it for a while without gaining any ground.
Thanks in advance
Tom
Tom,
I’m moving this to OT > Soft Dev becayuse it doesn’t seem to be ME specific, please let me know if this is not the case.As far as the encrypted WS goes, this is way over my head, but have you tried asking your question on the XFire forums or even on the Sun WS forums?
Viewing 3 posts - 1 through 3 (of 3 total)