Skip to content

/ spring-ws

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WSS0221: Unable to locate matching certificate for Key Encryption using Callback Handler. [SWS-1076] #1142

Open
gregturn opened this issue Oct 17, 2019 · 0 comments
Open

WSS0221: Unable to locate matching certificate for Key Encryption using Callback Handler. [SWS-1076] #1142

gregturn opened this issue Oct 17, 2019 · 0 comments
Labels
status: waiting-for-triage

Comments

@gregturn
Copy link
Member

@gregturn gregturn commented Oct 17, 2019

miha- opened SWS-1076 and commented

HI

 I get this error when I am trying to encrypt SOAP request:

2019-10-17 09:38:28.631 ERROR 16380 --- [nio-8080-exec-1] j.e.resource.xml.webservices.security    : WSS0221: Unable to locate matching certificate for Key Encryption using Callback Handler.2019-10-17 09:38:28.631 ERROR 16380 --- [nio-8080-exec-1] j.e.resource.xml.webservices.security    : WSS0221: Unable to locate matching certificate for Key Encryption using Callback Handler.2019-10-17 09:38:28.637 ERROR 16380 --- [nio-8080-exec-1] com.sun.xml.wss.logging.impl.filter      : WSS1413: Error extracting certificate 
com.sun.xml.wss.XWSSecurityException: Unable to locate certificate for the alias '' at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:365) ~[xws-security-3.0.jar:3.0-FCS] at com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:156) ~[xws-security-3.0.jar:3.0-FCS]

Sing request is working ok. Only issue is with encryption of request. As this is triggered by the same handler I am having issues finding out what is wrong.

 

@Bean
public XwsSecurityInterceptor securityInterceptor() {
    XwsSecurityInterceptor securityInterceptor = new XwsSecurityInterceptor();
    securityInterceptor.setPolicyConfiguration(new ClassPathResource("securityPolicy.xml"));

    try{
        securityInterceptor.setCallbackHandler(callback());
        securityInterceptor.afterPropertiesSet();
    }
        catch (Exception e)  {
                System.out.println("display Expensionm: " + e);
    }

    return securityInterceptor;
}

@Bean
public KeyStoreCallbackHandler callback() throws Exception{
    KeyStoreCallbackHandler callbackHandler = new KeyStoreCallbackHandler();
    callbackHandler.setPrivateKeyPassword("passwordo");
    callbackHandler.setDefaultAlias("mycert");
    callbackHandler.setKeyStore(keyStoreFactoryBean());
    callbackHandler.setTrustStore(TrustFactoryBean());

    return callbackHandler;
}



@Bean
public KeyStore keyStoreFactoryBean(){
    KeyStoreFactoryBean keyStoreFactoryBean = new KeyStoreFactoryBean();
    keyStoreFactoryBean.setPassword("passwordo");
    keyStoreFactoryBean.setLocation(new FileSystemResource("C:\\Users\\miha_\\OneDrive\\Dokumenti\\Job\\Lj\\Spring\\Porting\\target\\classes\\softnet.jks"));
    try{
        keyStoreFactoryBean.afterPropertiesSet();
    }catch (Exception e){
        System.out.println("e: "+e );
    }

    return  keyStoreFactoryBean.getObject();
}

@Bean
public KeyStore TrustFactoryBean(){
    KeyStoreFactoryBean trustFactory = new KeyStoreFactoryBean();
    trustFactory.setPassword("passwordo");
    //keyStoreFactoryBean.setType("JKS");
    System.out.println("1");
    trustFactory.setLocation(new FileSystemResource("C:\\Users\\miha_\\OneDrive\\Dokumenti\\Job\\Lj\\Spring\\Porting\\target\\classes\\trust.jks"));
    try{
        trustFactory.afterPropertiesSet();
    }catch (Exception e){
        System.out.println("e: "+e );
    }

    return  trustFactory.getObject();
}

@Bean
public WebServiceTemplate template(){
    WebServiceTemplate template = new WebServiceTemplate();
    template.setMarshaller(marshaller());
    template.setUnmarshaller(marshaller());
    template.setMessageFactory(soapMessageFactory());
    template.setInterceptors(new ClientInterceptor[] {securityInterceptor()});

    return template;
}

@Bean
public SaajSoapMessageFactory soapMessageFactory(){
    SaajSoapMessageFactory messageFactory = new SaajSoapMessageFactory();
    messageFactory.setSoapVersion(SoapVersion.SOAP_12);
    System.out.println("soapMessageFactory" +messageFactory );

    return messageFactory;
}

@Bean
public Jaxb2Marshaller marshaller(){
    Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
    marshaller.setContextPath("mk.softnet.wsdl");

    return marshaller;
}
@Override
public void addInterceptors(List interceptors) {
    interceptors.add(securityInterceptor());
}

securityPolicy.xml

 

<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
 <xwss:Sign includeTimestamp="false" />
 <xwss:Encrypt />
</xwss:SecurityConfiguration>

Basically i do not know how to set alias for encrypt as in doc there is the same config for keystore as for sign.

Affects: 3.0.0.RELEASE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: waiting-for-triage
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
@gregturn
You can’t perform that action at this time.