Skip to main content

Metro WS client with digital signature - URGENT PROBLEM

2 replies [Last post]
kuba78
Offline
Joined: 2010-11-09
Points: 0

Hi,
I have created simple demo web service using NetBeans 6.9.1 with Metro 2.0 and Tomcat 6. I secured this service using private key:

<sc:KeyStore wspp:visibility="private" location="/home/me/Keystore/mykeystore.jks" type="JKS" storepass="aaa" alias="kuba" keypass="bbb"/>

then i created ws client from WSDL , but when I run it, I get following exception:
2010-11-10 08:39:55 [com.sun.xml.ws.policy.jaxws.PolicyConfigParser]  parse
INFO: WSP5018: Loaded WSIT configuration from file: file:/home/me/work/Semen/TestSecureWSClient/build/classes/META-INF/wsit-client.xml.
2010-11-10 08:39:56 com.sun.xml.wss.impl.misc.DefaultCallbackHandler getKeyStore
SEVERE: Could not locate KeyStore, check keystore assertion in WSIT configuration
2010-11-10 08:39:56 com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getDefaultPrivKeyCertRequest
SEVERE: WSS0216: An Error occurred using Callback Handler for : SignatureKeyCallback.DefaultPrivKeyCertRequest
2010-11-10 08:39:56 com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getDefaultPrivKeyCertRequest
SEVERE: WSS0217: An Error occurred using Callback Handler handle() Method.
com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
        at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getKeyStore(DefaultCallbackHandler.java:2251)
        at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultPrivKeyCert(DefaultCallbackHandler.java:1381)
        at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:545)
        at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getDefaultPrivKeyCertRequest(DefaultSecurityEnvironmentImpl.java:229)
        at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:212)
        at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
        at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
        at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
        at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
        at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:397)
        at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:260)
        at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:131)
        at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:79)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:464)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:267)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
        at com.sun.xml.ws.client.Stub.process(Stub.java:319)
        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
        at $Proxy43.getDate(Unknown Source)
        at kuba.demo.ws.client.TestService.main(TestService.java:14)
2010-11-10 08:39:56 com.sun.xml.wss.impl.filter.SignatureFilter process
SEVERE: WSS1417: Error while processing signature com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
2010-11-10 08:39:56 com.sun.xml.wss.jaxws.impl.SecurityTubeBase secureOutboundMessage
SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
        at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:299)
        at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
        at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
        at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
        at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
        at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:397)
        at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:260)
        at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:131)
        at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:79)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:464)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:267)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
        at com.sun.xml.ws.client.Stub.process(Stub.java:319)
        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
        at $Proxy43.getDate(Unknown Source)
        at kuba.demo.ws.client.TestService.main(TestService.java:14)
Caused by: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
        at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getDefaultPrivKeyCertRequest(DefaultSecurityEnvironmentImpl.java:234)
        at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:212)
        ... 24 more
Caused by: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
        at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getKeyStore(DefaultCallbackHandler.java:2251)
        at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultPrivKeyCert(DefaultCallbackHandler.java:1381)
        at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:545)
        at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getDefaultPrivKeyCertRequest(DefaultSecurityEnvironmentImpl.java:229)
        ... 25 more
2010-11-10 08:39:56 com.sun.xml.wss.jaxws.impl.SecurityClientTube processClientRequestPacket
SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
com.sun.xml.wss.impl.WssSoapFaultException: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
        at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:336)
        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:402)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
        at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:397)
        at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:260)
        at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:131)
        at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:79)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:464)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:267)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
        at com.sun.xml.ws.client.Stub.process(Stub.java:319)
        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
        at $Proxy43.getDate(Unknown Source)
        at kuba.demo.ws.client.TestService.main(TestService.java:14)
Caused by: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
        at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:299)
        at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
        at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
        at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
        at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
        ... 19 more
Caused by: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
        at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getDefaultPrivKeyCertRequest(DefaultSecurityEnvironmentImpl.java:234)
        at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:212)
        ... 24 more
Caused by: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
        at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getKeyStore(DefaultCallbackHandler.java:2251)
        at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultPrivKeyCert(DefaultCallbackHandler.java:1381)
        at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:545)
        at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getDefaultPrivKeyCertRequest(DefaultSecurityEnvironmentImpl.java:229)
        ... 25 more
Exception in thread "main" javax.xml.ws.WebServiceException: WSSTUBE0024: Error in Securing Outbound Message.
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:316)
        at com.sun.xml.ws.security.secconv.WSSCPlugin.sendRequest(WSSCPlugin.java:397)
        at com.sun.xml.ws.security.secconv.WSSCPlugin.process(WSSCPlugin.java:260)
        at com.sun.xml.ws.security.secconv.impl.client.SCTokenProviderImpl.issue(SCTokenProviderImpl.java:131)
        at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:79)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeSCPlugin(SecurityClientTube.java:464)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:267)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
        at com.sun.xml.ws.client.Stub.process(Stub.java:319)
        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
        at $Proxy43.getDate(Unknown Source)
        at kuba.demo.ws.client.TestService.main(TestService.java:14)
Caused by: javax.xml.ws.soap.SOAPFaultException: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:674)
        ... 19 more
Caused by: com.sun.xml.wss.impl.WssSoapFaultException: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
        at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:336)
        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:402)
        at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
        ... 18 more
Caused by: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
        at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:299)
        at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
        at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
        at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
        at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
        at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
        ... 19 more
Caused by: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
        at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getDefaultPrivKeyCertRequest(DefaultSecurityEnvironmentImpl.java:234)
        at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:212)
        ... 24 more
Caused by: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Could not locate KeyStore, check keystore assertion in WSIT configuration
        at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getKeyStore(DefaultCallbackHandler.java:2251)
        at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.getDefaultPrivKeyCert(DefaultCallbackHandler.java:1381)
        at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.handle(DefaultCallbackHandler.java:545)
        at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getDefaultPrivKeyCertRequest(DefaultSecurityEnvironmentImpl.java:229)
        ... 25 more

It seams that trusted keystore can not be loaded.
This is my wsit-client.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<definitions
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" name="mainclientconfig">
    <import location="SecureWS.xml" namespace="http://service.ws.demo.kuba/"/>
</definitions>

and this is my SecureWS.xml file:
<?xml version='1.0' encoding='UTF-8'?><!-- Published by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is JAX-WS RI 2.2-hudson-740-. --><!-- Generated by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is JAX-WS RI 2.2-hudson-740-. --><definitions xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://service.ws.demo.kuba/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="http://service.ws.demo.kuba/" name="SecureWSService" xmlns:sc="http://schemas.sun.com/2006/03/wss/client" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy">
<types>
<xsd:schema>
<xsd:import namespace="http://service.ws.demo.kuba/" schemaLocation="http://localhost:8080/TestSecureWS/SecureWS?xsd=1" />
</xsd:schema>
</types>
<message name="getDate">
<part name="parameters" element="tns:getDate" />
</message>
<message name="getDateResponse">
<part name="parameters" element="tns:getDateResponse" />
</message>
<portType name="SecureWS">
<operation name="getDate">
<input wsam:Action="http://service.ws.demo.kuba/SecureWS/getDateRequest" message="tns:getDate" />
<output wsam:Action="http://service.ws.demo.kuba/SecureWS/getDateResponse" message="tns:getDateResponse" />
</operation>
</portType>
<binding name="SecureWSPortBinding" type="tns:SecureWS">
    <wsp:PolicyReference URI="#SecureWSPortBindingPolicy"/>
    <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
<operation name="getDate">
<soap:operation soapAction="" />
<input>
<soap:body use="literal" />
</input>
<output>
<soap:body use="literal" />
</output>
</operation>
</binding>
<service name="SecureWSService">
<port name="SecureWSPort" binding="tns:SecureWSPortBinding">
<soap:address location="http://localhost:8080/TestSecureWS/SecureWS" />
</port>
</service>
    <wsp:Policy wsu:Id="SecureWSPortBindingPolicy">
        <wsp:ExactlyOne>
            <wsp:All>
                <sc:TrustStore wspp:visibility="private" peeralias="zilp" storepass="zilpstorepass" type="JKS" location="/home/me/Keystore/mytruststore.jks"/>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>
</definitions>

Any idea whet could be a problem ? Thanks for help.
Kuba

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
ptn77
Offline
Joined: 2012-11-27
Points: 0

Hello,

I am running into the same issue. Were you able to find a resolution to this? If you did, I would appreciate it if you would share how you were able to fix this problem.
I'm using Metro 1.5 with jboss 5 and I have my wsit-client.xml setup with the keystore specificed in a referenced service.xml file. I am also using the jax-ws but not sure what version it is.

Thanks in advance!!

kuba78
Offline
Joined: 2010-11-09
Points: 0

repost