Skip to main content

Signature algorithm should be same for client, sts and service?

5 replies [Last post]
Anonymous

Signature algorithm for my client and serivice certificate is SHA1withRSA
while sts certificate is SHA256withRSA. It could be a problem? When client
call service, it returns Invalid Security Header message. Client-STS-Client
call looks good. I am using UserNameToken with symmetric key bindings.

Apr 24, 2012 6:03:55 PM com.sun.xml.wss.jaxws.impl.SecurityClientTube
processClientResponsePacket
SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound Message.
com.sun.xml.wss.XWSSecurityException: Security Requirements not met - No
Security header in message
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:925)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:248)
at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:450)
at
com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientResponsePacket(SecurityClientTube.java:434)
at
com.sun.xml.wss.jaxws.impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
at com.sun.xml.ws.client.Stub.process(Stub.java:429)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:168)
at
com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
at
com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
at $Proxy40.doubleIt(Unknown Source)
at client.WSClient.doubleIt(WSClient.java:76)
at client.WSClient.main(WSClient.java:69)
Exception in thread "main" javax.xml.ws.WebServiceException: WSSTUBE0025:
Error in Verifying Security in the Inbound Message.
at
com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientResponsePacket(SecurityClientTube.java:439)
at
com.sun.xml.wss.jaxws.impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
at com.sun.xml.ws.client.Stub.process(Stub.java:429)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:168)
at
com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
at
com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
at $Proxy40.doubleIt(Unknown Source)
at client.WSClient.doubleIt(WSClient.java:76)
at client.WSClient.main(WSClient.java:69)
Caused by: javax.xml.ws.soap.SOAPFaultException: Invalid Security Header
at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:696)
at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:714)
... 14 more
Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security
Header
at
com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:349)
at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:710)
... 14 more

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

It appears the client did not send a secure message here :
> Security Requirements not met - No
> Security header in message

Can you do a message dump on the server and see what is being sent.

On Apr 25, 2012, at 4:33 AM, gchoi wrote:

>
> Signature algorithm for my client and serivice certificate is
> SHA1withRSA
> while sts certificate is SHA256withRSA. It could be a problem? When
> client
> call service, it returns Invalid Security Header message. Client-STS-
> Client
> call looks good. I am using UserNameToken with symmetric key bindings.
>
>
> Apr 24, 2012 6:03:55 PM com.sun.xml.wss.jaxws.impl.SecurityClientTube
> processClientResponsePacket
> SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound
> Message.
> com.sun.xml.wss.XWSSecurityException: Security Requirements not met
> - No
> Security header in message
> at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .incoming.SecurityRecipient.createMessage(SecurityRecipient.java:925)
> at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:
> 248)
> at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:450)
> at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl
> .SecurityClientTube
> .processClientResponsePacket(SecurityClientTube.java:434)
> at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
> at com.sun.xml.ws.client.Stub.process(Stub.java:429)
> at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:
> 168)
> at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 119)
> at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 102)
> at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
> at $Proxy40.doubleIt(Unknown Source)
> at client.WSClient.doubleIt(WSClient.java:76)
> at client.WSClient.main(WSClient.java:69)
> Exception in thread "main" javax.xml.ws.WebServiceException:
> WSSTUBE0025:
> Error in Verifying Security in the Inbound Message.
> at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl
> .SecurityClientTube
> .processClientResponsePacket(SecurityClientTube.java:439)
> at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
> at com.sun.xml.ws.client.Stub.process(Stub.java:429)
> at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:
> 168)
> at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 119)
> at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 102)
> at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
> at $Proxy40.doubleIt(Unknown Source)
> at client.WSClient.doubleIt(WSClient.java:76)
> at client.WSClient.main(WSClient.java:69)
> Caused by: javax.xml.ws.soap.SOAPFaultException: Invalid Security
> Header
> at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
> 696)
> at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
> 714)
> ... 14 more
> Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid
> Security
> Header
> at
> com
> .sun
> .xml
> .wss
> .impl
> .SecurableSoapMessage
> .newSOAPFaultException(SecurableSoapMessage.java:349)
> at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:
> 710)
> ... 14 more
>

Gina Choi

>Can you do a message dump on the server and see what is being sent.
How do I turn on message dump on the sever side?

Gina Choi

>Can you do a message dump on the server and see what is being sent.
>How do I turn on message dump on the sever side?

Following is server dump message. Does this mean that it couldn't find
service private key? I don't know where did serial number
14478695720124859712 come from? My service, client and sts don't have serial
number with that value.

Service PrivateKeyEntry
=============================

Alias name: myservicekey
Creation date: Apr 13, 2012
Entry type: trustedCertEntry

Owner: EMAILADDRESS=xxx@xxx, CN=servicecn, OU=xx, O=xxx, L=xxxx,
ST=massachusetts, C=US
Issuer: EMAILADDRESS=xxx@xxx, CN=servicecn, OU=xxx, O=xxx, L=xxxx,
ST=massachusetts, C=US
Serial number: c8eea90bc902c540
Valid from: Tue Apr 10 10:40:33 EDT 2012 until: Fri Apr 08 10:40:33 EDT 2022
Certificate fingerprints:
MD5: B2:76:5C:F9:41:52:45:FE:6D:EC:54:FC:5E:A5:EF:6C
SHA1: 8F:1B:17:A0:AB:6F:8B:C6:02:65:7F:7E:E5:15:9C:79:AE:AE:01:D5
Signature algorithm name: SHA1withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AC CA 43 29 11 D0 C3 BB 9A 2B 1B 30 F0 BA 8F 4D ..C).....+.0...M
0010: 8D E1 F4 43 ...C
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]

#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: AC CA 43 29 11 D0 C3 BB 9A 2B 1B 30 F0 BA 8F 4D ..C).....+.0...M
0010: 8D E1 F4 43 ...C
]

]

Server dump
========================

Apr 25, 2012 12:22:37 PM
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getPrivateKey
SEVERE: WSS0222: Unable to locate matching private key for
14478695720124859712:E=xxx@xxx,CN=servicecn,OU=xxx,O=xxx,L=xxxx,S=xxxx,C=US
using CallbackHandler.
Apr 25, 2012 12:22:37 PM
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor
processX509IssuerSerial
SEVERE: WSS1816: Error occurred while resolving Issuer Serial
javax.xml.crypto.KeySelectorException: com.sun.xml.wss.XWSSecurityException:
No Matching private key for serial number 14478695720124859712 and issuer
name E=XXX@XXX,CN=servicecn,OU=xxx,O=xxx,L=xxxx,S=xxxx,C=US found
at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:412)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509IssuerSerial(SecurityTokenProcessor.java:369)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509Data(SecurityTokenProcessor.java:292)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.re
solveReference(SecurityTokenProcessor.java:161)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:152)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.process(EncryptedKey.j
ava:208)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.(EncryptedKey.ja
va:131)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:157)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.process(EncryptedData
.java:156)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.(EncryptedData.
java:113)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHea
der(SecurityRecipient.java:458)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(Secu
rityRecipient.java:291)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(S
ecurityRecipient.java:241)
at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTube
Base.java:450)
at
com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTu
be.java:295)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:717)
at com.sun.xml.ws.api.pipe.Fiber.start(Fiber.java:418)
at
com.sun.xml.ws.server.WSEndpointImpl.processAsync(WSEndpointImpl.java:364)
at
com.sun.xml.ws.server.WSEndpointImpl.process(WSEndpointImpl.java:370)
at
com.sun.xml.ws.transport.http.HttpAdapter.invokeAsync(HttpAdapter.java:519)
at
com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapt
er.java:206)
at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelega
te.java:159)
at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDeleg
ate.java:194)
at
com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationF
ilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCha
in.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.jav
a:225)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.jav
a:169)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.
java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proces
sor.java:999)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstract
Protocol.java:565)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:3
07)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.jav
a:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:90
8)
at java.lang.Thread.run(Thread.java:662)
Caused by: com.sun.xml.wss.XWSSecurityException: No Matching private key for
serial number 14478695720124859712 and issuer name
E=xxxx@xxxx,CN=servicecn,OU=xxx,O=xxxx,L=xxxx,S=xxxx,C=US found
at
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getPrivateKey(Defaul
tSecurityEnvironmentImpl.java:644)
at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:392)
... 46 more
Apr 25, 2012 12:22:37 PM com.sun.xml.wss.jaxws.impl.SecurityServerTube
processRequest
SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound Message.
com.sun.xml.wss.XWSSecurityException: WSS1816: Error occurred while resolving
Issuer Serial
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509IssuerSerial(SecurityTokenProcessor.java:374)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509Data(SecurityTokenProcessor.java:292)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.re
solveReference(SecurityTokenProcessor.java:161)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:152)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.process(EncryptedKey.j
ava:208)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.(EncryptedKey.ja
va:131)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:157)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.process(EncryptedData
.java:156)
at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.(EncryptedData.
java:113)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHea
der(SecurityRecipient.java:458)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(Secu
rityRecipient.java:291)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(S
ecurityRecipient.java:241)
at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTube
Base.java:450)
at
com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTu
be.java:295)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:717)
at com.sun.xml.ws.api.pipe.Fiber.start(Fiber.java:418)
at
com.sun.xml.ws.server.WSEndpointImpl.processAsync(WSEndpointImpl.java:364)
at
com.sun.xml.ws.server.WSEndpointImpl.process(WSEndpointImpl.java:370)
at
com.sun.xml.ws.transport.http.HttpAdapter.invokeAsync(HttpAdapter.java:519)
at
com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapt
er.java:206)
at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelega
te.java:159)
at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDeleg
ate.java:194)
at
com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationF
ilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCha
in.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.jav
a:225)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.jav
a:169)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.
java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proces
sor.java:999)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstract
Protocol.java:565)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:3
07)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.jav
a:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:90
8)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.xml.crypto.KeySelectorException:
com.sun.xml.wss.XWSSecurityException: No Matching private key for serial
number 14478695720124859712 and issuer name
E=xxxx@xxxx,CN=servicecn,OU=xxx,O=xxx,L=xxx,S=xxxxx,C=US found
at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:412)
at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509IssuerSerial(SecurityTokenProcessor.java:369)
... 45 more
Caused by: com.sun.xml.wss.XWSSecurityException: No Matching private key for
serial number 14478695720124859712 and issuer name
E=xxx@xxx,CN=servicecn,OU=xxxx,O=xxx,L=xxxx,S=xxxx,C=US found
at
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getPrivateKey(Defaul
tSecurityEnvironmentImpl.java:644)
at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:392)
... 46 more

Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

Hi,

Firstly this exception now seems different from the earlier
exception that you sent. So did you change something in the client
side wsit configuration ?.

To enable message dumping here is what you need to do in jvm-options

- Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true

It appears the client runtime picked up some certificate of the
server which does not exist in the server's keystore.

On Apr 25, 2012, at 10:20 PM, Gina Choi wrote:

>> Can you do a message dump on the server and see what is being sent.
>> How do I turn on message dump on the sever side?
>
> Following is server dump message. Does this mean that it couldn't find
> service private key? I don't know where did serial number
> 14478695720124859712 come from? My service, client and sts don't
> have serial
> number with that value.
>
>
> Service PrivateKeyEntry
> =============================
>
> Alias name: myservicekey
> Creation date: Apr 13, 2012
> Entry type: trustedCertEntry
>
> Owner: EMAILADDRESS=xxx@xxx, CN=servicecn, OU=xx, O=xxx, L=xxxx,
> ST=massachusetts, C=US
> Issuer: EMAILADDRESS=xxx@xxx, CN=servicecn, OU=xxx, O=xxx, L=xxxx,
> ST=massachusetts, C=US
> Serial number: c8eea90bc902c540
> Valid from: Tue Apr 10 10:40:33 EDT 2012 until: Fri Apr 08 10:40:33
> EDT 2022
> Certificate fingerprints:
> MD5: B2:76:5C:F9:41:52:45:FE:6D:EC:54:FC:5E:A5:EF:6C
> SHA1: 8F:1B:17:A0:AB:6F:8B:C6:02:65:7F:7E:E5:15:9C:79:AE:AE:
> 01:D5
> Signature algorithm name: SHA1withRSA
> Version: 3
>
> Extensions:
>
> #1: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: AC CA 43 29 11 D0 C3 BB 9A 2B 1B 30 F0 BA 8F 4D ..C).....+.
> 0...M
> 0010: 8D E1 F4 43 ...C
> ]
> ]
>
> #2: ObjectId: 2.5.29.19 Criticality=false
> BasicConstraints:[
> CA:true
> PathLen:2147483647
> ]
>
> #3: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: AC CA 43 29 11 D0 C3 BB 9A 2B 1B 30 F0 BA 8F 4D ..C).....+.
> 0...M
> 0010: 8D E1 F4 43 ...C
> ]
>
> ]
>
>
> Server dump
> ========================
>
> Apr 25, 2012 12:22:37 PM
> com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getPrivateKey
> SEVERE: WSS0222: Unable to locate matching private key for
> 14478695720124859712
> :E=xxx@xxx,CN=servicecn,OU=xxx,O=xxx,L=xxxx,S=xxxx,C=US
> using CallbackHandler.
> Apr 25, 2012 12:22:37 PM
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor
> processX509IssuerSerial
> SEVERE: WSS1816: Error occurred while resolving Issuer Serial
> javax.xml.crypto.KeySelectorException:
> com.sun.xml.wss.XWSSecurityException:
> No Matching private key for serial number 14478695720124859712 and
> issuer
> name E=XXX@XXX,CN=servicecn,OU=xxx,O=xxx,L=xxxx,S=xxxx,C=US found
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
> (KeySelectorImpl.java:412)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
> ocessX509IssuerSerial(SecurityTokenProcessor.java:369)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
> ocessX509Data(SecurityTokenProcessor.java:292)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.re
> solveReference(SecurityTokenProcessor.java:161)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
> eyInfo(KeyInfoProcessor.java:152)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
> eyInfoProcessor.java:132)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.EncryptedKey.process(EncryptedKey.j
> ava:208)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.EncryptedKey.(EncryptedKey.ja
> va:131)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
> eyInfo(KeyInfoProcessor.java:157)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
> eyInfoProcessor.java:132)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.EncryptedData.process(EncryptedData
> .java:156)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.EncryptedData.(EncryptedData.
> java:113)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHea
> der(SecurityRecipient.java:458)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(Secu
> rityRecipient.java:291)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(S
> ecurityRecipient.java:241)
> at
> com
> .sun
> .xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTube
> Base.java:450)
> at
> com
> .sun
> .xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTu
> be.java:295)
> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)
> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
> at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:717)
> at com.sun.xml.ws.api.pipe.Fiber.start(Fiber.java:418)
> at
> com
> .sun.xml.ws.server.WSEndpointImpl.processAsync(WSEndpointImpl.java:
> 364)
> at
> com.sun.xml.ws.server.WSEndpointImpl.process(WSEndpointImpl.java:370)
> at
> com
> .sun.xml.ws.transport.http.HttpAdapter.invokeAsync(HttpAdapter.java:
> 519)
> at
> com
> .sun
> .xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapt
> er.java:206)
> at
> com
> .sun
> .xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelega
> te.java:159)
> at
> com
> .sun
> .xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDeleg
> ate.java:194)
> at
> com
> .sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
> at
> org
> .apache
> .catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationF
> ilterChain.java:305)
> at
> org
> .apache
> .catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCha
> in.java:210)
> at
> org
> .apache
> .catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.jav
> a:225)
> at
> org
> .apache
> .catalina.core.StandardContextValve.invoke(StandardContextValve.jav
> a:169)
> at
> org
> .apache
> .catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.
> java:472)
> at
> org
> .apache
> .catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
> at
> org
> .apache
> .catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
> 927)
> at
> org
> .apache
> .catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
> 118)
> at
> org
> .apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
> 407)
> at
> org
> .apache
> .coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proces
> sor.java:999)
> at
> org.apache.coyote.AbstractProtocol
> $AbstractConnectionHandler.process(Abstract
> Protocol.java:565)
> at
> org.apache.tomcat.util.net.JIoEndpoint
> $SocketProcessor.run(JIoEndpoint.java:3
> 07)
> at
> java.util.concurrent.ThreadPoolExecutor
> $Worker.runTask(ThreadPoolExecutor.jav
> a:886)
> at
> java.util.concurrent.ThreadPoolExecutor
> $Worker.run(ThreadPoolExecutor.java:90
> 8)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: com.sun.xml.wss.XWSSecurityException: No Matching private
> key for
> serial number 14478695720124859712 and issuer name
> E=xxxx@xxxx,CN=servicecn,OU=xxx,O=xxxx,L=xxxx,S=xxxx,C=US found
> at
> com
> .sun
> .xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getPrivateKey(Defaul
> tSecurityEnvironmentImpl.java:644)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
> (KeySelectorImpl.java:392)
> ... 46 more
> Apr 25, 2012 12:22:37 PM com.sun.xml.wss.jaxws.impl.SecurityServerTube
> processRequest
> SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound
> Message.
> com.sun.xml.wss.XWSSecurityException: WSS1816: Error occurred while
> resolving
> Issuer Serial
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
> ocessX509IssuerSerial(SecurityTokenProcessor.java:374)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
> ocessX509Data(SecurityTokenProcessor.java:292)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.re
> solveReference(SecurityTokenProcessor.java:161)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
> eyInfo(KeyInfoProcessor.java:152)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
> eyInfoProcessor.java:132)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.EncryptedKey.process(EncryptedKey.j
> ava:208)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.EncryptedKey.(EncryptedKey.ja
> va:131)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
> eyInfo(KeyInfoProcessor.java:157)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
> eyInfoProcessor.java:132)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.EncryptedData.process(EncryptedData
> .java:156)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.EncryptedData.(EncryptedData.
> java:113)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHea
> der(SecurityRecipient.java:458)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(Secu
> rityRecipient.java:291)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(S
> ecurityRecipient.java:241)
> at
> com
> .sun
> .xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTube
> Base.java:450)
> at
> com
> .sun
> .xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTu
> be.java:295)
> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)
> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
> at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:717)
> at com.sun.xml.ws.api.pipe.Fiber.start(Fiber.java:418)
> at
> com
> .sun.xml.ws.server.WSEndpointImpl.processAsync(WSEndpointImpl.java:
> 364)
> at
> com.sun.xml.ws.server.WSEndpointImpl.process(WSEndpointImpl.java:370)
> at
> com
> .sun.xml.ws.transport.http.HttpAdapter.invokeAsync(HttpAdapter.java:
> 519)
> at
> com
> .sun
> .xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapt
> er.java:206)
> at
> com
> .sun
> .xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelega
> te.java:159)
> at
> com
> .sun
> .xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDeleg
> ate.java:194)
> at
> com
> .sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
> at
> org
> .apache
> .catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationF
> ilterChain.java:305)
> at
> org
> .apache
> .catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCha
> in.java:210)
> at
> org
> .apache
> .catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.jav
> a:225)
> at
> org
> .apache
> .catalina.core.StandardContextValve.invoke(StandardContextValve.jav
> a:169)
> at
> org
> .apache
> .catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.
> java:472)
> at
> org
> .apache
> .catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
> at
> org
> .apache
> .catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
> 927)
> at
> org
> .apache
> .catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
> 118)
> at
> org
> .apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
> 407)
> at
> org
> .apache
> .coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proces
> sor.java:999)
> at
> org.apache.coyote.AbstractProtocol
> $AbstractConnectionHandler.process(Abstract
> Protocol.java:565)
> at
> org.apache.tomcat.util.net.JIoEndpoint
> $SocketProcessor.run(JIoEndpoint.java:3
> 07)
> at
> java.util.concurrent.ThreadPoolExecutor
> $Worker.runTask(ThreadPoolExecutor.jav
> a:886)
> at
> java.util.concurrent.ThreadPoolExecutor
> $Worker.run(ThreadPoolExecutor.java:90
> 8)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: javax.xml.crypto.KeySelectorException:
> com.sun.xml.wss.XWSSecurityException: No Matching private key for
> serial
> number 14478695720124859712 and issuer name
> E=xxxx@xxxx,CN=servicecn,OU=xxx,O=xxx,L=xxx,S=xxxxx,C=US found
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
> (KeySelectorImpl.java:412)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
> ocessX509IssuerSerial(SecurityTokenProcessor.java:369)
> ... 45 more
> Caused by: com.sun.xml.wss.XWSSecurityException: No Matching private
> key for
> serial number 14478695720124859712 and issuer name
> E=xxx@xxx,CN=servicecn,OU=xxxx,O=xxx,L=xxxx,S=xxxx,C=US found
> at
> com
> .sun
> .xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getPrivateKey(Defaul
> tSecurityEnvironmentImpl.java:644)
> at
> com
> .sun
> .xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
> (KeySelectorImpl.java:392)
> ... 46 more
>
>

Gina Choi

>Firstly this exception now seems different from the earlier exception
that you sent. So did you change something in the client side wsit
configuration ?.

Previous exception is from client side. The one that sent to you is from
server side. I obtained it by setting
com.sun.xml.ws.transport.http.HttpAdapter.dump=true.

>To enable message dumping here is what you need to do in jvm-options

>- Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true

I set Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true and
result is same as setting
com.sun.xml.ws.transport.http.HttpAdapter.dump=true.

>It appears the client runtime picked up some certificate of the server
which does not exist in the server's keystore.

When the client send request to STS, I don't see
14478695720124859712 in the request, but
STS respond client with
14478695720124859712. Service keystore
doesn't have serial number 14478695720124859712 that's why exception was
thrown. Is this an incompatibility issue between client and STS? Could you
tell me how does STS get X509SecrialNmuber value of 14478695720124859712 ?

I listed both server and client log and server dump message.

1. Server dump

Apr 26, 2012 4:35:32 PM
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getPrivateKey

SEVERE: WSS0222: Unable to locate matching private key for
14478695720124859712:E=gchoi@sdl.com,CN=servicecn,OU=SCT,O=XXX,L=reading,S=ma
ssachusetts,C=US using CallbackHandler.

Apr 26, 2012 4:35:32 PM
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor
processX509IssuerSerial

SEVERE: WSS1816: Error occurred while resolving Issuer Serial

javax.xml.crypto.KeySelectorException: com.sun.xml.wss.XWSSecurityException:
No Matching private key for serial number 14478695720124859712 and issuer
name E=gchoi@sdl.com,CN=servicecn,OU=SCT,O=XXX,L=reading,S=massachusetts,C=US
found

at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:412)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509IssuerSerial(SecurityTokenProcessor.java:369)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509Data(SecurityTokenProcessor.java:292)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.re
solveReference(SecurityTokenProcessor.java:161)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:152)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)

at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.process(EncryptedKey.j
ava:208)

at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.(EncryptedKey.ja
va:131)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:157)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)

at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.process(EncryptedData
.java:156)

at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.(EncryptedData.
java:113)

at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHea
der(SecurityRecipient.java:458)

at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(Secu
rityRecipient.java:291)

at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(S
ecurityRecipient.java:241)

at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTube
Base.java:450)

at
com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTu
be.java:295)

at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)

at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)

at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)

at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:717)

at com.sun.xml.ws.api.pipe.Fiber.start(Fiber.java:418)

at
com.sun.xml.ws.server.WSEndpointImpl.processAsync(WSEndpointImpl.java:364)

at
com.sun.xml.ws.server.WSEndpointImpl.process(WSEndpointImpl.java:370)

at
com.sun.xml.ws.transport.http.HttpAdapter.invokeAsync(HttpAdapter.java:519)

at
com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapt
er.java:206)

at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelega
te.java:159)

at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDeleg
ate.java:194)

at
com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)

at
javax.servlet.http.HttpServlet.service(HttpServlet.java:641)

at
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationF
ilterChain.java:305)

at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCha
in.java:210)

at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.jav
a:225)

at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.jav
a:169)

at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.
java:472)

at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)

at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)

at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)

at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
118)

at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)

at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proces
sor.java:999)

at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstract
Protocol.java:565)

at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:3
07)

at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.jav
a:886)

at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:90
8)

at java.lang.Thread.run(Thread.java:662)

Caused by: com.sun.xml.wss.XWSSecurityException: No Matching private key for
serial number 14478695720124859712 and issuer name
E=gchoi@sdl.com,CN=servicecn,OU=SCT,O=XXX,L=reading,S=massachusetts,C=US
found

at
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getPrivateKey(Defaul
tSecurityEnvironmentImpl.java:644)

at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:392)

... 46 more

Apr 26, 2012 4:35:32 PM com.sun.xml.wss.jaxws.impl.SecurityServerTube
processRequest

SEVERE: WSSTUBE0025: Error in Verifying Security in the Inbound Message.

com.sun.xml.wss.XWSSecurityException: WSS1816: Error occurred while resolving
Issuer Serial

at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509IssuerSerial(SecurityTokenProcessor.java:374)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509Data(SecurityTokenProcessor.java:292)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.re
solveReference(SecurityTokenProcessor.java:161)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:152)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)

at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.process(EncryptedKey.j
ava:208)

at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.(EncryptedKey.ja
va:131)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processK
eyInfo(KeyInfoProcessor.java:157)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(K
eyInfoProcessor.java:132)

at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.process(EncryptedData
.java:156)

at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.(EncryptedData.
java:113)

at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHea
der(SecurityRecipient.java:458)

at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(Secu
rityRecipient.java:291)

at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(S
ecurityRecipient.java:241)

at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTube
Base.java:450)

at
com.sun.xml.wss.jaxws.impl.SecurityServerTube.processRequest(SecurityServerTu
be.java:295)

at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961)

at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)

at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)

at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:717)

at com.sun.xml.ws.api.pipe.Fiber.start(Fiber.java:418)

at
com.sun.xml.ws.server.WSEndpointImpl.processAsync(WSEndpointImpl.java:364)

at
com.sun.xml.ws.server.WSEndpointImpl.process(WSEndpointImpl.java:370)

at
com.sun.xml.ws.transport.http.HttpAdapter.invokeAsync(HttpAdapter.java:519)

at
com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapt
er.java:206)

at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelega
te.java:159)

at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDeleg
ate.java:194)

at
com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)

at
javax.servlet.http.HttpServlet.service(HttpServlet.java:641)

at
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationF
ilterChain.java:305)

at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCha
in.java:210)

at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.jav
a:225)

at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.jav
a:169)

at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.
java:472)

at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)

at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)

at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)

at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
118)

at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)

at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proces
sor.java:999)

at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstract
Protocol.java:565)

at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:3
07)

at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.jav
a:886)

at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:90
8)

at java.lang.Thread.run(Thread.java:662)

Caused by: javax.xml.crypto.KeySelectorException:
com.sun.xml.wss.XWSSecurityException: No Matching private key for serial
number 14478695720124859712 and issuer name
E=gchoi@sdl.com,CN=servicecn,OU=SCT,O=XXX,L=reading,S=massachusetts,C=US
found

at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:412)

at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.pr
ocessX509IssuerSerial(SecurityTokenProcessor.java:369)

... 45 more

Caused by: com.sun.xml.wss.XWSSecurityException: No Matching private key for
serial number 14478695720124859712 and issuer name
E=gchoi@sdl.com,CN=servicecn,OU=SCT,O=XXX,L=reading,S=massachusetts,C=US
found

at
com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.getPrivateKey(Defaul
tSecurityEnvironmentImpl.java:644)

at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveIssuerSerial
(KeySelectorImpl.java:392)

... 46 more

2. Client side dump

[INFO] --- exec-maven-plugin:1.2:exec (default-cli) @ client ---

Apr 26, 2012 4:35:22 PM [com.sun.xml.ws.policy.parser.PolicyConfigParser]
parse

INFO: WSP5018: Loaded WSIT configuration from file:
file:/C:/gina/test/DoubleIt/client/target/classes/wsit-client.xml.

Apr 26, 2012 4:35:22 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives

WARNING: WSP0075: Policy assertion
"{http://schemas.sun.com/2006/03/wss/server}KeyStore" was evaluated as
"UNSUPPORTED".

Apr 26, 2012 4:35:22 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives

WARNING: WSP0075: Policy assertion
"{http://schemas.sun.com/2006/03/wss/server}TrustStore" was evaluated as
"UNSUPPORTED".

Apr 26, 2012 4:35:22 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives

WARNING: WSP0019: Suboptimal policy alternative selected on the client side
with fitness "PARTIALLY_SUPPORTED".

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.parser.PolicyConfigParser]
parse

INFO: WSP5018: Loaded WSIT configuration from file:
file:/C:/gina/test/DoubleIt/client/target/classes/wsit-client.xml.

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives

WARNING: WSP0075: Policy assertion
"{http://schemas.microsoft.com/ws/06/2004/policy/http}BasicAuthentication"
was evaluated as "UNKNOWN".

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives

WARNING: WSP0019: Suboptimal policy alternative selected on the client side
with fitness "PARTIALLY_SUPPORTED".

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives

WARNING: WSP0075: Policy assertion
"{http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthentication
" was evaluated as "UNKNOWN".

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives

WARNING: WSP0019: Suboptimal policy alternative selected on the client side
with fitness "PARTIALLY_SUPPORTED".

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives

WARNING: WSP0075: Policy assertion
"{http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthentication
" was evaluated as "UNKNOWN".

Apr 26, 2012 4:35:26 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives

WARNING: WSP0019: Suboptimal policy alternative selected on the client side
with fitness "PARTIALLY_SUPPORTED".

Apr 26, 2012 4:35:26 PM com.sun.xml.ws.security.impl.policy.Constants
log_invalid_assertion

WARNING: SP0100: Policy assertion
Assertion[com.sun.xml.ws.security.impl.policy.SpnegoContextToken] {

assertion data {

namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'

prefix = 'sp'

local name = 'SpnegoContextToken'

value = 'null'

optional = 'false'

ignorable = 'false'

attributes {

name =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:IncludeToken',
value =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Alway
sToRecipient'

}

}

no parameters

nested policy {

namespace version = 'v1_5'

id = 'null'

name = 'null'

vocabulary {

1. entry =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendAmend'

2. entry =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendCancel'

3. entry =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendRenew'

4. entry =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:RequireDerivedKeys
'

}

assertion set {

Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
aultPolicyAssertion] {

assertion data {

namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'

prefix = 'sp'

local name = 'MustNotSendAmend'

value = 'null'

optional = 'false'

ignorable = 'false'

no attributes

}

no parameters

no nested policy

}

Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
aultPolicyAssertion] {

assertion data {

namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'

prefix = 'sp'

local name = 'MustNotSendCancel'

value = 'null'

optional = 'false'

ignorable = 'false'

no attributes

}

no parameters

no nested policy

}

Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
aultPolicyAssertion] {

assertion data {

namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'

prefix = 'sp'

local name = 'MustNotSendRenew'

value = 'null'

optional = 'false'

ignorable = 'false'

no attributes

}

no parameters

no nested policy

}

Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
aultPolicyAssertion] {

assertion data {

namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'

prefix = 'sp'

local name = 'RequireDerivedKeys'

value = 'null'

optional = 'false'

ignorable = 'false'

no attributes

}

no parameters

no nested policy

}

}

}

} is not supported under Token assertion.