• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

WAS 7 WS-Security Digital Signature Binding Issues  RSS feed

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm having some difficulty configuring a policy set binding for the purposes of digitally signing client calls to a web service using a certificate given to me by a third party. For simplicity's sake, I'm merely trying to modify the callback handler affiliated with the signature token included in the "Client Sample" binding to generate signatures based on a certificate given to me by a client. Note that the client sample works prior to the modifications described below. I've taken the following steps to modify the callback handler:

1. Imported the certificate to: (SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates)
2. Modified the settings on the: (General client policy set bindings > Client Sample > WS-Security > Authentication and protection > gen_signx509token > Callback handler). I've changed the keystore to the NodeDefaultTrustStore and selected the key that was imported in step one. Per the WAS documentation, I am not supplying a password for the key since only the public key exists in the .CER file.
3. Restart WAS

After restarting the server and attempting to send a command to the web service I receive the following error from Websphere:

Caused by: javax.xml.ws.WebServiceException: com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS7073E: The key is not retrieved. The exception is:
at org.apache.axis2.jaxws.ExceptionFactory.createWebServiceException(ExceptionFactory.java:175)
at org.apache.axis2.jaxws.ExceptionFactory.makeWebServiceException(ExceptionFactory.java:70)
at org.apache.axis2.jaxws.ExceptionFactory.makeWebServiceException(ExceptionFactory.java:128)
at org.apache.axis2.jaxws.core.controller.impl.AxisInvocationController.execute(AxisInvocationController.java:572)
at org.apache.axis2.jaxws.core.controller.impl.AxisInvocationController.doInvoke(AxisInvocationController.java:123)
at org.apache.axis2.jaxws.core.controller.impl.InvocationControllerImpl.invoke(InvocationControllerImpl.java:93)
at org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.invokeSEIMethod(JAXWSProxyHandler.java:354)
at org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.invoke(JAXWSProxyHandler.java:175)

I've tried a number of different certificate files yet they have all resulted in this error. Can anyone comment as to whether I'm going about this wrong? Any help would be greatly appreciated.
 
Jared Linde
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Shameless (read: shameful) bump...
 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not sure if this would really help you... I do the same thing except that I did not use the 'Client sample' but created my own client set policy set binding. This allows me to clean configurations that I do not need. Another difference is that I did not use the NodeDefaultTrustStore but a custom store (.p12 file) with the cert (.cer) inside it.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!