It's not a secret anymore!*
The moose likes Web Services and the fly likes WAS 7 WS-Security Digital Signature Binding Issues Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "WAS 7 WS-Security Digital Signature Binding Issues " Watch "WAS 7 WS-Security Digital Signature Binding Issues " New topic
Author

WAS 7 WS-Security Digital Signature Binding Issues

Jared Linde
Greenhorn

Joined: Apr 01, 2013
Posts: 2
I'm having some difficulty configuring a policy set binding for the purposes of digitally signing client calls to a web service using a certificate given to me by a third party. For simplicity's sake, I'm merely trying to modify the callback handler affiliated with the signature token included in the "Client Sample" binding to generate signatures based on a certificate given to me by a client. Note that the client sample works prior to the modifications described below. I've taken the following steps to modify the callback handler:

1. Imported the certificate to: (SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates)
2. Modified the settings on the: (General client policy set bindings > Client Sample > WS-Security > Authentication and protection > gen_signx509token > Callback handler). I've changed the keystore to the NodeDefaultTrustStore and selected the key that was imported in step one. Per the WAS documentation, I am not supplying a password for the key since only the public key exists in the .CER file.
3. Restart WAS

After restarting the server and attempting to send a command to the web service I receive the following error from Websphere:

Caused by: javax.xml.ws.WebServiceException: com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS7073E: The key is not retrieved. The exception is:
at org.apache.axis2.jaxws.ExceptionFactory.createWebServiceException(ExceptionFactory.java:175)
at org.apache.axis2.jaxws.ExceptionFactory.makeWebServiceException(ExceptionFactory.java:70)
at org.apache.axis2.jaxws.ExceptionFactory.makeWebServiceException(ExceptionFactory.java:128)
at org.apache.axis2.jaxws.core.controller.impl.AxisInvocationController.execute(AxisInvocationController.java:572)
at org.apache.axis2.jaxws.core.controller.impl.AxisInvocationController.doInvoke(AxisInvocationController.java:123)
at org.apache.axis2.jaxws.core.controller.impl.InvocationControllerImpl.invoke(InvocationControllerImpl.java:93)
at org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.invokeSEIMethod(JAXWSProxyHandler.java:354)
at org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.invoke(JAXWSProxyHandler.java:175)

I've tried a number of different certificate files yet they have all resulted in this error. Can anyone comment as to whether I'm going about this wrong? Any help would be greatly appreciated.
Jared Linde
Greenhorn

Joined: Apr 01, 2013
Posts: 2
Shameless (read: shameful) bump...
Dennis Labajo
Greenhorn

Joined: Dec 12, 2009
Posts: 27
Not sure if this would really help you... I do the same thing except that I did not use the 'Client sample' but created my own client set policy set binding. This allows me to clean configurations that I do not need. Another difference is that I did not use the NodeDefaultTrustStore but a custom store (.p12 file) with the cert (.cer) inside it.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: WAS 7 WS-Security Digital Signature Binding Issues
 
Similar Threads
Error while trying to consume a WS:No SSL Configuration for endpoint https://localhost:9443/xxx
javax.xml.ws.WebServiceException: org.apache.axis2.AxisFault: Transport error: 403 Error: Forbidden
Help on JAX WS
Issue with using the Axis2 JAX-WS Client using Rampart
Help needed to call a web service after TAM authentication - (401)Unauthorized