Problems Signing Messages

**swanjr** · Feb 19th, 2008, 04:20 PM

Hello,

I am working with Spring-WS 1.5.0-m2 and am trying to send a Signed message from my client with a UsernameToken. I am using the XwsSecurityInterceptor for both the client and the service. I have successfully got the UsernameToken authentication working but when I try to Sign the message and send it to the server I get the error message below, on the client side.
I am not an expert by any means when it comes to certificates, etc but I have carefully followed the reference manual and I cannot find where I have made a mistake. Does anyone have any idea what the problem might be? I have pasted my security policy file and spring configuration below the error message. If anyone has any idea I would be greatful for the help. Thanks.

Feb 19, 2008 4:03:09 PM org.springframework.ws.soap.security.AbstractWsSec urityInterceptor handleSecurementException
SEVERE: Could not secure response: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException: signingKey cannot be null; nested exception i
s com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException: signingKey cannot be null
org.springframework.ws.soap.security.xwss.XwsSecur itySecurementException: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException: signin
gKey cannot be null; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException: s
igningKey cannot be null
at org.springframework.ws.soap.security.xwss.XwsSecur ityInterceptor.secureMessage(XwsSecurityIntercepto r.java:135)
at org.springframework.ws.soap.security.AbstractWsSec urityInterceptor.handleRequest(AbstractWsSecurityI nterceptor.java:175)
at org.springframework.ws.client.core.WebServiceTempl ate.doSendAndReceive(WebServiceTemplate.java:474)
at org.springframework.ws.client.core.WebServiceTempl ate.sendAndReceive(WebServiceTemplate.java:434)
at org.springframework.ws.client.core.WebServiceTempl ate.marshalSendAndReceive(WebServiceTemplate.java: 295)
at org.springframework.ws.client.core.WebServiceTempl ate.marshalSendAndReceive(WebServiceTemplate.java: 283)
at org.springframework.ws.client.core.WebServiceTempl ate.marshalSendAndReceive(WebServiceTemplate.java: 275)
at com.amfam.policyservice.Client.main(Client.java:52 )
Caused by: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException: signingKey cannot be null
at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.sec ureOutboundMessage(XWSSProcessor2_0Impl.java:98)
at org.springframework.ws.soap.security.xwss.XwsSecur ityInterceptor.secureMessage(XwsSecurityIntercepto r.java:131)
... 7 more
Caused by: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException: signingKey cannot be null
at com.sun.xml.wss.impl.dsig.SignatureProcessor.sign( SignatureProcessor.java:328)
at com.sun.xml.wss.impl.filter.SignatureFilter.proces s(SignatureFilter.java:313)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy( HarnessUtil.java:83)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(Harne ssUtil.java:237)
at com.sun.xml.wss.impl.SecurityAnnotator.processMess agePolicy(SecurityAnnotator.java:162)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessa ge(SecurityAnnotator.java:137)
at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.sec ureOutboundMessage(XWSSProcessor2_0Impl.java:96)
... 8 more

Code:

<!-- Security Policy File -->
<?xml version="1.0" encoding="UTF-8"?>
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">	
	<xwss:Sign id="signature">
		<xwss:X509Token certificateAlias="mykey"/>
	</xwss:Sign>
	<xwss:UsernameToken useNonce="true"	digestPassword="true" />
</xwss:SecurityConfiguration>

Code:

<!-- Spring client configuration -->
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">

	<bean id="policyService"
		class="org.springframework.ws.client.core.WebServiceTemplate">
		<property name="defaultUri"
			value="http://localhost:8081/PolicyService/ws/PolicyService" />
		<property name="marshaller" ref="jibxMarsheller" />
		<property name="unmarshaller" ref="jibxMarsheller" />
		<property name="faultMessageResolver">
			<bean
				class="com.amfam.policyservice.SaveFaultMessageResolver">
				<property name="unmarshaller" ref="jibxMarsheller" />
			</bean>
		</property>
		<property name="interceptors">
			<list>
				<ref bean="wsSecurityInterceptor" />
			</list>
		</property>
	</bean>

	<!-- Marshellers and Unmarshellers for PolicyService binding file -->

	<!-- The targetClass is used to locate the binding file to be loaded. Once the file is loaded all classes defined
		in the binding file are loaded. Therefore, only one jibx marsheller needs to be defined per binding file. -->
	<bean id="jibxMarsheller"
		class="org.springframework.oxm.jibx.JibxMarshaller">
		<property name="targetClass"
			value="com.amfam.policyservice.model.Save" />
	</bean>

	<!-- WS-Security Interceptor -->
	<bean id="wsSecurityInterceptor"
		class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
		<property name="policyConfiguration"
			value="classpath:securityPolicy.xml" />
		<property name="callbackHandlers">
			<list>
				<ref bean="usernamePasswordHandler" />
				<ref bean="signatureKeyStoreHandler" />				
			</list>
		</property>
	</bean>

	<!-- Authentication CallbackHandler -->
	<bean id="usernamePasswordHandler"
		class="org.springframework.ws.soap.security.xwss.callback.SimpleUsernamePasswordCallbackHandler">
		<property name="username" value="swanjr" />
		<property name="password" value="1234" />
	</bean>
	
	<!-- KeyStoreCallbackHandler -->
	<bean id="signatureKeyStoreHandler"
		class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
		<property name="keyStore" ref="keyStore" />
		<property name="privateKeyPassword" value="123456" />
	</bean>

	<!-- Signature Keystore -->
	<bean id="keyStore"
		class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
		<property name="location" value="classpath:keystore.jks" />
		<property name="password" value="234567" />
	</bean>
</beans>

**mzeibig** · Feb 20th, 2008, 03:24 AM

Try to define your alias on your 'signatureKeyStoreHandler':

Code:

<bean id="signatureKeyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
	<property name="keyStore" ref="keyStore"></property>
	<property name="privateKeyPassword" value="123456"></property>
	<property name="defaultAlias" value="mykey"></property>
</bean>

instead in your security policy file.

**swanjr** · Feb 20th, 2008, 08:14 AM

I declared my alias in the spring context file instead of the security policy file but I get the same error. Thanks for the reply, though.

**swanjr** · Feb 20th, 2008, 11:06 AM

I figured out what the problem was. I mistakenly created the certificate in the truststore on the service side and exported it to the keystore on the client side instead of the other way around. Thanks for the help.

Thread: Problems Signing Messages

Thread Tools

Display

Problems Signing Messages

Still not working

Solved

Posting Permissions