4
当我在client-config.wsdd中为WSDoAllSender和WSDoAllReceiver定义不同的signaturePropFiles时,我有不同的密钥存储区使用不同的证书定义,我可以有不同的发送和接收证书。但是,当我使用具有相同密钥库的相同signaturePropFiles'时。wss4j: - 找不到别名的密钥:monit
org.apache.ws.security.components.crypto.CryptoBase -- Cannot find key for alias: [monit] in keystore of type [jks] from provider [SUN version 1.5] with size [2] and aliases: {other, monit}
- Error during Signature: ; nested exception is:
org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
java.lang.Exception: Cannot find key for alias: [monit]
org.apache.ws.security.WSSecurityException: Error during Signature: ; nested exception is:
org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
java.lang.Exception: Cannot find key for alias: [monit]
at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:60)
at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:202)
at org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:168)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at cz.xxx.opf.model.wsclient.ModelWebServiceSoapBindingStub.getStatus(ModelWebServiceSoapBindingStub.java:213)
at cz.xxx.opf.wsgemonitor.monitor.util.MonitorUtil.checkStatus(MonitorUtil.java:18)
at cz.xxx.opf.wsgemonitor.monitor.Test02WsMonitor.runTest(Test02WsMonitor.java:23)
at cz.xxx.opf.wsgemonitor.Main.main(Main.java:75)
Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
java.lang.Exception: Cannot find key for alias: [monit]
at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:721)
at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:780)
at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
... 15 more
Caused by: java.lang.Exception: Cannot find key for alias: [monit]
at org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBase.java:214)
at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:713)
... 17 more
如何有WSS4J两个证在同一个密钥库:当我尝试发送邮件我得到这个消息?为什么当我在一个密钥库中有两个证书时,它无法在那里找到我的证书。
我有两个证书关于PWCallback相同的密码(的CallbackHandler)
我的属性文件:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystore
org.apache.ws.security.crypto.merlin.keystore.alias=monit
org.apache.ws.security.crypto.merlin.alias.password=***
org.apache.ws.security.crypto.merlin.file=key.jks
我的客户config.wsdd中:
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<globalConfiguration>
<requestFlow>
<handler name="WSSecurity" type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="user" value="monit"/>
<parameter name="passwordCallbackClass" value="cz.xxx.opf.common.ws.PWCallback"/>
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile" value="monit.properties"/>
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="mustUnderstand" value="0"/>
</handler>
<handler type="java:org.apache.axis.handlers.JWSHandler">
<parameter name="scope" value="session"/>
</handler>
<handler type="java:org.apache.axis.handlers.JWSHandler">
<parameter name="scope" value="request"/>
<parameter name="extension" value=".jwr"/>
</handler>
</requestFlow>
<responseFlow>
<handler name="DoSecurityReceiver" type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="user" value="other"/>
<parameter name="passwordCallbackClass" value="cz.xxx.opf.common.ws.PWCallback"/>
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile" value="other.properties"/>
<parameter name="signatureKeyIdentifier" value="DirectReference" />
</handler>
</responseFlow>
</globalConfiguration>
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender">
</transport>
</deployment>
从密钥工具清单: keytool -keystore monit-key.jks -v -list
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: other
Creation date: Jul 22, 2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
....
Alias name: monit
Creation date: Oct 19, 2009
Entry type: trustedCertEntry
你已经给org.apache.ws.security.crypto.merlin.alias.password = ** * \ n您在Keystore中的私钥是什么意思? – Sriks 2013-03-25 15:13:50
它根本与org.apache.ws.security.crypto.merlin.alias.password属性无关。就像我写的私钥不在密钥存储区中一样。为了签署邮件,您需要发件人的私钥。密钥存储中只有公钥。正如您从列表(keytool -keystore monit-key.jks -v -list)中可以看到的那样。相关密钥(monit)的条目类型是trustedCertEntry,我认为它只是存储带有公钥的证书。密钥存储中只有公钥是重要的。 – feiroox 2013-03-26 02:07:23
感谢@feiroox的澄清。看起来你可以在这里澄清我的问题。我对类似的问题感到震惊。我从客户端获得了证书,并将其导入到我的KeyStore(myKey.jks)文件中,别名名称为“mykey”。当我列出JKS文件时,它是一个“trustedCertEntry”。但是当我尝试在我的配置中使用该别名时,我使用Apache CXF&WSS4J实现了它,它给了我一个错误 - >找不到别名的密钥:[mykey]。那么如何为给定证书或密钥库(mykey.jks)添加或生成密钥(假设公钥)?欣赏你的回应.. – Sriks 2013-03-26 15:38:14