SoapFault MustUnderstand headers, CXF WSS4J No crypto property file supplied

Question

My SOAP server is receiving a SOAP message with must understand headers set to 1.

In order to understand the header I am using a wss4j interceptor.

My sign.properties file is:

org.apache.ws.security.crypto.provider=org.apache.wss4j.common.crypto.Merlin
org.apache.ws.security.crypto.merlin.truststore.type=jks
org.apache.ws.security.crypto.merlin.truststore.password=changeit    
org.apache.ws.security.crypto.merlin.truststore.file=keystore/truststore.jks

My Endpoint xml:

    <jaxws:inInterceptors>
        <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
            <constructor-arg>
                <map>
                    <entry key="action" value="Timestamp Signature"/>
                    <entry key="signaturePropFile" value="XXXXXX/WEB-INF/classes/etc/sign.properties"/>
                    <entry key="passwordCallbackClass" value="XX.XX.XX.XXXXXX.lifecycleapp.UTPasswordCallback"/>
                </map>
            </constructor-arg>
        </bean>
    </jaxws:inInterceptors>  

However I am getting the error "org.apache.wss4j.common.ext.WSSecurityException: No crypto property file supplied to verify signature"

I am assuming it is something as simple as not correctly addressing the signaturePropFile but I have tried giving the full file path but that has returned the same result.

Any help would be greatly appreciated.

Answer 1

Start by enabling DEBUG/FINE logging. It will tell you exactly what the problem is....likely that it can't load the path you have given. I would suggest trying the following instead:

<entry key="signaturePropFile" value="classes/etc/sign.properties"/>

Colm.

Answer 2

This happened to me because I tried to use a HashMap instead of a Properties map.

That is, instead of the following

Map<String, Object> outProps = new HashMap<>(7);
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE);
outProps.put(WSHandlerConstants.USER, CLIENT_SSL_CERT_ALIAS);
outProps.put(WSHandlerConstants.PW_CALLBACK_REF, new ClientPasswordCallback(privateKeyPassword));
outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{" + "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" + "}Timestamp");

Properties signingCryptProperties = new Properties();

// Reference: http://camel.465427.n5.nabble.com/Dynamically-set-WSS4J-interceptor-properties-td5551391.html
signingCryptProperties.put("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
signingCryptProperties.put("org.apache.ws.security.crypto.merlin.keystore.password", keystorePassword);
signingCryptProperties.put("org.apache.ws.security.crypto.merlin.keystore.file", "client.jks");
signingCryptProperties.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");

outProps.put(SIG_PROP_REF_ID, signingCryptProperties);
outProps.put(WSHandlerConstants.SIG_PROP_REF_ID, SIG_PROP_REF_ID);

WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);

I had tried to make the signingCryptProperties a HashMap like this

Map<String, String> signingCryptProperties = new HashMap<String, String>()

and that caused the WSSecurityEngine: No crypto property file supplied to verify signature WSSEcurityException