4

I'm using Spring + wss4j with annotations config. The Wss4jSecurityInterceptor interceptor has this configuration:

@Bean
public Wss4jSecurityInterceptor sessionInterceptorNb() throws Exception {
    Wss4jSecurityInterceptor securityInterceptor = new Wss4jSecurityInterceptor();

    // set security actions
    securityInterceptor.setSecurementActions("UsernameToken Signature Encrypt");

    // sign the request
    securityInterceptor.setSecurementUsername("anyuser");
    securityInterceptor.setSecurementPassword("anypassword");

    securityInterceptor.setSecurementSignatureUser("privatecertuser");
    securityInterceptor.setSecurementSignatureCrypto(getCryptoFactoryBeanNb().getObject());
    securityInterceptor.setSecurementSignatureParts("{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body");

    return securityInterceptor;
}

That's all. I want to set anyuser and anypassword to the request element UsernameToken and use the privatecertuser to sign the request, but I'm geeting this error:

    Original Exception was java.security.UnrecoverableKeyException: Cannot recover key

Caused by: org.apache.wss4j.common.ext.WSSecurityException: Error during Signature: 
    at org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:163)
    at org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238)
    at org.springframework.ws.soap.security.wss4j2.Wss4jHandler.doSenderAction(Wss4jHandler.java:63)
    at org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:574)
    ... 45 common frames omitted
Caused by: org.apache.wss4j.common.ext.WSSecurityException: The private key for the supplied alias does not exist in the keystore
    at org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:595)
    at org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:155)
    ... 48 common frames omitted

I'm using the command keytool -list -v -keystore to see the content of the keystore and I can see the private entry for the "privatecertuser".

If I delete the method call to 

securityInterceptor.setSecurementSignatureUser("privatecertuser");

and set this value in the method setSecurementUsername works fine.

What can be wrong in the condiguration?

Rosendo Ropher
  • 496
  • 8
  • 21
  • Have you been able to solve this issue? What was its cause? And what was the solution? – Younes Apr 02 '20 at 17:13
  • @Rosendo Hi, Did you get the solution? what was the issue and how did you fix it? – Asad Ali Apr 21 '20 at 05:09
  • @Rosendo I faced a similar issue ad fixed it. Follow this thread for the answer https://stackoverflow.com/questions/61320311/signing-soap-header-using-wss4j-in-spring-throwing-errors-caused-by-java-secur/62640013#62640013 – Asad Ali Jun 29 '20 at 14:19
  • Faced a similar issue, my problem was I needed to two set 2 passwords 1. password for the jks file 2. password for the private key in the jks file but I initially provided only the password for the jks – rnxfod Jul 24 '23 at 09:45

0 Answers0