Good evening community. Well, I've been breaking my head with this issue for several days, it happens that I'm using Apache wss4j to ensure by means of certificates the calls to a set of web services in SOAP.
This configuration I'm doing through annotations so I've seen little documentation regarding this type of use, most things are documented for configuration via XML.
The security interceptor configuration is as follows:
@Bean
public Wss4jSecurityInterceptor sessionInterceptorNb() throws Exception {
Wss4jSecurityInterceptor securityInterceptor = new Wss4jSecurityInterceptor();
// set security actions
securityInterceptor.setSecurementActions("UsernameToken Signature Encrypt");
// sign the request
securityInterceptor.setSecurementUsername("anyuser");
securityInterceptor.setSecurementPassword("anypassword");
securityInterceptor.setSecurementSignatureUser("privatecertuser");
securityInterceptor.setSecurementSignatureCrypto(getCryptoFactoryBeanNb().getObject());
securityInterceptor.setSecurementSignatureParts("{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body");
return securityInterceptor;
}
The problem started when I noticed that the requirement said that the user and password that should be generated in the tag UsernameToken must be one that does not necessarily have to be configured in the keystore that I am using, that is; I do not need a private key for the user that places in the securityInterceptor.setSecurementUsername("any user")
method, there is no problem with that. The detail is that when I implement the setSecurementSignatureUser method to define the user that has a private key inside the keystore, it is throwing me the following error:
Original Exception was org.apache.wss4j.common.ext.WSSecurityException: The private key for the supplied alias does not exist in the keystore
Original Exception was java.security.UnrecoverableKeyException: Cannot recover key
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Error during Signature:
at org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:163)
at org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238)
at org.springframework.ws.soap.security.wss4j2.Wss4jHandler.doSenderAction(Wss4jHandler.java:63)
at org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:574)
... 45 common frames omitted
When I run the keytool -list -v -keystore ... command to see the entries that the keystore contains; I can see the private key for the privatecertuser user, but I am still getting the error displayed.
I really do not understand what I may be missing or what is wrong with the configuration.