Good to everyone, I'm having problems in a web application in Spring that uses certificates and a CAS / SSO service to authenticate, the problem comes from the beginning.
I have the outsourced properties, so I receive all the data from external files (this I have checked and indeed, I am using the outsourced properties well ...
I charge an outsourced certificate for the environment in which I am working, the error seems to be the password (incorrect), BUT it is not so , I have opened the certificate using the same key, I have decrypted the encrypted key and gives me shows exactly the same as I'm trying.
app-cxf-client.xml
<bean id="usernameTokenOutInt" class="es.*******.*****.security.osgi.interceptor.WSS*******OutInterceptor">
<property name="id" value="es.******.*****.wss.UsernameToken"/>
<property name="properties">
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PasswordText"/>
<entry key="passwordCallbackClass" value="es.****.*****.security.osgi.header.passwordHandler.UsernameCallbackHandler"/>
<entry key="addUTElements" value="Nonce"/>
<entry key="actor" value="http://www.**********.org/********/Authentication/1.0"/>
</map>
</property>
</bean>
<bean id="signatureOutInt" class="es.*****.******.security.osgi.interceptor.WSS******OutInterceptor">
<property name="id" value="es.*****.****.wss.Signature"/>
<property name="properties">
<map>
<entry key="action" value="Signature"/>
<entry key="user" value="ALIAS_CERTIFICADO"/>
<entry key="passwordType" value="PasswordText"/>
<entry key="passwordCallbackClass" value="es.*****.*****.security.osgi.header.passwordHandler.UsernameCallbackHandler"/>
<!--<entry key="signaturePropFile" value="client_sign.properties"/>-->
<entry key="signaturePropFile" value="config://webapp/client_sign.properties"/>
<entry key="signatureKeyIdentifier" value="DirectReference"/>
<entry key="actor" value="http://www.******.org/*****/Authentication/1.0"/>
<entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;{Element}{http://*****.****.es}****Headers"/>
</map>
</property>
</bean>
ERROR
javax.xml.ws.soap.SOAPFaultException: SECURITY_FAILED
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
at com.sun.proxy.$Proxy72.recuperarURIPersona(Unknown Source)
at es.****.****.consolas.webapp.services.BDOrgService.obtenerUriUsuario(BDOrgService.java:98)
at es.****.****.consolas.webapp.services.BDOrgService.obtenerUsuario(BDOrgService.java:69)
at es.****.****.consolas.webapp.services.LoginService.guardarAtributosSession(LoginService.java:72)
at es.****.****.consolas.webapp.interceptors.UserSessionInterceptor.guardarAtributosSession(UserSessionInterceptor.java:105)
at es.****.****.consolas.webapp.interceptors.UserSessionInterceptor.preHandle(UserSessionInterceptor.java:78)
at org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:134)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:958)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:236)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:155)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.ws.security.WSSecurityException: Error during Signature:
at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:64)
at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:202)
at es.****.****.security.osgi.interceptor.WSS****OutInterceptor.access$200(WSS****OutInterceptor.java:51)
at es.****.****.security.osgi.interceptor.WSS****OutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS****OutInterceptor.java:277)
at es.****.****.security.osgi.interceptor.WSS****OutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS****OutInterceptor.java:163)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:533)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
... 69 more
Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed
at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:539)
at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:459)
at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:365)
at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:61)
... 80 more
Caused by: org.apache.ws.security.WSSecurityException: General security error (The private key for the supplied alias does not exist in the keystore)
at org.apache.ws.security.components.crypto.Merlin.getPrivateKey(Merlin.java:725)
at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:482)
... 83 more
Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:435)
at java.security.KeyStore.getKey(KeyStore.java:1023)
at org.apache.ws.security.components.crypto.Merlin.getPrivateKey(Merlin.java:711)
... 84 more
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:991)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847)
at com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:399)
at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineDoFinal(PKCS12PBECipherCore.java:431)
at javax.crypto.Cipher.doFinal(Cipher.java:2165)
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:371)
I do not know what more code they need to identify where the error may be, ask and I will provide what I can, Thanks in advance
EDIT : I have another application with exactly the same configuration created in which everything works correctly
** EDIT 2 **: Checked that the error is not reading outsourced properties when making some modifications in the code to read properties from a local file. These properties, like the certificate are the same (changing values that point to URLs by file_paths) and the same error continues to occur in the same lines of code
PS: the asterisks (***) is information sensitive to the project that is not necessary to know