Bom dia pessoal.
Volto aqui com um novo problema na implementação de wss em um web service. Estou com o serviço assinando e criptografando normalmente as mensagens SOAP recebidas e enviadas aos clientes, mas estou fazendo isso com os certificados do netBeans.
O problema é quando tento trocar o keystore e truststore da aplicação por arquivos que eu fiz com auxilio do Keytool. Já alterei os arquivos de configuração de segurança do serviço mas ao consumi-lo o erro: “The found certificate does not contain subject key identifier X509 extension” é exibido.
Os passos que realizei para construção dos keystores e truststores
[code]// Cria o keystore server
keytool -genkey -alias server -keyalg RSA -keystore server-keystore.jks
// Cria o keystore clientcli
keytool -genkey -alias clientcli -keyalg RSA -keystore clientcli-keystore.jks
// Cria o keystore clientlab
keytool -genkey -alias clientlab -keyalg RSA -keystore clientlab-keystore.jks
// Exporta keystore server (chave pública)
keytool -export -alias server -keystore server-keystore.jks -file public-key-server.cer
// Exporta keystore clientcli (chave pública)
keytool -export -alias clientcli -keystore clientcli-keystore.jks -file public-key-clientcli.cer
// Exporta keystore clientlab (chave pública)
keytool -export -alias clientlab -keystore clientlab-keystore.jks -file public-key-clientlab.cer
// Cria o truststore server
keytool -genkey -alias server -keyalg RSA -keystore server-truststore.jks
// Cria o truststore clientcli
keytool -genkey -alias clientcli -keyalg RSA -keystore clientcli-truststore.jks
// Cria o truststore clientlab
keytool -genkey -alias clientlab -keyalg RSA -keystore clientlab-truststore.jks
// Importa para o truststore clientcli a chave pública do server
keytool -import -alias server -keystore clientcli-truststore.jks -file public-key-server.cer
// Importa para o truststore clientcli a chave pública do clientlab
keytool -import -alias clientlab -keystore clientcli-truststore.jks -file public-key-clientlab.cer
// Importa para o truststore clientlab a chave pública do server
keytool -import -alias server -keystore clientlab-truststore.jks -file public-key-server.cer
// Importa para o truststore clientlab a chave pública do clientcli
keytool -import -alias clientcli -keystore clientlab-truststore.jks -file public-key-clientcli.cer
// Importa para o truststore server a chave pública do clientcli
keytool -import -alias clientcli -keystore server-truststore.jks -file public-key-clientcli.cer
// Importa para o truststore server a chave pública do clientlab
keytool -import -alias clientlab -keystore server-truststore.jks -file public-key-clientlab.cer[/code]
A exception gerada é essa: 08/10/2010 10:07:59 com.sun.xml.wss.impl.keyinfo.KeyIdentifierStrategy getKeyIdentifier
GRAVE: WSS0702: The X509v3 Certificate (for alias: [clientcli]) does not contain an Subject Key Identifier
08/10/2010 10:07:59 com.sun.xml.wss.impl.dsig.SignatureProcessor handleX509Binding
GRAVE: WSS1349: Error occured handling X509 Binding
com.sun.xml.wss.XWSSecurityException: The found certificate does not contain subject key identifier X509 extension
at com.sun.xml.wss.impl.keyinfo.KeyIdentifierStrategy.getKeyIdentifier(KeyIdentifierStrategy.java:164)
at com.sun.xml.wss.impl.keyinfo.KeyIdentifierStrategy.insertKey(KeyIdentifierStrategy.java:112)
at com.sun.xml.wss.impl.dsig.SignatureProcessor.handleX509Binding(SignatureProcessor.java:1988)
at com.sun.xml.wss.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:433)
at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:633)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
at com.sun.xml.xwss.XWSSClientTube.secureRequest(XWSSClientTube.java:333)
at com.sun.xml.xwss.XWSSClientTube.processRequest(XWSSClientTube.java:163)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at $Proxy38.listarPacientes(Unknown Source)
at labclinClienteCli.app.Principal.btListPacientesActionPerformed(Principal.java:442)
at labclinClienteCli.app.Principal.access$300(Principal.java:27)
at labclinClienteCli.app.Principal$5.actionPerformed(Principal.java:180)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1995)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2318)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:387)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:242)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:236)
at java.awt.Component.processMouseEvent(Component.java:6267)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3267)
at java.awt.Component.processEvent(Component.java:6032)
at java.awt.Container.processEvent(Container.java:2041)
at java.awt.Component.dispatchEventImpl(Component.java:4630)
at java.awt.Container.dispatchEventImpl(Container.java:2099)
at java.awt.Component.dispatchEvent(Component.java:4460)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4577)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4238)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4168)
at java.awt.Container.dispatchEventImpl(Container.java:2085)
at java.awt.Window.dispatchEventImpl(Window.java:2478)
at java.awt.Component.dispatchEvent(Component.java:4460)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)
08/10/2010 10:07:59 com.sun.xml.wss.impl.dsig.SignatureProcessor sign
GRAVE: WSS1316: Sign operation failed.
com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: The found certificate does not contain subject key identifier X509 extension
at com.sun.xml.wss.impl.dsig.SignatureProcessor.handleX509Binding(SignatureProcessor.java:2036)
at com.sun.xml.wss.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:433)
at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:633)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
at com.sun.xml.xwss.XWSSClientTube.secureRequest(XWSSClientTube.java:333)
at com.sun.xml.xwss.XWSSClientTube.processRequest(XWSSClientTube.java:163)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at $Proxy38.listarPacientes(Unknown Source)
at labclinClienteCli.app.Principal.btListPacientesActionPerformed(Principal.java:442)
at labclinClienteCli.app.Principal.access$300(Principal.java:27)
at labclinClienteCli.app.Principal$5.actionPerformed(Principal.java:180)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1995)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2318)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:387)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:242)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:236)
at java.awt.Component.processMouseEvent(Component.java:6267)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3267)
at java.awt.Component.processEvent(Component.java:6032)
at java.awt.Container.processEvent(Container.java:2041)
at java.awt.Component.dispatchEventImpl(Component.java:4630)
at java.awt.Container.dispatchEventImpl(Container.java:2099)
at java.awt.Component.dispatchEvent(Component.java:4460)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4577)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4238)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4168)
at java.awt.Container.dispatchEventImpl(Container.java:2085)
at java.awt.Window.dispatchEventImpl(Window.java:2478)
at java.awt.Component.dispatchEvent(Component.java:4460)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)
Caused by: com.sun.xml.wss.XWSSecurityException: The found certificate does not contain subject key identifier X509 extension
at com.sun.xml.wss.impl.keyinfo.KeyIdentifierStrategy.getKeyIdentifier(KeyIdentifierStrategy.java:164)
at com.sun.xml.wss.impl.keyinfo.KeyIdentifierStrategy.insertKey(KeyIdentifierStrategy.java:112)
at com.sun.xml.wss.impl.dsig.SignatureProcessor.handleX509Binding(SignatureProcessor.java:1988)
... 47 more
Fiz algum passo errado no keytool? Alguem já criou certificados auto-assinados pra me falar se estou fazendo certo?