Search code examples
javajbosscxfws-securitywss4j

File not found in getResource

Im trying to load the certificate for WS-security which is inside my resource folder, the certificate is packed correctly inside my JAR. But I'm getting FileNotFoundException when I tried to load it.

I cant put my certificate outside the JAR..

Caused by: org.apache.ws.security.components.crypto.CredentialException: Proxy file (vfs:/C:/Users/myuser/Redhat/jboss-eap-6.4/bin/content/myapp.ear/myapp.jar/CERT.PFX) not found.
    at org.apache.ws.security.components.crypto.Merlin.loadInputStream(Merlin.java:338) [wss4j-1.6.19.redhat-2.jar:1.6.19.redhat-2]
    at org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:180) [wss4j-1.6.19.redhat-2.jar:1.6.19.redhat-2]
    at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:141) [wss4j-1.6.19.redhat-2.jar:1.6.19.redhat-2]
    at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117) [wss4j-1.6.19.redhat-2.jar:1.6.19.redhat-2]
    ... 71 more

Caused by: java.io.FileNotFoundException: vfs:/C:/Users/myuser/Redhat/jboss-eap-6.4/bin/content/myapp.ear/myapp.jar/CERT.PFX (The filename, directory name, or volume label syntax is incorrect)
    at java.io.FileInputStream.open0(Native Method) [rt.jar:1.8.0_102]
    at java.io.FileInputStream.open(FileInputStream.java:195) [rt.jar:1.8.0_102]
    at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.8.0_102]
    at java.io.FileInputStream.<init>(FileInputStream.java:93) [rt.jar:1.8.0_102]
    at org.apache.ws.security.components.crypto.Merlin.loadInputStream(Merlin.java:333) [wss4j-1.6.19.redhat-2.jar:1.6.19.redhat-2]
    ... 74 more

Properties props = new Properties();
props.put("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
props.put("org.apache.ws.security.crypto.merlin.keystore.type", "PKCS12");
props.put("org.apache.ws.security.crypto.merlin.keystore.password", "passxxxx");
props.put("org.apache.ws.security.crypto.merlin.keystore.file", getClass().getResource("/CERT.PFX"));
props.put("org.apache.ws.security.crypto.merlin.keystore.alias", "aliasxxxx");

Map<String,Object> ctx = ((BindingProvider) iauthService).getRequestContext();

ctx.put("ws-security.signature.properties", props);
Solution

  • So, you can't use FileInputStream to read a file packed inside a JAR - it's not a file any more. FileInputStream only works for actual disk files.

    I ended up creating a temporary file from the certificate stream. (How to convert InputStream to virtual File)

    Then passed file.getPath() into the property.