I have a legacy WebServiceProject which connects to ws-security enabled web service using axis2 & rampart.
Here is my axis2.xml:
<parameter name="OutflowSecurity">
<action>
<items>Timestamp UsernameToken Encrypt Signature</items>
<user>myUser</user>
<passwordCallbackClass>tr.com.mypackage.PWCBHandler</passwordCallbackClass>
<signaturePropFile>crypto.properties</signaturePropFile>
<signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Encrypt Signature</items>
<user>myUser</user>
<passwordCallbackClass>tr.com.mypackage.PWCBHandler</passwordCallbackClass>
<signaturePropFile>crypto.properties</signaturePropFile>
<signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
</action>
</parameter>
I am preparing the test environment and correctly set the crypto.properties and didn't change any code because it works fine at production and I am unfamiliar with axis2. Here is my error message:
[WARN] No transportReceiver for org.apache.axis2.transport.http.AxisServletListener found. An instance for HTTP will be configured automatically. Please update your axis2.xml file!
C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\WebServiceProject\WEB-INF
20-May-2020 15:19:01.862 SEVERE [https-jsse-nio-443-exec-1]
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun Error running socket processor java.lang.NullPointerException at org.bouncycastle.crypto.signers.PSSSigner.generateSignature(Unknown Source) at org.bouncycastle.jce.provider.JDKPSSSigner.engineSign(Unknown Source) at java.base/java.security.Signature$Delegate.engineSign(Signature.java:1403) at java.base/java.security.Signature.sign(Signature.java:712) at java.base/sun.security.ssl.CertificateVerify$T13CertificateVerifyMessage.(CertificateVerify.java:930) at java.base/sun.security.ssl.CertificateVerify$T13CertificateVerifyProducer.onProduceCertificateVerify(CertificateVerify.java:1110) at java.base/sun.security.ssl.CertificateVerify$T13CertificateVerifyProducer.produce(CertificateVerify.java:1103) at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440) at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1252) at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1188) at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:851) at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:812) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1247) at java.base/java.security.AccessController.doPrivileged(AccessController.java:691) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1192) at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:443) at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:507) at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1575) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:830)
And the bottom of the trace:
Caused by: javax.xml.stream.XMLStreamException: Trying to write END_DOCUMENT when document has no root (ie. trying to output empty document). at com.ctc.wstx.sw.BaseStreamWriter.throwOutputError(BaseStreamWriter.java:1473) at com.ctc.wstx.sw.BaseStreamWriter.reportNwfStructure(BaseStreamWriter.java:1502) at com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:1663) at com.ctc.wstx.sw.BaseStreamWriter.close(BaseStreamWriter.java:288) at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.close(XMLStreamWriterWrapper.java:46) at org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:222) at org.apache.axiom.om.impl.llom.OMSerializableImpl.serializeAndConsume(OMSerializableImpl.java:192) at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74) ... 54 more
It looks like it is unable to find some kind of signature. But I am pretty sure I've made all the changes correctly.
What am I missing?
I had the same exception when I tried to set up HTTPS Connector (with TLS 1.3) on Tomcat 9.0.16 and Open JDK 11.0.8 on linux x64. I was using BouncyCastle (BC) v1.63 in my WebApp Lib.
java.lang.NullPointerException
at org.bouncycastle.crypto.signers.PSSSigner.generateSignature(Unknown Source)
at org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi.engineSign(Unknown Source)
at java.base/java.security.Signature$Delegate.engineSign(Signature.java:1404)
at java.base/java.security.Signature.sign(Signature.java:713)
This error has been notified by BC Community. Regarding this BC's issues, it's was clear that I needed to upgrade my BC libs:
I upgraded webapp dependencies with BC 1.66, now it works perfectly with OpenJDK 11.0.8.