java“未找到用于解密的证书”（Apache CXF，WSSecurity）

我正在构建一个web服务，并希望消息级加密。加密必须使用非对称绑定。我是Apache CXF的新手，所以我使用了他们的一个示例，并致力于转换它以满足我的需求。但是，当我将对称绑定更改为非对称绑定时，在客户端向服务器发送加密消息后，我开始出现以下错误：

“未找到用于解密（KeyId）的证书。”

我知道这可能是一个cert错误，但也可能与配置有关
我确信我有客户机和服务器的公钥和私钥。消息由客户端使用服务器的公钥加密，并使用客户端的私钥签名。服务器配置为使用客户端的公钥验证签名，然后使用服务器的私钥解密。然而，当我从对称绑定切换到非对称绑定时，我不知道需要更改什么代码。如有任何意见，将不胜感激。以下是我对加密和ws-security策略的配置

ServiceConfig。xml:

<entry key="ws-security.encryption.properties" value="etc/Server_Decrypt.properties"/>
<entry key="ws-security.signature.properties" value="etc/Server_SignVerf.properties"/>
<entry key="ws-security.callback-handler" value="demo.hw.server.UTPasswordCallback"/>

服务器解密。属性：

org.apache.ws.security.crypto.provider=org.apache.wss4j.common.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=******
org.apache.ws.security.crypto.merlin.keystore.alias=serverx509v1
org.apache.ws.security.crypto.merlin.keystore.file=keystore/server-keystore.jks

加上数字。wsdl

<wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="AddNumbersPolicy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:RecipientToken>
                        <wsp:Policy>
                            <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                                <wsp:Policy>
                                    <sp:RequireThumbprintReference/>
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:RecipientToken>
                    <sp:InitiatorToken>
                        <wsp:Policy>
                            <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                                <wsp:Policy>
                                    <sp:RequireThumbprintReference/>
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:InitiatorToken>    
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Strict/>
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:IncludeTimestamp/>
                    <sp:OnlySignEntireHeadersAndBody/>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:Basic128Sha256/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                </wsp:Policy>
            </sp:AsymmetricBinding>
            <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:MustSupportRefKeyIdentifier/>
                    <sp:MustSupportRefIssuerSerial/>
                    <sp:MustSupportRefThumbprint/>
                    <sp:MustSupportRefEncryptedKey/>
                </wsp:Policy>
            </sp:Wss11>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

<wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="AddNumbersPartsPolicy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                <sp:Body/>
            </sp:EncryptedParts>
            <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                <sp:Body/>
            </sp:SignedParts>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>