Hi Eeveryone,
I've trying for a while now to make a proper client for a web service made
in oracle (OWM ) with Axis2 and Rampart, I had been able to overcome some
issues about x509v3 and the hole signing process but now in the last part
the Encription I just don't know how to declare it properly for the client
to sussesfuly call the WS.
I had an example of a suscessfull soap message (oracle client generated) and
a copy of my policy for someone to take a quick look and help me out.
The files are attached.
that same policy file and without the encription configuration works fine if
the WS require only signing, so is not totally wrong.
If someone had an idea how to mimic that message from axis2, would help me a
lot,
Marcus V. Sánchez D.
______________________
Enterprise Developer.
Sun Certified Java Programmer (SCJP)
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:ns0="http://test.heinsohn.com/types/";>
<env:Header>
<wsse:Security env:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/";>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
wsu:Id="aSfsuZGB0yY2p9x2idFRrag22"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
MIICYTCCAcqgAwIBAgIESYhp+jANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJGSzEWMBQGA1UECBMNRmFrZSBQcm92aW5jZTESMBAGA1UEBxMJRmFrZSBDaXR5MREwDwYDVQQKEwhGYWtlIE9yZzESMBAGA1UECxMJRmFrZSBVbml0MRMwEQYDVQQDEwpEYXZlIFNhbWlzMB4XDTA5MDIwMzE1NTk1NFoXDTA5MDUwNDE1NTk1NFowdTELMAkGA1UEBhMCRksxFjAUBgNVBAgTDUZha2UgUHJvdmluY2UxEjAQBgNVBAcTCUZha2UgQ2l0eTERMA8GA1UEChMIRmFrZSBPcmcxEjAQBgNVBAsTCUZha2UgVW5pdDETMBEGA1UEAxMKRGF2ZSBTYW1pczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0KGfK7v/xLfKNFVGz2Ja3nhmlSUGQfmI+r/pSw632HDjqjbX8ZzPZPBw4WtVozxKkgymJLaw26Cru07LRW6a++2iUUhoxGkrz7O+3+fp0TdgMEDtWj92QJrn93IoBZOd43wkSHU6urZUOerfCrW7DK18uCxW8M5Pi4qYuAXKGL0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQBo10BPLlr9ZLEhHt8Rfej6varvZGS+rm2WqAXTrZokRiq04i2zpp16jgf1ltCBI4EzU3uHBBAvnq3EhxNbc8Aad95r5K5JyU1Nd+3IdALKZLagasp1JgOiXmB8D1nCQvc1ao/LTuFfzyePNYOXWnsHskpUQ4d5jMfVZDFG5GClEg==
</wsse:BinarySecurityToken>
<xenc:EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
<dsig:KeyInfo
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsse:Reference URI="#aSfsuZGB0yY2p9x2idFRrag22"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; />
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
k/V7ppQNywzQyu92y2SopAbZGTOHHlPz05i9oUEAkkoLTMJPiR0rcINP9C9BZ6ypPoSbguOYWbfzXHvNghdi1yNV95ahGRcegFWud01ok3q6h1uv6RCF3OudKiyGTtC2124qMP3hpxMBau/4tcebcuXvJLcsG49LBNP9n8quSU4=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
URI="#_oKDaW2Wq2XtjtBF5fZs0Dw22" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
wsu:Id="_V0HeS0pOYm2iCVmURgcaUw22"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
MIICXzCCAcigAwIBAgIESYhpJTANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJGSzEWMBQGA1UECBMNRmFrZSBQcm92aW5jZTESMBAGA1UEBxMJRmFrZSBDSXR5MREwDwYDVQQKEwhGYWtlIE9yZzESMBAGA1UECxMJRmFrZSBVbml0MRIwEAYDVQQDEwlTYW0gRGF2aXMwHhcNMDkwMjAzMTU1NjIxWhcNMDkwNTA0MTU1NjIxWjB0MQswCQYDVQQGEwJGSzEWMBQGA1UECBMNRmFrZSBQcm92aW5jZTESMBAGA1UEBxMJRmFrZSBDSXR5MREwDwYDVQQKEwhGYWtlIE9yZzESMBAGA1UECxMJRmFrZSBVbml0MRIwEAYDVQQDEwlTYW0gRGF2aXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJnZAvXEkOM6iUgpv9WqhR9/N1qBDzK8hYm0uifE8hyLvIc244PNyLHFH7ntTarRkL16L08Jz70cf4qddY9C2sa2EQYdYwCsAF1838SZ/B97KHAJCnXouDBcQZwqqlBPGtaspFLwokoZd6cg4eoCQ+fGJ5mJCYVopMpaeFuUQ6JhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAFfwFCDFA+CnOpA+zH+n+oz3nyKrv8b8UgFOd0TWFMv/FltuS6jX1r/3xvazTFiW8lOVIpDGK7IMxpapzGtAoaA2JR4wtuskmbWat2O0Cj61b9nZhSBbDnkWtYADdQhei6yi0ha9wNkfG6mpE36LIBm+xRp9Xk35mWoh/xXEmwew=
</wsse:BinarySecurityToken>
<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#";
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>
<dsig:SignedInfo>
<dsig:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<dsig:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<dsig:Reference URI="#t6nTPhMsRHCxAAHpE93yXg22">
<dsig:Transforms>
<dsig:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</dsig:Transforms>
<dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<dsig:DigestValue>
kZwpZNzNL5EcvbU2c3JdML+6+4M=
</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
GgypLKmloG6VSdJYH8KUM8ZblSZ1gkdumkM0b330ayRXJ73a5Y4ssYXav0+CyUrVBz1Yi2AvpHiaroKe6muLVPx6jpt58cuZgQPLqRT5HzxzHRACJjRrGvFHpYBMtx4JaJdgVydtRNPgJ3BPjchCQhCK73az5hz7gPx9jrtpcco=
</dsig:SignatureValue>
<dsig:KeyInfo>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsse:Reference URI="#_V0HeS0pOYm2iCVmURgcaUw22"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; />
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
</dsig:Signature>
</wsse:Security>
</env:Header>
<env:Body wsu:Id="t6nTPhMsRHCxAAHpE93yXg22"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<xenc:EncryptedData
Type="http://www.w3.org/2001/04/xmlenc#Content";
Id="_oKDaW2Wq2XtjtBF5fZs0Dw22"
xmlns="http://www.w3.org/2001/04/xmlenc#";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; />
<xenc:CipherData>
<xenc:CipherValue>
YSlxkzLOrwY16ht1+cBQyyelIlmPvELFVZ2chbNTEvDAz8v6Ci3ND0W6uJs3jT03BwMAX0syMu1OapsOZHv+W8AFWrBXmWN35ODN7ShMwzQg7hpZ70f+3qpcZabp5k5D3Az4yJzGqBvi06VYyGIQ1CWN3aAiuuCSL98DvbgCfUhbLyM9RLvxXGzkZPwSdpWC7Acr2owrhy0Vh3+fHlr3gDMhh9AVFfBsd2t0JIWqW+WoPf92XF5S5SKhyuuXwjf6WWKtzPGvttycuG9szcizif34PHiVUDXfebJoucwv2d1mcIPqlfNKN1cj5HJycDMAoO6rEdoLHT6h4U9X2ZkqqEBd4CMveN2+oJ3hZWUeMUNEODuKl7MKwcuVg6ZLruWmDNF8qBAW8v7S1bBFte9VHKd/tZGYHyZTWQcxVO8AtjEeKgNj23m9yA==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</env:Body>
</env:Envelope>
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="SigEncr"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body />
</sp:EncryptedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>sam</ramp:user>
<ramp:encryptionUser>dave</ramp:encryptionUser>
<ramp:passwordCallbackClass>com.heinsohn.test.PWCBHandler
</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file"> C:\RUNT\keystore\java6jks.jks
</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">mytestkeystore</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file"> C:\RUNT\keystore\java6jks.jks
</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">mytestkeystore</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
