Thx, I'll try rampart 1.4
service.xml, it contain policy:
<service name="RampartSignService">
<description>
Security Service, messages are signed
</description>
<parameter name="ServiceClass">rampart.sign.service.PojoService</parameter>
<operation name="sestej">
<messageReceiver
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</operation>
<!-- security -->
<module ref="rampart"/>
<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:SignedParts>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<!-- alias v keystoru od servica -->
<ramp:user>service</ramp:user>
<ramp:passwordCallbackClass>rampart.sign.service.SecurityHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">
D:\\SOAP_TUTOR\\article-transport\\keys\\server.jks
</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">****</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
--------------------------
Req:
----------------------
POST /axis2/services/RampartSignService HTTP/1.1
Content-Type: application/soap+xml; charset=UTF-8; action="urn:sestej"
User-Agent: Axis2
Host: jalovec.arnes.si:8080
Transfer-Encoding: chunked
<?xml version="1.0" encoding="http://www.w3.org/2003/05/soap-envelope";
standalone="no"?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="true">
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-32189467">
<wsu:Created>2009-02-05T08:11:11.735Z</wsu:Created>
<wsu:Expires>2009-02-05T08:16:11.735Z</wsu:Expires>
</wsu:Timestamp>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Id="Signature-330120">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Id-5218268">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>GSyf8R7vIO1Exwurae95mxIWgnI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-32189467">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>dM8fK3UEbaFdUsl1PXNCcuLz6/M=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
2LW4LfjAP5MZulRXONtdzhu7JpvZawfR4/5e2UEBJVMUGqB8c/zTVgG65Z2cIePYgWdw+ma+dWmu
JdgqM+66hzZ5BMAH1sNRxL6onz0DOyuRnDYhEgNYgCjmN67Ok7Q0SQqnEfJ19B1WdAxqawspyLjX
VyS4X5BisAG5G+25CrQ=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-25772535">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-27291192">
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>+JGv39JjeaxQiilnwwc/wlWlITU=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Id-5218268">
<ns2:sestej xmlns:ns2="http://service.sign.rampart";>
<ns2:a>4</ns2:a>
<ns2:b>233</ns2:b>
</ns2:sestej>
</soapenv:Body>
</soapenv:Envelope>
---------------------
Resp:
---------------------
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: application/soap+xml;
action="http://www.w3.org/2005/08/addressing/soap/fault";charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 05 Feb 2009 08:11:12 GMT
Connection: close
<?xml version="1.0" encoding="http://www.w3.org/2003/05/soap-envelope";
standalone="no"?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
<soapenv:Body>
<soapenv:Fault>
<soapenv:Code>
<soapenv:Value>soapenv:Receiver</soapenv:Value>
</soapenv:Code>
<soapenv:Reason>
<soapenv:Text xml:lang="en-US">Error in signature with X509Token</soapenv:Text>
</soapenv:Reason>
<soapenv:Detail/>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
Fingerprint of certs are self signed:
client:
-----------
Certificate fingerprints:
MD5: 0B:F9:7D:8C:17:54:85:B7:DC:22:CC:5B:B8:FC:5E:A0
SHA1: 65:2F:74:5D:27:18:B0:20:CA:95:84:9B:85:FC:DB:1D:F2:58:C7:0B
Signature algorithm name: SHA1withRSA
Version: 3
server:
------------
Certificate fingerprints:
MD5: 0B:F9:7D:8C:17:54:85:B7:DC:22:CC:5B:B8:FC:5E:A0
SHA1: 65:2F:74:5D:27:18:B0:20:CA:95:84:9B:85:FC:DB:1D:F2:58:C7:0B
Signature algorithm name: SHA1withRSA
Version: 3
Maybe is the problem Signature algorithm name: SHA1withRSA and in my policy I
have
....
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
Regards, Tomaz
Erwin Reinhoud wrote:
> Hello Tomaz,
>
> Try also using rampart version 1.4 io 1.3.
>
> Regards,
> Erwin
>
> ------------------------------------------------------------------------
> *Van:* m4rkuz [mailto:m4r...@gmail.com]
> *Verzonden:* woensdag 4 februari 2009 15:16
> *Aan:* axis-user@ws.apache.org
> *Onderwerp:* Re: Error in signature with X509Token
>
> Hi Tomaz,
>
> I think you should attach you'r policy.xml file and your services.xml,
> and maybe an example of the soap message generated, so it could be esiar
> to help you.
>
>
>
> Marcus V. Sánchez D.
> ______________________
> Enterprise Developer.
> Sun Certified Java Programmer (SCJP)
>
>
> On Wed, Feb 4, 2009 at 9:08 AM, TomazM <tomaz.majerh...@arnes.si
> <mailto:tomaz.majerh...@arnes.si>> wrote:
>
> Env:
> OS: Microsoft Windows XP [Version 5.1.2600]
> java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33)
> Tomcat: 6.0.16
> Axis2: 1.4.1
> Rampart: 1.3
>
>
> I'm trying to sign message with my CallbackHandler and wsp:Policy,
> keys are in keystore of JKS type(server.jks and client.jks)
>
> 1) In service.xml I have:
> .....
>
> <ramp:passwordCallbackClass>rampart.sign.service.SecurityHandler</ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
>
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property
>
> name="org.apache.ws.security.crypto.merlin.file">keys\\server.jks</ramp:property>
> <ramp:property
>
> name="org.apache.ws.security.crypto.merlin.keystore.password">****</ramp:property>
> </ramp:crypto>
>
>
> 2) In client I also have my CallbackHandler and applying
> RampartConfig which use client.jks(contain server key)
>
>
> The finger print of server and client certificates are the same in
> both keystore.
>
>
>
> Error:
> org.apache.axis2.AxisFault: Error in signature with X509Token
> at
>
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512)
> at
>
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
> at
>
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
> at
>
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
>
>
>
>
> Is anybody have a clue what I'm doing wrong????
>
>
>
>
> Best regards, Tomaz
>
>
begin:vcard
fn;quoted-printable:Toma=C5=BE Majerhold
n;quoted-printable:Majerhold;Toma=C5=BE
org:ARNES, Slovenian NREN;Development team
adr:;;Jamova 39;Ljubljana;;;Slovenia
title:Developer
tel;work:+386 14798930
tel;fax:+386 1 479 88 99
tel;home:+386 1425 38 01
tel;cell:(040) 757-229
url:http://www.arnes.si/
version:2.1
end:vcard
