AW: WSE / WSS4J / X509 secure Webservice

[Dittmann, Werner]

Yes, pertty printing after Signature definitly invalidates the Signature.   Regards, Werner Von: Benjamin BALET [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 24. Februar 2006 11:15 An: fx-dev@ws.apache.org Betreff: WSE / WSS4J / X509 secure Webservice Hello,   Anyone succeed to make work a .Net WebService client WSE with WSS4J ?   On the server my WSDD config is:   <deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">   <globalConfiguration>     <parameter name="enableNamespacePrefixOptimization" value="false" />     <parameter name="disablePrettyXML" value="true"/>     <requestFlow>         <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">                 <parameter name="passwordCallbackClass" value="com.hp.ov.temip.ws.handler.PWCallback"/>                 <parameter name="action" value="UsernameTokenSignature UsernameToken Encrypt Timestamp"/>                 <parameter name="decryptionPropFile" value="security.properties" />         </handler>      </requestFlow>    </globalConfiguration> </deployment>   On client's side, I developped with WSE 3.0 Policy framework The following SecureMessage overriden function:           public override void SecureMessage(SoapEnvelope envelope, Security security)         {            //Must Understand Headers             security.MustUnderstand = true;             security.Timestamp.TtlInSeconds = 60;                         //User Name Token             UsernameToken userToken = new UsernameToken(m_strUsername, m_strPassword, PasswordOption.SendPlainText);             security.Tokens.Add(userToken);               X509SecurityToken token = null;             try             {                 token = GetSecurityToken("CN=10.67.212.35");             }              catch (Exception ex)             {                  throw new Exception("Certificate not found : " + ex.Message);              }               //Define a custom X509 token             ISecurityTokenManager stm = SecurityTokenManager.GetSecurityTokenManagerByTokenType(WSTrust.TokenTypes.X509v3);             X509SecurityTokenManager x509tm = stm as X509SecurityTokenManager;             x509tm.DefaultKeyAlgorithm = "RSA15";             x509tm.DefaultSessionKeyAlgorithm = "TripleDES";               //security.Elements.Add(new EncryptedData(token));      //De-comment this line will encrypt the Body             // Add the token to the SOAP header.             security.Tokens.Add(token);                             //Insert the token being used into header                         //Add Message Signature             MessageSignature sig = new MessageSignature(userToken);             sig.SignatureOptions = SignatureOptions.IncludeSoapBody;             security.Elements.Add(sig);               //Insert the encrypted UsernameToken             security.Elements.Add(new EncryptedData(token, "#" + userToken.Id));         }   Into TOMCAT logs, I can notice that WSS4J is able to:  - retrieve my certificate with its public key  - Decrypt the UserNameToken But the signature verification fails, some say that it could be due to a pretty-print component that alters the SOAP message after the signature, if so, how to deactivate such pretty-printer ?   __________________ Benjamin BALET Capgemini France http://bbalet.free.fr/   This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.