Hi folks, You can try the following as a solution for your private key to be used with the php client (assuming that you are trying to extract the private key from a java keystore).
We have a small app hosted here : [1] to explore a given keystore. You can upload a java keystore and then extract the required private key. Thanks, Ruchith [1] http://ww2.wso2.org:12080/kse/ Kaushalye Kapuruge wrote: > Hi Shams, > We tried your sample with your keys. There is a failure in the client > side. According to the log, the client's private key is not valid. May > be it's corrupted during the conversion. > Also I tried a simple openssl command to sign. > > openssl dgst -sha1 -sign clientkey.pem -out mytextfile.sha1 mytextfile > > Again your key failed, where this worked for other private keys I have. > So there is no point of worrying about security policies. Can you try to > use the sample key/certificate pairs[1] available in the samples. You > can easily import them into the java key store using the keytool[2]. > Cheers, > Kaushalye > [1]wsf-php-1.0.0/samples/security/keys > [2]http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html > > > shams jawaid wrote: >> Hi guys, >> >> here are all the files, i had to reduce the size so its under 1mb, but >> if you need anything else, let me know. Once agian, thanks for all >> your help! its is greatly appreciated! :D >> >> >>> From: Kaushalye Kapuruge <[EMAIL PROTECTED]> >>> Reply-To: [EMAIL PROTECTED] >>> To: [email protected] >>> CC: [EMAIL PROTECTED] >>> Subject: [wsf-php-user] Re: [RAMPART / WSF PHP ] >>> Date: Fri, 14 Sep 2007 10:14:52 +0530 >>> >>> Hi Shams, >>> Could you please send us followings, we will try to run it in our end >>> see if there are errors. 'Coz sometimes the information you are >>> giving is not sufficient to locate the error. >>> 1. PHP Client >>> 2. Client's private key and the certificate >>> 3. Server's keystore+aliases+passwords, certificate(exported) >>> 4. Client's policy file >>> 5. Server's service.xml file >>> 6. Log files and the SOAP message trace of your last attempt(when you >>> enable encryption and signing). >>> Cheers, >>> Kaushalye >>> >>> >>> shams jawaid wrote: >>>> Hi , >>>> >>>> i am curenlty trying to encrypt and sign messages from my php client >>>> using WSF PHP extension and the rampart policy assertion, but get no >>>> output at all .. if anyone can identify flaws in my policy.xml >>>> linked into my php client and the services.xml file in my axis2/java >>>> webservice META-INF folder please let me know: >>>> >>>> services.xml: >>>> >>>> <service name="HealthCareServiceTest1" scope="application"> >>>> <description> >>>> Health Care Service test >>>> </description> >>>> >>>> >>>> >>>> <messageReceivers> >>>> <messageReceiver >>>> mep="http://www.w3.org/2004/08/wsdl/in-out"; >>>> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> >>>> >>>> >>>> <messageReceiver >>>> mep="http://www.w3.org/2004/08/wsdl/in-only"; >>>> class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/> >>>> >>>> >>>> >>>> <messageReceiver >>>> mep="http://www.w3.org/2004/08/wsdl/in-out"; >>>> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> >>>> </messageReceivers> >>>> >>>> <parameter name="ServiceClass" locked="false">org.health</parameter> >>>> >>>> >>>> <module ref="rampart" /> >>>> <module ref="addressing" /> >>>> <wsp:Policy wsu:Id="SigEncr" >>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> >>>> <wsp:ExactlyOne> >>>> <wsp:All> >>>> <sp:AsymmetricBinding >>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>>> <wsp:Policy> >>>> <sp:InitiatorToken> >>>> <wsp:Policy> >>>> <sp:X509Token >>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> >>>> >>>> >>>> <wsp:Policy> >>>> <sp:WssX509V3Token10 /> >>>> </wsp:Policy> >>>> </sp:X509Token> >>>> </wsp:Policy> >>>> </sp:InitiatorToken> >>>> <sp:RecipientToken> >>>> <wsp:Policy> >>>> <sp:X509Token >>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> >>>> >>>> >>>> <wsp:Policy> >>>> <sp:WssX509V3Token10 /> >>>> </wsp:Policy> >>>> </sp:X509Token> >>>> </wsp:Policy> >>>> </sp:RecipientToken> >>>> <sp:AlgorithmSuite> >>>> <wsp:Policy> >>>> <sp:TripleDesRsa15 /> >>>> </wsp:Policy> >>>> </sp:AlgorithmSuite> >>>> <sp:Layout> >>>> <wsp:Policy> >>>> <sp:Strict /> >>>> </wsp:Policy> >>>> </sp:Layout> >>>> <sp:IncludeTimestamp /> >>>> <sp:EncryptBeforeSigning/> >>>> <sp:OnlySignEntireHeadersAndBody /> >>>> </wsp:Policy> >>>> </sp:AsymmetricBinding> >>>> <sp:Wss10 >>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>>> <wsp:Policy> >>>> <sp:MustSupportRefKeyIdentifier /> >>>> <sp:MustSupportRefIssuerSerial /> >>>> </wsp:Policy> >>>> </sp:Wss10> >>>> <sp:EncryptedParts >>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>>> <sp:Body/> >>>> </sp:EncryptedParts> >>>> <sp:SignedParts >>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>>> <sp:Body/> >>>> </sp:SignedParts> >>>> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> >>>> <ramp:user>service</ramp:user> >>>> >>>> <ramp:encryptionUser>client</ramp:encryptionUser> >>>> <ramp:passwordCallbackClass>org.PWCBHandler</ramp:passwordCallbackClass> >>>> >>>> <ramp:signatureCrypto> >>>> <ramp:crypto >>>> provider="org.apache.ws.security.components.crypto.Merlin"> >>>> <ramp:property >>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> >>>> >>>> >>>> <ramp:property >>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> >>>> >>>> >>>> <ramp:property >>>> name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> >>>> >>>> >>>> </ramp:crypto> >>>> </ramp:signatureCrypto> >>>> <ramp:encryptionCypto> >>>> <ramp:crypto >>>> provider="org.apache.ws.security.components.crypto.Merlin"> >>>> <ramp:property >>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> >>>> >>>> >>>> <ramp:property >>>> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> >>>> >>>> >>>> <ramp:property >>>> name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> >>>> >>>> >>>> </ramp:crypto> >>>> </ramp:encryptionCypto> >>>> </ramp:RampartConfig> >>>> </wsp:All> >>>> </wsp:ExactlyOne> >>>> </wsp:Policy> >>>> </service> >>>> >>>> policy.xml: >>>> >>>> <wsp:Policy xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'> >>>> <wsp:ExactlyOne> >>>> <wsp:All> >>>> <sp:AsymmetricBinding >>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'> >>>> <wsp:Policy> >>>> <sp:InitiatorToken> >>>> <wsp:Policy> >>>> <sp:X509Token >>>> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'> >>>> >>>> >>>> <wsp:Policy> >>>> <sp:WssX509V3Token10 /> >>>> </wsp:Policy> >>>> </sp:X509Token> >>>> </wsp:Policy> >>>> </sp:InitiatorToken> >>>> <sp:RecipientToken> >>>> <wsp:Policy> >>>> <sp:X509Token >>>> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'> >>>> >>>> >>>> <wsp:Policy> >>>> <sp:WssX509V3Token10 /> >>>> </wsp:Policy> >>>> </sp:X509Token> >>>> </wsp:Policy> >>>> </sp:RecipientToken> >>>> <sp:AlgorithmSuite> >>>> <wsp:Policy> >>>> <sp:Basic256Rsa15 /> >>>> </wsp:Policy> >>>> </sp:AlgorithmSuite> >>>> <sp:Layout> >>>> <wsp:Policy> >>>> <sp:Strict /> >>>> </wsp:Policy> >>>> </sp:Layout> >>>> <sp:IncludeTimestamp /> >>>> <sp:EncryptBeforeSigning /> >>>> <sp:OnlySignEntireHeadersAndBody /> >>>> </wsp:Policy> >>>> </sp:AsymmetricBinding> >>>> <sp:Wss10 >>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'> >>>> <wsp:Policy> >>>> <sp:MustSupportRefIssuerSerial /> >>>> </wsp:Policy> >>>> </sp:Wss10> >>>> <sp:EncryptedParts >>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'> >>>> <sp:Body/> >>>> </sp:EncryptedParts> >>>> <sp:SignedParts >>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'> >>>> <sp:Body/> >>>> </sp:SignedParts> >>>> </wsp:All> >>>> </wsp:ExactlyOne> >>>> </wsp:Policy> >>>> >>>> >>>> >>>> with this setting i get no output at all.. >>>> however, if i remove the >>>> >>>> <sp:EncryptedParts >>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'> >>>> <sp:Body/> >>>> </sp:EncryptedParts> >>>> <sp:SignedParts >>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'> >>>> <sp:Body/> >>>> </sp:SignedParts> >>>> >>>> part in the policy.xml, i get output, with a timestamp but no >>>> encryption or signature.. >>>> and the timestamp has the error: >>>> >>>> WSSecurityEngine: Invalid timestamp The security semantics of >>>> message have expired >>>> >>>> <wsu:Created>2007-09-14T03:16:30.046Z</wsu:Created> >>>> <wsu:Expires>2007-09-14T03:16:30.046Z</wsu:Expires> >>>> >>>> WSSecurityEngine: Invalid timestamp The security semantics of >>>> message have expired >>>> >>>> the time 3:16 is the same as my windows clock, although i had to >>>> uncheck the "autoamcically adjust the clock for daylight saving >>>> changes" setting in the windows time settings. if that was on, my >>>> windows time would always be one hour ahead of the timestamp >>>> created. i am using a php client, so just thought id mention that, >>>> if i use the php date and time functions, >>>> >>>> echo date(); >>>> >>>> it always gives me the time one hour ahead.. i know a mismatch in >>>> time in the client and server can cause an invalid timestamp error, >>>> but for now my windows time does match the time stated in the >>>> timestamp soap messages. is there any idea why im getting this >>>> error? or is there any faults in my services/policy.xml files? >>>> >>>> please help! >>>> >>>> thanks alot! >>>> >>>> _________________________________________________________________ >>>> Can you see your house from the sky? Try Live Search Maps >>>> http://maps.live.com >>>> >>>> >>> >>> >>> -- >>> http://kaushalye.blogspot.com/ >>> http://wso2.org/ >>> >>> >>> _______________________________________________ >>> Wsf-php-user mailing list >>> [EMAIL PROTECTED] >>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user >> >> _________________________________________________________________ >> The next generation of Hotmail is here! http://www.newhotmail.co.uk >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Wsf-php-user mailing list >> [EMAIL PROTECTED] >> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user >> > >
signature.asc
Description: OpenPGP digital signature
