org.apache.axis2.AxisFault: Error in signature with X509Token
Hi All,
I am using axis2-1.4.1 with rampart-1.4 to consume a websevice hosted in .Net
server.
I created Java keystore based on the given certificates. when i try to access
the webservice from the Java client i am getting the following error.
org.apache.axis2.AxisFault: Error in signature with X509Token
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:429)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at com.phoneix.stubs.Service1Stub.GetData(Service1Stub.java:473)
at com.phoneix.client.Democlient.main(Democlient.java:36)
Caused by: org.apache.rampart.RampartException: Error in signature with
X509Token
at
org.apache.rampart.builder.BindingBuilder.getSignatureBuider(BindingBuilder.java:304)
at
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:626)
at
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:413)
at
org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:93)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
... 8 more
Caused by: org.apache.ws.security.WSSecurityException: General security error
(Unexpected number of X509Data: for Signature)
at
org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:296)
at
org.apache.rampart.builder.BindingBuilder.getSignatureBuider(BindingBuilder.java:300)
... 13 more
I have attached the Java code also , if anyone have idea why these error is
occured please help me to solve the issue.
Java code.
ConfigurationContext ctx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem("test",
null);
Service1Stub stub = new Service1Stub(ctx, "URL");
ServiceClient sc = stub._getServiceClient();
sc.engageModule("rampart");
StAXOMBuilder builder = new StAXOMBuilder("policy.xml");
Policy policy =
PolicyEngine.getPolicy(builder.getDocumentElement());
sc.getAxisService().getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_SERVICE_POLICY,
policy);
System.out.println(" 22 ");
GetData getData = new GetData();
stub.GetData(getData);
System.out.println(" The Webservie call is Over ");
Thanks in Advance
Karai
Now surf faster and smarter ! Check out the new Firefox 3 - Yahoo!
Edition http://downloads.yahoo.com/in/firefox/
Re: Error in signature with X509Token
I solve the problem: 1) On same axis2 installation I install rampart 1.3 and then rampart 1.4(conflict wss4j-1.5.X) I take clean installation of axis2 and rampart 1.4 2) And there was also problem with my JCE(no such algorithm): 2.1) Install Unlimited strength Jurisdiction Policy Files(overcopy US_export_policy.jar and local_policy.jar) 2.2) Install bouncycastle in /lib/ext and add provider in /lib/security/java.security file security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider I hope this can help somebody. Regards, Tomaz José Ferreiro wrote: > Looks like the file *server.jks* cannot be loaded keys\\server.jks and > not found. Try to type the whole path.. > > or keys/server.jks > > > Whole localtion path c:/tomcat/foldername/foldername/keys/server.jks > HTH, Rgds, > > Jose Ferreiro > > On Mon, Feb 9, 2009 at 11:41 AM, TomazM <mailto:tomaz.majerh...@arnes.si>> wrote: > > I still have problem, now I get error: > > .. > org.apache.ws.security.util.Loader - Caught Exception while in > Loader.getResource. This may be innocuous. > java.lang.NullPointerException > ... > > org.apache.ws.security.components.crypto.Merlin cannot create instance > > What did you write in service.xml? > > Regard, Tomaz > > > Erwin Reinhoud wrote: > > Hello Tomaz, > > > > In my sanbox env i have put the file in the tomcat bin dir and no > path indication in service.xml. > > > > Regards, > > > > Erwin > > > > -Oorspronkelijk bericht- > > Van: TomazM [mailto:tomaz.majerh...@arnes.si > <mailto:tomaz.majerh...@arnes.si>] > > Verzonden: donderdag 5 februari 2009 12:13 > > Aan: axis-user@ws.apache.org <mailto:axis-user@ws.apache.org> > > Onderwerp: Re: Error in signature with X509Token > > > > I'm using rampart version 1.4, but it seem as the > rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the > keystore, because I change the name to a nonexistent file and I > don't get any error that file don't exist. > > > > Regards, Tomaz > > > > Erwin Reinhoud wrote: > >> Hello Tomaz, > >> > >> Try also using rampart version 1.4 io 1.3. > >> > >> Regards, > >> Erwin > >> > >> > ------ > >> -- > >> *Van:* m4rkuz [mailto:m4r...@gmail.com <mailto:m4r...@gmail.com>] > >> *Verzonden:* woensdag 4 februari 2009 15:16 > >> *Aan:* axis-user@ws.apache.org <mailto:axis-user@ws.apache.org> > >> *Onderwerp:* Re: Error in signature with X509Token > >> > >> Hi Tomaz, > >> > >> I think you should attach you'r policy.xml file and your > >> services.xml, and maybe an example of the soap message generated, so > >> it could be esiar to help you. > >> > >> > >> > >> Marcus V. Sánchez D. > >> __ > >> Enterprise Developer. > >> Sun Certified Java Programmer (SCJP) > >> > >> > >> On Wed, Feb 4, 2009 at 9:08 AM, TomazM <mailto:tomaz.majerh...@arnes.si> > >> <mailto:tomaz.majerh...@arnes.si > <mailto:tomaz.majerh...@arnes.si>>> wrote: > >> > >> Env: > >>OS: Microsoft Windows XP [Version 5.1.2600] > >>java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) > >>Tomcat: 6.0.16 > >>Axis2: 1.4.1 > >>Rampart: 1.3 > >> > >> > >> I'm trying to sign message with my CallbackHandler and > wsp:Policy, > >> keys are in keystore of JKS type(server.jks and client.jks) > >> > >> 1) In service.xml I have: > >> . > >> > > rampart.sign.service.SecurityHandler > >> > >> >> provider="org.apache.ws.security.components.crypto.Merlin"> > >> >> > > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > >> >> > > name="org.apache.ws.security.crypto.merlin.file">keys\\server
Re: Error in signature with X509Token
I know, I tried the all path all ready but I get error Error in signature with X509Token Thx, for replay. Regards, Tomaz José Ferreiro wrote: > Looks like the file *server.jks* cannot be loaded keys\\server.jks and > not found. Try to type the whole path.. > > or keys/server.jks > > > Whole localtion path c:/tomcat/foldername/foldername/keys/server.jks > HTH, Rgds, > > Jose Ferreiro > > On Mon, Feb 9, 2009 at 11:41 AM, TomazM <mailto:tomaz.majerh...@arnes.si>> wrote: > > I still have problem, now I get error: > > .. > org.apache.ws.security.util.Loader - Caught Exception while in > Loader.getResource. This may be innocuous. > java.lang.NullPointerException > ... > > org.apache.ws.security.components.crypto.Merlin cannot create instance > > What did you write in service.xml? > > Regard, Tomaz > > > Erwin Reinhoud wrote: > > Hello Tomaz, > > > > In my sanbox env i have put the file in the tomcat bin dir and no > path indication in service.xml. > > > > Regards, > > > > Erwin > > > > -Oorspronkelijk bericht- > > Van: TomazM [mailto:tomaz.majerh...@arnes.si > <mailto:tomaz.majerh...@arnes.si>] > > Verzonden: donderdag 5 februari 2009 12:13 > > Aan: axis-user@ws.apache.org <mailto:axis-user@ws.apache.org> > > Onderwerp: Re: Error in signature with X509Token > > > > I'm using rampart version 1.4, but it seem as the > rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the > keystore, because I change the name to a nonexistent file and I > don't get any error that file don't exist. > > > > Regards, Tomaz > > > > Erwin Reinhoud wrote: > >> Hello Tomaz, > >> > >> Try also using rampart version 1.4 io 1.3. > >> > >> Regards, > >> Erwin > >> > >> > ------ > >> -- > >> *Van:* m4rkuz [mailto:m4r...@gmail.com <mailto:m4r...@gmail.com>] > >> *Verzonden:* woensdag 4 februari 2009 15:16 > >> *Aan:* axis-user@ws.apache.org <mailto:axis-user@ws.apache.org> > >> *Onderwerp:* Re: Error in signature with X509Token > >> > >> Hi Tomaz, > >> > >> I think you should attach you'r policy.xml file and your > >> services.xml, and maybe an example of the soap message generated, so > >> it could be esiar to help you. > >> > >> > >> > >> Marcus V. Sánchez D. > >> __ > >> Enterprise Developer. > >> Sun Certified Java Programmer (SCJP) > >> > >> > >> On Wed, Feb 4, 2009 at 9:08 AM, TomazM <mailto:tomaz.majerh...@arnes.si> > >> <mailto:tomaz.majerh...@arnes.si > <mailto:tomaz.majerh...@arnes.si>>> wrote: > >> > >> Env: > >>OS: Microsoft Windows XP [Version 5.1.2600] > >>java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) > >>Tomcat: 6.0.16 > >>Axis2: 1.4.1 > >>Rampart: 1.3 > >> > >> > >> I'm trying to sign message with my CallbackHandler and > wsp:Policy, > >> keys are in keystore of JKS type(server.jks and client.jks) > >> > >> 1) In service.xml I have: > >> . > >> > > rampart.sign.service.SecurityHandler > >> > >> >> provider="org.apache.ws.security.components.crypto.Merlin"> > >> >> > > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > >> >> > > name="org.apache.ws.security.crypto.merlin.file">keys\\server.jks > >> >> > > name="org.apache.ws.security.crypto.merlin.keystore.password"> > >> > >> > >> > >> 2) In client I also have my CallbackHandler and applying > >> RampartConfig which use client.jks(contain server key) > >> > >> > >> The finger print of server and client certificates are
Re: Error in signature with X509Token
Looks like the file *server.jks* cannot be loaded keys\\server.jks and not found. Try to type the whole path.. or keys/server.jks Whole localtion path c:/tomcat/foldername/foldername/keys/server.jks HTH, Rgds, Jose Ferreiro On Mon, Feb 9, 2009 at 11:41 AM, TomazM wrote: > I still have problem, now I get error: > > .. > org.apache.ws.security.util.Loader - Caught Exception while in > Loader.getResource. This may be innocuous. > java.lang.NullPointerException > ... > > org.apache.ws.security.components.crypto.Merlin cannot create instance > > What did you write in service.xml? > > Regard, Tomaz > > > Erwin Reinhoud wrote: > > Hello Tomaz, > > > > In my sanbox env i have put the file in the tomcat bin dir and no path > indication in service.xml. > > > > Regards, > > > > Erwin > > > > -Oorspronkelijk bericht- > > Van: TomazM [mailto:tomaz.majerh...@arnes.si] > > Verzonden: donderdag 5 februari 2009 12:13 > > Aan: axis-user@ws.apache.org > > Onderwerp: Re: Error in signature with X509Token > > > > I'm using rampart version 1.4, but it seem as the > rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the > keystore, because I change the name to a nonexistent file and I don't get > any error that file don't exist. > > > > Regards, Tomaz > > > > Erwin Reinhoud wrote: > >> Hello Tomaz, > >> > >> Try also using rampart version 1.4 io 1.3. > >> > >> Regards, > >> Erwin > >> > >> -- > >> -- > >> *Van:* m4rkuz [mailto:m4r...@gmail.com] > >> *Verzonden:* woensdag 4 februari 2009 15:16 > >> *Aan:* axis-user@ws.apache.org > >> *Onderwerp:* Re: Error in signature with X509Token > >> > >> Hi Tomaz, > >> > >> I think you should attach you'r policy.xml file and your > >> services.xml, and maybe an example of the soap message generated, so > >> it could be esiar to help you. > >> > >> > >> > >> Marcus V. Sánchez D. > >> __ > >> Enterprise Developer. > >> Sun Certified Java Programmer (SCJP) > >> > >> > >> On Wed, Feb 4, 2009 at 9:08 AM, TomazM >> <mailto:tomaz.majerh...@arnes.si>> wrote: > >> > >> Env: > >>OS: Microsoft Windows XP [Version 5.1.2600] > >>java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) > >>Tomcat: 6.0.16 > >>Axis2: 1.4.1 > >>Rampart: 1.3 > >> > >> > >> I'm trying to sign message with my CallbackHandler and wsp:Policy, > >> keys are in keystore of JKS type(server.jks and client.jks) > >> > >> 1) In service.xml I have: > >> . > >> > rampart.sign.service.SecurityHandler > >> > >> >> provider="org.apache.ws.security.components.crypto.Merlin"> > >> >> > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > >> >> > name="org.apache.ws.security.crypto.merlin.file">keys\\server.jks > >> >> > name="org.apache.ws.security.crypto.merlin.keystore.password"> > >> > >> > >> > >> 2) In client I also have my CallbackHandler and applying > >> RampartConfig which use client.jks(contain server key) > >> > >> > >> The finger print of server and client certificates are the same in > >> both keystore. > >> > >> > >> > >> Error: > >> org.apache.axis2.AxisFault: Error in signature with X509Token > >>at > >> > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) > >>at > >> > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) > >>at > >> > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) > >>at > >> > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) > >>at > >> > >> org.apache.axis2.client.OperationClient.execute(OperationClient.java:1 > >> 63) > >> > >> > >> > >> > >> Is anybody have a clue what I'm doing wrong > >> > >> > >> > >> > >> Best regards, Tomaz > >> > >> > > > > > >
Re: Error in signature with X509Token
I still have problem, now I get error: .. org.apache.ws.security.util.Loader - Caught Exception while in Loader.getResource. This may be innocuous. java.lang.NullPointerException ... org.apache.ws.security.components.crypto.Merlin cannot create instance What did you write in service.xml? Regard, Tomaz Erwin Reinhoud wrote: > Hello Tomaz, > > In my sanbox env i have put the file in the tomcat bin dir and no path > indication in service.xml. > > Regards, > > Erwin > > -Oorspronkelijk bericht- > Van: TomazM [mailto:tomaz.majerh...@arnes.si] > Verzonden: donderdag 5 februari 2009 12:13 > Aan: axis-user@ws.apache.org > Onderwerp: Re: Error in signature with X509Token > > I'm using rampart version 1.4, but it seem as the > rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the keystore, > because I change the name to a nonexistent file and I don't get any error > that file don't exist. > > Regards, Tomaz > > Erwin Reinhoud wrote: >> Hello Tomaz, >> >> Try also using rampart version 1.4 io 1.3. >> >> Regards, >> Erwin >> >> -- >> -- >> *Van:* m4rkuz [mailto:m4r...@gmail.com] >> *Verzonden:* woensdag 4 februari 2009 15:16 >> *Aan:* axis-user@ws.apache.org >> *Onderwerp:* Re: Error in signature with X509Token >> >> Hi Tomaz, >> >> I think you should attach you'r policy.xml file and your >> services.xml, and maybe an example of the soap message generated, so >> it could be esiar to help you. >> >> >> >> Marcus V. Sánchez D. >> __ >> Enterprise Developer. >> Sun Certified Java Programmer (SCJP) >> >> >> On Wed, Feb 4, 2009 at 9:08 AM, TomazM > <mailto:tomaz.majerh...@arnes.si>> wrote: >> >> Env: >>OS: Microsoft Windows XP [Version 5.1.2600] >>java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) >>Tomcat: 6.0.16 >>Axis2: 1.4.1 >>Rampart: 1.3 >> >> >> I'm trying to sign message with my CallbackHandler and wsp:Policy, >> keys are in keystore of JKS type(server.jks and client.jks) >> >> 1) In service.xml I have: >> . >> >> rampart.sign.service.SecurityHandler >> >>> provider="org.apache.ws.security.components.crypto.Merlin"> >>> >> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS >>> >> name="org.apache.ws.security.crypto.merlin.file">keys\\server.jks >>> >> name="org.apache.ws.security.crypto.merlin.keystore.password"> >> >> >> >> 2) In client I also have my CallbackHandler and applying >> RampartConfig which use client.jks(contain server key) >> >> >> The finger print of server and client certificates are the same in >> both keystore. >> >> >> >> Error: >> org.apache.axis2.AxisFault: Error in signature with X509Token >>at >> >> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) >>at >> >> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) >>at >> >> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) >>at >> >> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) >>at >> >> org.apache.axis2.client.OperationClient.execute(OperationClient.java:1 >> 63) >> >> >> >> >> Is anybody have a clue what I'm doing wrong >> >> >> >> >> Best regards, Tomaz >> >> > > begin:vcard fn;quoted-printable:Toma=C5=BE Majerhold n;quoted-printable:Majerhold;Toma=C5=BE org:ARNES, Slovenian NREN;Development team adr:;;Jamova 39;Ljubljana;;;Slovenia title:Developer tel;work:+386 14798930 tel;fax:+386 1 479 88 99 tel;home:+386 1425 38 01 tel;cell:(040) 757-229 url:http://www.arnes.si/ version:2.1 end:vcard
Re: Error in signature with X509Token
HI Tomaz, I'm no guru in the subject but I had a similar problem and I don't see BinarySecurityToken being send in the request, so try changing the correct lines for this one: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/* AlwaysToRecipient*"> Regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Thu, Feb 5, 2009 at 6:28 AM, Erwin Reinhoud wrote: > Hello Tomaz, > > In my sanbox env i have put the file in the tomcat bin dir and no path > indication in service.xml. > > Regards, > > Erwin > > -Oorspronkelijk bericht- > Van: TomazM [mailto:tomaz.majerh...@arnes.si] > Verzonden: donderdag 5 februari 2009 12:13 > Aan: axis-user@ws.apache.org > Onderwerp: Re: Error in signature with X509Token > > I'm using rampart version 1.4, but it seem as the > rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the > keystore, because I change the name to a nonexistent file and I don't get > any error that file don't exist. > > Regards, Tomaz > > Erwin Reinhoud wrote: > > Hello Tomaz, > > > > Try also using rampart version 1.4 io 1.3. > > > > Regards, > > Erwin > > > > -- > > -- > > *Van:* m4rkuz [mailto:m4r...@gmail.com] > > *Verzonden:* woensdag 4 februari 2009 15:16 > > *Aan:* axis-user@ws.apache.org > > *Onderwerp:* Re: Error in signature with X509Token > > > > Hi Tomaz, > > > > I think you should attach you'r policy.xml file and your > > services.xml, and maybe an example of the soap message generated, so > > it could be esiar to help you. > > > > > > > > Marcus V. Sánchez D. > > __ > > Enterprise Developer. > > Sun Certified Java Programmer (SCJP) > > > > > > On Wed, Feb 4, 2009 at 9:08 AM, TomazM > <mailto:tomaz.majerh...@arnes.si>> wrote: > > > > Env: > >OS: Microsoft Windows XP [Version 5.1.2600] > >java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) > >Tomcat: 6.0.16 > >Axis2: 1.4.1 > >Rampart: 1.3 > > > > > > I'm trying to sign message with my CallbackHandler and wsp:Policy, > > keys are in keystore of JKS type(server.jks and client.jks) > > > > 1) In service.xml I have: > > . > > > rampart.sign.service.SecurityHandler > > > > > provider="org.apache.ws.security.components.crypto.Merlin"> > > > > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > > > > name="org.apache.ws.security.crypto.merlin.file">keys\\server.jks > > > > name="org.apache.ws.security.crypto.merlin.keystore.password"> > > > > > > > > 2) In client I also have my CallbackHandler and applying > > RampartConfig which use client.jks(contain server key) > > > > > > The finger print of server and client certificates are the same in > > both keystore. > > > > > > > > Error: > > org.apache.axis2.AxisFault: Error in signature with X509Token > >at > > > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) > >at > > > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) > >at > > > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) > >at > > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) > >at > > > > org.apache.axis2.client.OperationClient.execute(OperationClient.java:1 > > 63) > > > > > > > > > > Is anybody have a clue what I'm doing wrong > > > > > > > > > > Best regards, Tomaz > > > > > > > >
RE: Error in signature with X509Token
Hello Tomaz, In my sanbox env i have put the file in the tomcat bin dir and no path indication in service.xml. Regards, Erwin -Oorspronkelijk bericht- Van: TomazM [mailto:tomaz.majerh...@arnes.si] Verzonden: donderdag 5 februari 2009 12:13 Aan: axis-user@ws.apache.org Onderwerp: Re: Error in signature with X509Token I'm using rampart version 1.4, but it seem as the rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the keystore, because I change the name to a nonexistent file and I don't get any error that file don't exist. Regards, Tomaz Erwin Reinhoud wrote: > Hello Tomaz, > > Try also using rampart version 1.4 io 1.3. > > Regards, > Erwin > > -- > -- > *Van:* m4rkuz [mailto:m4r...@gmail.com] > *Verzonden:* woensdag 4 februari 2009 15:16 > *Aan:* axis-user@ws.apache.org > *Onderwerp:* Re: Error in signature with X509Token > > Hi Tomaz, > > I think you should attach you'r policy.xml file and your > services.xml, and maybe an example of the soap message generated, so > it could be esiar to help you. > > > > Marcus V. Sánchez D. > __ > Enterprise Developer. > Sun Certified Java Programmer (SCJP) > > > On Wed, Feb 4, 2009 at 9:08 AM, TomazM <mailto:tomaz.majerh...@arnes.si>> wrote: > > Env: >OS: Microsoft Windows XP [Version 5.1.2600] >java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) >Tomcat: 6.0.16 >Axis2: 1.4.1 >Rampart: 1.3 > > > I'm trying to sign message with my CallbackHandler and wsp:Policy, > keys are in keystore of JKS type(server.jks and client.jks) > > 1) In service.xml I have: > . > > rampart.sign.service.SecurityHandler > > provider="org.apache.ws.security.components.crypto.Merlin"> > > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > > name="org.apache.ws.security.crypto.merlin.file">keys\\server.jks > > name="org.apache.ws.security.crypto.merlin.keystore.password"> > > > > 2) In client I also have my CallbackHandler and applying > RampartConfig which use client.jks(contain server key) > > > The finger print of server and client certificates are the same in > both keystore. > > > > Error: > org.apache.axis2.AxisFault: Error in signature with X509Token >at > > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) >at > > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) >at > > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) >at > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) >at > > org.apache.axis2.client.OperationClient.execute(OperationClient.java:1 > 63) > > > > > Is anybody have a clue what I'm doing wrong > > > > > Best regards, Tomaz > >
Re: Error in signature with X509Token
I'm using rampart version 1.4, but it seem as the rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the keystore, because I change the name to a nonexistent file and I don't get any error that file don't exist. Regards, Tomaz Erwin Reinhoud wrote: > Hello Tomaz, > > Try also using rampart version 1.4 io 1.3. > > Regards, > Erwin > > > *Van:* m4rkuz [mailto:m4r...@gmail.com] > *Verzonden:* woensdag 4 februari 2009 15:16 > *Aan:* axis-user@ws.apache.org > *Onderwerp:* Re: Error in signature with X509Token > > Hi Tomaz, > > I think you should attach you'r policy.xml file and your services.xml, > and maybe an example of the soap message generated, so it could be esiar > to help you. > > > > Marcus V. Sánchez D. > __ > Enterprise Developer. > Sun Certified Java Programmer (SCJP) > > > On Wed, Feb 4, 2009 at 9:08 AM, TomazM <mailto:tomaz.majerh...@arnes.si>> wrote: > > Env: >OS: Microsoft Windows XP [Version 5.1.2600] >java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) >Tomcat: 6.0.16 >Axis2: 1.4.1 >Rampart: 1.3 > > > I'm trying to sign message with my CallbackHandler and wsp:Policy, > keys are in keystore of JKS type(server.jks and client.jks) > > 1) In service.xml I have: > . > > rampart.sign.service.SecurityHandler > > provider="org.apache.ws.security.components.crypto.Merlin"> > > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > > name="org.apache.ws.security.crypto.merlin.file">keys\\server.jks > > name="org.apache.ws.security.crypto.merlin.keystore.password"> > > > > 2) In client I also have my CallbackHandler and applying > RampartConfig which use client.jks(contain server key) > > > The finger print of server and client certificates are the same in > both keystore. > > > > Error: > org.apache.axis2.AxisFault: Error in signature with X509Token >at > > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) >at > > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) >at > > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) >at > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) >at > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) > > > > > Is anybody have a clue what I'm doing wrong > > > > > Best regards, Tomaz > > begin:vcard fn;quoted-printable:Toma=C5=BE Majerhold n;quoted-printable:Majerhold;Toma=C5=BE org:ARNES, Slovenian NREN;Development team adr:;;Jamova 39;Ljubljana;;;Slovenia title:Developer tel;work:+386 14798930 tel;fax:+386 1 479 88 99 tel;home:+386 1425 38 01 tel;cell:(040) 757-229 url:http://www.arnes.si/ version:2.1 end:vcard
Re: Error in signature with X509Token
Thx, I'll try rampart 1.4 service.xml, it contain policy: Security Service, messages are signed rampart.sign.service.PojoService http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> http://ws.apache.org/rampart/policy";> service rampart.sign.service.SecurityHandler JKS D:\\SOAP_TUTOR\\article-transport\\keys\\server.jks -- Req: -- POST /axis2/services/RampartSignService HTTP/1.1 Content-Type: application/soap+xml; charset=UTF-8; action="urn:sestej" User-Agent: Axis2 Host: jalovec.arnes.si:8080 Transfer-Encoding: chunked http://www.w3.org/2003/05/soap-envelope"; standalone="no"?> http://www.w3.org/2003/05/soap-envelope";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="true"> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-32189467"> 2009-02-05T08:11:11.735Z 2009-02-05T08:16:11.735Z http://www.w3.org/2000/09/xmldsig#"; Id="Signature-330120"> http://www.w3.org/2001/10/xml-exc-c14n#"/> http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> http://www.w3.org/2001/10/xml-exc-c14n#"/> http://www.w3.org/2000/09/xmldsig#sha1"/> GSyf8R7vIO1Exwurae95mxIWgnI= http://www.w3.org/2001/10/xml-exc-c14n#"/> http://www.w3.org/2000/09/xmldsig#sha1"/> dM8fK3UEbaFdUsl1PXNCcuLz6/M= 2LW4LfjAP5MZulRXONtdzhu7JpvZawfR4/5e2UEBJVMUGqB8c/zTVgG65Z2cIePYgWdw+ma+dWmu JdgqM+66hzZ5BMAH1sNRxL6onz0DOyuRnDYhEgNYgCjmN67Ok7Q0SQqnEfJ19B1WdAxqawspyLjX VyS4X5BisAG5G+25CrQ= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-27291192"> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>+JGv39JjeaxQiilnwwc/wlWlITU= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-5218268"> http://service.sign.rampart";> 4 233 - Resp: - HTTP/1.1 500 Internal Server Error Server: Apache-Coyote/1.1 Content-Type: application/soap+xml; action="http://www.w3.org/2005/08/addressing/soap/fault";charset=UTF-8 Transfer-Encoding: chunked Date: Thu, 05 Feb 2009 08:11:12 GMT Con
RE: Error in signature with X509Token
Hello Tomaz, Try also using rampart version 1.4 io 1.3. Regards, Erwin _ Van: m4rkuz [mailto:m4r...@gmail.com] Verzonden: woensdag 4 februari 2009 15:16 Aan: axis-user@ws.apache.org Onderwerp: Re: Error in signature with X509Token Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM wrote: Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . rampart.sign.service.SecurityHandler JKS keys\\server.jks 2) In client I also have my CallbackHandler and applying RampartConfig which use client.jks(contain server key) The finger print of server and client certificates are the same in both keystore. Error: org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) Is anybody have a clue what I'm doing wrong Best regards, Tomaz
Re: Error in signature with X509Token
Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM wrote: > Env: >OS: Microsoft Windows XP [Version 5.1.2600] >java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) >Tomcat: 6.0.16 >Axis2: 1.4.1 >Rampart: 1.3 > > > I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are > in keystore of JKS type(server.jks and client.jks) > > 1) In service.xml I have: > . > > rampart.sign.service.SecurityHandler > > provider="org.apache.ws.security.components.crypto.Merlin"> > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > name="org.apache.ws.security.crypto.merlin.file">keys\\server.jks > name="org.apache.ws.security.crypto.merlin.keystore.password"> > > > > 2) In client I also have my CallbackHandler and applying RampartConfig > which use client.jks(contain server key) > > > The finger print of server and client certificates are the same in both > keystore. > > > > Error: > org.apache.axis2.AxisFault: Error in signature with X509Token >at > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) >at > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) >at > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) >at > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) >at > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) > > > > > Is anybody have a clue what I'm doing wrong > > > > > Best regards, Tomaz >
Error in signature with X509Token
Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . rampart.sign.service.SecurityHandler JKS keys\\server.jks 2) In client I also have my CallbackHandler and applying RampartConfig which use client.jks(contain server key) The finger print of server and client certificates are the same in both keystore. Error: org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) Is anybody have a clue what I'm doing wrong Best regards, Tomaz begin:vcard fn;quoted-printable:Toma=C5=BE Majerhold n;quoted-printable:Majerhold;Toma=C5=BE org:ARNES, Slovenian NREN;Development team adr:;;Jamova 39;Ljubljana;;;Slovenia title:Developer tel;work:+386 14798930 tel;fax:+386 1 479 88 99 tel;home:+386 1425 38 01 tel;cell:(040) 757-229 url:http://www.arnes.si/ version:2.1 end:vcard
