Re: *SPAM* Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!

2008-09-04 Thread Tomás Tormo 
ml#286>
 }
287 
<http://ws.apache.org/wss4j/xref/org/apache/ws/axis/security/WSDoAllReceiver.html#287>
 }

288 
<http://ws.apache.org/wss4j/xref/org/apache/ws/axis/security/WSDoAllReceiver.html#288>
 }
  



Un saludo

José


On Wed, Sep 3, 2008 at 9:31 PM, Martin Gainty <[EMAIL PROTECTED] 
<mailto:[EMAIL PROTECTED]>> wrote:


you can avoid all that and create the cert yourself for testing
purposes on your dev box
http://code.google.com/support/bin/answer.py?answer=71864&topic=11369
<http://code.google.com/support/bin/answer.py?answer=71864&topic=11369>

Martin
__
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the
official business of Sender. This transmission is of a
confidential nature and Sender does not endorse distribution to
any party other than intended recipient. Sender does not
necessarily endorse content contained within this transmission.


--------------------
Date: Wed, 3 Sep 2008 20:11:56 +0200

From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
To: axis-user@ws.apache.org <mailto:axis-user@ws.apache.org>
Subject: Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying
the signature with wss4j... Good News!!


Because I had no time enough to make the entire development with
the right certificate, I'm still waiting for it and this should be
finnished on friday... That's why I wanted to have some
code(altough I was not gonna work), and then had something
prepared for the right certificate. Then, in this case and if
everything is all right, it "should" work (at least partially)
with the correct certificate... Could this be a client error? (It
looks as sever error...as I told you, i'm new in axis...)


This is the complete exception:


AxisFault
 faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
 faultSubcode:
 faultString: WSDoAllReceiver: The certificate used for the
signature is not trusted
 faultActor:
 faultNode:
 faultDetail:
   
{http://xml.apache.org/axis/}hostname:cifweb02.asoatario.com

<http://cifweb02.asoatario.com>

WSDoAllReceiver: The certificate used for the signature is not trusted
at

org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
at

org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
at

org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at
org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
Source)
at

org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at
org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at
org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at
org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
at

org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at
org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at

org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
at
org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)


Thank you very much / Muchas gracias por tu ayuda


José Ferreiro escribió:

Correct Frank,

Why don't you get the right certificate you need that is
issued and signed by the correct third party?

Un saludo.
José

On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:

Good news!!! After changing the keystore for
"interop2.jks", and using "alice" as alias the exception
changed :).

RE: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!

2008-09-03 Thread Martin Gainty 

you can avoid all that and create the cert yourself for testing purposes on 
your dev box
http://code.google.com/support/bin/answer.py?answer=71864&topic=11369

Martin 
__ 
Disclaimer and confidentiality note 
Everything in this e-mail and any attachments relates to the official business 
of Sender. This transmission is of a confidential nature and Sender does not 
endorse distribution to any party other than intended recipient. Sender does 
not necessarily endorse content contained within this transmission. 


Date: Wed, 3 Sep 2008 20:11:56 +0200
From: [EMAIL PROTECTED]
To: axis-user@ws.apache.org
Subject: Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature 
with wss4j... Good News!!






  


Because I had no time enough to make the entire development with the
right certificate, I'm still waiting for it and this should be
finnished on friday... That's why I wanted to have some code(altough I
was not gonna work), and then had something prepared for the right
certificate. Then, in this case and if everything is all right, it
"should" work (at least partially) with the correct certificate...
Could this be a client error? (It looks as sever error...as I told you,
i'm new in axis...) 





This is the complete exception:





AxisFault

 faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException

 faultSubcode: 

 faultString: WSDoAllReceiver: The certificate used for the signature
is not trusted

 faultActor: 

 faultNode: 

 faultDetail: 

{http://xml.apache.org/axis/}hostname:cifweb02.asoatario.com



WSDoAllReceiver: The certificate used for the signature is not trusted

at
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)

at
org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)

at
org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)

at
org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)

at
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
Source)

at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)

at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)

at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)

at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)

at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)

at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
Source)

at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)

at
org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)

at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)

at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)

at
org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)

at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)

at org.apache.axis.client.Call.invokeEngine(Call.java:2784)

at org.apache.axis.client.Call.invoke(Call.java:2767)

at org.apache.axis.client.Call.invoke(Call.java:2443)

at org.apache.axis.client.Call.invoke(Call.java:2366)

at org.apache.axis.client.Call.invoke(Call.java:1812)





Thank you very much / Muchas gracias por tu ayuda





José Ferreiro escribió:

  Correct Frank, 

  

Why don't you get the right certificate you need that is issued and
signed by the correct third party?

  

Un saludo.

José

  

  On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo <[EMAIL PROTECTED]>
wrote:

  

Good news!!! After changing the keystore for "interop2.jks", and using
"alice" as alias the exception changed :). Now it looks like this:



WSDoAllReceiver: The certificate used for the signature is not
trusted



I'm trying the webservice client against a public webservice, that's
why I think this exception is pretty normal, cause this certificate is
self-signed, and the public webservice maybe needs a trusted
certificate. Am I right?



Thank you very much



Tomás Tormo escribió:
 Sorry, my mistake, the client_deploy.wsdd
file I'm using is the
following one:

  

http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>

 

  

  

   





 





   

  

  

   



  



   

  





  

Thank you

  

Tomás Tormo escribió:
   Ok, sorry i didn't see the link...



Anyway i would like to ask you why you don't use "DirectReference"
as "signatureKeyIdentifier" instead of  "X509KeyIdentifier".Is the
server able to ve

Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!

2008-09-03 Thread Tomás Tormo 
Because I had no time enough to make the entire development with the 
right certificate, I'm still waiting for it and this should be finnished 
on friday... That's why I wanted to have some code(altough I was not 
gonna work), and then had something prepared for the right certificate. 
Then, in this case and if everything is all right, it "should" work (at 
least partially) with the correct certificate... Could this be a client 
error? (It looks as sever error...as I told you, i'm new in axis...)



This is the complete exception:


AxisFault
faultCode: 
{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException

faultSubcode:
faultString: WSDoAllReceiver: The certificate used for the signature is 
not trusted

faultActor:
faultNode:
faultDetail:
   {http://xml.apache.org/axis/}hostname:cifweb02.asoatario.com

WSDoAllReceiver: The certificate used for the signature is not trusted
   at 
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
   at 
org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
   at 
org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
   at 
org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
   at 
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown 
Source)
   at 
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown 
Source)
   at 
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown 
Source)
   at org.apache.xerces.parsers.XML11Configuration.parse(Unknown 
Source)
   at org.apache.xerces.parsers.XML11Configuration.parse(Unknown 
Source)

   at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
   at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
   at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
   at 
org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)

   at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
   at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
   at 
org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)

   at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
   at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
   at org.apache.axis.client.Call.invoke(Call.java:2767)
   at org.apache.axis.client.Call.invoke(Call.java:2443)
   at org.apache.axis.client.Call.invoke(Call.java:2366)
   at org.apache.axis.client.Call.invoke(Call.java:1812)


Thank you very much / Muchas gracias por tu ayuda


José Ferreiro escribió:

Correct Frank,

Why don't you get the right certificate you need that is issued and 
signed by the correct third party?


Un saludo.
José

On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo <[EMAIL PROTECTED] 
> wrote:


Good news!!! After changing the keystore for "interop2.jks", and
using "alice" as alias the exception changed :). Now it looks like
this:

WSDoAllReceiver: The certificate used for the signature is not
trusted

I'm trying the webservice client against a public webservice,
that's why I think this exception is pretty normal, cause this
certificate is self-signed, and the public webservice maybe needs
a trusted certificate. Am I right?

Thank you very much

Tomás Tormo escribió:

Sorry, my mistake, the client_deploy.wsdd file I'm using is the
following one:

http://xml.apache.org/axis/wsdd/";

xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";
>
 
  
  
   





   
  
  
   

 


   
  



Thank you

Tomás Tormo escribió:

Ok, sorry i didn't see the link...

Anyway i would like to ask you why you don't use
"DirectReference" as "signatureKeyIdentifier" instead of 
"X509KeyIdentifier".Is the server able to verify the sign just

with that?

The client_deploy.wsdd file I was using was the following one
(now it's a mix of several xD):


http://xml.apache.org/axis/wsdd/";

xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";
>
 
 
 
  
   
   
  
   





http://www.w3.org/2001/04/xmlenc#aes128-cbc";
 />
http://www.w3.org/2001/04/xmlenc#rsa-1_5";
 />
   
  
  
   

   


   
  






Martin Gainty escribió:

Tomas

the provided e

Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!

2008-09-03 Thread José Ferreiro 
Correct Frank,

Why don't you get the right certificate you need that is issued and signed
by the correct third party?

Un saludo.
José

On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo <[EMAIL PROTECTED]> wrote:

>  Good news!!! After changing the keystore for "interop2.jks", and using
> "alice" as alias the exception changed :). Now it looks like this:
>
> WSDoAllReceiver: The certificate used for the signature is not trusted
>
> I'm trying the webservice client against a public webservice, that's why I
> think this exception is pretty normal, cause this certificate is
> self-signed, and the public webservice maybe needs a trusted certificate. Am
> I right?
>
> Thank you very much
>
> Tomás Tormo escribió:
>
> Sorry, my mistake, the client_deploy.wsdd file I'm using is the following
> one:
>
>  xmlns="http://xml.apache.org/axis/wsdd/";xmlns:java=
> "http://xml.apache.org/axis/wsdd/providers/java";
> >
>   pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>   
>   
> type="java:org.apache.ws.axis.security.WSDoAllSender" >
>  value="pruebawebserviceregistraduria.PWCallback"/>
> 
> 
> 
> 
>
>   
>   
> type="java:org.apache.ws.axis.security.WSDoAllReceiver">
>  value="pruebawebserviceregistraduria.PWCallback"/>
> 
> 
>
>   
> 
> 
>
> Thank you
>
> Tomás Tormo escribió:
>
> Ok, sorry i didn't see the link...
>
> Anyway i would like to ask you why you don't use "DirectReference" as
> "signatureKeyIdentifier" instead of  "X509KeyIdentifier".Is the server able
> to verify the sign just with that?
>
> The client_deploy.wsdd file I was using was the following one (now it's a
> mix of several xD):
>
> 
>  xmlns="http://xml.apache.org/axis/wsdd/";xmlns:java=
> "http://xml.apache.org/axis/wsdd/providers/java";
> >
>   pivot="java:org.apache.axis.transport.java.JavaSender"/>
>   pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>   pivot="java:org.apache.axis.transport.local.LocalSender"/>
>   
>
>
>   
>
> 
> 
> 
> 
> 
>  "http://www.w3.org/2001/04/xmlenc#aes128-cbc";/>
>  "http://www.w3.org/2001/04/xmlenc#rsa-1_5";/>
>
>   
>   
>
> 
> 
> 
>
>   
> 
>
>
>
>
>
> Martin Gainty escribió:
>
> Tomas
>
> the provided example works with WSS4J ..specifically
>
> *WSS4J configuration*
> Below is the important parts from the deployment .wsdd-file for the web
> service. The test.PWCallback 
> class is a simple class returning the password of the private key in the
> keystore. I used the same 
> crypto.properties as the one supplied as wsstest.properties in the
> interop-folder. As you can see I have 
> specified which algorithms to use for the session key and ecrypted session
> key (RSA15 and AES128).
> 
> Did you try?
> Saludos
> Martin 
> __
> Disclaimer and confidentiality note
> Everything in this e-mail and any attachments relates to the official
> business of Sender. This transmission is of a confidential nature and Sender
> does not endorse distribution to any party other than intended recipient.
> Sender does not necessarily endorse content contained within this
> transmission.
>
>
> --
> Date: Wed, 3 Sep 2008 16:10:30 +0200
> From: [EMAIL PROTECTED]
> To: axis-user@ws.apache.org
> Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j
>
> Thank you very much for your answer, but i forgot to specify that i'm
> writing a client in java using wss4j and not WSE, and i don't have access to
> the server (anyway, i'm new in this field,  so maybe i haven't understood it
> well...)
>
> Do you know how to do the same for wss4j in the client?
>
> Thank you.
>
> Martin Gainty escribió:
>
>  xmlns="http://schemas.microsoft.com/wse/2005/06/policy";
> >
> 
> assume the specified policy includes the directive
> messageProtectionOrder="SignBeforeEncrypt"
> 
>
> http://erlend.oftedal.no/blog/?blogid=12
> 
> Saludos
> Martin 
> __
> Disclaimer and confidentiality note
> Everything in this e-mail and any attachments relates to the official
> business of Sender. This transmission is of a confidential nature and Sender
> does not endorse distribution to any party other than intended recipient.
> Sender does not necessarily endorse content contained within this
> transmission.
>
>
> > Date: Wed, 3 Sep 2008 14:30:40 +0200
> > From: [EMAIL PROTECTED]
> > To: axis-user@ws.apache.org
> > Subject: Problem verifying the signature with wss4j
> >
> > Greetings
> >
> > I'm trying to write an webservice client wich uses signed SOAP
> > messages in order to communicate. For this, i'm using wss4j 1.5.3 wi

Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!

2008-09-03 Thread Tomás Tormo 
Good news!!! After changing the keystore for "interop2.jks", and using 
"alice" as alias the exception changed :). Now it looks like this:


   WSDoAllReceiver: The certificate used for the signature is not trusted

I'm trying the webservice client against a public webservice, that's why 
I think this exception is pretty normal, cause this certificate is 
self-signed, and the public webservice maybe needs a trusted 
certificate. Am I right?


Thank you very much

Tomás Tormo escribió:
Sorry, my mistake, the client_deploy.wsdd file I'm using is the 
following one:


http://xml.apache.org/axis/wsdd/"; 
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
 pivot="java:org.apache.axis.transport.http.HTTPSender"/>

  
  
   type="java:org.apache.ws.axis.security.WSDoAllSender" >
value="pruebawebserviceregistraduria.PWCallback"/>





   
  
  
   type="java:org.apache.ws.axis.security.WSDoAllReceiver">
value="pruebawebserviceregistraduria.PWCallback"/>
 


   
  



Thank you

Tomás Tormo escribió:

Ok, sorry i didn't see the link...

Anyway i would like to ask you why you don't use 
"DirectReference" as "signatureKeyIdentifier" instead of  
"X509KeyIdentifier".Is the server able to verify the sign just with 
that?


The client_deploy.wsdd file I was using was the following one (now 
it's a mix of several xD):



http://xml.apache.org/axis/wsdd/"; 
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
 pivot="java:org.apache.axis.transport.java.JavaSender"/>
 pivot="java:org.apache.axis.transport.http.HTTPSender"/>
 pivot="java:org.apache.axis.transport.local.LocalSender"/>

  
   
   
  
   





value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />

   
  
  
   

   


   
  






Martin Gainty escribió:

Tomas

the provided example works with WSS4J ..specifically

*WSS4J configuration*
Below is the important parts from the deployment .wsdd-file for the 
web service. The test.PWCallback 
class is a simple class returning the password of the private key in 
the keystore. I used the same 
crypto.properties as the one supplied as wsstest.properties in the 
interop-folder. As you can see I have 
specified which algorithms to use for the session key and ecrypted 
session key (RSA15 and AES128).


Did you try?
Saludos
Martin 
__
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the 
official business of Sender. This transmission is of a confidential 
nature and Sender does not endorse distribution to any party other 
than intended recipient. Sender does not necessarily endorse content 
contained within this transmission.




Date: Wed, 3 Sep 2008 16:10:30 +0200
From: [EMAIL PROTECTED]
To: axis-user@ws.apache.org
Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j

Thank you very much for your answer, but i forgot to specify that 
i'm writing a client in java using wss4j and not WSE, and i don't 
have access to the server (anyway, i'm new in this field,  so maybe 
i haven't understood it well...)


Do you know how to do the same for wss4j in the client?

Thank you.

Martin Gainty escribió:

http://schemas.microsoft.com/wse/2005/06/policy";
>

assume the specified policy includes the directive
messageProtectionOrder="SignBeforeEncrypt"


http://erlend.oftedal.no/blog/?blogid=12

Saludos
Martin 
__
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the
official business of Sender. This transmission is of a
confidential nature and Sender does not endorse distribution to
any party other than intended recipient. Sender does not
necessarily endorse content contained within this transmission.


> Date: Wed, 3 Sep 2008 14:30:40 +0200
> From: [EMAIL PROTECTED] 
> To: axis-user@ws.apache.org 
> Subject: Problem verifying the signature with wss4j
>
> Greetings
>
> I'm trying to write an webservice client wich uses signed SOAP
> messages in order to communicate. For this, i'm using wss4j
1.5.3 with
> axis 1.4. I've succesfully wrote the client code wich signs
the message
> and sends it to the server, but i'm getting the following error:
>
> WSDoAllReceiver: security processing failed; nested exception is:
> org.apache.ws.security.WSSecurityException: The signature
> verification failed (The provided certificate is invalid)
>
> As far as i know (by reading posts in the internet) this is
caused
> because the XML is modified after it is signed. I've tried to
set the

Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j

2008-09-03 Thread Tomás Tormo 
Sorry, my mistake, the client_deploy.wsdd file I'm using is the 
following one:


http://xml.apache.org/axis/wsdd/"; 
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
pivot="java:org.apache.axis.transport.http.HTTPSender"/>

 
 
  type="java:org.apache.ws.axis.security.WSDoAllSender" >
   value="pruebawebserviceregistraduria.PWCallback"/>

   
   
   
   
  
 
 
  type="java:org.apache.ws.axis.security.WSDoAllReceiver">
   value="pruebawebserviceregistraduria.PWCallback"/>

   

  
 



Thank you

Tomás Tormo escribió:

Ok, sorry i didn't see the link...

Anyway i would like to ask you why you don't use "DirectReference" 
as "signatureKeyIdentifier" instead of  "X509KeyIdentifier".Is the 
server able to verify the sign just with that?


The client_deploy.wsdd file I was using was the following one (now 
it's a mix of several xD):



http://xml.apache.org/axis/wsdd/"; 
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
 pivot="java:org.apache.axis.transport.java.JavaSender"/>
 pivot="java:org.apache.axis.transport.http.HTTPSender"/>
 pivot="java:org.apache.axis.transport.local.LocalSender"/>

  
   
   
  
   





value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />

   
  
  
   

   


   
  






Martin Gainty escribió:

Tomas

the provided example works with WSS4J ..specifically

*WSS4J configuration*
Below is the important parts from the deployment .wsdd-file for the 
web service. The test.PWCallback 
class is a simple class returning the password of the private key in 
the keystore. I used the same 
crypto.properties as the one supplied as wsstest.properties in the 
interop-folder. As you can see I have 
specified which algorithms to use for the session key and ecrypted 
session key (RSA15 and AES128).


Did you try?
Saludos
Martin 
__
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official 
business of Sender. This transmission is of a confidential nature and 
Sender does not endorse distribution to any party other than intended 
recipient. Sender does not necessarily endorse content contained 
within this transmission.




Date: Wed, 3 Sep 2008 16:10:30 +0200
From: [EMAIL PROTECTED]
To: axis-user@ws.apache.org
Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j

Thank you very much for your answer, but i forgot to specify that i'm 
writing a client in java using wss4j and not WSE, and i don't have 
access to the server (anyway, i'm new in this field,  so maybe i 
haven't understood it well...)


Do you know how to do the same for wss4j in the client?

Thank you.

Martin Gainty escribió:

http://schemas.microsoft.com/wse/2005/06/policy";
>

assume the specified policy includes the directive
messageProtectionOrder="SignBeforeEncrypt"


http://erlend.oftedal.no/blog/?blogid=12

Saludos
Martin 
__
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the
official business of Sender. This transmission is of a
confidential nature and Sender does not endorse distribution to
any party other than intended recipient. Sender does not
necessarily endorse content contained within this transmission.


> Date: Wed, 3 Sep 2008 14:30:40 +0200
> From: [EMAIL PROTECTED] 
> To: axis-user@ws.apache.org 
> Subject: Problem verifying the signature with wss4j
>
> Greetings
>
> I'm trying to write an webservice client wich uses signed SOAP
> messages in order to communicate. For this, i'm using wss4j
1.5.3 with
> axis 1.4. I've succesfully wrote the client code wich signs the
message
> and sends it to the server, but i'm getting the following error:
>
> WSDoAllReceiver: security processing failed; nested exception is:
> org.apache.ws.security.WSSecurityException: The signature
> verification failed (The provided certificate is invalid)
>
> As far as i know (by reading posts in the internet) this is caused
> because the XML is modified after it is signed. I've tried to
set the
> disablePrettyXML to true and the
enableNamespacePrefixOptimization to
> false, but it didn't work...
>
> I've read in other posts that this could be caused by the
default blank
> namespaces added by Axis (when I checked the XML thanks to
TCPMonitor,
> i could see that the attributes of the sent objects had no
namespace,
> but the object itself had).
>
> Does anybody have any solution for this problem? Could be
possible to
> disable the default namespa