Re: *SPAM* Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
/security/WSDoAllReceiver.html#288
}
Un saludo
José
On Wed, Sep 3, 2008 at 9:31 PM, Martin Gainty [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
you can avoid all that and create the cert yourself for testing
purposes on your dev box
http://code.google.com/support/bin/answer.py?answer=71864topic=11369
http://code.google.com/support/bin/answer.py?answer=71864topic=11369
Martin
__
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the
official business of Sender. This transmission is of a
confidential nature and Sender does not endorse distribution to
any party other than intended recipient. Sender does not
necessarily endorse content contained within this transmission.
Date: Wed, 3 Sep 2008 20:11:56 +0200
From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
To: axis-user@ws.apache.org mailto:axis-user@ws.apache.org
Subject: Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying
the signature with wss4j... Good News!!
Because I had no time enough to make the entire development with
the right certificate, I'm still waiting for it and this should be
finnished on friday... That's why I wanted to have some
code(altough I was not gonna work), and then had something
prepared for the right certificate. Then, in this case and if
everything is all right, it should work (at least partially)
with the correct certificate... Could this be a client error? (It
looks as sever error...as I told you, i'm new in axis...)
This is the complete exception:
AxisFault
faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: WSDoAllReceiver: The certificate used for the
signature is not trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}hostname:cifweb02.asoatario.com
http://cifweb02.asoatario.com
WSDoAllReceiver: The certificate used for the signature is not trusted
at
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
at
org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
at
org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at
org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at
org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at
org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at
org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
at
org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at
org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at
org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
at
org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
Thank you very much / Muchas gracias por tu ayuda
José Ferreiro escribió:
Correct Frank,
Why don't you get the right certificate you need that is
issued and signed by the correct third party?
Un saludo.
José
On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote:
Good news!!! After changing the keystore for
interop2.jks, and using alice as alias the exception
changed :). Now it looks like this:
WSDoAllReceiver: The certificate used for the
signature is not trusted
I'm trying the webservice client against a public
webservice, that's why I think this exception is pretty
normal, cause this certificate is self-signed, and the
public
Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
Good news!!! After changing the keystore for interop2.jks, and using alice as alias the exception changed :). Now it looks like this: WSDoAllReceiver: The certificate used for the signature is not trusted I'm trying the webservice client against a public webservice, that's why I think this exception is pretty normal, cause this certificate is self-signed, and the public webservice maybe needs a trusted certificate. Am I right? Thank you very much Tomás Tormo escribió: Sorry, my mistake, the client_deploy.wsdd file I'm using is the following one: deployment xmlns=http://xml.apache.org/axis/wsdd/; xmlns:java=http://xml.apache.org/axis/wsdd/providers/java; transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ globalConfiguration requestFlow handler name=DoSecuritySender type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=user value=sample/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / /handler /requestFlow responseFlow handler name=DoSecurityReceiver type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration /deployment Thank you Tomás Tormo escribió: Ok, sorry i didn't see the link... Anyway i would like to ask you why you don't use DirectReference as signatureKeyIdentifier instead of X509KeyIdentifier.Is the server able to verify the sign just with that? The client_deploy.wsdd file I was using was the following one (now it's a mix of several xD): ?xml version=1.0 encoding=UTF-8? deployment xmlns=http://xml.apache.org/axis/wsdd/; xmlns:java=http://xml.apache.org/axis/wsdd/providers/java; transport name=java pivot=java:org.apache.axis.transport.java.JavaSender/ transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ transport name=local pivot=java:org.apache.axis.transport.local.LocalSender/ globalConfiguration parameter name=disablePrettyXML value=true/ parameter name=enableNamespacePrefixOptimization value=true/ requestFlow handler type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=action value=Signature/ parameter name=passwordCallbackClass value=PWCallback/ parameter name=user value=sample/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / parameter name=encryptionSymAlgorithm value=http://www.w3.org/2001/04/xmlenc#aes128-cbc; / parameter name=encryptionKeyTransportAlgorithm value=http://www.w3.org/2001/04/xmlenc#rsa-1_5; / /handler /requestFlow responseFlow handler type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration Martin Gainty escribió: TomasBR the provided example works with WSS4J ..specificallyBR *WSS4J configuration*BR Below is the important parts from the deployment .wsdd-file for the web service. The test.PWCallback BR class is a simple class returning the password of the private key in the keystore. I used the same BR crypto.properties as the one supplied as wsstest.properties in the interop-folder. As you can see I have BR specified which algorithms to use for the session key and ecrypted session key (RSA15 and AES128). BR Did you try?BR SaludosBR Martin BR __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Wed, 3 Sep 2008 16:10:30 +0200 From: [EMAIL PROTECTED] To: axis-user@ws.apache.org Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j Thank you very much for your answer, but i forgot to specify that i'm writing a client in java using wss4j and not WSE, and i don't have access to the server (anyway, i'm new in this field, so maybe i haven't understood it well...) Do you know how to do the same for wss4j in the client? Thank you. Martin Gainty escribió: policies xmlns=http://schemas.microsoft.com/wse/2005/06/policy; http://schemas.microsoft.com/wse/2005/06/policyBR policy name=x509BR assume the
Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
Correct Frank, Why don't you get the right certificate you need that is issued and signed by the correct third party? Un saludo. José On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo [EMAIL PROTECTED] wrote: Good news!!! After changing the keystore for interop2.jks, and using alice as alias the exception changed :). Now it looks like this: WSDoAllReceiver: The certificate used for the signature is not trusted I'm trying the webservice client against a public webservice, that's why I think this exception is pretty normal, cause this certificate is self-signed, and the public webservice maybe needs a trusted certificate. Am I right? Thank you very much Tomás Tormo escribió: Sorry, my mistake, the client_deploy.wsdd file I'm using is the following one: deployment xmlns=http://xml.apache.org/axis/wsdd/;http://xml.apache.org/axis/wsdd/xmlns:java= http://xml.apache.org/axis/wsdd/providers/java;http://xml.apache.org/axis/wsdd/providers/java transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ globalConfiguration requestFlow handler name=DoSecuritySender type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=user value=sample/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / /handler /requestFlow responseFlow handler name=DoSecurityReceiver type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration /deployment Thank you Tomás Tormo escribió: Ok, sorry i didn't see the link... Anyway i would like to ask you why you don't use DirectReference as signatureKeyIdentifier instead of X509KeyIdentifier.Is the server able to verify the sign just with that? The client_deploy.wsdd file I was using was the following one (now it's a mix of several xD): ?xml version=1.0 encoding=UTF-8? deployment xmlns=http://xml.apache.org/axis/wsdd/;http://xml.apache.org/axis/wsdd/xmlns:java= http://xml.apache.org/axis/wsdd/providers/java;http://xml.apache.org/axis/wsdd/providers/java transport name=java pivot=java:org.apache.axis.transport.java.JavaSender/ transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ transport name=local pivot=java:org.apache.axis.transport.local.LocalSender/ globalConfiguration parameter name=disablePrettyXML value=true/ parameter name=enableNamespacePrefixOptimization value=true/ requestFlow handler type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=action value=Signature/ parameter name=passwordCallbackClass value=PWCallback/ parameter name=user value=sample/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / parameter name=encryptionSymAlgorithm value= http://www.w3.org/2001/04/xmlenc#aes128-cbc;http://www.w3.org/2001/04/xmlenc#aes128-cbc/ parameter name=encryptionKeyTransportAlgorithm value= http://www.w3.org/2001/04/xmlenc#rsa-1_5;http://www.w3.org/2001/04/xmlenc#rsa-1_5/ /handler /requestFlow responseFlow handler type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration Martin Gainty escribió: TomasBR the provided example works with WSS4J ..specificallyBR *WSS4J configuration*BR Below is the important parts from the deployment .wsdd-file for the web service. The test.PWCallback BR class is a simple class returning the password of the private key in the keystore. I used the same BR crypto.properties as the one supplied as wsstest.properties in the interop-folder. As you can see I have BR specified which algorithms to use for the session key and ecrypted session key (RSA15 and AES128). BR Did you try?BR SaludosBR Martin BR __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. -- Date: Wed, 3 Sep 2008 16:10:30 +0200 From: [EMAIL PROTECTED] To: axis-user@ws.apache.org Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j Thank you very
Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
Because I had no time enough to make the entire development with the
right certificate, I'm still waiting for it and this should be finnished
on friday... That's why I wanted to have some code(altough I was not
gonna work), and then had something prepared for the right certificate.
Then, in this case and if everything is all right, it should work (at
least partially) with the correct certificate... Could this be a client
error? (It looks as sever error...as I told you, i'm new in axis...)
This is the complete exception:
AxisFault
faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: WSDoAllReceiver: The certificate used for the signature is
not trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}hostname:cifweb02.asoatario.com
WSDoAllReceiver: The certificate used for the signature is not trusted
at
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
at
org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
at
org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at
org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
at
org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at
org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
Thank you very much / Muchas gracias por tu ayuda
José Ferreiro escribió:
Correct Frank,
Why don't you get the right certificate you need that is issued and
signed by the correct third party?
Un saludo.
José
On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Good news!!! After changing the keystore for interop2.jks, and
using alice as alias the exception changed :). Now it looks like
this:
WSDoAllReceiver: The certificate used for the signature is not
trusted
I'm trying the webservice client against a public webservice,
that's why I think this exception is pretty normal, cause this
certificate is self-signed, and the public webservice maybe needs
a trusted certificate. Am I right?
Thank you very much
Tomás Tormo escribió:
Sorry, my mistake, the client_deploy.wsdd file I'm using is the
following one:
deployment xmlns=http://xml.apache.org/axis/wsdd/;
http://xml.apache.org/axis/wsdd/
xmlns:java=http://xml.apache.org/axis/wsdd/providers/java;
http://xml.apache.org/axis/wsdd/providers/java
transport name=http
pivot=java:org.apache.axis.transport.http.HTTPSender/
globalConfiguration
requestFlow
handler name=DoSecuritySender
type=java:org.apache.ws.axis.security.WSDoAllSender
parameter name=passwordCallbackClass
value=pruebawebserviceregistraduria.PWCallback/
parameter name=user value=sample/
parameter name=action value=Signature/
parameter name=signaturePropFile value=crypto.properties /
parameter name=signatureKeyIdentifier
value=DirectReference /
/handler
/requestFlow
responseFlow
handler name=DoSecurityReceiver
type=java:org.apache.ws.axis.security.WSDoAllReceiver
parameter name=passwordCallbackClass
value=pruebawebserviceregistraduria.PWCallback/
parameter name=action value=Signature/
parameter name=signaturePropFile value=crypto.properties /
/handler
/responseFlow
/globalConfiguration
/deployment
Thank you
Tomás Tormo escribió:
Ok, sorry i didn't see the link...
Anyway i would like to ask you why you don't use
DirectReference as signatureKeyIdentifier instead of
RE: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
you can avoid all that and create the cert yourself for testing purposes on
your dev box
http://code.google.com/support/bin/answer.py?answer=71864topic=11369
Martin
__
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official business
of Sender. This transmission is of a confidential nature and Sender does not
endorse distribution to any party other than intended recipient. Sender does
not necessarily endorse content contained within this transmission.
Date: Wed, 3 Sep 2008 20:11:56 +0200
From: [EMAIL PROTECTED]
To: axis-user@ws.apache.org
Subject: Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature
with wss4j... Good News!!
Because I had no time enough to make the entire development with the
right certificate, I'm still waiting for it and this should be
finnished on friday... That's why I wanted to have some code(altough I
was not gonna work), and then had something prepared for the right
certificate. Then, in this case and if everything is all right, it
should work (at least partially) with the correct certificate...
Could this be a client error? (It looks as sever error...as I told you,
i'm new in axis...)
This is the complete exception:
AxisFault
faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: WSDoAllReceiver: The certificate used for the signature
is not trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}hostname:cifweb02.asoatario.com
WSDoAllReceiver: The certificate used for the signature is not trusted
at
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
at
org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
at
org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at
org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
Source)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
at
org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at
org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
Thank you very much / Muchas gracias por tu ayuda
José Ferreiro escribió:
Correct Frank,
Why don't you get the right certificate you need that is issued and
signed by the correct third party?
Un saludo.
José
On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo [EMAIL PROTECTED]
wrote:
Good news!!! After changing the keystore for interop2.jks, and using
alice as alias the exception changed :). Now it looks like this:
WSDoAllReceiver: The certificate used for the signature is not
trusted
I'm trying the webservice client against a public webservice, that's
why I think this exception is pretty normal, cause this certificate is
self-signed, and the public webservice maybe needs a trusted
certificate. Am I right?
Thank you very much
Tomás Tormo escribió:
Sorry, my mistake, the client_deploy.wsdd
file I'm using is the
following one:
deployment xmlns=http://xml.apache.org/axis/wsdd/;
xmlns:java=http://xml.apache.org/axis/wsdd/providers/java;
transport name=http
pivot=java:org.apache.axis.transport.http.HTTPSender/
globalConfiguration
requestFlow
handler name=DoSecuritySender
type=java:org.apache.ws.axis.security.WSDoAllSender
parameter name=passwordCallbackClass
value=pruebawebserviceregistraduria.PWCallback/
parameter name=user value=sample/
parameter name=action value=Signature/
parameter name=signaturePropFile value=crypto.properties
/
parameter name=signatureKeyIdentifier value
