Re: *SPAM* Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
/security/WSDoAllReceiver.html#288 } Un saludo José On Wed, Sep 3, 2008 at 9:31 PM, Martin Gainty [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: you can avoid all that and create the cert yourself for testing purposes on your dev box http://code.google.com/support/bin/answer.py?answer=71864topic=11369 http://code.google.com/support/bin/answer.py?answer=71864topic=11369 Martin __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Wed, 3 Sep 2008 20:11:56 +0200 From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: axis-user@ws.apache.org mailto:axis-user@ws.apache.org Subject: Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!! Because I had no time enough to make the entire development with the right certificate, I'm still waiting for it and this should be finnished on friday... That's why I wanted to have some code(altough I was not gonna work), and then had something prepared for the right certificate. Then, in this case and if everything is all right, it should work (at least partially) with the correct certificate... Could this be a client error? (It looks as sever error...as I told you, i'm new in axis...) This is the complete exception: AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException faultSubcode: faultString: WSDoAllReceiver: The certificate used for the signature is not trusted faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}hostname:cifweb02.asoatario.com http://cifweb02.asoatario.com WSDoAllReceiver: The certificate used for the signature is not trusted at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222) at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129) at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087) at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) at javax.xml.parsers.SAXParser.parse(SAXParser.java:395) at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227) at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696) at org.apache.axis.Message.getSOAPEnvelope(Message.java:435) at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) Thank you very much / Muchas gracias por tu ayuda José Ferreiro escribió: Correct Frank, Why don't you get the right certificate you need that is issued and signed by the correct third party? Un saludo. José On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Good news!!! After changing the keystore for interop2.jks, and using alice as alias the exception changed :). Now it looks like this: WSDoAllReceiver: The certificate used for the signature is not trusted I'm trying the webservice client against a public webservice, that's why I think this exception is pretty normal, cause this certificate is self-signed, and the public
Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
Good news!!! After changing the keystore for interop2.jks, and using alice as alias the exception changed :). Now it looks like this: WSDoAllReceiver: The certificate used for the signature is not trusted I'm trying the webservice client against a public webservice, that's why I think this exception is pretty normal, cause this certificate is self-signed, and the public webservice maybe needs a trusted certificate. Am I right? Thank you very much Tomás Tormo escribió: Sorry, my mistake, the client_deploy.wsdd file I'm using is the following one: deployment xmlns=http://xml.apache.org/axis/wsdd/; xmlns:java=http://xml.apache.org/axis/wsdd/providers/java; transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ globalConfiguration requestFlow handler name=DoSecuritySender type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=user value=sample/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / /handler /requestFlow responseFlow handler name=DoSecurityReceiver type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration /deployment Thank you Tomás Tormo escribió: Ok, sorry i didn't see the link... Anyway i would like to ask you why you don't use DirectReference as signatureKeyIdentifier instead of X509KeyIdentifier.Is the server able to verify the sign just with that? The client_deploy.wsdd file I was using was the following one (now it's a mix of several xD): ?xml version=1.0 encoding=UTF-8? deployment xmlns=http://xml.apache.org/axis/wsdd/; xmlns:java=http://xml.apache.org/axis/wsdd/providers/java; transport name=java pivot=java:org.apache.axis.transport.java.JavaSender/ transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ transport name=local pivot=java:org.apache.axis.transport.local.LocalSender/ globalConfiguration parameter name=disablePrettyXML value=true/ parameter name=enableNamespacePrefixOptimization value=true/ requestFlow handler type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=action value=Signature/ parameter name=passwordCallbackClass value=PWCallback/ parameter name=user value=sample/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / parameter name=encryptionSymAlgorithm value=http://www.w3.org/2001/04/xmlenc#aes128-cbc; / parameter name=encryptionKeyTransportAlgorithm value=http://www.w3.org/2001/04/xmlenc#rsa-1_5; / /handler /requestFlow responseFlow handler type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration Martin Gainty escribió: TomasBR the provided example works with WSS4J ..specificallyBR *WSS4J configuration*BR Below is the important parts from the deployment .wsdd-file for the web service. The test.PWCallback BR class is a simple class returning the password of the private key in the keystore. I used the same BR crypto.properties as the one supplied as wsstest.properties in the interop-folder. As you can see I have BR specified which algorithms to use for the session key and ecrypted session key (RSA15 and AES128). BR Did you try?BR SaludosBR Martin BR __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Wed, 3 Sep 2008 16:10:30 +0200 From: [EMAIL PROTECTED] To: axis-user@ws.apache.org Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j Thank you very much for your answer, but i forgot to specify that i'm writing a client in java using wss4j and not WSE, and i don't have access to the server (anyway, i'm new in this field, so maybe i haven't understood it well...) Do you know how to do the same for wss4j in the client? Thank you. Martin Gainty escribió: policies xmlns=http://schemas.microsoft.com/wse/2005/06/policy; http://schemas.microsoft.com/wse/2005/06/policyBR policy name=x509BR assume the
Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
Correct Frank, Why don't you get the right certificate you need that is issued and signed by the correct third party? Un saludo. José On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo [EMAIL PROTECTED] wrote: Good news!!! After changing the keystore for interop2.jks, and using alice as alias the exception changed :). Now it looks like this: WSDoAllReceiver: The certificate used for the signature is not trusted I'm trying the webservice client against a public webservice, that's why I think this exception is pretty normal, cause this certificate is self-signed, and the public webservice maybe needs a trusted certificate. Am I right? Thank you very much Tomás Tormo escribió: Sorry, my mistake, the client_deploy.wsdd file I'm using is the following one: deployment xmlns=http://xml.apache.org/axis/wsdd/;http://xml.apache.org/axis/wsdd/xmlns:java= http://xml.apache.org/axis/wsdd/providers/java;http://xml.apache.org/axis/wsdd/providers/java transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ globalConfiguration requestFlow handler name=DoSecuritySender type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=user value=sample/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / /handler /requestFlow responseFlow handler name=DoSecurityReceiver type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration /deployment Thank you Tomás Tormo escribió: Ok, sorry i didn't see the link... Anyway i would like to ask you why you don't use DirectReference as signatureKeyIdentifier instead of X509KeyIdentifier.Is the server able to verify the sign just with that? The client_deploy.wsdd file I was using was the following one (now it's a mix of several xD): ?xml version=1.0 encoding=UTF-8? deployment xmlns=http://xml.apache.org/axis/wsdd/;http://xml.apache.org/axis/wsdd/xmlns:java= http://xml.apache.org/axis/wsdd/providers/java;http://xml.apache.org/axis/wsdd/providers/java transport name=java pivot=java:org.apache.axis.transport.java.JavaSender/ transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ transport name=local pivot=java:org.apache.axis.transport.local.LocalSender/ globalConfiguration parameter name=disablePrettyXML value=true/ parameter name=enableNamespacePrefixOptimization value=true/ requestFlow handler type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=action value=Signature/ parameter name=passwordCallbackClass value=PWCallback/ parameter name=user value=sample/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / parameter name=encryptionSymAlgorithm value= http://www.w3.org/2001/04/xmlenc#aes128-cbc;http://www.w3.org/2001/04/xmlenc#aes128-cbc/ parameter name=encryptionKeyTransportAlgorithm value= http://www.w3.org/2001/04/xmlenc#rsa-1_5;http://www.w3.org/2001/04/xmlenc#rsa-1_5/ /handler /requestFlow responseFlow handler type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration Martin Gainty escribió: TomasBR the provided example works with WSS4J ..specificallyBR *WSS4J configuration*BR Below is the important parts from the deployment .wsdd-file for the web service. The test.PWCallback BR class is a simple class returning the password of the private key in the keystore. I used the same BR crypto.properties as the one supplied as wsstest.properties in the interop-folder. As you can see I have BR specified which algorithms to use for the session key and ecrypted session key (RSA15 and AES128). BR Did you try?BR SaludosBR Martin BR __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. -- Date: Wed, 3 Sep 2008 16:10:30 +0200 From: [EMAIL PROTECTED] To: axis-user@ws.apache.org Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j Thank you very
Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
Because I had no time enough to make the entire development with the right certificate, I'm still waiting for it and this should be finnished on friday... That's why I wanted to have some code(altough I was not gonna work), and then had something prepared for the right certificate. Then, in this case and if everything is all right, it should work (at least partially) with the correct certificate... Could this be a client error? (It looks as sever error...as I told you, i'm new in axis...) This is the complete exception: AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException faultSubcode: faultString: WSDoAllReceiver: The certificate used for the signature is not trusted faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}hostname:cifweb02.asoatario.com WSDoAllReceiver: The certificate used for the signature is not trusted at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222) at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129) at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087) at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) at javax.xml.parsers.SAXParser.parse(SAXParser.java:395) at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227) at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696) at org.apache.axis.Message.getSOAPEnvelope(Message.java:435) at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) Thank you very much / Muchas gracias por tu ayuda José Ferreiro escribió: Correct Frank, Why don't you get the right certificate you need that is issued and signed by the correct third party? Un saludo. José On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Good news!!! After changing the keystore for interop2.jks, and using alice as alias the exception changed :). Now it looks like this: WSDoAllReceiver: The certificate used for the signature is not trusted I'm trying the webservice client against a public webservice, that's why I think this exception is pretty normal, cause this certificate is self-signed, and the public webservice maybe needs a trusted certificate. Am I right? Thank you very much Tomás Tormo escribió: Sorry, my mistake, the client_deploy.wsdd file I'm using is the following one: deployment xmlns=http://xml.apache.org/axis/wsdd/; http://xml.apache.org/axis/wsdd/ xmlns:java=http://xml.apache.org/axis/wsdd/providers/java; http://xml.apache.org/axis/wsdd/providers/java transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ globalConfiguration requestFlow handler name=DoSecuritySender type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=user value=sample/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / /handler /requestFlow responseFlow handler name=DoSecurityReceiver type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration /deployment Thank you Tomás Tormo escribió: Ok, sorry i didn't see the link... Anyway i would like to ask you why you don't use DirectReference as signatureKeyIdentifier instead of
RE: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
you can avoid all that and create the cert yourself for testing purposes on your dev box http://code.google.com/support/bin/answer.py?answer=71864topic=11369 Martin __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Wed, 3 Sep 2008 20:11:56 +0200 From: [EMAIL PROTECTED] To: axis-user@ws.apache.org Subject: Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!! Because I had no time enough to make the entire development with the right certificate, I'm still waiting for it and this should be finnished on friday... That's why I wanted to have some code(altough I was not gonna work), and then had something prepared for the right certificate. Then, in this case and if everything is all right, it should work (at least partially) with the correct certificate... Could this be a client error? (It looks as sever error...as I told you, i'm new in axis...) This is the complete exception: AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException faultSubcode: faultString: WSDoAllReceiver: The certificate used for the signature is not trusted faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}hostname:cifweb02.asoatario.com WSDoAllReceiver: The certificate used for the signature is not trusted at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222) at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129) at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087) at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) at javax.xml.parsers.SAXParser.parse(SAXParser.java:395) at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227) at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696) at org.apache.axis.Message.getSOAPEnvelope(Message.java:435) at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) Thank you very much / Muchas gracias por tu ayuda José Ferreiro escribió: Correct Frank, Why don't you get the right certificate you need that is issued and signed by the correct third party? Un saludo. José On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo [EMAIL PROTECTED] wrote: Good news!!! After changing the keystore for interop2.jks, and using alice as alias the exception changed :). Now it looks like this: WSDoAllReceiver: The certificate used for the signature is not trusted I'm trying the webservice client against a public webservice, that's why I think this exception is pretty normal, cause this certificate is self-signed, and the public webservice maybe needs a trusted certificate. Am I right? Thank you very much Tomás Tormo escribió: Sorry, my mistake, the client_deploy.wsdd file I'm using is the following one: deployment xmlns=http://xml.apache.org/axis/wsdd/; xmlns:java=http://xml.apache.org/axis/wsdd/providers/java; transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ globalConfiguration requestFlow handler name=DoSecuritySender type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=user value=sample/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value