Re: *SPAM* Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
/security/WSDoAllReceiver.html#288 } Un saludo José On Wed, Sep 3, 2008 at 9:31 PM, Martin Gainty [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: you can avoid all that and create the cert yourself for testing purposes on your dev box http://code.google.com/support/bin/answer.py?answer=71864topic=11369 http://code.google.com/support/bin/answer.py?answer=71864topic=11369 Martin __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Wed, 3 Sep 2008 20:11:56 +0200 From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: axis-user@ws.apache.org mailto:axis-user@ws.apache.org Subject: Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!! Because I had no time enough to make the entire development with the right certificate, I'm still waiting for it and this should be finnished on friday... That's why I wanted to have some code(altough I was not gonna work), and then had something prepared for the right certificate. Then, in this case and if everything is all right, it should work (at least partially) with the correct certificate... Could this be a client error? (It looks as sever error...as I told you, i'm new in axis...) This is the complete exception: AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException faultSubcode: faultString: WSDoAllReceiver: The certificate used for the signature is not trusted faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}hostname:cifweb02.asoatario.com http://cifweb02.asoatario.com WSDoAllReceiver: The certificate used for the signature is not trusted at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222) at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129) at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087) at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) at javax.xml.parsers.SAXParser.parse(SAXParser.java:395) at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227) at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696) at org.apache.axis.Message.getSOAPEnvelope(Message.java:435) at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) Thank you very much / Muchas gracias por tu ayuda José Ferreiro escribió: Correct Frank, Why don't you get the right certificate you need that is issued and signed by the correct third party? Un saludo. José On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Good news!!! After changing the keystore for interop2.jks, and using alice as alias the exception changed :). Now it looks like this: WSDoAllReceiver: The certificate used for the signature is not trusted I'm trying the webservice client against a public webservice, that's why I think this exception is pretty normal, cause this certificate is self-signed, and the public
Problem verifying the signature with wss4j
Greetings I'm trying to write an webservice client wich uses signed SOAP messages in order to communicate. For this, i'm using wss4j 1.5.3 with axis 1.4. I've succesfully wrote the client code wich signs the message and sends it to the server, but i'm getting the following error: WSDoAllReceiver: security processing failed; nested exception is: org.apache.ws.security.WSSecurityException: The signature verification failed (The provided certificate is invalid) As far as i know (by reading posts in the internet) this is caused because the XML is modified after it is signed. I've tried to set the disablePrettyXML to true and the enableNamespacePrefixOptimization to false, but it didn't work... I've read in other posts that this could be caused by the default blank namespaces added by Axis (when I checked the XML thanks to TCPMonitor, i could see that the attributes of the sent objects had no namespace, but the object itself had). Does anybody have any solution for this problem? Could be possible to disable the default namespace in axis? Thank you very much -- Un saludo, Tomás Tormo Franco Indenova, S.L. Tels.: +34 963 81 99 47 ext.519 http://www.indenova.com mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem verifying the signature with wss4j
Hello Tomás, May/Did you try using the certificates in the interop folder from the wss4j 1.5.3 distribution? Maybe you have a problem with your certificate. Is it a self-signed certificate? Regards, Jose Ferreiro On Wed, Sep 3, 2008 at 2:30 PM, Tomás Tormo [EMAIL PROTECTED] wrote: Greetings I'm trying to write an webservice client wich uses signed SOAP messages in order to communicate. For this, i'm using wss4j 1.5.3 with axis 1.4. I've succesfully wrote the client code wich signs the message and sends it to the server, but i'm getting the following error: WSDoAllReceiver: security processing failed; nested exception is: org.apache.ws.security.WSSecurityException: The signature verification failed (The provided certificate is invalid) As far as i know (by reading posts in the internet) this is caused because the XML is modified after it is signed. I've tried to set the disablePrettyXML to true and the enableNamespacePrefixOptimization to false, but it didn't work... I've read in other posts that this could be caused by the default blank namespaces added by Axis (when I checked the XML thanks to TCPMonitor, i could see that the attributes of the sent objects had no namespace, but the object itself had). Does anybody have any solution for this problem? Could be possible to disable the default namespace in axis? Thank you very much -- Un saludo, Tomás Tormo Franco Indenova, S.L. Tels.: +34 963 81 99 47 ext.519 http://www.indenova.com mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Jose Ferreiro EPFL Communication Systems engineer ing.sys.com.dipl.EPFL
Re: *SPAM* Re: Problem verifying the signature with wss4j
No, actually I was using the sample.jks file from this IBM example http://www.ibm.com/developerworks/xml/library/ws-soa-verifyxml/index.html. Could I use the interop2.jks file (wich password is password) from the interop folder? Thank you very much José Ferreiro escribió: Hello Tomás, May/Did you try using the certificates in the interop folder from the wss4j 1.5.3 distribution? Maybe you have a problem with your certificate. Is it a self-signed certificate? Regards, Jose Ferreiro On Wed, Sep 3, 2008 at 2:30 PM, Tomás Tormo [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Greetings I'm trying to write an webservice client wich uses signed SOAP messages in order to communicate. For this, i'm using wss4j 1.5.3 with axis 1.4. I've succesfully wrote the client code wich signs the message and sends it to the server, but i'm getting the following error: WSDoAllReceiver: security processing failed; nested exception is: org.apache.ws.security.WSSecurityException: The signature verification failed (The provided certificate is invalid) As far as i know (by reading posts in the internet) this is caused because the XML is modified after it is signed. I've tried to set the disablePrettyXML to true and the enableNamespacePrefixOptimization to false, but it didn't work... I've read in other posts that this could be caused by the default blank namespaces added by Axis (when I checked the XML thanks to TCPMonitor, i could see that the attributes of the sent objects had no namespace, but the object itself had). Does anybody have any solution for this problem? Could be possible to disable the default namespace in axis? Thank you very much -- Un saludo, Tomás Tormo Franco Indenova, S.L. Tels.: +34 963 81 99 47 ext.519 http://www.indenova.com mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- Jose Ferreiro EPFL Communication Systems engineer ing.sys.com.dipl.EPFL -- Un saludo, Tomás Tormo Franco Indenova, S.L. Tels.: +34 963 81 99 47 ext.519 http://www.indenova.com mailto:[EMAIL PROTECTED]
Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j
Sorry, my mistake, the client_deploy.wsdd file I'm using is the following one: deployment xmlns=http://xml.apache.org/axis/wsdd/; xmlns:java=http://xml.apache.org/axis/wsdd/providers/java; transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ globalConfiguration requestFlow handler name=DoSecuritySender type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=user value=sample/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / /handler /requestFlow responseFlow handler name=DoSecurityReceiver type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration /deployment Thank you Tomás Tormo escribió: Ok, sorry i didn't see the link... Anyway i would like to ask you why you don't use DirectReference as signatureKeyIdentifier instead of X509KeyIdentifier.Is the server able to verify the sign just with that? The client_deploy.wsdd file I was using was the following one (now it's a mix of several xD): ?xml version=1.0 encoding=UTF-8? deployment xmlns=http://xml.apache.org/axis/wsdd/; xmlns:java=http://xml.apache.org/axis/wsdd/providers/java; transport name=java pivot=java:org.apache.axis.transport.java.JavaSender/ transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ transport name=local pivot=java:org.apache.axis.transport.local.LocalSender/ globalConfiguration parameter name=disablePrettyXML value=true/ parameter name=enableNamespacePrefixOptimization value=true/ requestFlow handler type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=action value=Signature/ parameter name=passwordCallbackClass value=PWCallback/ parameter name=user value=sample/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / parameter name=encryptionSymAlgorithm value=http://www.w3.org/2001/04/xmlenc#aes128-cbc; / parameter name=encryptionKeyTransportAlgorithm value=http://www.w3.org/2001/04/xmlenc#rsa-1_5; / /handler /requestFlow responseFlow handler type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration Martin Gainty escribió: TomasBR the provided example works with WSS4J ..specificallyBR *WSS4J configuration*BR Below is the important parts from the deployment .wsdd-file for the web service. The test.PWCallback BR class is a simple class returning the password of the private key in the keystore. I used the same BR crypto.properties as the one supplied as wsstest.properties in the interop-folder. As you can see I have BR specified which algorithms to use for the session key and ecrypted session key (RSA15 and AES128). BR Did you try?BR SaludosBR Martin BR __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Wed, 3 Sep 2008 16:10:30 +0200 From: [EMAIL PROTECTED] To: axis-user@ws.apache.org Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j Thank you very much for your answer, but i forgot to specify that i'm writing a client in java using wss4j and not WSE, and i don't have access to the server (anyway, i'm new in this field, so maybe i haven't understood it well...) Do you know how to do the same for wss4j in the client? Thank you. Martin Gainty escribió: policies xmlns=http://schemas.microsoft.com/wse/2005/06/policy; http://schemas.microsoft.com/wse/2005/06/policyBR policy name=x509BR assume the specified policy includes the directive messageProtectionOrder=SignBeforeEncrypt BR http://erlend.oftedal.no/blog/?blogid=12 BR SaludosBR Martin BR __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender
Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
Good news!!! After changing the keystore for interop2.jks, and using alice as alias the exception changed :). Now it looks like this: WSDoAllReceiver: The certificate used for the signature is not trusted I'm trying the webservice client against a public webservice, that's why I think this exception is pretty normal, cause this certificate is self-signed, and the public webservice maybe needs a trusted certificate. Am I right? Thank you very much Tomás Tormo escribió: Sorry, my mistake, the client_deploy.wsdd file I'm using is the following one: deployment xmlns=http://xml.apache.org/axis/wsdd/; xmlns:java=http://xml.apache.org/axis/wsdd/providers/java; transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ globalConfiguration requestFlow handler name=DoSecuritySender type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=user value=sample/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / /handler /requestFlow responseFlow handler name=DoSecurityReceiver type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration /deployment Thank you Tomás Tormo escribió: Ok, sorry i didn't see the link... Anyway i would like to ask you why you don't use DirectReference as signatureKeyIdentifier instead of X509KeyIdentifier.Is the server able to verify the sign just with that? The client_deploy.wsdd file I was using was the following one (now it's a mix of several xD): ?xml version=1.0 encoding=UTF-8? deployment xmlns=http://xml.apache.org/axis/wsdd/; xmlns:java=http://xml.apache.org/axis/wsdd/providers/java; transport name=java pivot=java:org.apache.axis.transport.java.JavaSender/ transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ transport name=local pivot=java:org.apache.axis.transport.local.LocalSender/ globalConfiguration parameter name=disablePrettyXML value=true/ parameter name=enableNamespacePrefixOptimization value=true/ requestFlow handler type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=action value=Signature/ parameter name=passwordCallbackClass value=PWCallback/ parameter name=user value=sample/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / parameter name=encryptionSymAlgorithm value=http://www.w3.org/2001/04/xmlenc#aes128-cbc; / parameter name=encryptionKeyTransportAlgorithm value=http://www.w3.org/2001/04/xmlenc#rsa-1_5; / /handler /requestFlow responseFlow handler type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration Martin Gainty escribió: TomasBR the provided example works with WSS4J ..specificallyBR *WSS4J configuration*BR Below is the important parts from the deployment .wsdd-file for the web service. The test.PWCallback BR class is a simple class returning the password of the private key in the keystore. I used the same BR crypto.properties as the one supplied as wsstest.properties in the interop-folder. As you can see I have BR specified which algorithms to use for the session key and ecrypted session key (RSA15 and AES128). BR Did you try?BR SaludosBR Martin BR __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Wed, 3 Sep 2008 16:10:30 +0200 From: [EMAIL PROTECTED] To: axis-user@ws.apache.org Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j Thank you very much for your answer, but i forgot to specify that i'm writing a client in java using wss4j and not WSE, and i don't have access to the server (anyway, i'm new in this field, so maybe i haven't understood it well...) Do you know how to do the same for wss4j in the client? Thank you. Martin Gainty escribió: policies xmlns=http://schemas.microsoft.com/wse/2005/06/policy; http://schemas.microsoft.com/wse/2005/06/policyBR policy name=x509BR assume
Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
Correct Frank, Why don't you get the right certificate you need that is issued and signed by the correct third party? Un saludo. José On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo [EMAIL PROTECTED] wrote: Good news!!! After changing the keystore for interop2.jks, and using alice as alias the exception changed :). Now it looks like this: WSDoAllReceiver: The certificate used for the signature is not trusted I'm trying the webservice client against a public webservice, that's why I think this exception is pretty normal, cause this certificate is self-signed, and the public webservice maybe needs a trusted certificate. Am I right? Thank you very much Tomás Tormo escribió: Sorry, my mistake, the client_deploy.wsdd file I'm using is the following one: deployment xmlns=http://xml.apache.org/axis/wsdd/;http://xml.apache.org/axis/wsdd/xmlns:java= http://xml.apache.org/axis/wsdd/providers/java;http://xml.apache.org/axis/wsdd/providers/java transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ globalConfiguration requestFlow handler name=DoSecuritySender type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=user value=sample/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / /handler /requestFlow responseFlow handler name=DoSecurityReceiver type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration /deployment Thank you Tomás Tormo escribió: Ok, sorry i didn't see the link... Anyway i would like to ask you why you don't use DirectReference as signatureKeyIdentifier instead of X509KeyIdentifier.Is the server able to verify the sign just with that? The client_deploy.wsdd file I was using was the following one (now it's a mix of several xD): ?xml version=1.0 encoding=UTF-8? deployment xmlns=http://xml.apache.org/axis/wsdd/;http://xml.apache.org/axis/wsdd/xmlns:java= http://xml.apache.org/axis/wsdd/providers/java;http://xml.apache.org/axis/wsdd/providers/java transport name=java pivot=java:org.apache.axis.transport.java.JavaSender/ transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ transport name=local pivot=java:org.apache.axis.transport.local.LocalSender/ globalConfiguration parameter name=disablePrettyXML value=true/ parameter name=enableNamespacePrefixOptimization value=true/ requestFlow handler type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=action value=Signature/ parameter name=passwordCallbackClass value=PWCallback/ parameter name=user value=sample/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / parameter name=encryptionSymAlgorithm value= http://www.w3.org/2001/04/xmlenc#aes128-cbc;http://www.w3.org/2001/04/xmlenc#aes128-cbc/ parameter name=encryptionKeyTransportAlgorithm value= http://www.w3.org/2001/04/xmlenc#rsa-1_5;http://www.w3.org/2001/04/xmlenc#rsa-1_5/ /handler /requestFlow responseFlow handler type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration Martin Gainty escribió: TomasBR the provided example works with WSS4J ..specificallyBR *WSS4J configuration*BR Below is the important parts from the deployment .wsdd-file for the web service. The test.PWCallback BR class is a simple class returning the password of the private key in the keystore. I used the same BR crypto.properties as the one supplied as wsstest.properties in the interop-folder. As you can see I have BR specified which algorithms to use for the session key and ecrypted session key (RSA15 and AES128). BR Did you try?BR SaludosBR Martin BR __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. -- Date: Wed, 3 Sep 2008 16:10:30 +0200 From: [EMAIL PROTECTED] To: axis-user@ws.apache.org Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j Thank you very
Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
of X509KeyIdentifier.Is the server able to verify the sign just with that? The client_deploy.wsdd file I was using was the following one (now it's a mix of several xD): ?xml version=1.0 encoding=UTF-8? deployment xmlns=http://xml.apache.org/axis/wsdd/; http://xml.apache.org/axis/wsdd/ xmlns:java=http://xml.apache.org/axis/wsdd/providers/java; http://xml.apache.org/axis/wsdd/providers/java transport name=java pivot=java:org.apache.axis.transport.java.JavaSender/ transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ transport name=local pivot=java:org.apache.axis.transport.local.LocalSender/ globalConfiguration parameter name=disablePrettyXML value=true/ parameter name=enableNamespacePrefixOptimization value=true/ requestFlow handler type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=action value=Signature/ parameter name=passwordCallbackClass value=PWCallback/ parameter name=user value=sample/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value=DirectReference / parameter name=encryptionSymAlgorithm value=http://www.w3.org/2001/04/xmlenc#aes128-cbc; http://www.w3.org/2001/04/xmlenc#aes128-cbc / parameter name=encryptionKeyTransportAlgorithm value=http://www.w3.org/2001/04/xmlenc#rsa-1_5; http://www.w3.org/2001/04/xmlenc#rsa-1_5 / /handler /requestFlow responseFlow handler type=java:org.apache.ws.axis.security.WSDoAllReceiver parameter name=passwordCallbackClass value=PWCallback/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / /handler /responseFlow /globalConfiguration Martin Gainty escribió: TomasBR the provided example works with WSS4J ..specificallyBR *WSS4J configuration*BR Below is the important parts from the deployment .wsdd-file for the web service. The test.PWCallback BR class is a simple class returning the password of the private key in the keystore. I used the same BR crypto.properties as the one supplied as wsstest.properties in the interop-folder. As you can see I have BR specified which algorithms to use for the session key and ecrypted session key (RSA15 and AES128). BR Did you try?BR SaludosBR Martin BR __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Wed, 3 Sep 2008 16:10:30 +0200 From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: axis-user@ws.apache.org mailto:axis-user@ws.apache.org Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j Thank you very much for your answer, but i forgot to specify that i'm writing a client in java using wss4j and not WSE, and i don't have access to the server (anyway, i'm new in this field, so maybe i haven't understood it well...) Do you know how to do the same for wss4j in the client? Thank you. Martin Gainty escribió: policies xmlns=http://schemas.microsoft.com/wse/2005/06/policy; http://schemas.microsoft.com/wse/2005/06/policyBR policy name=x509BR assume the specified policy includes the directive messageProtectionOrder=SignBeforeEncrypt BR http://erlend.oftedal.no/blog/?blogid=12 BR SaludosBR Martin BR __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Wed, 3 Sep 2008 14:30:40 +0200 From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: axis-user@ws.apache.org mailto:axis-user@ws.apache.org Subject: Problem verifying the signature with wss4j Greetings I'm trying to write an webservice client wich uses signed SOAP messages in order to communicate. For this, i'm using wss4j 1.5.3 with axis 1.4. I've succesfully wrote the client code wich signs the message and sends it to the server, but i'm getting
RE: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!!
you can avoid all that and create the cert yourself for testing purposes on your dev box http://code.google.com/support/bin/answer.py?answer=71864topic=11369 Martin __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Wed, 3 Sep 2008 20:11:56 +0200 From: [EMAIL PROTECTED] To: axis-user@ws.apache.org Subject: Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature with wss4j... Good News!! Because I had no time enough to make the entire development with the right certificate, I'm still waiting for it and this should be finnished on friday... That's why I wanted to have some code(altough I was not gonna work), and then had something prepared for the right certificate. Then, in this case and if everything is all right, it should work (at least partially) with the correct certificate... Could this be a client error? (It looks as sever error...as I told you, i'm new in axis...) This is the complete exception: AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException faultSubcode: faultString: WSDoAllReceiver: The certificate used for the signature is not trusted faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}hostname:cifweb02.asoatario.com WSDoAllReceiver: The certificate used for the signature is not trusted at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222) at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129) at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087) at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) at javax.xml.parsers.SAXParser.parse(SAXParser.java:395) at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227) at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696) at org.apache.axis.Message.getSOAPEnvelope(Message.java:435) at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) Thank you very much / Muchas gracias por tu ayuda José Ferreiro escribió: Correct Frank, Why don't you get the right certificate you need that is issued and signed by the correct third party? Un saludo. José On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo [EMAIL PROTECTED] wrote: Good news!!! After changing the keystore for interop2.jks, and using alice as alias the exception changed :). Now it looks like this: WSDoAllReceiver: The certificate used for the signature is not trusted I'm trying the webservice client against a public webservice, that's why I think this exception is pretty normal, cause this certificate is self-signed, and the public webservice maybe needs a trusted certificate. Am I right? Thank you very much Tomás Tormo escribió: Sorry, my mistake, the client_deploy.wsdd file I'm using is the following one: deployment xmlns=http://xml.apache.org/axis/wsdd/; xmlns:java=http://xml.apache.org/axis/wsdd/providers/java; transport name=http pivot=java:org.apache.axis.transport.http.HTTPSender/ globalConfiguration requestFlow handler name=DoSecuritySender type=java:org.apache.ws.axis.security.WSDoAllSender parameter name=passwordCallbackClass value=pruebawebserviceregistraduria.PWCallback/ parameter name=user value=sample/ parameter name=action value=Signature/ parameter name=signaturePropFile value=crypto.properties / parameter name=signatureKeyIdentifier value