subject:"Rampart signature"

Rampart signature

2007-10-17 Thread Tirtza Bernstein

I am using Axis2-1.3 and Rampart 1.3.
I am the client and my requests need to be signed.
 
My axis.client.xml includes the following
 
 
 
 
  
Signature
wally
crypto.properties
 
net.idt.svp.security.PWCallback
DirectReference
  

 

   
 Signature
 crypto.properties
   

 
My crypto.properties 
 
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.file=J:\svp_prime\trunk\security\test.j
ks
org.apache.ws.security.crypto.merlin.keystore.password=pswd

My Client includes the following:
_serviceClient.getOptions().setTo(new
org.apache.axis2.addressing.EndpointReference(targetEndpoint));
 
_serviceClient.getOptions().setUseSeparateListener(useSeparateListener);
 
StAXOMBuilder builder = new StAXOMBuilder("resources/policy.xml");

Policy clientPolicy =
PolicyEngine.getPolicy(builder.getDocumentElement());
 
_serviceClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLIC
Y, clientPolicy);
_serviceClient.engageModule("rampart");

My problem is that I have no clue how to set up the policy.xml.  Rampart's
examples do not include an example of pure signature only (no timestamp).
 
 
Can someone supply me with an example?
Thanks.

RE: Rampart signature

2007-10-18 Thread Senthivel U S

Hi,

 

Couple of days back I had the same problem but I could not make it using
rampart but solved the problem.  Find below the working code. I have created
the stub using wsdl with Eclipse IDE.

 

URL endPointURL = new URL("http:// ");

EngineConfiguration config = new FileProvider("client_deploy.wsdd");

Service service = new Service(config);

TestSoapStub stub = new TestSoapStub(endPointURL, service);

 

stub._setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.SIGNATURE);

stub._setProperty(WSHandlerConstants.SIG_PROP_FILE,
"client_crypto.properties");

stub._setProperty(WSHandlerConstants.USER, "client");

 
stub._setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,"com.unistream.client
.ServiceSecurityHandler");

 
stub._setProperty(WSHandlerConstants.SIG_KEY_ID,"DirectReference");

 

  stub.login(userID,password);

 

client.deploy.wsdd file (just copy the same contents)

 

http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>

 

  

   





   

  



 

client_crypto.properties file  (just copy  the same contents and change the
keystore.password, keystore.alias, alias.password, merlin.file according to
ur spec)

 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin

org.apache.ws.security.crypto.merlin.keystore.type=jks

org.apache.ws.security.crypto.merlin.keystore.password=xyzabc

org.apache.ws.security.crypto.merlin.keystore.alias=client

org.apache.ws.security.crypto.merlin.alias.password= xyzabc

org.apache.ws.security.crypto.merlin.file=client.jks

 

If you find any other better solution, please let me know.

 

Regards,

 

-senthil

 

  _  

From: Tirtza Bernstein [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 17, 2007 7:54 PM
To: axis-user@ws.apache.org
Subject: Rampart signature

 

I am using Axis2-1.3 and Rampart 1.3.

I am the client and my requests need to be signed.

 

My axis.client.xml includes the following

 

 

 

 
  
Signature
wally
crypto.properties
 
net.idt.svp.security.PWCallback
DirectReference
  


 


   
 Signature
 crypto.properties
   


 

My crypto.properties 

 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.file=J:\svp_prime\trunk\security\test.j
ks
org.apache.ws.security.crypto.merlin.keystore.password=pswd

My Client includes the following:

_serviceClient.getOptions().setTo(new
org.apache.axis2.addressing.EndpointReference(targetEndpoint));
 
_serviceClient.getOptions().setUseSeparateListener(useSeparateListener);

 

StAXOMBuilder builder = new StAXOMBuilder("resources/policy.xml");

Policy clientPolicy =
PolicyEngine.getPolicy(builder.getDocumentElement());
 
_serviceClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLIC
Y, clientPolicy);
_serviceClient.engageModule("rampart");

My problem is that I have no clue how to set up the policy.xml.  Rampart's
examples do not include an example of pure signature only (no timestamp).

 

 

Can someone supply me with an example?

Thanks.

RE: Rampart signature

2007-10-18 Thread Tirtza Bernstein

I meant 1.x.  With upgrade to axis2 rampart is necessary for client
certificates.

  _  

From: Senthivel U S [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 18, 2007 4:08 PM
To: axis-user@ws.apache.org
Subject: RE: Rampart signature



Actually I am using Axis/1.3 but I have used this for signing since I could
not make it with rampart.

 

  _  

From: Tirtza Bernstein [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 18, 2007 6:02 PM
To: axis-user@ws.apache.org
Subject: RE: Rampart signature

 

It look slike you are using axis1.  I need a solution for axis2.

I have Rampart set up properly I just need a policy.xml which will allow me
to send a client certificate. (no encryption and no timestamp)

 

Does anyone have a policy.xml  that defines this?

 

  _  

From: Senthivel U S [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 18, 2007 1:17 PM
To: axis-user@ws.apache.org
Subject: RE: Rampart signature

Hi,

 

Couple of days back I had the same problem but I could not make it using
rampart but solved the problem.  Find below the working code. I have created
the stub using wsdl with Eclipse IDE.

 

URL endPointURL = new URL("http:// ");

EngineConfiguration config = new FileProvider("client_deploy.wsdd");

Service service = new Service(config);

TestSoapStub stub = new TestSoapStub(endPointURL, service);

 

stub._setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.SIGNATURE);

stub._setProperty(WSHandlerConstants.SIG_PROP_FILE,
"client_crypto.properties");

stub._setProperty(WSHandlerConstants.USER, "client");

 
stub._setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,"com.unistream.client
.ServiceSecurityHandler");

 
stub._setProperty(WSHandlerConstants.SIG_KEY_ID,"DirectReference");

 

  stub.login(userID,password);

 

client.deploy.wsdd file (just copy the same contents)

 

http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>

 

  

   





   

  



 

client_crypto.properties file  (just copy  the same contents and change the
keystore.password, keystore.alias, alias.password, merlin.file according to
ur spec)

 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin

org.apache.ws.security.crypto.merlin.keystore.type=jks

org.apache.ws.security.crypto.merlin.keystore.password=xyzabc

org.apache.ws.security.crypto.merlin.keystore.alias=client

org.apache.ws.security.crypto.merlin.alias.password= xyzabc

org.apache.ws.security.crypto.merlin.file=client.jks

 

If you find any other better solution, please let me know.

 

Regards,

 

-senthil

 

  _  

From: Tirtza Bernstein [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 17, 2007 7:54 PM
To: axis-user@ws.apache.org
Subject: Rampart signature

 

I am using Axis2-1.3 and Rampart 1.3.

I am the client and my requests need to be signed.

 

My axis.client.xml includes the following

 

 

 

 
  
Signature
wally
crypto.properties
 
net.idt.svp.security.PWCallback
DirectReference
  


 


   
 Signature
 crypto.properties
   


 

My crypto.properties 

 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.file=J:\svp_prime\trunk\security\test.j
ks
org.apache.ws.security.crypto.merlin.keystore.password=pswd

My Client includes the following:

_serviceClient.getOptions().setTo(new
org.apache.axis2.addressing.EndpointReference(targetEndpoint));
 
_serviceClient.getOptions().setUseSeparateListener(useSeparateListener);

 

StAXOMBuilder builder = new StAXOMBuilder("resources/policy.xml");

Policy clientPolicy =
PolicyEngine.getPolicy(builder.getDocumentElement());
 
_serviceClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLIC
Y, clientPolicy);
_serviceClient.engageModule("rampart");

My problem is that I have no clue how to set up the policy.xml.  Rampart's
examples do not include an example of pure signature only (no timestamp).

 

 

Can someone supply me with an example?

Thanks.

Re: Rampart signature

2007-10-18 Thread Nandana Mihindukulasooriya

Hi Tirtza,
  It seems something like this would will work for you. You have to
specify what should be signed within the
.

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";>


http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>



http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">








http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>



















http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>


http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>





http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>






http://ws.apache.org/rampart/policy";>
XXX

com.wso2.interop.wcf.wss10.WSS10Client


JKS
keys/sec.jks
password








Regards,
Nandana




On 10/18/07, Tirtza Bernstein <[EMAIL PROTECTED]> wrote:
>
>  It look slike you are using axis1.  I need a solution for axis2.
> I have Rampart set up properly I just need a policy.xml which will allow
> me to send a client certificate. (no encryption and no timestamp)
>
> Does anyone have a policy.xml  that defines this?
>
>  --
> *From:* Senthivel U S [mailto:[EMAIL PROTECTED]
> *Sent:* Thursday, October 18, 2007 1:17 PM
> *To:* axis-user@ws.apache.org
> *Subject:* RE: Rampart signature
>
>   Hi,
>
>
>
> Couple of days back I had the same problem but I could not make it using
> rampart but solved the problem.  Find below the working code. I have created
> the stub using wsdl with Eclipse IDE.
>
>
>
> URL endPointURL = new URL("http:// ");
>
> EngineConfiguration config = new FileProvider("client_deploy.wsdd");
>
> Service service = new Service(config);
>
> TestSoapStub stub = new TestSoapStub(endPointURL, service);
>
>
>
> stub._setProperty(WSHandlerConstants.ACTION,
> WSHandlerConstants.SIGNATURE);
>
> stub._setProperty(WSHandlerConstants.SIG_PROP_FILE,
> "client_crypto.properties");
>
> stub._setProperty(WSHandlerConstants.USER, "client");
>
> stub._setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,"
> com.unistream.client.ServiceSecurityHandler");
>
> stub._setProperty(WSHandlerConstants.SIG_KEY_ID
> ,"DirectReference");
>
>
>
>   stub.login(userID,password);
>
>
>
> client.deploy.wsdd file (just copy the same contents)
>
>
>
> http://xml.apache.org/axis/wsdd/"; xmlns:java="
> http://xml.apache.org/axis/wsdd/providers/java";>
>
>  
>
>   
>
>
>
> 
>
> 
>
>
>
>   
>
> 
>
>
>
> client_crypto.properties file  (just copy  the same contents and change
> the keystore.password, keystore.alias, alias.password, merlin.fileaccording 
> to ur spec)
>
>
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>
> org.apache.ws.security.crypto.merlin.keystore.type=jks
>
> org.apache.ws.security.crypto.merlin.keystore.password=xyzabc
>
> org.apache.ws.security.crypto.merlin.keystore.alias=client
>
> org.apache.ws.security.crypto.merlin.alias.password= xyzabc
>
> org.apache.ws.security.crypto.merlin.file=client.j

RE: Rampart signature

2007-10-18 Thread Senthivel U S

Actually I am using Axis/1.3 but I have used this for signing since I could
not make it with rampart.

 

  _  

From: Tirtza Bernstein [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 18, 2007 6:02 PM
To: axis-user@ws.apache.org
Subject: RE: Rampart signature

 

It look slike you are using axis1.  I need a solution for axis2.

I have Rampart set up properly I just need a policy.xml which will allow me
to send a client certificate. (no encryption and no timestamp)

 

Does anyone have a policy.xml  that defines this?

 

  _  

From: Senthivel U S [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 18, 2007 1:17 PM
To: axis-user@ws.apache.org
Subject: RE: Rampart signature

Hi,

 

Couple of days back I had the same problem but I could not make it using
rampart but solved the problem.  Find below the working code. I have created
the stub using wsdl with Eclipse IDE.

 

URL endPointURL = new URL("http:// ");

EngineConfiguration config = new FileProvider("client_deploy.wsdd");

Service service = new Service(config);

TestSoapStub stub = new TestSoapStub(endPointURL, service);

 

stub._setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.SIGNATURE);

stub._setProperty(WSHandlerConstants.SIG_PROP_FILE,
"client_crypto.properties");

stub._setProperty(WSHandlerConstants.USER, "client");

 
stub._setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,"com.unistream.client
.ServiceSecurityHandler");

 
stub._setProperty(WSHandlerConstants.SIG_KEY_ID,"DirectReference");

 

  stub.login(userID,password);

 

client.deploy.wsdd file (just copy the same contents)

 

http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>

 

  

   





   

  



 

client_crypto.properties file  (just copy  the same contents and change the
keystore.password, keystore.alias, alias.password, merlin.file according to
ur spec)

 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin

org.apache.ws.security.crypto.merlin.keystore.type=jks

org.apache.ws.security.crypto.merlin.keystore.password=xyzabc

org.apache.ws.security.crypto.merlin.keystore.alias=client

org.apache.ws.security.crypto.merlin.alias.password= xyzabc

org.apache.ws.security.crypto.merlin.file=client.jks

 

If you find any other better solution, please let me know.

 

Regards,

 

-senthil

 

  _  

From: Tirtza Bernstein [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 17, 2007 7:54 PM
To: axis-user@ws.apache.org
Subject: Rampart signature

 

I am using Axis2-1.3 and Rampart 1.3.

I am the client and my requests need to be signed.

 

My axis.client.xml includes the following

 

 

 

 
  
Signature
wally
crypto.properties
 
net.idt.svp.security.PWCallback
DirectReference
  


 


   
 Signature
 crypto.properties
   


 

My crypto.properties 

 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.file=J:\svp_prime\trunk\security\test.j
ks
org.apache.ws.security.crypto.merlin.keystore.password=pswd

My Client includes the following:

_serviceClient.getOptions().setTo(new
org.apache.axis2.addressing.EndpointReference(targetEndpoint));
 
_serviceClient.getOptions().setUseSeparateListener(useSeparateListener);

 

StAXOMBuilder builder = new StAXOMBuilder("resources/policy.xml");

Policy clientPolicy =
PolicyEngine.getPolicy(builder.getDocumentElement());
 
_serviceClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLIC
Y, clientPolicy);
_serviceClient.engageModule("rampart");

My problem is that I have no clue how to set up the policy.xml.  Rampart's
examples do not include an example of pure signature only (no timestamp).

 

 

Can someone supply me with an example?

Thanks.

RE: Rampart signature

2007-10-18 Thread Tirtza Bernstein

It look slike you are using axis1.  I need a solution for axis2.
I have Rampart set up properly I just need a policy.xml which will allow me
to send a client certificate. (no encryption and no timestamp)
 
Does anyone have a policy.xml  that defines this?

  _  

From: Senthivel U S [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 18, 2007 1:17 PM
To: axis-user@ws.apache.org
Subject: RE: Rampart signature



Hi,

 

Couple of days back I had the same problem but I could not make it using
rampart but solved the problem.  Find below the working code. I have created
the stub using wsdl with Eclipse IDE.

 

URL endPointURL = new URL("http:// ");

EngineConfiguration config = new FileProvider("client_deploy.wsdd");

Service service = new Service(config);

TestSoapStub stub = new TestSoapStub(endPointURL, service);

 

stub._setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.SIGNATURE);

stub._setProperty(WSHandlerConstants.SIG_PROP_FILE,
"client_crypto.properties");

stub._setProperty(WSHandlerConstants.USER, "client");

 
stub._setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,"com.unistream.client
.ServiceSecurityHandler");

 
stub._setProperty(WSHandlerConstants.SIG_KEY_ID,"DirectReference");

 

  stub.login(userID,password);

 

client.deploy.wsdd file (just copy the same contents)

 

http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>

 

  

   





   

  



 

client_crypto.properties file  (just copy  the same contents and change the
keystore.password, keystore.alias, alias.password, merlin.file according to
ur spec)

 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin

org.apache.ws.security.crypto.merlin.keystore.type=jks

org.apache.ws.security.crypto.merlin.keystore.password=xyzabc

org.apache.ws.security.crypto.merlin.keystore.alias=client

org.apache.ws.security.crypto.merlin.alias.password= xyzabc

org.apache.ws.security.crypto.merlin.file=client.jks

 

If you find any other better solution, please let me know.

 

Regards,

 

-senthil

 

  _  

From: Tirtza Bernstein [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 17, 2007 7:54 PM
To: axis-user@ws.apache.org
Subject: Rampart signature

 

I am using Axis2-1.3 and Rampart 1.3.

I am the client and my requests need to be signed.

 

My axis.client.xml includes the following

 

 

 

 
  
Signature
wally
crypto.properties
 
net.idt.svp.security.PWCallback
DirectReference
  


 


   
 Signature
 crypto.properties
   


 

My crypto.properties 

 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.file=J:\svp_prime\trunk\security\test.j
ks
org.apache.ws.security.crypto.merlin.keystore.password=pswd

My Client includes the following:

_serviceClient.getOptions().setTo(new
org.apache.axis2.addressing.EndpointReference(targetEndpoint));
 
_serviceClient.getOptions().setUseSeparateListener(useSeparateListener);

 

StAXOMBuilder builder = new StAXOMBuilder("resources/policy.xml");

Policy clientPolicy =
PolicyEngine.getPolicy(builder.getDocumentElement());
 
_serviceClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLIC
Y, clientPolicy);
_serviceClient.engageModule("rampart");

My problem is that I have no clue how to set up the policy.xml.  Rampart's
examples do not include an example of pure signature only (no timestamp).

 

 

Can someone supply me with an example?

Thanks.

RE: Rampart signature

2007-10-18 Thread Senthivel U S

I am using axis2-1.2, rampart is necessary

 

  _  

From: Tirtza Bernstein [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 18, 2007 6:14 PM
To: axis-user@ws.apache.org
Subject: RE: Rampart signature

 

I meant 1.x.  With upgrade to axis2 rampart is necessary for client
certificates.

 

  _  

From: Senthivel U S [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 18, 2007 4:08 PM
To: axis-user@ws.apache.org
Subject: RE: Rampart signature

Actually I am using Axis/1.3 but I have used this for signing since I could
not make it with rampart.

 

  _  

From: Tirtza Bernstein [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 18, 2007 6:02 PM
To: axis-user@ws.apache.org
Subject: RE: Rampart signature

 

It look slike you are using axis1.  I need a solution for axis2.

I have Rampart set up properly I just need a policy.xml which will allow me
to send a client certificate. (no encryption and no timestamp)

 

Does anyone have a policy.xml  that defines this?

 

  _  

From: Senthivel U S [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 18, 2007 1:17 PM
To: axis-user@ws.apache.org
Subject: RE: Rampart signature

Hi,

 

Couple of days back I had the same problem but I could not make it using
rampart but solved the problem.  Find below the working code. I have created
the stub using wsdl with Eclipse IDE.

 

URL endPointURL = new URL("http:// ");

EngineConfiguration config = new FileProvider("client_deploy.wsdd");

Service service = new Service(config);

TestSoapStub stub = new TestSoapStub(endPointURL, service);

 

stub._setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.SIGNATURE);

stub._setProperty(WSHandlerConstants.SIG_PROP_FILE,
"client_crypto.properties");

stub._setProperty(WSHandlerConstants.USER, "client");

 
stub._setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,"com.unistream.client
.ServiceSecurityHandler");

 
stub._setProperty(WSHandlerConstants.SIG_KEY_ID,"DirectReference");

 

  stub.login(userID,password);

 

client.deploy.wsdd file (just copy the same contents)

 

http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>

 

  

   





   

  



 

client_crypto.properties file  (just copy  the same contents and change the
keystore.password, keystore.alias, alias.password, merlin.file according to
ur spec)

 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin

org.apache.ws.security.crypto.merlin.keystore.type=jks

org.apache.ws.security.crypto.merlin.keystore.password=xyzabc

org.apache.ws.security.crypto.merlin.keystore.alias=client

org.apache.ws.security.crypto.merlin.alias.password= xyzabc

org.apache.ws.security.crypto.merlin.file=client.jks

 

If you find any other better solution, please let me know.

 

Regards,

 

-senthil

 

  _  

From: Tirtza Bernstein [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 17, 2007 7:54 PM
To: axis-user@ws.apache.org
Subject: Rampart signature

 

I am using Axis2-1.3 and Rampart 1.3.

I am the client and my requests need to be signed.

 

My axis.client.xml includes the following

 

 

 

 
  
Signature
wally
crypto.properties
 
net.idt.svp.security.PWCallback
DirectReference
  


 


   
 Signature
 crypto.properties
   


 

My crypto.properties 

 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.file=J:\svp_prime\trunk\security\test.j
ks
org.apache.ws.security.crypto.merlin.keystore.password=pswd

My Client includes the following:

_serviceClient.getOptions().setTo(new
org.apache.axis2.addressing.EndpointReference(targetEndpoint));
 
_serviceClient.getOptions().setUseSeparateListener(useSeparateListener);

 

StAXOMBuilder builder = new StAXOMBuilder("resources/policy.xml");

Policy clientPolicy =
PolicyEngine.getPolicy(builder.getDocumentElement());
 
_serviceClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLIC
Y, clientPolicy);
_serviceClient.engageModule("rampart");

My problem is that I have no clue how to set up the policy.xml.  Rampart's
examples do not include an example of pure signature only (no timestamp).

 

 

Can someone supply me with an example?

Thanks.

RE: Rampart signature

2007-10-18 Thread Tirtza Bernstein

Thank you very much.  I need the header signed. When I change it to 
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>


I get a NullPointerException because I need a namespace included.
What namespace should I add?
My result soap header needs to look like this
 


http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
.0.xsd>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.xsd" soapenv:mustUnderstand="1">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
1.0.xsd>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1
.0.xsd" EncodingType=" <http://docs.oasis-open.org/w>
http://docs.oasis-open.org/w
ss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="
<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-prof>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-prof
ile-1.0#X509v3"
wsu:Id="CertId-5042131">MIIDTDCCArWgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBwMQswCQYD
VQQGEwJHQjEPMA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xGz
AZBgNVBAoTEk5vbWFkIFNvZnR3YXJlIEx0ZDEMMAoGA1UECxMDTlBTMRQwEgYDVQQDEwtXZWJTZX
J2aWNlczAeFw0wNzA3MjUxMTIyMjJaFw0wODA3MjQxMTIyMjJaMGQxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIEwJOSjEPMA0GA1UEBxMGTmV3YXJrM*rest of
certificate id **
http://www.w3.org/2000/09/xmldsig>
http://www.w3.org/2000/09/xmldsig#"; Id="Signature-24430720">

http://www.w3.org/2001/10/xml-exc-c14n#>
http://www.w3.org/2001/10/xml-exc-c14n#";>
http://www.w3.org/2000/09/xmldsig#rsa-sha1>
http://www.w3.org/2000/09/xmldsig#rsa-sha1";>


http://www.w3.org/2001/10/xml-exc-c14n#>
http://www.w3.org/2001/10/xml-exc-c14n#";>

http://www.w3.org/2000/09/xmldsig#sha1>
http://www.w3.org/2000/09/xmldsig#sha1";>
AGcqQst2YH+aiHx+FPrIvl5oEtY=



BFlqCgd6xiu57hahZ2GoeAgIbKdmrmvCnvoxuQhSXXXOdyMWMOBUSVY59e8WWyyjVEUMn4s2gDpF
ORoRvlTzen6pMojPLEdD0KbBa9RATyINBtN9qxZmj8Qgs6eYzKXzeuan5+1mLV11MANbV8cjSIx0
nfm16bYcct0tBVBjWcc=


http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
1.0.xsd>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1
.0.xsd" wsu:Id="STRId-18753567">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-
1.0#X509v3>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1
.0#X509v3">






  _  

From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 18, 2007 4:23 PM
To: axis-user@ws.apache.org
Subject: Re: Rampart signature


Hi Tirtza,
  It seems something like this would will work for you. You have to
specify what should be signed within the
.

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsa="  <http://schemas.xmlsoap.org/ws/2004/08/addressing>
http://schemas.xmlsoap.org/ws/2004/08/addressing";>


http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>



http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRe
cipient">
 



 



http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never>
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>


 




 




 




 

http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> 


http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy> ">




 
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>

Re: Rampart signature

2007-10-18 Thread Jon Hanshew


Forget the Policy road.

Look at the "basic" samples.  Way simpler way to achieve what you want.


tirtza wrote:
> 
> I am using Axis2-1.3 and Rampart 1.3.
> I am the client and my requests need to be signed.
>  
> My axis.client.xml includes the following
>  
>  
>  
>  
>   
> Signature
> wally
> crypto.properties
>  
> net.idt.svp.security.PWCallback s>
> DirectReference
>   
> 
>  
> 
>
>  Signature
>  crypto.properties
>
> 
>  
> My crypto.properties 
>  
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
> pto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.file=J:\svp_prime\trunk\security\test.j
> ks
> org.apache.ws.security.crypto.merlin.keystore.password=pswd
> 
> My Client includes the following:
> _serviceClient.getOptions().setTo(new
> org.apache.axis2.addressing.EndpointReference(targetEndpoint));
>  
> _serviceClient.getOptions().setUseSeparateListener(useSeparateListener);
>  
> StAXOMBuilder builder = new StAXOMBuilder("resources/policy.xml");
> 
> Policy clientPolicy =
> PolicyEngine.getPolicy(builder.getDocumentElement());
>  
> _serviceClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLIC
> Y, clientPolicy);
> _serviceClient.engageModule("rampart");
> 
> My problem is that I have no clue how to set up the policy.xml.  Rampart's
> examples do not include an example of pure signature only (no timestamp).
>  
>  
> Can someone supply me with an example?
> Thanks.
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Rampart-signature-tf4641583.html#a13284660
Sent from the Axis - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Rampart signature

2007-10-18 Thread Nandana Mihindukulasooriya

Hi Tirtza,
   What is the header you need to sign ? You should provide the name and
the namespace of the header you want to sign.
eg.
 http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
 
sp:Name is optional but the sp:Namespace is mandatory. If the sp:Name is not
given all the soap
headers with the given namespace will be signed.

Regards,
Nandana


On 10/18/07, Tirtza Bernstein <[EMAIL PROTECTED]> wrote:
>
>  Thank you very much.  I need the header signed. When I change it to
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> 
> 
> I get a NullPointerException because I need a namespace included.
> What namespace should I add?
> My result soap header needs to look like this
>
>
> 
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soapenv:mustUnderstand="1"> ecurityToken xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> EncodingType="http://docs.oasis-open.org/w
> ss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-prof
> ile-1.0#X509v3"
> wsu:Id="CertId-5042131">MIIDTDCCArWgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBwMQswCQYDVQQGEwJHQjEPMA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xGz
>
> AZBgNVBAoTEk5vbWFkIFNvZnR3YXJlIEx0ZDEMMAoGA1UECxMDTlBTMRQwEgYDVQQDEwtXZWJTZXJ2aWNlczAeFw0wNzA3MjUxMTIyMjJaFw0wODA3MjQxMTIyMjJaMGQxCzAJBgNVBAYTAlVTMQsw
> CQYDVQQIEwJOSjEPMA0GA1UEBxMGTmV3YXJrM*rest of
> certificate id **
> http://www.w3.org/2000/09/xmldsig#";
> Id="Signature-24430720">
> 
> http://www.w3.org/2001/10/xml-exc-c14n#";>http://www.w3.org/2001/10/xml-exc-c14n#%22%3E%3C/ds:CanonicalizationMethod>
> >
> http://www.w3.org/2000/09/xmldsig#rsa-sha1";>http://www.w3.org/2000/09/xmldsig#rsa-sha1%22%3E%3C/ds:SignatureMethod>
> >
> 
> 
> http://www.w3.org/2001/10/xml-exc-c14n#";>http://www.w3.org/2001/10/xml-exc-c14n#%22%3E%3C/ds:Transform>
> >
> 
> http://www.w3.org/2000/09/xmldsig#sha1";>http://www.w3.org/2000/09/xmldsig#sha1%22%3E%3C/ds:DigestMethod>
> >
> AGcqQst2YH+aiHx+FPrIvl5oEtY=
> 
> 
> 
>
> BFlqCgd6xiu57hahZ2GoeAgIbKdmrmvCnvoxuQhSXXXOdyMWMOBUSVY59e8WWyyjVEUMn4s2gDpF
>
> ORoRvlTzen6pMojPLEdD0KbBa9RATyINBtN9qxZmj8Qgs6eYzKXzeuan5+1mLV11MANbV8cjSIx0
> nfm16bYcct0tBVBjWcc=
> 
> 
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="STRId-18753567"> sse:Reference URI="#CertId-5042131" ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3%22%3E%3C/wsse:Reference>
> >
> 
> 
> 
> 
>
>  --
> *From:* Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED]
> *Sent:* Thursday, October 18, 2007 4:23 PM
> *To:* axis-user@ws.apache.org
> *Subject:* Re: Rampart signature
>
> Hi Tirtza,
>   It seems something like this would will work for you. You have to
> specify what should be signed within the
> .
>
>  xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
> xmlns:wsa=" http://schemas.xmlsoap.org/ws/2004/08/addressing";>
> 
> 
>  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> ">
> 
> 
> 
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
> 
> 
> 
> 
> 
> 
> 
> 
>  sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never
> ">
> 
> 
> 
> 
> 
> 
> 
> 
> 
>

Re: Rampart signature

2007-10-18 Thread Todd Allen

Is the basic method deprecated and the policy method the 
generally-accepted way to go now?
I ask since I have a need to implement a user name token with 
Rampart.  It works now with the basic method but I'd rather use a 
method that is not deprecated.


Any input is appreciated.


At 06:09 PM 10/18/2007, Jon Hanshew wrote:


Forget the Policy road.

Look at the "basic" samples.  Way simpler way to achieve what you want.


tirtza wrote:
>
> I am using Axis2-1.3 and Rampart 1.3.
> I am the client and my requests need to be signed.
>
> My axis.client.xml includes the following
>
>  
>
>  
>   
> Signature
> wally
> crypto.properties
>
> 
net.idt.svp.security.PWCallback
> s>
> DirectReference
>   
> 
>
> 
>
>  Signature
>  crypto.properties
>
> 
>
> My crypto.properties
>
> 
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry

> pto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> 
org.apache.ws.security.crypto.merlin.file=J:\svp_prime\trunk\security\test.j

> ks
> org.apache.ws.security.crypto.merlin.keystore.password=pswd
>
> My Client includes the following:
> _serviceClient.getOptions().setTo(new
> org.apache.axis2.addressing.EndpointReference(targetEndpoint));
>
> _serviceClient.getOptions().setUseSeparateListener(useSeparateListener);
>
> StAXOMBuilder builder = new StAXOMBuilder("resources/policy.xml");
>
> Policy clientPolicy =
> PolicyEngine.getPolicy(builder.getDocumentElement());
>
> 
_serviceClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLIC

> Y, clientPolicy);
> _serviceClient.engageModule("rampart");
>
> My problem is that I have no clue how to set up the policy.xml.  Rampart's
> examples do not include an example of pure signature only (no timestamp).
>
>
> Can someone supply me with an example?
> Thanks.
>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Rampart signature

2007-10-19 Thread Jon Hanshew


I had the same requirement.  Sign the body only.

I started out trying to combine policy samples 1 & 2 to meet my
requirements.  I added the Username token to  policy 2.  It worked as a
"signed supporting token" but "supporting token" does not work.  (See Jira
Rampart-84).  I also needed a plain text password, but did not discover a
way to specify one with a policy statement.  In general I found that the
policy samples all worked perfectly, but any deviation from the beaten path
was likely to uncover a bug.

The only way that I could meet my requirement with the Axis 1.3 and Rampart
1.3 was to use the basic route.  It is very much simpler to use.  You just
list what you want in the "Actions" and that is exactly what you get.  When
the policy stuff is more mature I would like to migrate to it, but simply
cannot do so at this time.

Jon

tballen wrote:
> 
> Is the basic method deprecated and the policy method the 
> generally-accepted way to go now?
> I ask since I have a need to implement a user name token with 
> Rampart.  It works now with the basic method but I'd rather use a 
> method that is not deprecated.
> 
> Any input is appreciated.
> 
> 
> At 06:09 PM 10/18/2007, Jon Hanshew wrote:
> 
>>Forget the Policy road.
>>
>>Look at the "basic" samples.  Way simpler way to achieve what you want.
>>
>>
>>tirtza wrote:
>> >
>> > I am using Axis2-1.3 and Rampart 1.3.
>> > I am the client and my requests need to be signed.
>> >
>> > My axis.client.xml includes the following
>> >
>> >  
>> >
>> >  
>> >   
>> > Signature
>> > wally
>> > crypto.properties
>> >
>> > 
>> net.idt.svp.security.PWCallback> > s>
>> >
>> DirectReference
>> >   
>> > 
>> >
>> > 
>> >
>> >  Signature
>> >  crypto.properties
>> >
>> > 
>> >
>> > My crypto.properties
>> >
>> > 
>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
>> > pto.Merlin
>> > org.apache.ws.security.crypto.merlin.keystore.type=jks
>> > 
>> org.apache.ws.security.crypto.merlin.file=J:\svp_prime\trunk\security\test.j
>> > ks
>> > org.apache.ws.security.crypto.merlin.keystore.password=pswd
>> >
>> > My Client includes the following:
>> > _serviceClient.getOptions().setTo(new
>> > org.apache.axis2.addressing.EndpointReference(targetEndpoint));
>> >
>> >
>> _serviceClient.getOptions().setUseSeparateListener(useSeparateListener);
>> >
>> > StAXOMBuilder builder = new
>> StAXOMBuilder("resources/policy.xml");
>> >
>> > Policy clientPolicy =
>> > PolicyEngine.getPolicy(builder.getDocumentElement());
>> >
>> > 
>> _serviceClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLIC
>> > Y, clientPolicy);
>> > _serviceClient.engageModule("rampart");
>> >
>> > My problem is that I have no clue how to set up the policy.xml. 
>> Rampart's
>> > examples do not include an example of pure signature only (no
>> timestamp).
>> >
>> >
>> > Can someone supply me with an example?
>> > Thanks.
>> >
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Rampart-signature-tf4641583.html#a13296860
Sent from the Axis - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Axis2/Rampart Signature Validation

2008-12-14 Thread Thorsten Deelmann

Hi all,

I've got the following Signature of a SOAP-Header built with Rampart:
http://www.w3.org/2000/09/xmldsig#";
Id="Signature-30721078">

http://www.w3.org/2001/10/xml-exc-c14n#"/>
http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>


http://www.w3.org/2001/10/xml-exc-c14n#"/>

http://www.w3.org/2000/09/xmldsig#sha1"/>

zo9esKQnicy3e5eQidwJBZs1c4E=



http://www.w3.org/2001/10/xml-exc-c14n#"/>

http://www.w3.org/2000/09/xmldsig#sha1"/>

jGS8NoS39F6SNr9YWjSmXmeOYAA=


tRIOHs2UgyJLwTj2hRh4QOeoc1I=

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-3996874">
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#EncryptedKey"/>




But when when the SignatureProcessor tries to verify it, I get the
following stack trace:
org.apache.axis2.AxisFault: The signature or decryption was invalid
at 
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
at 
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at 
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
at 
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
at 
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at 
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at 
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.ws.security.WSSecurityException: The signature
or decryption was invalid
at 
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:419)
at 
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:181)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:138)
at 
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 21 more

Does anyone have an idea?

If not: How can i disable the verification of the signature with Rampart?

Thank,
Thorsten

-- 
Thorsten Deelmann

RE: Axis2/Rampart Signature Validation

2008-12-15 Thread Hassel, Maik

The error message indicates that the server doesn't know the client's
certificate... did you add the CA that signed the client's certificate
OR the client certificate itself to the server's keystore?

-Original Message-
From: Thorsten Deelmann [mailto:th.deelm...@gmail.com] 
Sent: Sunday, December 14, 2008 4:08 PM
To: axis-user@ws.apache.org
Subject: Axis2/Rampart Signature Validation

Hi all,

I've got the following Signature of a SOAP-Header built with Rampart:
http://www.w3.org/2000/09/xmldsig#";
Id="Signature-30721078">

http://www.w3.org/2001/10/xml-exc-c14n#"/>
http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>

http://www.w3.org/2001/10/xml-exc-c14n#"/>

http://www.w3.org/2000/09/xmldsig#sha1"/>

zo9esKQnicy3e5eQidwJBZs1c4E=

http://www.w3.org/2001/10/xml-exc-c14n#"/>

http://www.w3.org/2000/09/xmldsig#sha1"/>

jGS8NoS39F6SNr9YWjSmXmeOYAA=

tRIOHs2UgyJLwTj2hRh4QOeoc1I=

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
wsu:Id="STRId-3996874">
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1
.0#EncryptedKey"/>

But when when the SignatureProcessor tries to verify it, I get the
following stack trace:
org.apache.axis2.AxisFault: The signature or decryption was invalid
at
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault
(RampartReceiver.java:166)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:9
5)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReques
t(HTTPTransportUtils.java:275)
at
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:188)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:174)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:117)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1
74)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:87
4)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc
essConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint
.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow
erWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool
.java:689)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.ws.security.WSSecurityException: The signature
or decryption was invalid
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(S
ignatureProcessor.java:419)
at
org.apache.ws.security.processor.SignatureProcessor.handleToken(Signatur
eProcessor.java:85)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurity
Engine.java:311)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurity
Engine.java:228)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurity
Engine.java:181)
at
org.apache.rampart.RampartEngine.process(RampartEngine.java:138)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:9
2)
... 21 more

Does anyone have an idea?

If not: How can i disable the verification of the signature with
Rampart?

Thank,
Thorsten

-- 
Thorsten Deelmann

Rampart signature

RE: Rampart signature

RE: Rampart signature

Re: Rampart signature

RE: Rampart signature

RE: Rampart signature

RE: Rampart signature

RE: Rampart signature

Re: Rampart signature

Re: Rampart signature

Re: Rampart signature

Re: Rampart signature

Axis2/Rampart Signature Validation

RE: Axis2/Rampart Signature Validation

14 matches

Site Navigation

Mail list logo

Footer information