Hi,
I have already resolved problem 1) and 2). As for problem 2), I just remove the wsse:Password element from the wsse:UsernameToken after finish all operation using WSS4J.
As for problem 1), in fact after removing the wsse:Password token, the problem 1) resolved.
As for problem 3), it does not really cause error or exception, just too verbose. I will not spend too much time on solving it. But anyone have some solution, could you just drop me an email?
Regards,
Xinjun
On 9/15/06, Xinjun Chen <[EMAIL PROTECTED]> wrote:
Hi Ruchith,I have several follow up questions.1) The .NET web service keep complaining that the signature is invalid. Do you have any idea what I need to do or not to do to avoid "The signature or decryption was invalid" exception?2) Do you have any idea how to avoid adding password element in UsernameToken element? I have this question because .NET UsernameToken has the option of not sending password. Moreover, the Web Services Security UsernameToken Profile also reads that the "/wsse:UsernameToken/wsse:Password" element is OPTIONAL.3) As for the duplicated definition of namespaces, is there any workaround i can take to avoid it? It will affect the performance significantly if the request is fairly large.
Regards,XinjunOn 9/14/06, Ruchith Fernando <[EMAIL PROTECTED] > wrote:For a moment I thought its a problem in AXOM DOM implementation (which
you seem to be using, according to your original mail).
It seems like ht ebehaviour is same even with Xerces DOM impl [1].
But I don't think this is an error. Its still valid XML !
Thanks,
Ruchith
[1] http://rafb.net/paste/results/CDFxhr20.html
On 9/14/06, Xinjun Chen <[EMAIL PROTECTED]> wrote:
>
> Hi Ruchith,
>
> There are some minor faults in the Signature. As I have mentioned in one of
> the previous email, the namespace definition is duplicated. Do you also
> notice this problem? Or you have non-duplicated namesapce definition?
>
> The output of mine is as followed and the namespace definition is duplicated
> intensively.
>
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV=" http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd=" http://www.w3.org/2001/XMLSchema "
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <SOAP-ENV:Header>
> <wsse:Security
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> SOAP-ENV:mustUnderstand="1">
> <wsse:UsernameToken
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd "
> wsu:Id="UsernameToken-3932167"
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd ">
> <wsse:Username
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd ">
> TradeX
> </wsse:Username>
> <wsse:Password
> Type="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> uAy5ykDr7ysybd9SFOR1KZaM5QQ=
> </wsse:Password>
> <wsse:Nonce
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd ">
> XMI14qQHs0UF1Cb8oMD2tQ==
> </wsse:Nonce>
> <wsu:Created
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd ">
> 2006-09-14T10:13:36.112Z
> </wsu:Created>
> </wsse:UsernameToken>
> <ds:Signature xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#"
> Id="Signature-13121485">
> <ds:SignedInfo
> xmlns:ds=" http://www.w3.org/2000/09/xmldsig# ">
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# "
> xmlns:ds=" http://www.w3.org/2000/09/xmldsig#" />
> <ds:SignatureMethod
>
> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1 "
> xmlns:ds=" http://www.w3.org/2000/09/xmldsig#" />
> <ds:Reference URI="#id-29752800"
> xmlns:ds=" http://www.w3.org/2000/09/xmldsig#">
> <ds:Transforms
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:Transform
>
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> xmlns:ds=" http://www.w3.org/2000/09/xmldsig #" />
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> xmlns:ds=" http://www.w3.org/2000/09/xmldsig#" />
> <ds:DigestValue
> xmlns:ds=" http://www.w3.org/2000/09/xmldsig #">
> IGmXq1OUULyHz/sgU6JuJfghCbo=
> </ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue
> xmlns:ds=" http://www.w3.org/2000/09/xmldsig#">
> RYcSG4Y07HQYaUCFzE5ljTJQrqA=
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-30308427"
> xmlns:ds=" http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference
>
> xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> wsu:Id="STRId-31365828"
>
> xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">
> <wsse:Reference URI="#UsernameToken-3932167"
>
> ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken
> "
>
> xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> />
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> </wsse:Security>
> </SOAP-ENV:Header>
> <SOAP-ENV:Body
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd "
> wsu:Id="id-29752800">
> <sayHello xmlns=" http://services/helloworld ">
> <value>Hello world!</value>
> </sayHello>
> </SOAP-ENV:Body>
> </SOAP-ENV:Envelope>
>
>
>
>
> On 9/14/06, Xinjun Chen <[EMAIL PROTECTED]> wrote:
> >
> >
> > Hi Ruchith,
> >
> > I am really very grateful to you!
> > It is really because of the bouncy castle!!!
> > Now I can also sign the SOAP Envelope. Thank you very much!
> >
> >
> > Regards,
> >
> > Xinjun
> >
> >
> >
> > On 9/14/06, Ruchith Fernando < [EMAIL PROTECTED] > wrote:
> > > I was able to run the same code you sent successfully !
> > >
> > > Please check whether you have the bouncy castle jar in the classpath?
> > >
> > > Also please setup logging and check the error that is logged.
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > On 9/14/06, Xinjun Chen < [EMAIL PROTECTED]> wrote:
> > > >
> > > > Hi,
> > > >
> > > > I write some sample code to test signing a SOAP Envelope with
> UsernameToken
> > > > using WSS4J 1.5. The following is the sample code.
> > > > But this code produced the exception:
> > > >
> > > > org.apache.ws.security.WSSecurityException :
> Signature
> > > > creation failed (Cannot setup signature data structure)
> > > > at
> > > >
> org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java
> :323)
> > > > at
> > > > org.apache.ws.security.message.WSSecSignature.build
> (WSSecSignature.java:643)
> > > > at
> > > >
> tests.com.crimsonlogic.wsg.core.ws.security.TestUsernameTokenSignature.main (TestUsernameTokenSignature.java
> :87)
> > > >
> > > > I debug the code and the error occurs at
> > > > WSSecSignature#prepare(Document doc, Crypto cr, WSSecHeader
> > > > secHeader).
> > > > The exact line is at:
> > > > SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(doc,
> > > > sigAlgo);
> > > >
> > > > Could anyone provide some comment on this? Am I using WSS4J in the
> right
> > > > way?
> > > >
> > > >
> > > > Regards,
> > > > Xinjun
> > > >
> > > >
> > > >
> /************************************************************************************************************
> > > > Sample Code to Test Signature with UsernameToken
> > > >
> ************************************************************************************************************/
> > > > public static void main(String[] args) {
> > > > // get sample SOAP Envelope
> > > > org.apache.axis2.soap.SOAPEnvelope unsignedEnv =
> > > > Utils.getSampleSOAP11Envelope ();
> > > >
> > > >
> > > > org.w3c.dom.Document doc = null;
> > > > try {
> > > > doc =
> > > > Axis2Util.getDocumentFromSOAPEnvelope (unsignedEnv);
> > > > } catch (Exception e1) {
> > > > e1.printStackTrace();
> > > > }
> > > > String username = "TradeX";
> > > > String password = "TradeX";
> > > >
> > > > WSSecUsernameToken ut = new WSSecUsernameToken();
> > > > ut.setPasswordType(WSConstants.PASSWORD_DIGEST);
> > > > ut.setUserInfo (username, password);
> > > > ut.addCreated();
> > > > ut.addNonce();
> > > > ut.prepare(doc);
> > > >
> > > > WSSecSignature sign = new WSSecSignature();
> > > > Vector signParts = new Vector();
> > > >
> > > > String name = "Body";
> > > > String namespace =
> > > > " http://schemas.xmlsoap.org/soap/envelope/ ";
> > > > String encMod = "Content";
> > > > WSEncryptionPart part = new WSEncryptionPart(name, namespace,
> > > > encMod);
> > > > signParts.add(part);
> > > >
> > > > if( signParts.size () > 0) {
> > > > sign.setParts(signParts);
> > > > }
> > > >
> > > > sign.setUsernameToken(ut);
> > > > sign.setKeyIdentifierType (WSConstants.UT_SIGNING);
> > > >
> > > > sign.setSignatureAlgorithm
> (XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
> > > >
> > > > String actor = "";
> > > > boolean mustUnderstand = true;
> > > > //WSSecHeader secHeader = new WSSecHeader(actor,
> mustUnderstand);
> > > > WSSecHeader secHeader = new WSSecHeader();
> > > >
> > > > secHeader.insertSecurityHeader(doc);
> > > > try {
> > > > sign.build(doc, null, secHeader);
> > > > System.out.println (new String(sign.getSignatureValue ()));
> > > > } catch (WSSecurityException e) {
> > > > e.printStackTrace();
> > > > }
> > > > ut.prependToHeader(secHeader);
> > > >
> > > > }
> > > >
> > >
> > >
> > > --
> > > www.ruchith.org
> > >
> >
> >
>
>
--
www.ruchith.org
