Hi, The request from the .NET client uses a signature that uses the the key available in the "EncryptedKey" structure to sign using hmac-sha1. WSS4J doesn't support this at the moment.
Thanks, Ruchith On 3/26/07, Freddy Weishaeupl <[EMAIL PROTECTED]> wrote:
Hi Ruchith, thanks for your answer. Here is my the SOAP request message from the .NET client side: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; xmlns:wsse="http://docs .oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3. org/2001/XMLSchema-instance"> <soap:Header> <wsa:Action /> <wsa:MessageID> urn:uuid:336e0fac-2ec9-4764-807f-85f910bb3a43 </wsa:MessageID> <wsa:ReplyTo> <wsa:Address> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous </wsa:Address> </wsa:ReplyTo> <wsa:To> http://lt0085.muc:7511/wss4j/services/simple_webservice </wsa:To> <wsse:Security soap:mustUnderstand="1"> <wsu:Timestamp wsu:Id="Timestamp-1df6d91a-682a-4c6f-ae3e-f5e633d02bd8"> <wsu:Created>2007-03-26T07:04:06Z</wsu:Created> <wsu:Expires>2007-03-26T07:09:06Z</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey Id="SecurityToken-cd50df54-59e6-4950-b56f-abf1e7193bcf" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509Subject KeyIdentifier"> CuJdE1B2dUFd1dkLZSzQ5vj6MYg= </wsse:KeyIdentifier> </wsse:SecurityTokenReference> </KeyInfo> <xenc:CipherData> <xenc:CipherValue> BLw6Yq5pDJzZ35jlBZr1d4HcjP2+CxDP3teDZlmRH1a9D2kMcav0P5sdDeNiOB2v3oFglbeY0+2bHyx8/CEG09Ib+AWBdmBL5Hd3nA8oPhFXXbKL5wephlTOKZmwMJ83QnPMOaGRmiDEYlIUPzq59P37qTxd9sFzUXksBhga2Cg= </xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#Enc-3822b5d1-14c1-45a0-aad8-f0200ffd62ac" /> </xenc:ReferenceList> </xenc:EncryptedKey> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /> <Reference URI="#Id-03903826-2208-4b5f-9ffd-954a0a5085a7"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <DigestValue> OmO33V9Um/jr91cGFibiz+zUO/E= </DigestValue> </Reference> </SignedInfo> <SignatureValue> wpxb8M16R3dSGZIU4nTjv4quYxU= </SignatureValue> <KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#SecurityToken-cd50df54-59e6-4950-b56f-abf1e7193bcf" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; /> </wsse:SecurityTokenReference> </KeyInfo> </Signature> </wsse:Security> </soap:Header> <soap:Body wsu:Id="Id-03903826-2208-4b5f-9ffd-954a0a5085a7"> <xenc:EncryptedData Id="Enc-3822b5d1-14c1-45a0-aad8-f0200ffd62ac" Type="http://www.w3.org/2001/04/xmlenc#Content"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; /> <xenc:CipherData> <xenc:CipherValue> Naz3DviV7qFJkcnwgKRpN85TdE5a65mA/NEyQXPVkI4= </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soap:Body> </soap:Envelope> >From: "Ruchith Fernando" <[EMAIL PROTECTED]> >To: "Freddy Weishaeupl" <[EMAIL PROTECTED]> >CC: [email protected] >Subject: Re: Interop WSE 3.0 and WSS4J - Referenced security token could >not be retrieved >Date: Sun, 25 Mar 2007 13:05:29 +0530 > >Hi, > >Can you please post the message that the java service gets from the .NET >client? > >Thanks, >Ruchith > >On 3/23/07, Freddy Weishaeupl <[EMAIL PROTECTED]> wrote: >>Hi, >> >>currently I'm trying to use a .NET Client to access a Java webservice. At >>the .NET side I use the Microsoft WSE 3.0 implementation to sign and >>encrypt >>the SOAP Body of the SOAP request message. At server-side WSS4J is used >>for >>checking the signature and decrypting the SOAP Message. >> >>I'm using the interop certificates (Alice&Bob) of the WSS4J 1.5.1 package. >> >>Unfortunately at server-side I always get the following error message: >>----------------------------------------------------------------------------------------------------------------- >>... >>[23.03.2007 14:53:37] [DEBUG] >>[org.apache.xml.security.algorithms.SignatureAlgorithm.<init>] Create URI >>"http://www.w3.org/2000/09/xmldsig#hmac-sha1"; class "class >>org.apache.xml.security.algorithms.implementations.IntegrityHmac$Integrity >>HmacSHA1" >>[23.03.2007 14:53:37] [DEBUG] >>[org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID] Request >>for URI http://www.w3.org/2000/09/xmldsig#hmac-sha1 >>[23.03.2007 14:53:37] [DEBUG] >>[org.apache.xml.security.algorithms.implementations.IntegrityHmac.<init>] >>Created IntegrityHmacSHA1 using HmacSHA1 >>[23.03.2007 14:53:37] [DEBUG] >>[org.apache.xml.security.utils.ElementProxy.<init>] setElement("KeyInfo", >>"null") >>[23.03.2007 14:53:37] [DEBUG] >>[org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement] >>Token reference uri: #SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832 >>org.apache.ws.security.WSSecurityException: Referenced security token >>could >>not be retrieved. (Reference >>"#SecurityToken-d81c5ccf-8197-433f-937b-495421e6a832") >> at >>org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:179) >> at >>org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186) >>... >>----------------------------------------------------------------------------------------------------------------------------------------- >> >> >>Any ideas what's the problem here? Has anyone already tested WSE3.0 in >>combination with WSS4J? >> >>Thanks. >> >>Best Regards >>Freddy >> >>_________________________________________________________________ >>Express yourself instantly with MSN Messenger! Download today it's FREE! >>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > >-- >www.ruchith.org >www.wso2.org > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- www.ruchith.org www.wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
