Hans,
Can you post the stacktrace too. Might be helpful to figure out what
exactly is happening.
regards,
Nandana
On Mon, Feb 15, 2010 at 7:17 PM, Hans-Bernhard Friedrich <
[email protected]> wrote:
> Hi,
>
> I work on a webservice client and I always receive the same error when I
> try to make a request to our clients webservice.
>
> "org.apache.ws.security.WSSecurityException (The signature verification
> failed)"
>
> - Our client's webservice is axis-based, more I don't know
>
> - I use rampart 1.3 and Axis2 1.4.1, EclipseEE
> - I generated the customers WSDLs with axis2 1.4.1 in EclipseEE
> - I received certificates of our customer and imported them to a keystore
> - I set up the the security using outflow configuration. I know it's
> deprecated but it seemed easier to me than using a policy.xml.
> - I also set up a client using a policy.xml signing the body but reveice
> the same error. I will change to policy in the next step.
>
> - I read all I could find on the web and in mailinglists but nothing
> helped:
> - XML is UTF-B
> - JVM argument "language=EN" didn't help
> - Mixing different Axis2 and rampart versions didn't help
> - Changing xmlsec1.4.0. jar to 1.4.1 or 1.4.2 didn't help
> - The certs are have not expired
> - Eclipse' Workspace encoding is UTF-8
>
> Question:
> - Does the exception really mean the SOAP-Envelope has been changed after
> is was singed? Are there any other reasons this exception could be thrown?
>
> - What is about the "Pretty Printing" of the XML issue I've found on the
> mailing list. This this really solved in axis2 1.4.1?
> - Is there a way to set up namespace optimation and pretty printing
> manually in axis2 like in axis 1?
> - Could somethig else be wrong with the certificates?
>
> The thing is when I use the a modified sample using a policy.xml I get the
> same Exception
>
> - Is there anything I could tell our client to changed what could help me?
>
> What did I do special:
> - Wrote a little handler to avoid "mustunderstand"-Problem in the response:
> I Set all headers in the response to processed. The error also occurs if I
> don't engage my handler
>
> Here is my Security setup using outflowConfiguration:
>
> ...options.setProperty(WSSHandlerConstants.*OUTFLOW_SECURITY*,
> getOutflowConfiguration());
> ...
> *private* Parameter getOutflowConfiguration() {
> *OutflowConfiguration* ofc = *new** OutflowConfiguration()*;
> *ofc.setActionItems(**"Timestamp Signature"**)*;
> *ofc.setSignatureParts(**"{Element}{**
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> *<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd>
> *}Timestamp"**)*;
> *ofc.setUser(**"fcms-aci"**)*;
> *ofc.setPasswordCallbackClass(**"de.aci.handler.PWCBHandler"**)*;
> *ofc.setSignaturePropRefId(**"cyrpto_props"**)*;
> *ofc.setSignatureKeyIdentifier(WSSHandlerConstants.**
> X509_KEY_IDENTIFIER**)*;
> *return* *ofc.getProperty()*;
> }
>
>
>
> The *PWCBHandler* is the same as in all Samples. I just changed the alias
> and the password
>
> I set the properties programmatically, because they should change
> dynamically later:
>
> Properties prop1 = getProps();
> serviceclient.getOptions.options.setProperty("cyrpto_props", prop1);
> ...
> *private* Properties getProps() {
> Properties prop1 = *new* Properties();
> prop1.setProperty("org.apache.ws.security.crypto.provider",
> "org.apache.ws.security.components.crypto.Merlin");
> prop1.setProperty(
> "org.apache.ws.security.crypto.merlin.keystore.type", "jks");
> prop1.setProperty(
> "org.apache.ws.security.crypto.merlin.keystore.password", "L7uZJX1JUZ9l@
> +W2");
> prop1.setProperty(
> "org.apache.ws.security.crypto.merlin.file", "fcms.keystore");
> *return* prop1;
> }
>
>
>
> Does anybody has an idea what I do wrong?
>
> Thank you so very much in advance for any ideas!!!!
>
> Greetings
> Hans
>
