Good news!!! After changing the keystore for "interop2.jks", and using
"alice" as alias the exception changed :). Now it looks like this:
WSDoAllReceiver: The certificate used for the signature is not trusted
I'm trying the webservice client against a public webservice, that's why
I think this exception is pretty normal, cause this certificate is
self-signed, and the public webservice maybe needs a trusted
certificate. Am I right?
Thank you very much
Tomás Tormo escribió:
Sorry, my mistake, the client_deploy.wsdd file I'm using is the
following one:
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow>
<handler name="DoSecuritySender"
type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="passwordCallbackClass"
value="pruebawebserviceregistraduria.PWCallback"/>
<parameter name="user" value="sample"/>
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
</handler>
</requestFlow>
<responseFlow>
<handler name="DoSecurityReceiver"
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="pruebawebserviceregistraduria.PWCallback"/>
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile" value="crypto.properties" />
</handler>
</responseFlow>
</globalConfiguration >
</deployment>
Thank you
Tomás Tormo escribió:
Ok, sorry i didn't see the link...
Anyway i would like to ask you why you don't use
"DirectReference" as "signatureKeyIdentifier" instead of
"X509KeyIdentifier".Is the server able to verify the sign just with
that?
The client_deploy.wsdd file I was using was the following one (now
it's a mix of several xD):
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<transport name="java"
pivot="java:org.apache.axis.transport.java.JavaSender"/>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<transport name="local"
pivot="java:org.apache.axis.transport.local.LocalSender"/>
<globalConfiguration >
<parameter name="disablePrettyXML" value="true"/>
<parameter name="enableNamespacePrefixOptimization" value="true"/>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature"/>
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="user" value="sample"/>
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
<parameter name="encryptionKeyTransportAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
</handler>
</requestFlow>
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile" value="crypto.properties" />
</handler>
</responseFlow>
</globalConfiguration >
Martin Gainty escribió:
Tomas<BR>
the provided example works with WSS4J ..specifically<BR>
*WSS4J configuration*<BR>
Below is the important parts from the deployment .wsdd-file for the
web service. The test.PWCallback <BR>
class is a simple class returning the password of the private key in
the keystore. I used the same <BR>
crypto.properties as the one supplied as wsstest.properties in the
interop-folder. As you can see I have <BR>
specified which algorithms to use for the session key and ecrypted
session key (RSA15 and AES128).
<BR>
Did you try?<BR>
Saludos<BR>
Martin <BR>
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the
official business of Sender. This transmission is of a confidential
nature and Sender does not endorse distribution to any party other
than intended recipient. Sender does not necessarily endorse content
contained within this transmission.
------------------------------------------------------------------------
Date: Wed, 3 Sep 2008 16:10:30 +0200
From: [EMAIL PROTECTED]
To: axis-user@ws.apache.org
Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j
Thank you very much for your answer, but i forgot to specify that
i'm writing a client in java using wss4j and not WSE, and i don't
have access to the server (anyway, i'm new in this field, so maybe
i haven't understood it well...)
Do you know how to do the same for wss4j in the client?
Thank you.
Martin Gainty escribió:
<policies
xmlns="http://schemas.microsoft.com/wse/2005/06/policy";
<http://schemas.microsoft.com/wse/2005/06/policy>><BR>
<policy name="x509"><BR>
assume the specified policy includes the directive
messageProtectionOrder="SignBeforeEncrypt"
<BR>
http://erlend.oftedal.no/blog/?blogid=12
<BR>
Saludos<BR>
Martin <BR>
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the
official business of Sender. This transmission is of a
confidential nature and Sender does not endorse distribution to
any party other than intended recipient. Sender does not
necessarily endorse content contained within this transmission.
> Date: Wed, 3 Sep 2008 14:30:40 +0200
> From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> To: axis-user@ws.apache.org <mailto:axis-user@ws.apache.org>
> Subject: Problem verifying the signature with wss4j
>
> Greetings
>
> I'm trying to write an webservice client wich uses signed SOAP
> messages in order to communicate. For this, i'm using wss4j
1.5.3 with
> axis 1.4. I've succesfully wrote the client code wich signs
the message
> and sends it to the server, but i'm getting the following error:
>
> WSDoAllReceiver: security processing failed; nested exception is:
> org.apache.ws.security.WSSecurityException: The signature
> verification failed (The provided certificate is invalid)
>
> As far as i know (by reading posts in the internet) this is
caused
> because the XML is modified after it is signed. I've tried to
set the
> disablePrettyXML to true and the
enableNamespacePrefixOptimization to
> false, but it didn't work...
>
> I've read in other posts that this could be caused by the
default blank
> namespaces added by Axis (when I checked the XML thanks to
TCPMonitor,
> i could see that the attributes of the sent objects had no
namespace,
> but the object itself had).
>
> Does anybody have any solution for this problem? Could be
possible to
> disable the default namespace in axis?
>
> Thank you very much
>
> --
> Un saludo,
>
> Tomás Tormo Franco
>
> Indenova, S.L.
> Tels.: +34 963 81 99 47 ext.519
> http://www.indenova.com
> mailto:[EMAIL PROTECTED]
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
>
------------------------------------------------------------------------
Get more out of the Web. Learn 10 hidden secrets of Windows
Live. Learn Now
<http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns%21550F681DAD532637%215295.entry?ocid=TXT_TAGLM_WL_getmore_092008>
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
------------------------------------------------------------------------
See how Windows Mobile brings your life together—at home, work, or
on the go. See Now
<http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/>
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
