you can avoid all that and create the cert yourself for testing purposes on
your dev box
http://code.google.com/support/bin/answer.py?answer=71864&topic=11369
Martin
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official business
of Sender. This transmission is of a confidential nature and Sender does not
endorse distribution to any party other than intended recipient. Sender does
not necessarily endorse content contained within this transmission.
Date: Wed, 3 Sep 2008 20:11:56 +0200
From: [EMAIL PROTECTED]
To: axis-user@ws.apache.org
Subject: Re: *SPAM* Re: *SPAM* RE: *SPAM* RE: Problem verifying the signature
with wss4j... Good News!!
Because I had no time enough to make the entire development with the
right certificate, I'm still waiting for it and this should be
finnished on friday... That's why I wanted to have some code(altough I
was not gonna work), and then had something prepared for the right
certificate. Then, in this case and if everything is all right, it
"should" work (at least partially) with the correct certificate...
Could this be a client error? (It looks as sever error...as I told you,
i'm new in axis...)
This is the complete exception:
AxisFault
faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: WSDoAllReceiver: The certificate used for the signature
is not trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}hostname:cifweb02.asoatario.com
WSDoAllReceiver: The certificate used for the signature is not trusted
at
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
at
org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
at
org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at
org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
Source)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
at
org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at
org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
Thank you very much / Muchas gracias por tu ayuda
José Ferreiro escribió:
Correct Frank,
Why don't you get the right certificate you need that is issued and
signed by the correct third party?
Un saludo.
José
On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo <[EMAIL PROTECTED]>
wrote:
Good news!!! After changing the keystore for "interop2.jks", and using
"alice" as alias the exception changed :). Now it looks like this:
WSDoAllReceiver: The certificate used for the signature is not
trusted
I'm trying the webservice client against a public webservice, that's
why I think this exception is pretty normal, cause this certificate is
self-signed, and the public webservice maybe needs a trusted
certificate. Am I right?
Thank you very much
Tomás Tormo escribió:
Sorry, my mistake, the client_deploy.wsdd
file I'm using is the
following one:
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow>
<handler name="DoSecuritySender"
type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="passwordCallbackClass"
value="pruebawebserviceregistraduria.PWCallback"/>
<parameter name="user" value="sample"/>
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile" value="crypto.properties"
/>
<parameter name="signatureKeyIdentifier" value="DirectReference"
/>
</handler>
</requestFlow>
<responseFlow>
<handler name="DoSecurityReceiver"
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="pruebawebserviceregistraduria.PWCallback"/>
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile" value="crypto.properties"
/>
</handler>
</responseFlow>
</globalConfiguration >
</deployment>
Thank you
Tomás Tormo escribió:
Ok, sorry i didn't see the link...
Anyway i would like to ask you why you don't use "DirectReference"
as "signatureKeyIdentifier" instead of "X509KeyIdentifier".Is the
server able to verify the sign just with that?
The client_deploy.wsdd file I was using was the following one (now it's
a mix of several xD):
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<transport name="java"
pivot="java:org.apache.axis.transport.java.JavaSender"/>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<transport name="local"
pivot="java:org.apache.axis.transport.local.LocalSender"/>
<globalConfiguration >
<parameter name="disablePrettyXML" value="true"/>
<parameter name="enableNamespacePrefixOptimization"
value="true"/>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender"
>
<parameter name="action" value="Signature"/>
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="user" value="sample"/>
<parameter name="signaturePropFile" value="crypto.properties"
/>
<parameter name="signatureKeyIdentifier" value="DirectReference"
/>
<parameter name="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#aes128-cbc";
/>
<parameter name="encryptionKeyTransportAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#rsa-1_5";
/>
</handler>
</requestFlow>
<responseFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile" value="crypto.properties"
/>
</handler>
</responseFlow>
</globalConfiguration >
Martin Gainty escribió:
Tomas<BR>
the provided example works with WSS4J ..specifically<BR>
WSS4J configuration<BR>
Below is the important parts from the
deployment .wsdd-file for the web service. The test.PWCallback
<BR>
class is
a simple class returning the password of the private key in the
keystore. I used the same <BR>
crypto.properties as the one supplied as
wsstest.properties in the interop-folder. As you can see I have
<BR>
specified which algorithms to use for the session key and ecrypted
session key (RSA15 and AES128).
<BR>
Did you try?<BR>
Saludos<BR>
Martin <BR>
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official
business of Sender. This transmission is of a confidential nature and
Sender does not endorse distribution to any party other than intended
recipient. Sender does not necessarily endorse content contained within
this transmission.
Date: Wed, 3 Sep 2008 16:10:30 +0200
From: [EMAIL PROTECTED]
To: axis-user@ws.apache.org
Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j
Thank you very much for your answer, but i forgot to specify that i'm
writing a client in java using wss4j and not WSE, and i don't have
access to the server (anyway, i'm new in this field, so maybe i
haven't understood it well...)
Do you know how to do the same for wss4j in the client?
Thank you.
Martin Gainty escribió:
<policies
xmlns="http://schemas.microsoft.com/wse/2005/06/policy";><BR>
<policy name="x509"><BR>
assume the specified policy includes the directive
messageProtectionOrder="SignBeforeEncrypt"
<BR>
http://erlend.oftedal.no/blog/?blogid=12
<BR>
Saludos<BR>
Martin <BR>
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official
business of Sender. This transmission is of a confidential nature and
Sender does not endorse distribution to any party other than intended
recipient. Sender does not necessarily endorse content contained within
this transmission.
> Date: Wed, 3 Sep 2008 14:30:40 +0200
> From: [EMAIL PROTECTED]
> To: axis-user@ws.apache.org
> Subject: Problem verifying the signature with wss4j
>
> Greetings
>
> I'm trying to write an webservice client wich uses signed SOAP
> messages in order to communicate. For this, i'm using wss4j 1.5.3
with
> axis 1.4. I've succesfully wrote the client code wich signs the
message
> and sends it to the server, but i'm getting the following error:
>
> WSDoAllReceiver: security processing failed; nested exception is:
> org.apache.ws.security.WSSecurityException: The signature
> verification failed (The provided certificate is invalid)
>
> As far as i know (by reading posts in the internet) this is caused
> because the XML is modified after it is signed. I've tried to set
the
> disablePrettyXML to true and the enableNamespacePrefixOptimization
to
> false, but it didn't work...
>
> I've read in other posts that this could be caused by the default
blank
> namespaces added by Axis (when I checked the XML thanks to
TCPMonitor,
> i could see that the attributes of the sent objects had no
namespace,
> but the object itself had).
>
> Does anybody have any solution for this problem? Could be possible
to
> disable the default namespace in axis?
>
> Thank you very much
>
> --
> Un saludo,
>
> Tomás Tormo Franco
>
> Indenova, S.L.
> Tels.: +34 963 81 99 47 ext.519
> http://www.indenova.com
> mailto:[EMAIL PROTECTED]
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
Get more out of the Web. Learn 10 hidden secrets of
Windows
Live. Learn Now
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
See how Windows Mobile brings your life together—at home,
work,
or on the go. See Now
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
_________________________________________________________________
See how Windows Mobile brings your life together—at home, work, or on the go.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/
