RE: WS-Security - signature problems

O hEigeartaigh, Colm Tue, 04 Mar 2008 02:59:16 -0800

Hi Kasper,

Here's the problem - you generate your keys with:


"-keypass keyStorePassword"

Yet your ClientPasswordCallback.java has:

" pc.setPassword("keyPassword");"

Change the above to "pc.setPassword("keyStorePassword");" and it should
work ok.

Colm.

-----Original Message-----
From: kasperih [mailto:[EMAIL PROTECTED] 
Sent: 03 March 2008 19:54
To: [email protected]
Subject: RE: WS-Security - signature problems


I have attached all the files that you asked for. Its the entire
folder with all the relvant files.

- keytool -genkey -alias football-client -keypass keyStorePassword
-keystore  client-keystore.jks -storepass keyStorePassword -dname
"cn=football-client" -keyalg RSA

- keytool -selfcert -alias football-client -keystore
client-keystore.jks -   storepass keyStorePassword -keypass
keyStorePassword

- keytool -export -alias football-client -file key.rsa -keystore
client-keystore.jks -storepass keyStorePassword

- keytool -import -alias football-client  -file key.rsa -keystore
server-keystore.jks -storepass keyStorePassword


These are the commands I used in order to create the keys.


Regards
Kasper H



O hEigeartaigh, Colm wrote:
> 
> 
> Can you attach the full code for your sample?
> 
> Colm.
> 
> -----Original Message-----
> From: Kasper Hansen [mailto:[EMAIL PROTECTED] 
> Sent: 03 March 2008 13:30
> To: [email protected]
> Subject: WS-Security - signature problems
> 
> I am rather new to using the cxf. I checked out from svn and had a
> look at the samples in the disrubution folder. I didn't find a sample
> for the ws-security so I decided to make one myself.
> I started with the UsernameToken and this worked fine, I added the
> logging interceptor and i could see in the SOAP headers that
> everything was working fine. But then I wanted to sign the message, I
> followed the instrucions at the cxf page to make the keystores but i
> cannot get it to work. When I run my server and client, the server
> runs fine and so does the client, but before I saw the messages in my
> client windows that was sent but now it seems that nothing gets send,
> but there is no errors to see even though I turned logging on the log
> ALL.
> 
> Here is what i have in my server.xml file:
> 
>   <bean id="saajIn"
> class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>       <bean id="wss4jIn"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>         <constructor-arg>
>           <map>
>             <entry key="action" value="UsernameToken Timestamp
> Signature" />
>             <entry key="passwordType" value="PasswordDigest" />
>             <entry key="passwordCallbackClass"
> value="football.demo.server.ServerPasswordCallback" />
>             <entry key="signaturePropFile"
> value="server_sign.properties"/>
>           </map>
>         </constructor-arg>
>       </bean>
> 
>     <cxf:bus>
>      <cxf:inInterceptors>
>             <ref bean="saajIn"/>
>             <ref bean="wss4jIn"/>
>         </cxf:inInterceptors>
>         <cxf:features>
>             <cxf:logging/>
>         </cxf:features>
>     </cxf:bus>
> </beans>
> 
> And in my client.xml file
> 
>  <bean id="saajOut"
> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
>   <bean id="wss4jOut"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>     <constructor-arg>
>       <map>
>         <entry key="action" value="UsernameToken Timestamp Signature"
/>
>         <entry key="user" value="football-client" />
>         <entry key="passwordType" value="PasswordDigest" />
>         <entry key="passwordCallbackClass"
> value="football.demo.client.ClientPasswordCallback" />
>         <entry key="signaturePropFile"
value="client_sign.properties"/>
>       </map>
>     </constructor-arg>
>   </bean>
> 
>     <cxf:bus>
>        <cxf:outInterceptors>
>             <ref bean="saajOut"/>
>             <ref bean="wss4jOut"/>
>         </cxf:outInterceptors>
>         <cxf:features>
>             <cxf:logging/>
>         </cxf:features>
>     </cxf:bus>
> 
> </beans>
> 
> 
> Thr request never reaches the server because it doesn't get send, here
> is the last output in the client command prompt:
> 
>      [java]
>      [java] 03-03-2008 14:13:11
> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>      [java] FINE: Invoking handleMessage on interceptor
> org.apache.cxf.jaxws.handler.logical.LogicalHandlerOutIntercepto
> [EMAIL PROTECTED]
>      [java] 03-03-2008 14:13:11
> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>      [java] FINE: Invoking handleMessage on interceptor
> [EMAIL PROTECTED]
>      [java] 03-03-2008 14:13:11
> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>      [java] FINE: Invoking handleMessage on interceptor
> [EMAIL PROTECTED]
>      [java] 03-03-2008 14:13:11
> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>      [java] FINE: Invoking handleMessage on interceptor
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInt
> [EMAIL PROTECTED]
>      [java] 03-03-2008 14:13:11
>
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
> Internal
> handleM
> essage
>      [java] FINE: WSDoAllSender: enter invoke()
>      [java] 03-03-2008 14:13:11
>
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
> Internal
> handleM
> essage
>      [java] FINE: Action: 35
>      [java] 03-03-2008 14:13:11
>
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
> Internal
> handleM
> essage
>      [java] FINE: Actor: null
>      [java] 03-03-2008 14:13:11 org.apache.ws.security.WSSConfig
> loadProvider
>      [java] FINE: The provider JuiCE could not be added:
> org.apache.security.juice.provider.JuiCEProviderOpenSSL
>      [java] 03-03-2008 14:13:11 org.apache.ws.security.util.Loader
> getResource
>      [java] FINE: Trying to find [client_sign.properties] using
> [EMAIL PROTECTED] class loader.
>      [java] 03-03-2008 14:13:11
> org.apache.ws.security.components.crypto.CryptoFactory loadClass
>      [java] FINE: Using Crypto Engine
> [org.apache.ws.security.components.crypto.Merlin]
>      [java] 03-03-2008 14:13:11 org.apache.ws.security.util.Loader
> getResource
>      [java] FINE: Trying to find [client-keystore.jks] using
> [EMAIL PROTECTED] class loader.
>      [java] 03-03-2008 14:13:11
> org.apache.ws.security.handler.WSHandler doSenderAction
>      [java] FINE: Performing Action: 1
>      [java] 03-03-2008 14:13:11
> org.apache.ws.security.message.WSSecUsernameToken build
>      [java] FINE: Begin add username token...
>      [java] 03-03-2008 14:13:11
> org.apache.ws.security.handler.WSHandler doSenderAction
>      [java] FINE: Performing Action: 32
>      [java] 03-03-2008 14:13:11
> org.apache.ws.security.message.WSSecTimestamp build
>      [java] FINE: Begin add timestamp...
>      [java] 03-03-2008 14:13:11
> org.apache.ws.security.handler.WSHandler doSenderAction
>      [java] FINE: Performing Action: 2
>      [java] 03-03-2008 14:13:11
> org.apache.ws.security.message.WSSecSignature build
>      [java] FINE: Beginning signing...
>      [java] 03-03-2008 14:13:11
> org.apache.ws.security.message.WSSecSignature prepare
>      [java] FINE: automatic sig algo detection: RSA
>      [java] 03-03-2008 14:13:11
> org.apache.xml.security.algorithms.SignatureAlgorithm <init>
>      [java] FINE: Create URI
> "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class "class
> org.apache.xml.security.algorithm
> s.implementations.SignatureBaseRSA$SignatureRSASHA1"
>      [java] 03-03-2008 14:13:11
> org.apache.xml.security.algorithms.JCEMapper translateURItoJCEID
>      [java] FINE: Request for URI
> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>      [java] 03-03-2008 14:13:11
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA
> <init>
>      [java] FINE: Created SignatureDSA using SHA1withRSA
>      [java] 03-03-2008 14:13:11
> org.apache.xml.security.utils.ElementProxy <init>
>      [java] FINE: setElement("ds:SignatureMethod", "null")
>      [java] 03-03-2008 14:13:11
> org.apache.xml.security.algorithms.SignatureAlgorithm <init>
>      [java] FINE: Create URI
> "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class "class
> org.apache.xml.security.algorithm
> s.implementations.SignatureBaseRSA$SignatureRSASHA1"
>      [java] 03-03-2008 14:13:11
> org.apache.xml.security.algorithms.JCEMapper translateURItoJCEID
>      [java] FINE: Request for URI
> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>      [java] 03-03-2008 14:13:11
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA
> <init>
>      [java] FINE: Created SignatureDSA using SHA1withRSA
> 
> BUILD SUCCESSFUL
> Total time: 8 seconds
> 
> I would have expected to see a message? Could anyone help me with this
> problem?
> 
> Regards
> Kasper H
> 
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
Ireland
> 
> 
http://www.nabble.com/file/p15812284/Football.zip Football.zip 
-- 
View this message in context:
http://www.nabble.com/WS-Security---signature-problems-tp15805470p158122
84.html
Sent from the cxf-user mailing list archive at Nabble.com.

----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland

RE: WS-Security - signature problems

Reply via email to