Hi Colm
Thanks that was definetly wrong, I fixed that but it still doesn't work. I
also changed it a bit so that it also tries to encrypt, but it doesn't seem
to get by the signature. If I remove the signatrue action and only tries the
encrypt then that doesn't work either.
I gave both the cleint and the server the same alias, is that a problem?
I have attached the altered code again.
Here is part of my client.xml
<bean id="wss4jOut"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature Encrypt" />
<entry key="user" value="football-client" />
<!-- <entry key="passwordType" value="PasswordDigest" />-->
<entry key="passwordCallbackClass"
value="football.demo.client.ClientPasswordCallback" />
<entry key="signaturePropFile" value="client_sign.properties"/>
<entry key="signatureKeyIdentifier" value="DirectReference"/>
<entry key="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
<entry key="encryptionPropFile" value="server_sign.properties"/>
<entry key="encryptionUser" value="football-client"/>
<entry key="encryptionParts"
value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
<entry key="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
</map>
</constructor-arg>
</bean>
and here is the matching server.xml
<bean id="wss4jIn"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature Encrypt" />
<!-- <entry key="passwordType" value="PasswordDigest" />-->
<entry key="passwordCallbackClass"
value="football.demo.server.ServerPasswordCallback" />
<entry key="signaturePropFile" value="client_sign.properties"/>
<entry key="decryptionPropFile" value="server_sign.properties"/>
</map>
</constructor-arg>
</bean>
Kasper
O hEigeartaigh, Colm wrote:
>
>
> Hi Kasper,
>
> Here's the problem - you generate your keys with:
>
> "-keypass keyStorePassword"
>
> Yet your ClientPasswordCallback.java has:
>
> " pc.setPassword("keyPassword");"
>
> Change the above to "pc.setPassword("keyStorePassword");" and it should
> work ok.
>
> Colm.
>
> -----Original Message-----
> From: kasperih [mailto:[EMAIL PROTECTED]
> Sent: 03 March 2008 19:54
> To: [email protected]
> Subject: RE: WS-Security - signature problems
>
>
> I have attached all the files that you asked for. Its the entire
> folder with all the relvant files.
>
> - keytool -genkey -alias football-client -keypass keyStorePassword
> -keystore client-keystore.jks -storepass keyStorePassword -dname
> "cn=football-client" -keyalg RSA
>
> - keytool -selfcert -alias football-client -keystore
> client-keystore.jks - storepass keyStorePassword -keypass
> keyStorePassword
>
> - keytool -export -alias football-client -file key.rsa -keystore
> client-keystore.jks -storepass keyStorePassword
>
> - keytool -import -alias football-client -file key.rsa -keystore
> server-keystore.jks -storepass keyStorePassword
>
>
> These are the commands I used in order to create the keys.
>
>
> Regards
> Kasper H
>
>
>
> O hEigeartaigh, Colm wrote:
>>
>>
>> Can you attach the full code for your sample?
>>
>> Colm.
>>
>> -----Original Message-----
>> From: Kasper Hansen [mailto:[EMAIL PROTECTED]
>> Sent: 03 March 2008 13:30
>> To: [email protected]
>> Subject: WS-Security - signature problems
>>
>> I am rather new to using the cxf. I checked out from svn and had a
>> look at the samples in the disrubution folder. I didn't find a sample
>> for the ws-security so I decided to make one myself.
>> I started with the UsernameToken and this worked fine, I added the
>> logging interceptor and i could see in the SOAP headers that
>> everything was working fine. But then I wanted to sign the message, I
>> followed the instrucions at the cxf page to make the keystores but i
>> cannot get it to work. When I run my server and client, the server
>> runs fine and so does the client, but before I saw the messages in my
>> client windows that was sent but now it seems that nothing gets send,
>> but there is no errors to see even though I turned logging on the log
>> ALL.
>>
>> Here is what i have in my server.xml file:
>>
>> <bean id="saajIn"
>> class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>> <bean id="wss4jIn"
>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>> <constructor-arg>
>> <map>
>> <entry key="action" value="UsernameToken Timestamp
>> Signature" />
>> <entry key="passwordType" value="PasswordDigest" />
>> <entry key="passwordCallbackClass"
>> value="football.demo.server.ServerPasswordCallback" />
>> <entry key="signaturePropFile"
>> value="server_sign.properties"/>
>> </map>
>> </constructor-arg>
>> </bean>
>>
>> <cxf:bus>
>> <cxf:inInterceptors>
>> <ref bean="saajIn"/>
>> <ref bean="wss4jIn"/>
>> </cxf:inInterceptors>
>> <cxf:features>
>> <cxf:logging/>
>> </cxf:features>
>> </cxf:bus>
>> </beans>
>>
>> And in my client.xml file
>>
>> <bean id="saajOut"
>> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
>> <bean id="wss4jOut"
>> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>> <constructor-arg>
>> <map>
>> <entry key="action" value="UsernameToken Timestamp Signature"
> />
>> <entry key="user" value="football-client" />
>> <entry key="passwordType" value="PasswordDigest" />
>> <entry key="passwordCallbackClass"
>> value="football.demo.client.ClientPasswordCallback" />
>> <entry key="signaturePropFile"
> value="client_sign.properties"/>
>> </map>
>> </constructor-arg>
>> </bean>
>>
>> <cxf:bus>
>> <cxf:outInterceptors>
>> <ref bean="saajOut"/>
>> <ref bean="wss4jOut"/>
>> </cxf:outInterceptors>
>> <cxf:features>
>> <cxf:logging/>
>> </cxf:features>
>> </cxf:bus>
>>
>> </beans>
>>
>>
>> Thr request never reaches the server because it doesn't get send, here
>> is the last output in the client command prompt:
>>
>> [java]
>> [java] 03-03-2008 14:13:11
>> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.jaxws.handler.logical.LogicalHandlerOutIntercepto
>> [EMAIL PROTECTED]
>> [java] 03-03-2008 14:13:11
>> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 03-03-2008 14:13:11
>> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 03-03-2008 14:13:11
>> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInt
>> [EMAIL PROTECTED]
>> [java] 03-03-2008 14:13:11
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> Internal
>> handleM
>> essage
>> [java] FINE: WSDoAllSender: enter invoke()
>> [java] 03-03-2008 14:13:11
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> Internal
>> handleM
>> essage
>> [java] FINE: Action: 35
>> [java] 03-03-2008 14:13:11
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> Internal
>> handleM
>> essage
>> [java] FINE: Actor: null
>> [java] 03-03-2008 14:13:11 org.apache.ws.security.WSSConfig
>> loadProvider
>> [java] FINE: The provider JuiCE could not be added:
>> org.apache.security.juice.provider.JuiCEProviderOpenSSL
>> [java] 03-03-2008 14:13:11 org.apache.ws.security.util.Loader
>> getResource
>> [java] FINE: Trying to find [client_sign.properties] using
>> [EMAIL PROTECTED] class loader.
>> [java] 03-03-2008 14:13:11
>> org.apache.ws.security.components.crypto.CryptoFactory loadClass
>> [java] FINE: Using Crypto Engine
>> [org.apache.ws.security.components.crypto.Merlin]
>> [java] 03-03-2008 14:13:11 org.apache.ws.security.util.Loader
>> getResource
>> [java] FINE: Trying to find [client-keystore.jks] using
>> [EMAIL PROTECTED] class loader.
>> [java] 03-03-2008 14:13:11
>> org.apache.ws.security.handler.WSHandler doSenderAction
>> [java] FINE: Performing Action: 1
>> [java] 03-03-2008 14:13:11
>> org.apache.ws.security.message.WSSecUsernameToken build
>> [java] FINE: Begin add username token...
>> [java] 03-03-2008 14:13:11
>> org.apache.ws.security.handler.WSHandler doSenderAction
>> [java] FINE: Performing Action: 32
>> [java] 03-03-2008 14:13:11
>> org.apache.ws.security.message.WSSecTimestamp build
>> [java] FINE: Begin add timestamp...
>> [java] 03-03-2008 14:13:11
>> org.apache.ws.security.handler.WSHandler doSenderAction
>> [java] FINE: Performing Action: 2
>> [java] 03-03-2008 14:13:11
>> org.apache.ws.security.message.WSSecSignature build
>> [java] FINE: Beginning signing...
>> [java] 03-03-2008 14:13:11
>> org.apache.ws.security.message.WSSecSignature prepare
>> [java] FINE: automatic sig algo detection: RSA
>> [java] 03-03-2008 14:13:11
>> org.apache.xml.security.algorithms.SignatureAlgorithm <init>
>> [java] FINE: Create URI
>> "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class "class
>> org.apache.xml.security.algorithm
>> s.implementations.SignatureBaseRSA$SignatureRSASHA1"
>> [java] 03-03-2008 14:13:11
>> org.apache.xml.security.algorithms.JCEMapper translateURItoJCEID
>> [java] FINE: Request for URI
>> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>> [java] 03-03-2008 14:13:11
>> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA
>> <init>
>> [java] FINE: Created SignatureDSA using SHA1withRSA
>> [java] 03-03-2008 14:13:11
>> org.apache.xml.security.utils.ElementProxy <init>
>> [java] FINE: setElement("ds:SignatureMethod", "null")
>> [java] 03-03-2008 14:13:11
>> org.apache.xml.security.algorithms.SignatureAlgorithm <init>
>> [java] FINE: Create URI
>> "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class "class
>> org.apache.xml.security.algorithm
>> s.implementations.SignatureBaseRSA$SignatureRSASHA1"
>> [java] 03-03-2008 14:13:11
>> org.apache.xml.security.algorithms.JCEMapper translateURItoJCEID
>> [java] FINE: Request for URI
>> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>> [java] 03-03-2008 14:13:11
>> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA
>> <init>
>> [java] FINE: Created SignatureDSA using SHA1withRSA
>>
>> BUILD SUCCESSFUL
>> Total time: 8 seconds
>>
>> I would have expected to see a message? Could anyone help me with this
>> problem?
>>
>> Regards
>> Kasper H
>>
>> ----------------------------
>> IONA Technologies PLC (registered in Ireland)
>> Registered Number: 171387
>> Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
> Ireland
>>
>>
> http://www.nabble.com/file/p15812284/Football.zip Football.zip
> --
> View this message in context:
> http://www.nabble.com/WS-Security---signature-problems-tp15805470p158122
> 84.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
>
>
http://www.nabble.com/file/p15825240/Football.zip Football.zip
--
View this message in context:
http://www.nabble.com/WS-Security---signature-problems-tp15805470p15825240.html
Sent from the cxf-user mailing list archive at Nabble.com.
