even though this is correct, what you say, how does it explain that the
client doesn't send anything? I get the excact same behaviour no matter if I
start the server or not.
My problems initially started with an error thar it couldn't find th
bouncycastle, I then went and made changes to mylocal version of the pom.xml
at http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
I changed this
<dependency>
<groupId>${pom.groupId}</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>${pom.version}</version>
<exclusions>
<exclusion>
<groupId>bouncycastle</groupId>
<artifactId>bcprov-jdk14</artifactId>
</exclusion>
</exclusions>
</dependency>
to this
<dependency>
<groupId>${pom.groupId}</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>${pom.version}</version>
</dependency>
and then I ran mvn install from the distrubution directory.
I wa looking at the outout in the client window, and there is one linie
which says:
The provider JuiCE could not be added:
org.apache.security.juice.provider.JuiCEProviderOpenSSL
If I go here and have a look at the code
http://ws.apache.org/wss4j/xref/org/apache/ws/security/WSSConfig.html linie
279 I can see that an exception is catched, is this important?
kasper
O hEigeartaigh, Colm wrote:
>
>
>> Now I am a little confused, isn't that what I am doing already
>
> No. On the client side you're using:
>
> <entry key="signaturePropFile" value="client_sign.properties"/>
> <entry key="encryptionPropFile" value="server_sign.properties"/>
>
> This is fine. On the server side you're using:
>
> <entry key="signaturePropFile" value="client_sign.properties"/>
> <entry key="decryptionPropFile" value="server_sign.properties"/>
>
> This won't work as there is no private key in the server keystore to
> perform decryption. If you were to change it around to:
>
> <entry key="signaturePropFile" value="server_sign.properties"/>
> <entry key="decryptionPropFile" value="client_sign.properties"/>
>
> then it should work, as a private key isn't required for verifying a
> signature.
>
> One more thing, I don't believe the following will work, as I don't
> think WSS4J supports encrypting signatures in this way, although I could
> be wrong.
>
> <entry key="encryptionParts"
> value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{
> http://schemas.xmlsoap.org/soap/envelope/}Body"/>
>
> Colm.
>
>
> -----Original Message-----
> From: kasperih [mailto:[EMAIL PROTECTED]
> Sent: 04 March 2008 13:30
> To: [email protected]
> Subject: RE: WS-Security - signature problems
>
>
> Now I am a little confused, isn't that what I am doing already
>
> client.xml
>
> <bean id="wss4jOut"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="Timestamp Encrypt" />
> <entry key="user" value="football-client" />
> <!-- <entry key="passwordType" value="PasswordDigest" />-->
> <entry key="passwordCallbackClass"
> value="football.demo.KeystorePasswordCallback" />
> <entry key="signaturePropFile" value="client_sign.properties"/>
> <entry key="signatureKeyIdentifier" value="DirectReference"/>
> <entry key="signatureParts"
> value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
> -wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.o
> rg/soap/envelope/}Body"/>
> <entry key="encryptionPropFile" value="server_sign.properties"/>
> <entry key="encryptionUser" value="football-client"/>
> <entry key="encryptionParts"
> value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{
> http://schemas.xmlsoap.org/soap/envelope/}Body"/>
> <entry key="encryptionSymAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
> </map>
> </constructor-arg>
> </bean>
>
> The encryptionpropfile i th server_sign-properties
>
> server.xml
> <bean id="wss4jIn"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="Timestamp Signature Encrypt" />
> <!-- <entry key="passwordType" value="PasswordDigest" />-->
> <entry key="passwordCallbackClass"
> value="football.demo.KeystorePasswordCallback" />
> <entry key="signaturePropFile"
> value="client_sign.properties"/>
> <entry key="decryptionPropFile"
> value="server_sign.properties"/>
> </map>
> </constructor-arg>
> </bean>
>
> this uses the client_sign.properties for decryption.
>
> But whar about the signature, I still need both to work.
>
> /Kasper
>
>
> O hEigeartaigh, Colm wrote:
>>
>>
>> The problem is in how you're using the keys, not in your configuration
>> for WS-Security. "server-keystore.jks" contains a "trustedCertEntry"
> and
>> hence can be used for encryption, as encryption only requires access
> to
>> a public key. It can't be used for decryption however.
>>
>> "client-keystore.jks" contains a "keyEntry" and hence can be used for
>> decryption. So to get just encryption working for your configuration,
>> use "server_sign.properties" on the outbound side, and
>> "client_sign.properties" on the inbound side and it should work.
>>
>> If you want to add signature into the mix, then you should generate
>> another set of keys.
>>
>> Colm.
>>
>> -----Original Message-----
>> From: kasperih [mailto:[EMAIL PROTECTED]
>> Sent: 04 March 2008 12:44
>> To: [email protected]
>> Subject: RE: WS-Security - signature problems
>>
>>
>> I changed the callback class to be acommon one for both server and
>> client, so
>> client.xml
>>
>>
>> <bean id="wss4jOut"
>> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>> <constructor-arg>
>> <map>
>> <entry key="action" value="Timestamp Signature Encrypt" />
>> <entry key="user" value="football-client" />
>> <!-- <entry key="passwordType" value="PasswordDigest" />-->
>> <entry key="passwordCallbackClass"
>> value="football.demo.KeystorePasswordCallback" />
>> <entry key="signaturePropFile"
> value="client_sign.properties"/>
>> <entry key="signatureKeyIdentifier" value="DirectReference"/>
>> <entry key="signatureParts"
>>
> value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
>>
> -wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.o
>> rg/soap/envelope/}Body"/>
>> <entry key="encryptionPropFile"
> value="server_sign.properties"/>
>> <entry key="encryptionUser" value="football-client"/>
>> <entry key="encryptionParts"
>>
> value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{
>> http://schemas.xmlsoap.org/soap/envelope/}Body"/>
>> <entry key="encryptionSymAlgorithm"
>> value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
>> </map>
>> </constructor-arg>
>> </bean>
>>
>> The class looks like this:
>>
>>
>> public class KeystorePasswordCallback implements CallbackHandler {
>>
>> private static final String password = "keyStorePassword";
>>
>> public void handle(Callback[] callbacks) throws IOException,
>> UnsupportedCallbackException {
>> for (int i = 0; i < callbacks.length; i++) {
>> WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
>> pc.setPassword(password);
>> return;
>> }
>> }
>> }
>>
>> I am not even getting an error when not starting the server, because
>> nothing
>> gets send.
>> With this action <entry key="action" value="Timestamp Signature
> Encrypt"
>> />
>>
>> I get this output in the client window, logging is set to ALL
>>
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.configuration.spring.ConfigurerImpl configureBean
>> [java] FINE: Could not find a definition for bean with id
>> {http://apache.org/football_soap_http}SoapPort.http-condu
>> it - no injection will be performed.
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.transport.http.HTTPConduit
>> finalizeConfig
>> [java] FINE: No Trust Decider configured for Conduit
>> '{http://apache.org/football_soap_http}SoapPort.http-conduit'
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.transport.http.HTTPConduit
>> finalizeConfig
>> [java] FINE: No Basic Auth Supplier configured for Conduit
>> '{http://apache.org/football_soap_http}SoapPort.http-con
>> duit'
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.transport.http.HTTPConduit
>> finalizeConfig
>> [java] FINE: Conduit
>> '{http://apache.org/football_soap_http}SoapPort.http-conduit' has been
>> configured for plain ht
>> tp.
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.transport.AbstractObservable
>> setMessageObserver
>> [java] FINE: registering incoming observer:
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> outputChainToLog
>> [java] FINE: Chain
>> [EMAIL PROTECTED]
>> was created. Current flow:
>> [java] pre-logical [HolderOutInterceptor, SwAOutInterceptor,
>> WrapperClassOutInterceptor, SoapHeaderOutFilterInter
>> ceptor]
>> [java] post-logical [SoapActionOutInterceptor]
>> [java] prepare-send [MessageSenderInterceptor]
>> [java] pre-stream [LoggingOutInterceptor,
>> SoapPreProtocolOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterce
>> ptor]
>> [java] pre-protocol [SAAJOutInterceptor, WSS4JOutInterceptor,
>> SOAPHandlerInterceptor]
>> [java] write [SoapOutInterceptor]
>> [java] pre-marshal [LogicalHandlerOutInterceptor]
>> [java] marshal [WrappedOutInterceptor, BareOutInterceptor]
>> [java]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.jaxws.interceptors.HolderOutInterceptor handleMessage
>> [java] FINE: op: [OperationInfo:
>> {http://apache.org/football_soap_http}getPlayer]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.jaxws.interceptors.HolderOutInterceptor handleMessage
>> [java] FINE: op.hasOutput(): true
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.jaxws.interceptors.HolderOutInterceptor handleMessage
>> [java] FINE: op.getOutput().size(): 1
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> 2e4
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInter
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.binding.soap.interceptor.SoapActionOutInterceptor
>> @dd89f9
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> add
>> [java] FINE: Adding interceptor
>>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
>> nterceptor@
>> 36ae83 to phase prepare-send-ending
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> outputChainToLog
>> [java] FINE: Chain
>> [EMAIL PROTECTED]
>> was modified. Current flow:
>> [java] pre-logical [HolderOutInterceptor, SwAOutInterceptor,
>> WrapperClassOutInterceptor, SoapHeaderOutFilterInter
>> ceptor]
>> [java] post-logical [SoapActionOutInterceptor]
>> [java] prepare-send [MessageSenderInterceptor]
>> [java] pre-stream [LoggingOutInterceptor,
>> SoapPreProtocolOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterce
>> ptor]
>> [java] pre-protocol [SAAJOutInterceptor, WSS4JOutInterceptor,
>> SOAPHandlerInterceptor]
>> [java] write [SoapOutInterceptor]
>> [java] pre-marshal [LogicalHandlerOutInterceptor]
>> [java] marshal [WrappedOutInterceptor, BareOutInterceptor]
>> [java] prepare-send-ending [MessageSenderEndingInterceptor]
>> [java]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterc
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> add
>> [java] FINE: Adding interceptor
>>
> [EMAIL PROTECTED]
>> 836aea
>> to p
>> hase pre-stream-ending
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> outputChainToLog
>> [java] FINE: Chain
>> [EMAIL PROTECTED]
>> was modified. Current flow:
>> [java] pre-logical [HolderOutInterceptor, SwAOutInterceptor,
>> WrapperClassOutInterceptor, SoapHeaderOutFilterInter
>> ceptor]
>> [java] post-logical [SoapActionOutInterceptor]
>> [java] prepare-send [MessageSenderInterceptor]
>> [java] pre-stream [LoggingOutInterceptor,
>> SoapPreProtocolOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterce
>> ptor]
>> [java] pre-protocol [SAAJOutInterceptor, WSS4JOutInterceptor,
>> SOAPHandlerInterceptor]
>> [java] write [SoapOutInterceptor]
>> [java] pre-marshal [LogicalHandlerOutInterceptor]
>> [java] marshal [WrappedOutInterceptor, BareOutInterceptor]
>> [java] pre-stream-ending [StaxOutEndingInterceptor]
>> [java] prepare-send-ending [MessageSenderEndingInterceptor]
>> [java]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> add
>> [java] FINE: Adding interceptor
>>
> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterce
>> [EMAIL PROTECTED]
>> to phase pre-protocol-ending
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> outputChainToLog
>> [java] FINE: Chain
>> [EMAIL PROTECTED]
>> was modified. Current flow:
>> [java] pre-logical [HolderOutInterceptor, SwAOutInterceptor,
>> WrapperClassOutInterceptor, SoapHeaderOutFilterInter
>> ceptor]
>> [java] post-logical [SoapActionOutInterceptor]
>> [java] prepare-send [MessageSenderInterceptor]
>> [java] pre-stream [LoggingOutInterceptor,
>> SoapPreProtocolOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterce
>> ptor]
>> [java] pre-protocol [SAAJOutInterceptor, WSS4JOutInterceptor,
>> SOAPHandlerInterceptor]
>> [java] write [SoapOutInterceptor]
>> [java] pre-marshal [LogicalHandlerOutInterceptor]
>> [java] marshal [WrappedOutInterceptor, BareOutInterceptor]
>> [java] pre-protocol-ending [SAAJOutEndingInterceptor]
>> [java] pre-stream-ending [StaxOutEndingInterceptor]
>> [java] prepare-send-ending [MessageSenderEndingInterceptor]
>> [java]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> add
>> [java] FINE: Adding interceptor
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> [EMAIL PROTECTED]
>> 8980 to phase post-protocol
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> outputChainToLog
>> [java] FINE: Chain
>> [EMAIL PROTECTED]
>> was modified. Current flow:
>> [java] pre-logical [HolderOutInterceptor, SwAOutInterceptor,
>> WrapperClassOutInterceptor, SoapHeaderOutFilterInter
>> ceptor]
>> [java] post-logical [SoapActionOutInterceptor]
>> [java] prepare-send [MessageSenderInterceptor]
>> [java] pre-stream [LoggingOutInterceptor,
>> SoapPreProtocolOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterce
>> ptor]
>> [java] pre-protocol [SAAJOutInterceptor, WSS4JOutInterceptor,
>> SOAPHandlerInterceptor]
>> [java] write [SoapOutInterceptor]
>> [java] pre-marshal [LogicalHandlerOutInterceptor]
>> [java] marshal [WrappedOutInterceptor, BareOutInterceptor]
>> [java] post-protocol [WSS4JOutInterceptorInternal]
>> [java] pre-protocol-ending [SAAJOutEndingInterceptor]
>> [java] pre-stream-ending [StaxOutEndingInterceptor]
>> [java] prepare-send-ending [MessageSenderEndingInterceptor]
>> [java]
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>>
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.jaxws.handler.HandlerChainInvoker <init>
>> [java] FINE: invoker for chain size: 0
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> e
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> add
>> [java] FINE: Adding interceptor
>>
> org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEnding
>> Interceptor
>> @5db9eb to phase write-ending
>> [java] 04-03-2008 13:37:36
>> org.apache.cxf.phase.PhaseInterceptorChain
>> outputChainToLog
>> [java] FINE: Chain
>> [EMAIL PROTECTED]
>> was modified. Current flow:
>> [java] pre-logical [HolderOutInterceptor, SwAOutInterceptor,
>> WrapperClassOutInterceptor, SoapHeaderOutFilterInter
>> ceptor]
>> [java] post-logical [SoapActionOutInterceptor]
>> [java] prepare-send [MessageSenderInterceptor]
>> [java] pre-stream [LoggingOutInterceptor,
>> SoapPreProtocolOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterce
>> ptor]
>> [java] pre-protocol [SAAJOutInterceptor, WSS4JOutInterceptor,
>> SOAPHandlerInterceptor]
>> [java] write [SoapOutInterceptor]
>> [java] pre-marshal [LogicalHandlerOutInterceptor]
>> [java] marshal [WrappedOutInterceptor, BareOutInterceptor]
>> [java] post-protocol [WSS4JOutInterceptorInternal]
>> [java] write-ending [SoapOutEndingInterceptor]
>> [java] pre-protocol-ending [SAAJOutEndingInterceptor]
>> [java] pre-stream-ending [StaxOutEndingInterceptor]
>> [java] prepare-send-ending [MessageSenderEndingInterceptor]
>> [java]
>> [java] 04-03-2008 13:37:37
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.jaxws.handler.logical.LogicalHandlerOutIntercepto
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:37
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:37
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:37
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInt
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:37:37
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> Internal
>> handleM
>> essage
>> [java] FINE: WSDoAllSender: enter invoke()
>> [java] 04-03-2008 13:37:37
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> Internal
>> handleM
>> essage
>> [java] FINE: Action: 38
>> [java] 04-03-2008 13:37:37
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> Internal
>> handleM
>> essage
>> [java] FINE: Actor: null
>> [java] 04-03-2008 13:37:37 org.apache.ws.security.WSSConfig
>> loadProvider
>> [java] FINE: The provider JuiCE could not be added:
>> org.apache.security.juice.provider.JuiCEProviderOpenSSL
>> [java] 04-03-2008 13:37:37 org.apache.ws.security.util.Loader
>> getResource
>> [java] FINE: Trying to find [client_sign.properties] using
>> [EMAIL PROTECTED] class loader.
>> [java] 04-03-2008 13:37:37
>> org.apache.ws.security.components.crypto.CryptoFactory loadClass
>> [java] FINE: Using Crypto Engine
>> [org.apache.ws.security.components.crypto.Merlin]
>> [java] 04-03-2008 13:37:37 org.apache.ws.security.util.Loader
>> getResource
>> [java] FINE: Trying to find [client-keystore.jks] using
>> [EMAIL PROTECTED] class loader.
>> [java] 04-03-2008 13:37:37
> org.apache.ws.security.handler.WSHandler
>> splitEncParts
>> [java] FINE: partDefs: 'Element'
>>
> ,'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-uti
>> lity-1.0.x
>> sd' ,'Timestamp'
>> [java] 04-03-2008 13:37:37
> org.apache.ws.security.handler.WSHandler
>> splitEncParts
>> [java] FINE: partDefs: 'Element'
>> ,'http://schemas.xmlsoap.org/soap/envelope/' ,'Body'
>> [java] 04-03-2008 13:37:37 org.apache.ws.security.util.Loader
>> getResource
>> [java] FINE: Trying to find [server_sign.properties] using
>> [EMAIL PROTECTED] class loader.
>> [java] 04-03-2008 13:37:37
>> org.apache.ws.security.components.crypto.CryptoFactory loadClass
>> [java] FINE: Using Crypto Engine
>> [org.apache.ws.security.components.crypto.Merlin]
>> [java] 04-03-2008 13:37:37 org.apache.ws.security.util.Loader
>> getResource
>> [java] FINE: Trying to find [server-keystore.jks] using
>> [EMAIL PROTECTED] class loader.
>> [java] 04-03-2008 13:37:37
> org.apache.ws.security.handler.WSHandler
>> splitEncParts
>> [java] FINE: partDefs: 'Element'
>> ,'http://www.w3.org/2000/09/xmldsig#'
>> ,'Signature'
>> [java] 04-03-2008 13:37:37
> org.apache.ws.security.handler.WSHandler
>> splitEncParts
>> [java] FINE: partDefs: 'Content'
>> ,'http://schemas.xmlsoap.org/soap/envelope/' ,'Body'
>> [java] 04-03-2008 13:37:37
> org.apache.ws.security.handler.WSHandler
>> doSenderAction
>> [java] FINE: Performing Action: 32
>> [java] 04-03-2008 13:37:37
>> org.apache.ws.security.message.WSSecTimestamp build
>> [java] FINE: Begin add timestamp...
>> [java] 04-03-2008 13:37:37
> org.apache.ws.security.handler.WSHandler
>> doSenderAction
>> [java] FINE: Performing Action: 2
>> [java] 04-03-2008 13:37:37
>> org.apache.ws.security.message.WSSecSignature build
>> [java] FINE: Beginning signing...
>> [java] 04-03-2008 13:37:37
>> org.apache.ws.security.message.WSSecSignature prepare
>> [java] FINE: automatic sig algo detection: RSA
>> [java] 04-03-2008 13:37:37
>> org.apache.xml.security.algorithms.SignatureAlgorithm <init>
>> [java] FINE: Create URI
>> "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
>> class "class org.apache.xml.security.algorithm
>> s.implementations.SignatureBaseRSA$SignatureRSASHA1"
>> [java] 04-03-2008 13:37:37
>> org.apache.xml.security.algorithms.JCEMapper
>> translateURItoJCEID
>> [java] FINE: Request for URI
>> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>> [java] 04-03-2008 13:37:37
>> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA
>> <init>
>> [java] FINE: Created SignatureDSA using SHA1withRSA
>> [java] 04-03-2008 13:37:37
>> org.apache.xml.security.utils.ElementProxy
>> <init>
>> [java] FINE: setElement("ds:SignatureMethod", "null")
>> [java] 04-03-2008 13:37:37
>> org.apache.xml.security.algorithms.SignatureAlgorithm <init>
>> [java] FINE: Create URI
>> "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
>> class "class org.apache.xml.security.algorithm
>> s.implementations.SignatureBaseRSA$SignatureRSASHA1"
>> [java] 04-03-2008 13:37:37
>> org.apache.xml.security.algorithms.JCEMapper
>> translateURItoJCEID
>> [java] FINE: Request for URI
>> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>> [java] 04-03-2008 13:37:37
>> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA
>> <init>
>> [java] FINE: Created SignatureDSA using SHA1withRSA
>>
>> BUILD SUCCESSFUL
>>
>> If I try and remove the Signature from the action I get this:
>>
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.configuration.spring.ConfigurerImpl configureBean
>> [java] FINE: Could not find a definition for bean with id
>> {http://apache.org/football_soap_http}SoapPort.http-condu
>> it - no injection will be performed.
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.transport.http.HTTPConduit
>> finalizeConfig
>> [java] FINE: No Trust Decider configured for Conduit
>> '{http://apache.org/football_soap_http}SoapPort.http-conduit'
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.transport.http.HTTPConduit
>> finalizeConfig
>> [java] FINE: No Basic Auth Supplier configured for Conduit
>> '{http://apache.org/football_soap_http}SoapPort.http-con
>> duit'
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.transport.http.HTTPConduit
>> finalizeConfig
>> [java] FINE: Conduit
>> '{http://apache.org/football_soap_http}SoapPort.http-conduit' has been
>> configured for plain ht
>> tp.
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.transport.AbstractObservable
>> setMessageObserver
>> [java] FINE: registering incoming observer:
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> outputChainToLog
>> [java] FINE: Chain
> [EMAIL PROTECTED]
>> was
>> created. Current flow:
>> [java] pre-logical [HolderOutInterceptor, SwAOutInterceptor,
>> WrapperClassOutInterceptor, SoapHeaderOutFilterInter
>> ceptor]
>> [java] post-logical [SoapActionOutInterceptor]
>> [java] prepare-send [MessageSenderInterceptor]
>> [java] pre-stream [LoggingOutInterceptor,
>> SoapPreProtocolOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterce
>> ptor]
>> [java] pre-protocol [SAAJOutInterceptor, WSS4JOutInterceptor,
>> SOAPHandlerInterceptor]
>> [java] write [SoapOutInterceptor]
>> [java] pre-marshal [LogicalHandlerOutInterceptor]
>> [java] marshal [WrappedOutInterceptor, BareOutInterceptor]
>> [java]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.jaxws.interceptors.HolderOutInterceptor handleMessage
>> [java] FINE: op: [OperationInfo:
>> {http://apache.org/football_soap_http}getPlayer]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.jaxws.interceptors.HolderOutInterceptor handleMessage
>> [java] FINE: op.hasOutput(): true
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.jaxws.interceptors.HolderOutInterceptor handleMessage
>> [java] FINE: op.getOutput().size(): 1
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> e178
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInter
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.binding.soap.interceptor.SoapActionOutInterceptor
>> @f5b2e4
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> add
>> [java] FINE: Adding interceptor
>>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
>> nterceptor@
>> 16136f0 to phase prepare-send-ending
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> outputChainToLog
>> [java] FINE: Chain
> [EMAIL PROTECTED]
>> was
>> modified. Current flow:
>> [java] pre-logical [HolderOutInterceptor, SwAOutInterceptor,
>> WrapperClassOutInterceptor, SoapHeaderOutFilterInter
>> ceptor]
>> [java] post-logical [SoapActionOutInterceptor]
>> [java] prepare-send [MessageSenderInterceptor]
>> [java] pre-stream [LoggingOutInterceptor,
>> SoapPreProtocolOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterce
>> ptor]
>> [java] pre-protocol [SAAJOutInterceptor, WSS4JOutInterceptor,
>> SOAPHandlerInterceptor]
>> [java] write [SoapOutInterceptor]
>> [java] pre-marshal [LogicalHandlerOutInterceptor]
>> [java] marshal [WrappedOutInterceptor, BareOutInterceptor]
>> [java] prepare-send-ending [MessageSenderEndingInterceptor]
>> [java]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterc
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> add
>> [java] FINE: Adding interceptor
>>
> [EMAIL PROTECTED]
>> d28c7
>> to ph
>> ase pre-stream-ending
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> outputChainToLog
>> [java] FINE: Chain
> [EMAIL PROTECTED]
>> was
>> modified. Current flow:
>> [java] pre-logical [HolderOutInterceptor, SwAOutInterceptor,
>> WrapperClassOutInterceptor, SoapHeaderOutFilterInter
>> ceptor]
>> [java] post-logical [SoapActionOutInterceptor]
>> [java] prepare-send [MessageSenderInterceptor]
>> [java] pre-stream [LoggingOutInterceptor,
>> SoapPreProtocolOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterce
>> ptor]
>> [java] pre-protocol [SAAJOutInterceptor, WSS4JOutInterceptor,
>> SOAPHandlerInterceptor]
>> [java] write [SoapOutInterceptor]
>> [java] pre-marshal [LogicalHandlerOutInterceptor]
>> [java] marshal [WrappedOutInterceptor, BareOutInterceptor]
>> [java] pre-stream-ending [StaxOutEndingInterceptor]
>> [java] prepare-send-ending [MessageSenderEndingInterceptor]
>> [java]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> add
>> [java] FINE: Adding interceptor
>>
> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterce
>> [EMAIL PROTECTED]
>> to phase pre-protocol-ending
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> outputChainToLog
>> [java] FINE: Chain
> [EMAIL PROTECTED]
>> was
>> modified. Current flow:
>> [java] pre-logical [HolderOutInterceptor, SwAOutInterceptor,
>> WrapperClassOutInterceptor, SoapHeaderOutFilterInter
>> ceptor]
>> [java] post-logical [SoapActionOutInterceptor]
>> [java] prepare-send [MessageSenderInterceptor]
>> [java] pre-stream [LoggingOutInterceptor,
>> SoapPreProtocolOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterce
>> ptor]
>> [java] pre-protocol [SAAJOutInterceptor, WSS4JOutInterceptor,
>> SOAPHandlerInterceptor]
>> [java] write [SoapOutInterceptor]
>> [java] pre-marshal [LogicalHandlerOutInterceptor]
>> [java] marshal [WrappedOutInterceptor, BareOutInterceptor]
>> [java] pre-protocol-ending [SAAJOutEndingInterceptor]
>> [java] pre-stream-ending [StaxOutEndingInterceptor]
>> [java] prepare-send-ending [MessageSenderEndingInterceptor]
>> [java]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> add
>> [java] FINE: Adding interceptor
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> [EMAIL PROTECTED]
>> f93b to phase post-protocol
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> outputChainToLog
>> [java] FINE: Chain
> [EMAIL PROTECTED]
>> was
>> modified. Current flow:
>> [java] pre-logical [HolderOutInterceptor, SwAOutInterceptor,
>> WrapperClassOutInterceptor, SoapHeaderOutFilterInter
>> ceptor]
>> [java] post-logical [SoapActionOutInterceptor]
>> [java] prepare-send [MessageSenderInterceptor]
>> [java] pre-stream [LoggingOutInterceptor,
>> SoapPreProtocolOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterce
>> ptor]
>> [java] pre-protocol [SAAJOutInterceptor, WSS4JOutInterceptor,
>> SOAPHandlerInterceptor]
>> [java] write [SoapOutInterceptor]
>> [java] pre-marshal [LogicalHandlerOutInterceptor]
>> [java] marshal [WrappedOutInterceptor, BareOutInterceptor]
>> [java] post-protocol [WSS4JOutInterceptorInternal]
>> [java] pre-protocol-ending [SAAJOutEndingInterceptor]
>> [java] pre-stream-ending [StaxOutEndingInterceptor]
>> [java] prepare-send-ending [MessageSenderEndingInterceptor]
>> [java]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.jaxws.handler.HandlerChainInvoker <init>
>> [java] FINE: invoker for chain size: 0
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> b
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> add
>> [java] FINE: Adding interceptor
>>
> org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEnding
>> Interceptor
>> @19481b2 to phase write-ending
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> outputChainToLog
>> [java] FINE: Chain
> [EMAIL PROTECTED]
>> was
>> modified. Current flow:
>> [java] pre-logical [HolderOutInterceptor, SwAOutInterceptor,
>> WrapperClassOutInterceptor, SoapHeaderOutFilterInter
>> ceptor]
>> [java] post-logical [SoapActionOutInterceptor]
>> [java] prepare-send [MessageSenderInterceptor]
>> [java] pre-stream [LoggingOutInterceptor,
>> SoapPreProtocolOutInterceptor, AttachmentOutInterceptor,
> StaxOutInterce
>> ptor]
>> [java] pre-protocol [SAAJOutInterceptor, WSS4JOutInterceptor,
>> SOAPHandlerInterceptor]
>> [java] write [SoapOutInterceptor]
>> [java] pre-marshal [LogicalHandlerOutInterceptor]
>> [java] marshal [WrappedOutInterceptor, BareOutInterceptor]
>> [java] post-protocol [WSS4JOutInterceptorInternal]
>> [java] write-ending [SoapOutEndingInterceptor]
>> [java] pre-protocol-ending [SAAJOutEndingInterceptor]
>> [java] pre-stream-ending [StaxOutEndingInterceptor]
>> [java] prepare-send-ending [MessageSenderEndingInterceptor]
>> [java]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.jaxws.handler.logical.LogicalHandlerOutIntercepto
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>> org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInt
>> [EMAIL PROTECTED]
>> [java] 04-03-2008 13:42:52
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> Internal
>> handleM
>> essage
>> [java] FINE: WSDoAllSender: enter invoke()
>> [java] 04-03-2008 13:42:52
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> Internal
>> handleM
>> essage
>> [java] FINE: Action: 36
>> [java] 04-03-2008 13:42:52
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> Internal
>> handleM
>> essage
>> [java] FINE: Actor: null
>> [java] 04-03-2008 13:42:52 org.apache.ws.security.WSSConfig
>> loadProvider
>> [java] FINE: The provider JuiCE could not be added:
>> org.apache.security.juice.provider.JuiCEProviderOpenSSL
>> [java] 04-03-2008 13:42:52 org.apache.ws.security.util.Loader
>> getResource
>> [java] FINE: Trying to find [server_sign.properties] using
>> [EMAIL PROTECTED] class loader.
>> [java] 04-03-2008 13:42:52
>> org.apache.ws.security.components.crypto.CryptoFactory loadClass
>> [java] FINE: Using Crypto Engine
>> [org.apache.ws.security.components.crypto.Merlin]
>> [java] 04-03-2008 13:42:52 org.apache.ws.security.util.Loader
>> getResource
>> [java] FINE: Trying to find [server-keystore.jks] using
>> [EMAIL PROTECTED] class loader.
>> [java] 04-03-2008 13:42:53
> org.apache.ws.security.handler.WSHandler
>> splitEncParts
>> [java] FINE: partDefs: 'Element'
>> ,'http://www.w3.org/2000/09/xmldsig#'
>> ,'Signature'
>> [java] 04-03-2008 13:42:53
> org.apache.ws.security.handler.WSHandler
>> splitEncParts
>> [java] FINE: partDefs: 'Content'
>> ,'http://schemas.xmlsoap.org/soap/envelope/' ,'Body'
>> [java] 04-03-2008 13:42:53
> org.apache.ws.security.handler.WSHandler
>> doSenderAction
>> [java] FINE: Performing Action: 32
>> [java] 04-03-2008 13:42:53
>> org.apache.ws.security.message.WSSecTimestamp build
>> [java] FINE: Begin add timestamp...
>> [java] 04-03-2008 13:42:53
> org.apache.ws.security.handler.WSHandler
>> doSenderAction
>> [java] FINE: Performing Action: 4
>> [java] 04-03-2008 13:42:53
>> org.apache.ws.security.message.WSSecEncrypt
>> build
>> [java] FINE: Beginning Encryption...
>> [java] 04-03-2008 13:42:56
>> org.apache.ws.security.message.WSSecEncryptedKey prepareInternal
>> [java] FINE: cipher blksize: 117, symm key length: 24
>>
>> BUILD SUCCESSFUL
>>
>> /Kasper
>>
>>
>> O hEigeartaigh, Colm wrote:
>>>
>>>
>>> Can you attach a stack trace and/or logging information? I suspect
> the
>>> problem is in your callback implementations. Have you changed your
>>> ClientCallback implementation to account for encryption as well?
>>>
>>> Colm.
>>>
>>> -----Original Message-----
>>> From: kasperih [mailto:[EMAIL PROTECTED]
>>> Sent: 04 March 2008 11:29
>>> To: [email protected]
>>> Subject: RE: WS-Security - signature problems
>>>
>>>
>>> Hi Colm
>>>
>>> Thanks that was definetly wrong, I fixed that but it still doesn't
>> work.
>>> I
>>> also changed it a bit so that it also tries to encrypt, but it
> doesn't
>>> seem
>>> to get by the signature. If I remove the signatrue action and only
>> tries
>>> the
>>> encrypt then that doesn't work either.
>>> I gave both the cleint and the server the same alias, is that a
>> problem?
>>>
>>> I have attached the altered code again.
>>>
>>> Here is part of my client.xml
>>>
>>> <bean id="wss4jOut"
>>> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>>> <constructor-arg>
>>> <map>
>>> <entry key="action" value="Timestamp Signature Encrypt" />
>>> <entry key="user" value="football-client" />
>>> <!-- <entry key="passwordType" value="PasswordDigest" />-->
>>> <entry key="passwordCallbackClass"
>>> value="football.demo.client.ClientPasswordCallback" />
>>> <entry key="signaturePropFile"
>> value="client_sign.properties"/>
>>> <entry key="signatureKeyIdentifier" value="DirectReference"/>
>>> <entry key="signatureParts"
>>>
>>
> value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
>>>
>>
> -wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.o
>>> rg/soap/envelope/}Body"/>
>>> <entry key="encryptionPropFile"
>> value="server_sign.properties"/>
>>> <entry key="encryptionUser" value="football-client"/>
>>> <entry key="encryptionParts"
>>>
>>
> value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{
>>> http://schemas.xmlsoap.org/soap/envelope/}Body"/>
>>> <entry key="encryptionSymAlgorithm"
>>> value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
>>> </map>
>>> </constructor-arg>
>>> </bean>
>>>
>>> and here is the matching server.xml
>>>
>>> <bean id="wss4jIn"
>>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>> <constructor-arg>
>>> <map>
>>> <entry key="action" value="Timestamp Signature Encrypt"
> />
>>> <!-- <entry key="passwordType" value="PasswordDigest"
>> />-->
>>> <entry key="passwordCallbackClass"
>>> value="football.demo.server.ServerPasswordCallback" />
>>> <entry key="signaturePropFile"
>>> value="client_sign.properties"/>
>>> <entry key="decryptionPropFile"
>>> value="server_sign.properties"/>
>>> </map>
>>> </constructor-arg>
>>> </bean>
>>>
>>> Kasper
>>>
>>>
>>> O hEigeartaigh, Colm wrote:
>>>>
>>>>
>>>> Hi Kasper,
>>>>
>>>> Here's the problem - you generate your keys with:
>>>>
>>>> "-keypass keyStorePassword"
>>>>
>>>> Yet your ClientPasswordCallback.java has:
>>>>
>>>> " pc.setPassword("keyPassword");"
>>>>
>>>> Change the above to "pc.setPassword("keyStorePassword");" and it
>>> should
>>>> work ok.
>>>>
>>>> Colm.
>>>>
>>>> -----Original Message-----
>>>> From: kasperih [mailto:[EMAIL PROTECTED]
>>>> Sent: 03 March 2008 19:54
>>>> To: [email protected]
>>>> Subject: RE: WS-Security - signature problems
>>>>
>>>>
>>>> I have attached all the files that you asked for. Its the entire
>>>> folder with all the relvant files.
>>>>
>>>> - keytool -genkey -alias football-client -keypass keyStorePassword
>>>> -keystore client-keystore.jks -storepass keyStorePassword -dname
>>>> "cn=football-client" -keyalg RSA
>>>>
>>>> - keytool -selfcert -alias football-client -keystore
>>>> client-keystore.jks - storepass keyStorePassword -keypass
>>>> keyStorePassword
>>>>
>>>> - keytool -export -alias football-client -file key.rsa -keystore
>>>> client-keystore.jks -storepass keyStorePassword
>>>>
>>>> - keytool -import -alias football-client -file key.rsa -keystore
>>>> server-keystore.jks -storepass keyStorePassword
>>>>
>>>>
>>>> These are the commands I used in order to create the keys.
>>>>
>>>>
>>>> Regards
>>>> Kasper H
>>>>
>>>>
>>>>
>>>> O hEigeartaigh, Colm wrote:
>>>>>
>>>>>
>>>>> Can you attach the full code for your sample?
>>>>>
>>>>> Colm.
>>>>>
>>>>> -----Original Message-----
>>>>> From: Kasper Hansen [mailto:[EMAIL PROTECTED]
>>>>> Sent: 03 March 2008 13:30
>>>>> To: [email protected]
>>>>> Subject: WS-Security - signature problems
>>>>>
>>>>> I am rather new to using the cxf. I checked out from svn and had a
>>>>> look at the samples in the disrubution folder. I didn't find a
>> sample
>>>>> for the ws-security so I decided to make one myself.
>>>>> I started with the UsernameToken and this worked fine, I added the
>>>>> logging interceptor and i could see in the SOAP headers that
>>>>> everything was working fine. But then I wanted to sign the message,
>> I
>>>>> followed the instrucions at the cxf page to make the keystores but
> i
>>>>> cannot get it to work. When I run my server and client, the server
>>>>> runs fine and so does the client, but before I saw the messages in
>> my
>>>>> client windows that was sent but now it seems that nothing gets
>> send,
>>>>> but there is no errors to see even though I turned logging on the
>> log
>>>>> ALL.
>>>>>
>>>>> Here is what i have in my server.xml file:
>>>>>
>>>>> <bean id="saajIn"
>>>>> class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>>>>> <bean id="wss4jIn"
>>>>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>>>> <constructor-arg>
>>>>> <map>
>>>>> <entry key="action" value="UsernameToken Timestamp
>>>>> Signature" />
>>>>> <entry key="passwordType" value="PasswordDigest" />
>>>>> <entry key="passwordCallbackClass"
>>>>> value="football.demo.server.ServerPasswordCallback" />
>>>>> <entry key="signaturePropFile"
>>>>> value="server_sign.properties"/>
>>>>> </map>
>>>>> </constructor-arg>
>>>>> </bean>
>>>>>
>>>>> <cxf:bus>
>>>>> <cxf:inInterceptors>
>>>>> <ref bean="saajIn"/>
>>>>> <ref bean="wss4jIn"/>
>>>>> </cxf:inInterceptors>
>>>>> <cxf:features>
>>>>> <cxf:logging/>
>>>>> </cxf:features>
>>>>> </cxf:bus>
>>>>> </beans>
>>>>>
>>>>> And in my client.xml file
>>>>>
>>>>> <bean id="saajOut"
>>>>> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
>>>>> <bean id="wss4jOut"
>>>>> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>>>>> <constructor-arg>
>>>>> <map>
>>>>> <entry key="action" value="UsernameToken Timestamp
>> Signature"
>>>> />
>>>>> <entry key="user" value="football-client" />
>>>>> <entry key="passwordType" value="PasswordDigest" />
>>>>> <entry key="passwordCallbackClass"
>>>>> value="football.demo.client.ClientPasswordCallback" />
>>>>> <entry key="signaturePropFile"
>>>> value="client_sign.properties"/>
>>>>> </map>
>>>>> </constructor-arg>
>>>>> </bean>
>>>>>
>>>>> <cxf:bus>
>>>>> <cxf:outInterceptors>
>>>>> <ref bean="saajOut"/>
>>>>> <ref bean="wss4jOut"/>
>>>>> </cxf:outInterceptors>
>>>>> <cxf:features>
>>>>> <cxf:logging/>
>>>>> </cxf:features>
>>>>> </cxf:bus>
>>>>>
>>>>> </beans>
>>>>>
>>>>>
>>>>> Thr request never reaches the server because it doesn't get send,
>>> here
>>>>> is the last output in the client command prompt:
>>>>>
>>>>> [java]
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>>>>> [java] FINE: Invoking handleMessage on interceptor
>>>>> org.apache.cxf.jaxws.handler.logical.LogicalHandlerOutIntercepto
>>>>> [EMAIL PROTECTED]
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>>>>> [java] FINE: Invoking handleMessage on interceptor
>>>>> [EMAIL PROTECTED]
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>>>>> [java] FINE: Invoking handleMessage on interceptor
>>>>> [EMAIL PROTECTED]
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>>>>> [java] FINE: Invoking handleMessage on interceptor
>>>>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInt
>>>>> [EMAIL PROTECTED]
>>>>> [java] 03-03-2008 14:13:11
>>>>>
>>>>
>>>
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>>>>> Internal
>>>>> handleM
>>>>> essage
>>>>> [java] FINE: WSDoAllSender: enter invoke()
>>>>> [java] 03-03-2008 14:13:11
>>>>>
>>>>
>>>
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>>>>> Internal
>>>>> handleM
>>>>> essage
>>>>> [java] FINE: Action: 35
>>>>> [java] 03-03-2008 14:13:11
>>>>>
>>>>
>>>
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>>>>> Internal
>>>>> handleM
>>>>> essage
>>>>> [java] FINE: Actor: null
>>>>> [java] 03-03-2008 14:13:11 org.apache.ws.security.WSSConfig
>>>>> loadProvider
>>>>> [java] FINE: The provider JuiCE could not be added:
>>>>> org.apache.security.juice.provider.JuiCEProviderOpenSSL
>>>>> [java] 03-03-2008 14:13:11 org.apache.ws.security.util.Loader
>>>>> getResource
>>>>> [java] FINE: Trying to find [client_sign.properties] using
>>>>> [EMAIL PROTECTED] class loader.
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.ws.security.components.crypto.CryptoFactory loadClass
>>>>> [java] FINE: Using Crypto Engine
>>>>> [org.apache.ws.security.components.crypto.Merlin]
>>>>> [java] 03-03-2008 14:13:11 org.apache.ws.security.util.Loader
>>>>> getResource
>>>>> [java] FINE: Trying to find [client-keystore.jks] using
>>>>> [EMAIL PROTECTED] class loader.
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.ws.security.handler.WSHandler doSenderAction
>>>>> [java] FINE: Performing Action: 1
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.ws.security.message.WSSecUsernameToken build
>>>>> [java] FINE: Begin add username token...
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.ws.security.handler.WSHandler doSenderAction
>>>>> [java] FINE: Performing Action: 32
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.ws.security.message.WSSecTimestamp build
>>>>> [java] FINE: Begin add timestamp...
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.ws.security.handler.WSHandler doSenderAction
>>>>> [java] FINE: Performing Action: 2
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.ws.security.message.WSSecSignature build
>>>>> [java] FINE: Beginning signing...
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.ws.security.message.WSSecSignature prepare
>>>>> [java] FINE: automatic sig algo detection: RSA
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.xml.security.algorithms.SignatureAlgorithm <init>
>>>>> [java] FINE: Create URI
>>>>> "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class "class
>>>>> org.apache.xml.security.algorithm
>>>>> s.implementations.SignatureBaseRSA$SignatureRSASHA1"
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.xml.security.algorithms.JCEMapper translateURItoJCEID
>>>>> [java] FINE: Request for URI
>>>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA
>>>>> <init>
>>>>> [java] FINE: Created SignatureDSA using SHA1withRSA
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.xml.security.utils.ElementProxy <init>
>>>>> [java] FINE: setElement("ds:SignatureMethod", "null")
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.xml.security.algorithms.SignatureAlgorithm <init>
>>>>> [java] FINE: Create URI
>>>>> "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class "class
>>>>> org.apache.xml.security.algorithm
>>>>> s.implementations.SignatureBaseRSA$SignatureRSASHA1"
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.xml.security.algorithms.JCEMapper translateURItoJCEID
>>>>> [java] FINE: Request for URI
>>>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>>>>> [java] 03-03-2008 14:13:11
>>>>> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA
>>>>> <init>
>>>>> [java] FINE: Created SignatureDSA using SHA1withRSA
>>>>>
>>>>> BUILD SUCCESSFUL
>>>>> Total time: 8 seconds
>>>>>
>>>>> I would have expected to see a message? Could anyone help me with
>>> this
>>>>> problem?
>>>>>
>>>>> Regards
>>>>> Kasper H
>>>>>
>>>>> ----------------------------
>>>>> IONA Technologies PLC (registered in Ireland)
>>>>> Registered Number: 171387
>>>>> Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
>>>> Ireland
>>>>>
>>>>>
>>>> http://www.nabble.com/file/p15812284/Football.zip Football.zip
>>>> --
>>>> View this message in context:
>>>>
>>>
>>
> http://www.nabble.com/WS-Security---signature-problems-tp15805470p158122
>>>> 84.html
>>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>>
>>>> ----------------------------
>>>> IONA Technologies PLC (registered in Ireland)
>>>> Registered Number: 171387
>>>> Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
>>> Ireland
>>>>
>>>>
>>> http://www.nabble.com/file/p15825240/Football.zip Football.zip
>>> --
>>> View this message in context:
>>>
>>
> http://www.nabble.com/WS-Security---signature-problems-tp15805470p158252
>>> 40.html
>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>
>>> ----------------------------
>>> IONA Technologies PLC (registered in Ireland)
>>> Registered Number: 171387
>>> Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
>> Ireland
>>>
>>>
>>
>> --
>> View this message in context:
>>
> http://www.nabble.com/WS-Security---signature-problems-tp15805470p158263
>> 96.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>> ----------------------------
>> IONA Technologies PLC (registered in Ireland)
>> Registered Number: 171387
>> Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
> Ireland
>>
>>
>
> --
> View this message in context:
> http://www.nabble.com/WS-Security---signature-problems-tp15805470p158271
> 88.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
>
>
--
View this message in context:
http://www.nabble.com/WS-Security---signature-problems-tp15805470p15834593.html
Sent from the cxf-user mailing list archive at Nabble.com.
