[xfire-dev] [jira] Created: (XFIRE-1053) Signature Verification Failure with XFire

Tue, 26 Jun 2007 13:47:18 -0700 

Signature Verification Failure with XFire
-----------------------------------------

                 Key: XFIRE-1053
                 URL: http://jira.codehaus.org/browse/XFIRE-1053
             Project: XFire
          Issue Type: Bug
          Components: WS-Security
            Reporter: Hima
            Assignee: Dan Diephouse


I get the Signature Verification Failed exception when I try to implement 
WS-Security with XFire.

I am using XFire 1.2.6. I wrote a proxy client to access the webservice that is 
implemented using Axis 1.3.
I used WAS 6.0 environment to run my client.
 
The version of wss4j and xmlsec jars are:
wss4j 1.5.2
xmlsec 1.4.0

Here is a part of configuration I used:

                client.addOutHandler(new DOMOutHandler());        

                Properties config= new Properties();

                config.setProperty("deployment", "client");
                config.setProperty("flow", "request-only");
                config.setProperty(WSHandlerConstants.ACTION, 
WSHandlerConstants.SIGNATURE);
                config.setProperty(WSHandlerConstants.USER, "serveralias");
                config.setProperty(WSHandlerConstants.SIG_PROP_FILE, 
"META-INF/xfire/outsecurity_sign.properties");
                
config.setProperty(WSHandlerConstants.SIG_KEY_ID,"DirectReference");
                config.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, 
PasswordHandler.class.getName());
                config.setProperty(WSHandlerConstants.MUST_UNDERSTAND, "false");

                client.addOutHandler(new WSS4JOutHandler(config));

outsecurity_sign.properties has the below entries:

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.alias=serveralias
org.apache.ws.security.crypto.merlin.keystore.password=changeit
org.apache.ws.security.crypto.merlin.alias.password=changeit
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/mykeystore.keystore


Important Note:

I monitored the SOAP request with TCPMON and found that canonicalization 
alogrithm is set by XFire to:
http://www.w3.org/2001/10/xml-exc-c14n#

There are other clients who are successfully able to access the same webservice 
but are implemented in Axis 1.3. They are sending this algorithm as:
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments

Not sure if this is the cause of this problem. If this is the case then XFire 
code needs a modification since I believe the alogrithm is by default hardcoded 
as http://www.w3.org/2001/10/xml-exc-c14n#

Please correct me if I am wrong. Please help.

Thanks
hima



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe from this list please visit:

    http://xircles.codehaus.org/manage_email

Reply via email to