Hi all,
I'm sending a signed request to the server who verify it and send back to
Client the response also signed ... The probleme is that the Client can't
verify the server's signature !
Help plz on this issue ! is it a Bug ! must i upgrade to CXF ?
------------------------------------ Incoming logs
------------------------------------------
26 mars 2009 12:16:19 org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#id-28487985"
26 mars 2009 12:16:19 org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#SigConf-26261292"
26 mars 2009 12:16:19 org.codehaus.xfire.security.wss4j.WSS4JInHandler
invoke
GRAVE: org.apache.ws.security.WSSecurityException: The signature or
decryption was invalid
26 mars 2009 12:16:19 org.codehaus.xfire.util.LoggingHandler invoke
GRAVE: DOM Document was not found so the message could not be logged. Please
add DOMInHandler/DOMOutHandler to your flow!
Exception in thread "main" org.codehaus.xfire.XFireRuntimeException: Could
not invoke service.. Nested exception is
org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: security processing
failed
org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: security processing
failed
at
org.codehaus.xfire.security.wss4j.WSS4JInHandler.invoke(WSS4JInHandler.java:145)
at
org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.client.Client.onReceive(Client.java:406)
at
org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139)
at
org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
at
org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
at
org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
at org.codehaus.xfire.client.Client.invoke(Client.java:336)
at
org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
at $Proxy6.sayHello(Unknown Source)
at org.hello.client.HelloClient.executeClient(HelloClient.java:115)
at org.hello.client.HelloClient.main(HelloClient.java:122)
Caused by: org.apache.ws.security.WSSecurityException: The signature or
decryption was invalid
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:515)
at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:97)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
at
org.codehaus.xfire.security.wss4j.WSS4JInHandler.invoke(WSS4JInHandler.java:139)
---------------------------------------------------------------------------------------------------------------
---------------------services.xml--------------------------
<inHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler"
xmlns="">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop
key="signaturePropFile">META-INF/xfire/insecurity_sign.properties</prop>
<prop
key="passwordCallbackClass">org.hello.PasswordHandler</prop>
</props>
</property>
</bean>
</inHandlers>
<outHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler"
xmlns="">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="user">serveralias</prop>
<prop
key="signaturePropFile">META-INF/xfire/outsecurity_sign.properties</prop>
<prop
key="passwordCallbackClass">org.hello.PasswordHandler</prop>
</props>
</property>
</bean>
</outHandlers>
------------------------------------------------
---------------insecurity_sign.properties----------------------
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=aliaspass
org.apache.ws.security.crypto.merlin.keystore.alias=serveralias
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/serverStore.jks
--------------------------------------------
-----------------------outsecurity_sign.properties-------------------------
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=aliaspass
org.apache.ws.security.crypto.merlin.keystore.alias=serveralias
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/serverStore.jks
--------------------------------------------------
-----------------------------client out conf---------------
protected void configureOutProperties(Properties properties)
{
properties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.SIGNATURE
);
properties.setProperty(WSHandlerConstants.USER, "client-344-839");
properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,
org.hello.PasswordHandler.class.getName());
properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,"org/hello/client/outsecurity_sign.properties");
properties.setProperty(WSHandlerConstants.SIG_KEY_ID,"DirectReference");
}
----------------client in conf ------------------
private void configureInProperties(Properties inProperties)
{
inProperties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.SIGNATURE
);
inProperties.setProperty(WSHandlerConstants.USER, "serveralias");
inProperties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,
org.hello.PasswordHandler.class.getName());
inProperties.setProperty(WSHandlerConstants.SIG_PROP_FILE,"org/hello/client/insecurity_sign.properties");
inProperties.setProperty(WSHandlerConstants.SIG_KEY_ID,"DirectReference");
}
***********************************************************************
what's wrong here ??
