WSE / WSS4J / X509 secure Webservice

Fri, 24 Feb 2006 02:15:00 -0800

Hello,

 

Anyone succeed to make work a .Net WebService client WSE

with WSS4J ?

 

On the server my WSDD config is:

 

<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

  <globalConfiguration>

    <parameter name="enableNamespacePrefixOptimization" value="false" />

    <parameter name="disablePrettyXML" value="true"/>

    <requestFlow>

        <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">

                <parameter name="passwordCallbackClass" value="com.hp.ov.temip.ws.handler.PWCallback"/>

                <parameter name="action" value="UsernameTokenSignature UsernameToken Encrypt Timestamp"/>

                <parameter name="decryptionPropFile" value="security.properties" />

        </handler>

     </requestFlow>

   </globalConfiguration>

</deployment>

 

On client's side, I developped with WSE 3.0 Policy framework

The following SecureMessage overriden function:

 

        public override void SecureMessage(SoapEnvelope envelope, Security security)

        {

           //Must Understand Headers

            security.MustUnderstand = true;

            security.Timestamp.TtlInSeconds = 60;

           

            //User Name Token

            UsernameToken userToken = new UsernameToken(m_strUsername, m_strPassword, PasswordOption.SendPlainText);

            security.Tokens.Add(userToken);

 

            X509SecurityToken token = null;

            try

            {

                token = GetSecurityToken("CN=10.67.212.35");

            } 

            catch (Exception ex)

            { 

                throw new Exception("Certificate not found : " + ex.Message); 

            }

 

            //Define a custom X509 token

            ISecurityTokenManager stm = SecurityTokenManager.GetSecurityTokenManagerByTokenType(WSTrust.TokenTypes.X509v3);

            X509SecurityTokenManager x509tm = stm as X509SecurityTokenManager;

            x509tm.DefaultKeyAlgorithm = "RSA15";

            x509tm.DefaultSessionKeyAlgorithm = "TripleDES";

 

            //security.Elements.Add(new EncryptedData(token));      //De-comment this line will encrypt the Body

            // Add the token to the SOAP header.

            security.Tokens.Add(token);                             //Insert the token being used into header

           

            //Add Message Signature

            MessageSignature sig = new MessageSignature(userToken);

            sig.SignatureOptions = SignatureOptions.IncludeSoapBody;

            security.Elements.Add(sig);

 

            //Insert the encrypted UsernameToken

            security.Elements.Add(new EncryptedData(token, "#" + userToken.Id));

        }

 

Into TOMCAT logs, I can notice that WSS4J is able to:

 - retrieve my certificate with its public key

 - Decrypt the UserNameToken

But the signature verification fails, some say that it could be due

to a pretty-print component that alters the SOAP message after

the signature, if so, how to deactivate such pretty-printer ?

 

__________________

Benjamin BALET

Capgemini France

http://bbalet.free.fr/

 

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.

Reply via email to