[RAMPART / WSF PHP ]

Thu, 13 Sep 2007 19:26:46 -0700 

Hi ,
i am curenlty trying to encrypt and sign messages from my php client using WSF PHP extension and the rampart policy assertion, but get no output at all .. if anyone can identify flaws in my policy.xml linked into my php client and the services.xml file in my axis2/java webservice META-INF folder please let me know: 

services.xml:

<service name="HealthCareServiceTest1" scope="application">
   <description>
       Health Care Service test
   </description>



        <messageReceivers>
       <messageReceiver
           mep="http://www.w3.org/2004/08/wsdl/in-out";
   class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>


<messageReceiver
            mep="http://www.w3.org/2004/08/wsdl/in-only";
   class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>



<messageReceiver
           mep="http://www.w3.org/2004/08/wsdl/in-out";
   class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
   </messageReceivers>

 <parameter name="ServiceClass" locked="false">org.health</parameter>


 <module ref="rampart" />
<module ref="addressing" />

<wsp:Policy wsu:Id="SigEncr" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; 
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>

<wsp:ExactlyOne>
<wsp:All>

<sp:AsymmetricBinding 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>

<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>

<sp:X509Token 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>

<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>

<sp:X509Token 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>

<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:EncryptBeforeSigning/>
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>

<sp:EncryptedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>

<sp:Body/>
</sp:EncryptedParts>

<sp:SignedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>

<sp:Body/>
</sp:SignedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>service</ramp:user>

<ramp:encryptionUser>client</ramp:encryptionUser>
<ramp:passwordCallbackClass>org.PWCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">

<ramp:property 
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property 
name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property 
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>

</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">

<ramp:property 
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property 
name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property 
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>

</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>

policy.xml:

<wsp:Policy xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>
<wsp:ExactlyOne>
<wsp:All>

<sp:AsymmetricBinding 
xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>

<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>

<sp:X509Token 
sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>

<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>

<sp:X509Token 
sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>

<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:EncryptBeforeSigning />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
<wsp:Policy>
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>

<sp:EncryptedParts 
xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>

<sp:Body/>
</sp:EncryptedParts>

<sp:SignedParts 
xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>

<sp:Body/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>



with this setting i get no output at all..
however, if i remove the


<sp:EncryptedParts 
xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>

<sp:Body/>
</sp:EncryptedParts>

<sp:SignedParts 
xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>

<sp:Body/>
</sp:SignedParts>


part in the policy.xml, i get output, with a timestamp but no encryption or 
signature..

and the timestamp has the error:


WSSecurityEngine: Invalid timestamp The security semantics of message have 
expired


           <wsu:Created>2007-09-14T03:16:30.046Z</wsu:Created>
           <wsu:Expires>2007-09-14T03:16:30.046Z</wsu:Expires>


WSSecurityEngine: Invalid timestamp The security semantics of message have 
expired



the time 3:16 is the same as my windows clock, although i had to uncheck the 
"autoamcically adjust the clock for daylight saving changes" setting in the 
windows time settings. if that was on, my windows time would always be one 
hour ahead of the timestamp created. i am using a php client, so just 
thought id mention that, if i use the php date and time functions,


echo date();


it always gives me the time one hour ahead.. i know a mismatch in time in 
the client and server can cause an invalid timestamp error, but for now my 
windows time does match the time stated in the timestamp soap messages. is 
there any idea why im getting this error? or is there any faults in my 
services/policy.xml files?


please help!

thanks alot!

_________________________________________________________________

Can you see your house from the sky? Try Live Search Maps 
http://maps.live.com
























					Reply via email to