Re: [wsf-php-user] Re: [RAMPART / WSF PHP ] [ Files Included ]

Fri, 14 Sep 2007 05:18:09 -0700 

Hi Shams,
We tried your sample with your keys. There is a failure in the client side. According to the log, the client's private key is not valid. May be it's corrupted during the conversion. 
Also I tried a simple openssl command to sign.

openssl dgst -sha1  -sign clientkey.pem  -out mytextfile.sha1 mytextfile

Again your key failed, where this worked for other private keys  I have.
So there is no point of worrying about security policies. Can you try to use the sample key/certificate pairs[1] available in the samples. You can easily import them into the java key store using the keytool[2]. 
Cheers,
Kaushalye
[1]wsf-php-1.0.0/samples/security/keys
[2]http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html


shams jawaid wrote:

Hi guys,
here are all the files, i had to reduce the size so its under 1mb, but if you need anything else, let me know. Once agian, thanks for all your help! its is greatly appreciated! :D 



From: Kaushalye Kapuruge <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [email protected]
CC: [EMAIL PROTECTED]
Subject: [wsf-php-user] Re: [RAMPART / WSF PHP ]
Date: Fri, 14 Sep 2007 10:14:52 +0530

Hi Shams,
Could you please send us followings, we will try to run it in our end see if there are errors. 'Coz sometimes the information you are giving is not sufficient to locate the error. 
1. PHP Client
2. Client's private key and the certificate
3. Server's keystore+aliases+passwords, certificate(exported)
4. Client's policy file
5. Server's service.xml file
6. Log files and the SOAP message trace of your last attempt(when you enable encryption and signing). 
Cheers,
Kaushalye


shams jawaid wrote:

Hi ,
i am curenlty trying to encrypt and sign messages from my php client using WSF PHP extension and the rampart policy assertion, but get no output at all .. if anyone can identify flaws in my policy.xml linked into my php client and the services.xml file in my axis2/java webservice META-INF folder please let me know: 

services.xml:

<service name="HealthCareServiceTest1" scope="application">
   <description>
       Health Care Service test
   </description>



    <messageReceivers>
       <messageReceiver
           mep="http://www.w3.org/2004/08/wsdl/in-out";
   class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>


<messageReceiver
        mep="http://www.w3.org/2004/08/wsdl/in-only";
   class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>



<messageReceiver
           mep="http://www.w3.org/2004/08/wsdl/in-out";
   class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
   </messageReceivers>

 <parameter name="ServiceClass" locked="false">org.health</parameter>


 <module ref="rampart" />
<module ref="addressing" />
<wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> 
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> 
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> 

<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> 

<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:EncryptBeforeSigning/>
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> 
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> 
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> 
<sp:Body/>
</sp:SignedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>service</ramp:user>

<ramp:encryptionUser>client</ramp:encryptionUser>
<ramp:passwordCallbackClass>org.PWCBHandler</ramp:passwordCallbackClass> 
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> 

</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> 

</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>

policy.xml:

<wsp:Policy xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'> 
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'> 

<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'> 

<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:EncryptBeforeSigning />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'> 
<wsp:Policy>
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:EncryptedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'> 
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'> 
<sp:Body/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>



with this setting i get no output at all..
however, if i remove the
<sp:EncryptedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'> 
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'> 
<sp:Body/>
</sp:SignedParts>
part in the policy.xml, i get output, with a timestamp but no encryption or signature.. 
and the timestamp has the error:
WSSecurityEngine: Invalid timestamp The security semantics of message have expired 

           <wsu:Created>2007-09-14T03:16:30.046Z</wsu:Created>
           <wsu:Expires>2007-09-14T03:16:30.046Z</wsu:Expires>
WSSecurityEngine: Invalid timestamp The security semantics of message have expired
the time 3:16 is the same as my windows clock, although i had to uncheck the "autoamcically adjust the clock for daylight saving changes" setting in the windows time settings. if that was on, my windows time would always be one hour ahead of the timestamp created. i am using a php client, so just thought id mention that, if i use the php date and time functions, 

echo date();
it always gives me the time one hour ahead.. i know a mismatch in time in the client and server can cause an invalid timestamp error, but for now my windows time does match the time stated in the timestamp soap messages. is there any idea why im getting this error? or is there any faults in my services/policy.xml files? 

please help!

thanks alot!

_________________________________________________________________
Can you see your house from the sky? Try Live Search Maps http://maps.live.com 





--
http://kaushalye.blogspot.com/
http://wso2.org/


_______________________________________________
Wsf-php-user mailing list
[EMAIL PROTECTED]
http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user


_________________________________________________________________
The next generation of Hotmail is here!  http://www.newhotmail.co.uk
------------------------------------------------------------------------

_______________________________________________
Wsf-php-user mailing list
[EMAIL PROTECTED]
http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user



--
http://kaushalye.blogspot.com/
http://wso2.org/

Reply via email to