Hello Dietmar, thank you for your reply. I have the keys (the reference implementation use) as files on my harddrive. Is there a way to discover the information about this keys with openssl? And is there a way to use these key files directly without importing them into a keystore? Maybe there is the problem or maybe the keystore isn't able to handle X509v3 correctly.
With kind regards, Martin Am Samstag, 31. Januar 2009 schrieb Dietmar: > Martin, > > I guess the problem is related to the certificate your client is using > for the request signature. > It seems to be a X509 version 1 certificate The service is obviously > expecting a X509 version 3 > certificate. > > With kind regards, > Dietmar > > > On 30.01.2009, at 19:41, Martin Fernau wrote: > > Hello, > > I've a problem calling a WS with a digital signed request using axis2 > and > rampart. As far as I know the serverside is using jboss with tomcat. > > I've got a reference implementation from the service-hoster how to > consume > their service. If I use this reference implementation the server > response > correctly. The reference implementation uses jboss with java 1.5. They > use > one key file and one certificate as regular files. > > However - after I wrote my own client using rampart with axis2 I > wasn't able > to get a correct answer from the server. The server just respond with > my own > request insted. No error or fault message which tells me what is wrong. > After reading the network traffic I can't see much differences in both > request > (from the reference implementation and from mine). To show you what I > mean > please have a look on both network snips [0] and [1]. > [0] show you the traffic produced from the reference implementation > while > [1] show you the traffic from my own client. > > [0] http://www.martin-fernau.de/files/lager/20090130/referenz_impl.txt > [1] http://www.martin-fernau.de/files/lager/20090130/axis2rampart_impl.txt > > I've no clue what is wrong. The only difference I can see is that the > reference implementation is > sending > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile >-1.0#X509v3 " > for the wsse:BinarySecurityToken while my own client is > sending > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile >-1.0#X509v1 ". > I don't know if this is from relevance or if I can change this in any > way. > Maybe it is useful to know that the reference implementation use the > key files > directly while for rampart I need to import them into a keystore with > some > tricky ways. I have no clue if this had some impact on the keys itself. > > Any help would be really appreciated! I'm in a blind alley as I don't > know > where to search for the problem. > > With kind Regards, > Martin Fernau
