org.apache.axis2.AxisFault: Error in signature with X509Token
Hi All, I am using axis2-1.4.1 with rampart-1.4 to consume a websevice hosted in .Net server. I created Java keystore based on the given certificates. when i try to access the webservice from the Java client i am getting the following error. org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70) at org.apache.axis2.engine.Phase.invoke(Phase.java:317) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:429) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) at com.phoneix.stubs.Service1Stub.GetData(Service1Stub.java:473) at com.phoneix.client.Democlient.main(Democlient.java:36) Caused by: org.apache.rampart.RampartException: Error in signature with X509Token at org.apache.rampart.builder.BindingBuilder.getSignatureBuider(BindingBuilder.java:304) at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:626) at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:413) at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:93) at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147) at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64) ... 8 more Caused by: org.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature) at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:296) at org.apache.rampart.builder.BindingBuilder.getSignatureBuider(BindingBuilder.java:300) ... 13 more I have attached the Java code also , if anyone have idea why these error is occured please help me to solve the issue. Java code. ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(test, null); Service1Stub stub = new Service1Stub(ctx, URL); ServiceClient sc = stub._getServiceClient(); sc.engageModule(rampart); StAXOMBuilder builder = new StAXOMBuilder(policy.xml); Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement()); sc.getAxisService().getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_SERVICE_POLICY, policy); System.out.println( 22 ); GetData getData = new GetData(); stub.GetData(getData); System.out.println( The Webservie call is Over ); Thanks in Advance Karai Now surf faster and smarter ! Check out the new Firefox 3 - Yahoo! Edition http://downloads.yahoo.com/in/firefox/
Re: Error in signature with X509Token
I solve the problem: 1) On same axis2 installation I install rampart 1.3 and then rampart 1.4(conflict wss4j-1.5.X) I take clean installation of axis2 and rampart 1.4 2) And there was also problem with my JCE(no such algorithm): 2.1) Install Unlimited strength Jurisdiction Policy Files(overcopy US_export_policy.jar and local_policy.jar) 2.2) Install bouncycastle in jre_home/lib/ext and add provider in jre_home/lib/security/java.security file security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider I hope this can help somebody. Regards, Tomaz José Ferreiro wrote: Looks like the file *server.jks* cannot be loaded keys\\server.jks and not found. Try to type the whole path.. or keys/server.jks Whole localtion path c:/tomcat/foldername/foldername/keys/server.jks HTH, Rgds, Jose Ferreiro On Mon, Feb 9, 2009 at 11:41 AM, TomazM tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si wrote: I still have problem, now I get error: .. org.apache.ws.security.util.Loader - Caught Exception while in Loader.getResource. This may be innocuous. java.lang.NullPointerException ... org.apache.ws.security.components.crypto.Merlin cannot create instance What did you write in service.xml? Regard, Tomaz Erwin Reinhoud wrote: Hello Tomaz, In my sanbox env i have put the file in the tomcat bin dir and no path indication in service.xml. Regards, Erwin -Oorspronkelijk bericht- Van: TomazM [mailto:tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si] Verzonden: donderdag 5 februari 2009 12:13 Aan: axis-user@ws.apache.org mailto:axis-user@ws.apache.org Onderwerp: Re: Error in signature with X509Token I'm using rampart version 1.4, but it seem as the rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the keystore, because I change the name to a nonexistent file and I don't get any error that file don't exist. Regards, Tomaz Erwin Reinhoud wrote: Hello Tomaz, Try also using rampart version 1.4 io 1.3. Regards, Erwin -- -- *Van:* m4rkuz [mailto:m4r...@gmail.com mailto:m4r...@gmail.com] *Verzonden:* woensdag 4 februari 2009 15:16 *Aan:* axis-user@ws.apache.org mailto:axis-user@ws.apache.org *Onderwerp:* Re: Error in signature with X509Token Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si wrote: Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . ramp:passwordCallbackClassrampart.sign.service.SecurityHandler/ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.filekeys\\server.jks/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.password/ramp:property /ramp:crypto 2) In client I also have my CallbackHandler and applying RampartConfig which use client.jks(contain server key) The finger print of server and client certificates are the same in both keystore. Error: org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416
Re: Error in signature with X509Token
I still have problem, now I get error: .. org.apache.ws.security.util.Loader - Caught Exception while in Loader.getResource. This may be innocuous. java.lang.NullPointerException ... org.apache.ws.security.components.crypto.Merlin cannot create instance What did you write in service.xml? Regard, Tomaz Erwin Reinhoud wrote: Hello Tomaz, In my sanbox env i have put the file in the tomcat bin dir and no path indication in service.xml. Regards, Erwin -Oorspronkelijk bericht- Van: TomazM [mailto:tomaz.majerh...@arnes.si] Verzonden: donderdag 5 februari 2009 12:13 Aan: axis-user@ws.apache.org Onderwerp: Re: Error in signature with X509Token I'm using rampart version 1.4, but it seem as the rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the keystore, because I change the name to a nonexistent file and I don't get any error that file don't exist. Regards, Tomaz Erwin Reinhoud wrote: Hello Tomaz, Try also using rampart version 1.4 io 1.3. Regards, Erwin -- -- *Van:* m4rkuz [mailto:m4r...@gmail.com] *Verzonden:* woensdag 4 februari 2009 15:16 *Aan:* axis-user@ws.apache.org *Onderwerp:* Re: Error in signature with X509Token Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si wrote: Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . ramp:passwordCallbackClassrampart.sign.service.SecurityHandler/ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.filekeys\\server.jks/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.password/ramp:property /ramp:crypto 2) In client I also have my CallbackHandler and applying RampartConfig which use client.jks(contain server key) The finger print of server and client certificates are the same in both keystore. Error: org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:1 63) Is anybody have a clue what I'm doing wrong Best regards, Tomaz begin:vcard fn;quoted-printable:Toma=C5=BE Majerhold n;quoted-printable:Majerhold;Toma=C5=BE org:ARNES, Slovenian NREN;Development team adr:;;Jamova 39;Ljubljana;;;Slovenia title:Developer tel;work:+386 14798930 tel;fax:+386 1 479 88 99 tel;home:+386 1425 38 01 tel;cell:(040) 757-229 url:http://www.arnes.si/ version:2.1 end:vcard
Re: Error in signature with X509Token
Looks like the file *server.jks* cannot be loaded keys\\server.jks and not found. Try to type the whole path.. or keys/server.jks Whole localtion path c:/tomcat/foldername/foldername/keys/server.jks HTH, Rgds, Jose Ferreiro On Mon, Feb 9, 2009 at 11:41 AM, TomazM tomaz.majerh...@arnes.si wrote: I still have problem, now I get error: .. org.apache.ws.security.util.Loader - Caught Exception while in Loader.getResource. This may be innocuous. java.lang.NullPointerException ... org.apache.ws.security.components.crypto.Merlin cannot create instance What did you write in service.xml? Regard, Tomaz Erwin Reinhoud wrote: Hello Tomaz, In my sanbox env i have put the file in the tomcat bin dir and no path indication in service.xml. Regards, Erwin -Oorspronkelijk bericht- Van: TomazM [mailto:tomaz.majerh...@arnes.si] Verzonden: donderdag 5 februari 2009 12:13 Aan: axis-user@ws.apache.org Onderwerp: Re: Error in signature with X509Token I'm using rampart version 1.4, but it seem as the rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the keystore, because I change the name to a nonexistent file and I don't get any error that file don't exist. Regards, Tomaz Erwin Reinhoud wrote: Hello Tomaz, Try also using rampart version 1.4 io 1.3. Regards, Erwin -- -- *Van:* m4rkuz [mailto:m4r...@gmail.com] *Verzonden:* woensdag 4 februari 2009 15:16 *Aan:* axis-user@ws.apache.org *Onderwerp:* Re: Error in signature with X509Token Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si wrote: Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . ramp:passwordCallbackClassrampart.sign.service.SecurityHandler/ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.filekeys\\server.jks/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.password/ramp:property /ramp:crypto 2) In client I also have my CallbackHandler and applying RampartConfig which use client.jks(contain server key) The finger print of server and client certificates are the same in both keystore. Error: org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:1 63) Is anybody have a clue what I'm doing wrong Best regards, Tomaz
Re: Error in signature with X509Token
I know, I tried the all path all ready but I get error Error in signature with X509Token Thx, for replay. Regards, Tomaz José Ferreiro wrote: Looks like the file *server.jks* cannot be loaded keys\\server.jks and not found. Try to type the whole path.. or keys/server.jks Whole localtion path c:/tomcat/foldername/foldername/keys/server.jks HTH, Rgds, Jose Ferreiro On Mon, Feb 9, 2009 at 11:41 AM, TomazM tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si wrote: I still have problem, now I get error: .. org.apache.ws.security.util.Loader - Caught Exception while in Loader.getResource. This may be innocuous. java.lang.NullPointerException ... org.apache.ws.security.components.crypto.Merlin cannot create instance What did you write in service.xml? Regard, Tomaz Erwin Reinhoud wrote: Hello Tomaz, In my sanbox env i have put the file in the tomcat bin dir and no path indication in service.xml. Regards, Erwin -Oorspronkelijk bericht- Van: TomazM [mailto:tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si] Verzonden: donderdag 5 februari 2009 12:13 Aan: axis-user@ws.apache.org mailto:axis-user@ws.apache.org Onderwerp: Re: Error in signature with X509Token I'm using rampart version 1.4, but it seem as the rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the keystore, because I change the name to a nonexistent file and I don't get any error that file don't exist. Regards, Tomaz Erwin Reinhoud wrote: Hello Tomaz, Try also using rampart version 1.4 io 1.3. Regards, Erwin -- -- *Van:* m4rkuz [mailto:m4r...@gmail.com mailto:m4r...@gmail.com] *Verzonden:* woensdag 4 februari 2009 15:16 *Aan:* axis-user@ws.apache.org mailto:axis-user@ws.apache.org *Onderwerp:* Re: Error in signature with X509Token Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si wrote: Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . ramp:passwordCallbackClassrampart.sign.service.SecurityHandler/ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.filekeys\\server.jks/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.password/ramp:property /ramp:crypto 2) In client I also have my CallbackHandler and applying RampartConfig which use client.jks(contain server key) The finger print of server and client certificates are the same in both keystore. Error: org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:1 63) Is anybody have a clue what I'm doing wrong Best regards, Tomaz begin:vcard fn;quoted-printable:Toma=C5=BE Majerhold n
Re: Error in signature with X509Token
-02-05T08:16:11.735Z/wsu:Expires /wsu:Timestamp ds:Signature xmlns:ds=http://www.w3.org/2000/09/xmldsig#; Id=Signature-330120 ds:SignedInfo ds:CanonicalizationMethod Algorithm=http://www.w3.org/2001/10/xml-exc-c14n#/ ds:SignatureMethod Algorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1/ ds:Reference URI=#Id-5218268 ds:Transforms ds:Transform Algorithm=http://www.w3.org/2001/10/xml-exc-c14n#/ /ds:Transforms ds:DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1/ ds:DigestValueGSyf8R7vIO1Exwurae95mxIWgnI=/ds:DigestValue /ds:Reference ds:Reference URI=#Timestamp-32189467 ds:Transforms ds:Transform Algorithm=http://www.w3.org/2001/10/xml-exc-c14n#/ /ds:Transforms ds:DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1/ ds:DigestValuedM8fK3UEbaFdUsl1PXNCcuLz6/M=/ds:DigestValue /ds:Reference /ds:SignedInfo ds:SignatureValue 2LW4LfjAP5MZulRXONtdzhu7JpvZawfR4/5e2UEBJVMUGqB8c/zTVgG65Z2cIePYgWdw+ma+dWmu JdgqM+66hzZ5BMAH1sNRxL6onz0DOyuRnDYhEgNYgCjmN67Ok7Q0SQqnEfJ19B1WdAxqawspyLjX VyS4X5BisAG5G+25CrQ= /ds:SignatureValue ds:KeyInfo Id=KeyId-25772535 wsse:SecurityTokenReference xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; wsu:Id=STRId-27291192 wsse:KeyIdentifier EncodingType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary; ValueType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier;+JGv39JjeaxQiilnwwc/wlWlITU=/wsse:KeyIdentifier /wsse:SecurityTokenReference /ds:KeyInfo /ds:Signature /wsse:Security /soapenv:Header soapenv:Body xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; wsu:Id=Id-5218268 ns2:sestej xmlns:ns2=http://service.sign.rampart; ns2:a4/ns2:a ns2:b233/ns2:b /ns2:sestej /soapenv:Body /soapenv:Envelope - Resp: - HTTP/1.1 500 Internal Server Error Server: Apache-Coyote/1.1 Content-Type: application/soap+xml; action=http://www.w3.org/2005/08/addressing/soap/fault;charset=UTF-8 Transfer-Encoding: chunked Date: Thu, 05 Feb 2009 08:11:12 GMT Connection: close ?xml version=1.0 encoding=http://www.w3.org/2003/05/soap-envelope; standalone=no? soapenv:Envelope xmlns:soapenv=http://www.w3.org/2003/05/soap-envelope; soapenv:Body soapenv:Fault soapenv:Code soapenv:Valuesoapenv:Receiver/soapenv:Value /soapenv:Code soapenv:Reason soapenv:Text xml:lang=en-USError in signature with X509Token/soapenv:Text /soapenv:Reason soapenv:Detail/ /soapenv:Fault /soapenv:Body /soapenv:Envelope Fingerprint of certs are self signed: client: --- Certificate fingerprints: MD5: 0B:F9:7D:8C:17:54:85:B7:DC:22:CC:5B:B8:FC:5E:A0 SHA1: 65:2F:74:5D:27:18:B0:20:CA:95:84:9B:85:FC:DB:1D:F2:58:C7:0B Signature algorithm name: SHA1withRSA Version: 3 server: Certificate fingerprints: MD5: 0B:F9:7D:8C:17:54:85:B7:DC:22:CC:5B:B8:FC:5E:A0 SHA1: 65:2F:74:5D:27:18:B0:20:CA:95:84:9B:85:FC:DB:1D:F2:58:C7:0B Signature algorithm name: SHA1withRSA Version: 3 Maybe is the problem Signature algorithm name: SHA1withRSA and in my policy I have sp:AlgorithmSuite wsp:Policy sp:TripleDesRsa15/ /wsp:Policy /sp:AlgorithmSuite Regards, Tomaz Erwin Reinhoud wrote: Hello Tomaz, Try also using rampart version 1.4 io 1.3. Regards, Erwin *Van:* m4rkuz [mailto:m4r...@gmail.com] *Verzonden:* woensdag 4 februari 2009 15:16 *Aan:* axis-user@ws.apache.org *Onderwerp:* Re: Error in signature with X509Token Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si wrote: Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . ramp:passwordCallbackClassrampart.sign.service.SecurityHandler/ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.filekeys\\server.jks/ramp:property ramp:property name
Re: Error in signature with X509Token
I'm using rampart version 1.4, but it seem as the rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the keystore, because I change the name to a nonexistent file and I don't get any error that file don't exist. Regards, Tomaz Erwin Reinhoud wrote: Hello Tomaz, Try also using rampart version 1.4 io 1.3. Regards, Erwin *Van:* m4rkuz [mailto:m4r...@gmail.com] *Verzonden:* woensdag 4 februari 2009 15:16 *Aan:* axis-user@ws.apache.org *Onderwerp:* Re: Error in signature with X509Token Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si wrote: Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . ramp:passwordCallbackClassrampart.sign.service.SecurityHandler/ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.filekeys\\server.jks/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.password/ramp:property /ramp:crypto 2) In client I also have my CallbackHandler and applying RampartConfig which use client.jks(contain server key) The finger print of server and client certificates are the same in both keystore. Error: org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) Is anybody have a clue what I'm doing wrong Best regards, Tomaz begin:vcard fn;quoted-printable:Toma=C5=BE Majerhold n;quoted-printable:Majerhold;Toma=C5=BE org:ARNES, Slovenian NREN;Development team adr:;;Jamova 39;Ljubljana;;;Slovenia title:Developer tel;work:+386 14798930 tel;fax:+386 1 479 88 99 tel;home:+386 1425 38 01 tel;cell:(040) 757-229 url:http://www.arnes.si/ version:2.1 end:vcard
Re: Error in signature with X509Token
HI Tomaz, I'm no guru in the subject but I had a similar problem and I don't see BinarySecurityToken being send in the request, so try changing the correct lines for this one: sp:X509Token sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/* AlwaysToRecipient* Regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Thu, Feb 5, 2009 at 6:28 AM, Erwin Reinhoud erwin.reinh...@ictu.nlwrote: Hello Tomaz, In my sanbox env i have put the file in the tomcat bin dir and no path indication in service.xml. Regards, Erwin -Oorspronkelijk bericht- Van: TomazM [mailto:tomaz.majerh...@arnes.si] Verzonden: donderdag 5 februari 2009 12:13 Aan: axis-user@ws.apache.org Onderwerp: Re: Error in signature with X509Token I'm using rampart version 1.4, but it seem as the rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the keystore, because I change the name to a nonexistent file and I don't get any error that file don't exist. Regards, Tomaz Erwin Reinhoud wrote: Hello Tomaz, Try also using rampart version 1.4 io 1.3. Regards, Erwin -- -- *Van:* m4rkuz [mailto:m4r...@gmail.com] *Verzonden:* woensdag 4 februari 2009 15:16 *Aan:* axis-user@ws.apache.org *Onderwerp:* Re: Error in signature with X509Token Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si wrote: Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . ramp:passwordCallbackClassrampart.sign.service.SecurityHandler/ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.filekeys\\server.jks/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.password/ramp:property /ramp:crypto 2) In client I also have my CallbackHandler and applying RampartConfig which use client.jks(contain server key) The finger print of server and client certificates are the same in both keystore. Error: org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:1 63) Is anybody have a clue what I'm doing wrong Best regards, Tomaz
Error in signature with X509Token
Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . ramp:passwordCallbackClassrampart.sign.service.SecurityHandler/ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.filekeys\\server.jks/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.password/ramp:property /ramp:crypto 2) In client I also have my CallbackHandler and applying RampartConfig which use client.jks(contain server key) The finger print of server and client certificates are the same in both keystore. Error: org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) Is anybody have a clue what I'm doing wrong Best regards, Tomaz begin:vcard fn;quoted-printable:Toma=C5=BE Majerhold n;quoted-printable:Majerhold;Toma=C5=BE org:ARNES, Slovenian NREN;Development team adr:;;Jamova 39;Ljubljana;;;Slovenia title:Developer tel;work:+386 14798930 tel;fax:+386 1 479 88 99 tel;home:+386 1425 38 01 tel;cell:(040) 757-229 url:http://www.arnes.si/ version:2.1 end:vcard
Re: Error in signature with X509Token
Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM tomaz.majerh...@arnes.si wrote: Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . ramp:passwordCallbackClassrampart.sign.service.SecurityHandler/ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.filekeys\\server.jks/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.password/ramp:property /ramp:crypto 2) In client I also have my CallbackHandler and applying RampartConfig which use client.jks(contain server key) The finger print of server and client certificates are the same in both keystore. Error: org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) Is anybody have a clue what I'm doing wrong Best regards, Tomaz
RE: Error in signature with X509Token
Hello Tomaz, Try also using rampart version 1.4 io 1.3. Regards, Erwin _ Van: m4rkuz [mailto:m4r...@gmail.com] Verzonden: woensdag 4 februari 2009 15:16 Aan: axis-user@ws.apache.org Onderwerp: Re: Error in signature with X509Token Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM tomaz.majerh...@arnes.si wrote: Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . ramp:passwordCallbackClassrampart.sign.service.SecurityHandler/ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.filekeys\\server.jks/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.password/ramp:property /ramp:crypto 2) In client I also have my CallbackHandler and applying RampartConfig which use client.jks(contain server key) The finger print of server and client certificates are the same in both keystore. Error: org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) Is anybody have a clue what I'm doing wrong Best regards, Tomaz