First: I am sorry for being a blind idiot. Of cause it was there. I looked too many times to admit without finding it. Blech.
Anyway I installed the doubleit example. Added the keystores (copy paste from the tutorial). And I am getting this message. Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap:Fault><faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>ns1:FailedCheck</faultcode><faultstring>The signature or decryption was invalid</faultstring></soap:Fault></soap:Body></soap:Envelope> So the problem is here too. Please can anyone help me figure out what is wrong? I have tried multiple key combinations, and even tried using the same key combination in both ends. Whole dump: INFO: Outbound Message --------------------------- ID: 1 Address: http://localhost:8080/doubleit/services/doubleit Encoding: UTF-8 Content-Type: text/xml Headers: {Accept=[*/*], SOAPAction=[""]} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soap:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="EK-E35BA3DBFF70783C7813307086058634"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference><ds:X509Data><ds:X509IssuerSerial><ds:X509IssuerName>CN=localhost</ds:X509IssuerName><ds:X509SerialNumber>1330708376</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>QesYkLXIUhEuX1FjJEYL1+yZomYNq+9OGQiL/3oLBlvJdJE4E3aqCgVUeH2wjj7nmGf5H9Q8gNtNbMtF9/+k4H8fxMwaqOlK5TI01jb/qU0VfcBz3E+tanEeIiRn2z6SNRED3BMWeL5tJuA7f+jS7RmiPCeHOpDQDgyYkI3CCcY=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#ED-4"/><xenc:DataReference URI="#ED-5"/></xenc:ReferenceList></xenc:EncryptedKey><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="ED-4" Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";><wsse:Reference URI="#EK-E35BA3DBFF70783C7813307086058634"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>1yIB8yUoD8/FElWZiqcFcS2CU6bsIjmh+zoxK1n2AG8AJY63qQVMRaRD2m1fL/svuktREl3IhfcBUjBhQtLaNOM0lgudPw8ntVC8rRCi4qzo2jN9cwbFZoGV4SYB+QaWPByuW0LwazpMAGZ2IhcELNjEZdz8RQ/A0VWqkyPzx+lzLr4zyZKTjlZyR9FHCeBzY9JbC7rwfcOhMZPt+7n9n/rgqQgn7JA87FRePpAgVkj0oWuEJgXMgcNY3ksKtoNY6hiKrBYMuExzH4gRZfOJIssqlo4HcyvHIg951ml4FNqgiHdC5kS3mWqI4s/nCIbiVgsCaBnFCeASsDyneoG4o5yHKZqs6dEZgEhoHqM51q2906Yvm0/XSG+5Ex5Hm17mamBh4uUawD6T4OpJ+/X2mTyazFrmCDhEyjFhoN0K6WJrRRM9s1agiIWzinQY4LO5TPIybHhOCOKJrAG5QXGSPOkgvJECV7ZFBu7zf+vVYBDlD0W6Z7HX72ssdngBnIA/6FcvEvsNq0Fw4vQGaXvEx50M1J//32jsyonetR6WU2E3cfiN8KD/Tb0ckdT8kIB1DvmU3y2wu8xPKCuzcy1HFO7d9ueuxi3ZLM8t6+m+pBUNQNfSVtWxb86a84XUMXTZ6td7gs2GG1wQdy6SilsXlaPjLCoeQ4S+GUeGa0gznP8HLvYdIZz3kacy/6CXK3fffw+wiNJv5gBLJugWa+5rjPOjnL7+4Cg87Y2ndIfE5cCKF/G18ZjOrqEAOXVLj8x/X6hIfONpXG2TIPUhomfm4Qy33aVRfSmQmliOrIs91ogdIzftjVkH1WiwPmMxU8Yrq49Wb2l/fBzBublxY+QoFge6VbPKeV6A866a64/FxnBhdt4+NSDOPzVTu5Ovo1jsgxO0H/G7C7AB/kfKLdI22MlV/u0K1ZKx530eUDATXvjquS3/SWekCB7A6RL3ZwDCL5s/8jcd0A8UF9PFEOwvwkCW6vC7pX6XVIvhXgoP4Br0tV3pS19K+rldC0BfnpotPdysoAqq314JEZ0/4AHWMLMjm0UqdvbdLt1Sqv6+Aodjci964lH2F4N1vAE2G6eyPdkXliFtlq701JWjlWrtEOPQXu+QgX1JbGae+5ZWzzV31WLmK5Mthd7EDmOUW3SpRDpBtdmMqj0jKZfGQLo5V3TnVyrALYvzzFTFjPirkJUJ5K1PUVjFh0A6r+6Bxq98o8ggdnDmQApuB/3cd9yjSu9obGYesRHmzfP55/bCvEgPWDCqilBpUfSc05CWiDk2w/wIH9WnURHUo92Kk3dzJqbV7E8KL9AymhWZpa3M5aEstpFbKeS+riDFnFcShGPIC1JGk42JyozbjtFoehQmJ7iwcF34ekAPjWXehMbV6he9GOSJE8hrAmDOK/hUmjRJWIraR3IICBVfbPaKZ/WqDH38gRs1u9EFZ1WXoC5TPQO79ttLZujTRidz1YsgQDbfjhRnu85/xinddAlBB+D58s5jHShXEnfpTx4bPMTjNeCbNbNumdrOKbVfFGS/MFicCaQX5ry2t7WWGYF6kV3RDSBgPxhUPcUdGkJ/XE9nVQzyKLOsYzJDBGf++4A/GdCRDWqliUyk9GqKs47Wfj1dLKJVG/4qbLmrJKGp71cIDUOChPshKxWus/n7Oz7bs96aBcItW7DMYjWTyUr3iS4WZ/nJVIYHSN1NV+n1dc2hfUkBdIBrVPEvRJSfvalnqyU76U7OVxTcYKcWMAytRYKLVQLJws9ROhTBHnow6+/CUGamMeWvue+WxrArYARxqzVfldhY7kE3ktFrnJrlNeFTK4eLnJ3DLj207JwJ+zC203XrpJVzng57V8BV3f/ZdUcXNOx6RfJrwiO8H3ajZxiaUz2dParYF8A7e2xqcnwhDmL3XK5ZcC/Dlu3aq2PMWA96GrDhl7k9m2UXhrwpWHmCV90QA8HqszBld/RWM/WGjHfoZB2VLaZdmiIdXnspXttNl5gda4VE24zW+C7sIAh6iBmmOn0npXItg8JLXjMIMrmZdt+SAz3BY/sB/aqGs4kJVbt/k+0KFM2FSoZcF0rixihRc26U7GaTd3tc209J5SETewSVBo1wOZTaBoyeDUu0xUHYukE074ExAFeH9W+kApgOU91mN5q9pJklyUs/4YCJHyXVxECwcnoUNUTXkoxs1s9ZlosflzDtHD/QoKsJvMG5PslOT7dcio66lE1p5xM3+W3xeudY6TNuL9xi58nXqyHJtgf6igCJhYyFfQWcA8dMxywux3Xg8alARyYU0JyO3IDkJagRQSAiJtx8dP+T3LIxLZV8oA2QPNQPcIrJGLEP0FhrbDYz+5Ulzjx9aijySqNYJd6L0fxVdZgRUuOLMnKFaSNoROk9imxbflFK4b6+CNNSL83IBot9UFbmed6YGlBPIc3Le3Fs5KXgmFuFE9cSwahXooiirh3rxAtW0IbiNLI7BBYrntjxCiroXYURAXXRlvO6PjvtV7Y94JPviOMIK4NX4xnLCs86G5lhcGJIf+QelxFFJaERYJi1oBAt5/YxBX+bhXxnULMM1T7rQd/xVJiPivmDVxBnAgoHbdBleHr6abJY8bTsii5J/VrmGlqE3K94LueggLL2ePddEP0gV98XiSKlOpoyzYv3irKf6Be6VeFSRgT0zkITxkB7/2VJt2Ns3aHmciWbPdJeP5cKqn7G86+6Hf04rjGQ44mcHvYzc2mjxM9uws6idTNeQIixbd5qd2YDgF/DMwdNp2r9TQszc3EziaJxPTfCn8BmyqPUnDlx</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><wsu:Timestamp wsu:Id="TS-1"><wsu:Created>2012-03-02T17:16:45.390Z</wsu:Created><wsu:Expires>2012-03-02T17:21:45.390Z</wsu:Expires></wsu:Timestamp></wsse:Security></soap:Header><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="id-2"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="ED-5" Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";><wsse:Reference URI="#EK-E35BA3DBFF70783C7813307086058634"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>YDdHFiDqFw9/4aYgINYNYcqshIJ85+neI6+HLCd25XADb31XFB/VrEd0m9alKSCMI38HCXIurEh3hoXXn/U64fenBiT4sZCbqK2Xoegs3kN5vUdZZj/B4ikyzRbaHwJRrvqJtx1j0Iep8ls0R1K7I83eYy96AQVWqlfcISVUFw4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope> -------------------------------------- Mar 2, 2012 6:16:46 PM org.apache.cxf.interceptor.AbstractLoggingInterceptor log INFO: Inbound Message ---------------------------- ID: 1 Response-Code: 500 Encoding: UTF-8 Content-Type: text/xml;charset=UTF-8 Headers: {connection=[close], Content-Length=[332], content-type=[text/xml;charset=UTF-8], Date=[Fri, 02 Mar 2012 17:16:46 GMT], Server=[Apache-Coyote/1.1]} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap:Fault><faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>ns1:FailedCheck</faultcode><faultstring>The signature or decryption was invalid</faultstring></soap:Fault></soap:Body></soap:Envelope> -------------------------------------- Mar 2, 2012 6:16:46 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage WARNING: Request does not contain Security header, but it's a fault. Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The signature or decryption was invalid at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156) at $Proxy35.doubleIt(Unknown Source) at client.WSClient.doubleIt(WSClient.java:28) at client.WSClient.main(WSClient.java:23) Caused by: org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:105) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:771) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1600) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1485) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1393) at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47) at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:640) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:519) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:449) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:352) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:304) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134) ... 3 more ---Original Message--- 2nd paragraph, from the top: http://www.jroller.com/gmazza/entry/cxf_x509_profile Glen On 03/02/2012 04:19 AM, martin wrote: > Hello again Glen > > I have control over the web service provider. I am running on a Tomcat > server on a local machine. > > I tried to reload the keys again thinking I made an error last time (I > only > used one client and one server key this time, just to be sure), but I am > still getting the exact same error. > > Lastly, you are saying that you put the entire example somewhere on your > blog, but I can't seem to find it. I might just be blind, but I have > looked > over the blog entry a couple of times not but I just can't find it. Can > you > tell me where it is? -- View this message in context: http://cxf.547215.n5.nabble.com/WS-Security-policy-not-being-enabled-in-CXF-tp5512888p5531617.html Sent from the cxf-user mailing list archive at Nabble.com.
