Hi Cyril, This is a bug in CXF which I've fixed:
https://issues.apache.org/jira/browse/CXF-5497 Your testcase works with CXF 2.7.9-SNAPSHOT for both 128 and 256 bits. Colm. On Fri, Jan 17, 2014 at 12:02 AM, Cyril <[email protected]> wrote: > Hello, > the good news is that your solution works!... when the algorithm suite in > the BootstrapPolicy is Basic128. If I change it back to Basic256 like > originally, it doesn't work, even with keysize changed to 256 in the > ws-security.sts.client property. I noticed that when CXF sends a > <wst:KeySize>128</wst:KeySize> in the first request (with Basic128 in > bootstrap policy), i.e. the RST request, the test case succeeds; whereas > for the failing cases - with Basic256 in bootstrap policy or if the > ws.security.sts.client keysize property is not set - this KeySize element > is missing from the RST message. Is there a reason why CXF would not send > it for keysize 256 as well? > > This is already a great leap forward, thanks a lot. Yet, it would be > greater if I could make this work for Basic256 algorithm in the secure > conversation bootstrap policy. This can be tested with the test case I sent > previously, by defining Basic256 as algorithm suite of the > <BootstrapPolicy> element in the WSDL located at > WEB-INF/wsdl/PingService.wsdl within the jaxws-sc.war in src/test/resources. > > Thanks. > > Regards, > Cyril > > > On Wed, Jan 15, 2014 at 12:24 PM, Colm O hEigeartaigh <[email protected] > > wrote: > >> Hi Cyril, >> >> Thanks for the test-case. The problem is that CXF is using 256 bits as the >> keysize, whereas Metro is using 128 bits, hence the signature verification >> error. You can adjust CXF by editing the client-cxf.xml file in your >> project, + adding the following jaxws:property to the client bean: >> >> <entry key="ws-security.sts.client"> >> <bean class="org.apache.cxf.ws.security.trust.STSClient"> >> <constructor-arg ref="cxf"/> >> <property name="keySize" value="128" /> >> </bean> >> </entry> >> >> Let me know if this doesn't work. >> >> Colm. >> >> >> On Tue, Jan 14, 2014 at 12:53 AM, Cyril <[email protected]> wrote: >> >> > Hello Colm, >> > please find the test case in the zip uploaded here (file size was >> rejected >> > by the mail server): >> > >> > >> https://drive.google.com/file/d/0Bx-J-1KEN3jNLWcwVXQ5c3daaGM/edit?usp=sharing >> > Filename: cxf-client-metro-wssc-interop-test.zip >> > >> > It is a maven project with a JUnit test case that launches the Metro >> > service in an embedded Jetty, then runs the CXF client against it. Make >> > sure the port 8443 is available locally, or change the port in file >> > src/test/resources/cxf-client.xml (jaxws:client element) and class >> > simple.client.PingServiceClientTest. If this is not what you expect, >> please >> > tell me, as I am not used to create such test cases. >> > >> > Thanks for reviewing, and sorry for my late reply. >> > >> > Regards, >> > Cyril >> > >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
