You are absolutely correct. Thank you again Colm. I was making it more complicated than it needed to be and using the wrong key. Apache CXF rocks!
-----Original Message----- From: Colm O hEigeartaigh [mailto:[email protected]] Sent: Monday, February 03, 2014 10:56 AM To: Carlos Oliva Cc: [email protected] Subject: Re: Client Apache CXF to a Windows webservice The public key of the webservice should be referencing via the encryption alias, and your private key via the signature alias. Colm. On Mon, Feb 3, 2014 at 3:33 PM, Carlos Oliva <[email protected]> wrote: > Hi Colm, > > That is the alias to my private key in my keystore. Should I use > something else? I think that my client shoudl sign my private key. > Shoudl it encrypt with something else? > > > > I extracted the public key of the webservice (found at the bottom of > the > wsdl) and added it to my keystore. Shoud I use the alias from the > public key of the webservice for encrypting? > > *From:* Colm O hEigeartaigh [mailto:[email protected]] > *Sent:* Monday, February 03, 2014 10:24 AM > *To:* Carlos Oliva > *Cc:* [email protected] > *Subject:* Re: Client Apache CXF to a Windows webservice > > > > > > You're still using the same key alias for signature and encryption... > > Colm. > > > > On Mon, Feb 3, 2014 at 3:22 PM, Carlos Oliva <[email protected]> wrote: > > Thank you for your help Colm. I followed your directions and created > a client with your instructions (JavaClient.txt). The output from the > SOAPHandlerInterceptor and Logging interceptors are in the attahced > file, StandardOut.txt. I hope that I followed your directions > correctly. > > If you think that the client should work and that the out message is > proper, I am really thinking that the webservice fails to understand > my public key. If so, I am thinking that the implementors of the > webservice need to correct their implementation. > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:[email protected]] > Sent: Monday, February 03, 2014 9:55 AM > To: Carlos Oliva > Cc: [email protected] > Subject: Re: Client Apache CXF to a Windows webservice > > No, that's not the problem. I've just looked at your Client.txt and it > is incorrect. I see two problems: > > a) You are defining security actions via WSHandlerConstants.* and then > adding the properties to a WSS4JOutInterceptor. However, is it > unnecessary to do this, as security is configured via the > SecurityPolicy. > Get rid of from " java.util.Map<String,Object> outProps..." down to > "client.getOutInterceptors().add(wssOut);" > > b) Your WS-SecurityPolicy configuration looks like: > > bindingProvider.getRequestContext().put("ws-security.username", > "mykey"); > > bindingProvider.getRequestContext().put("ws-security.callback-handler" > , > new KeystorePasswordCallback()); > > // Encryption properties file with directions to use the keystore > > bindingProvider.getRequestContext().put("ws-security.encryption.userna > me > ", > "mykey"); > > bindingProvider.getRequestContext().put("ws-security.encryption.proper > ti > es", > "pbsitokhie.properties"); > > However, you are using the same key alias for both signature + > encryption here! You should be specifying the signature alias via > "ws-security.signature.username" + the encryption alias via > "ws-security.encryption.username". If "mykey" is your key, then I > guess the error is that the service cannot decrypt the EncryptedKey... > > Colm. > > > On Mon, Feb 3, 2014 at 2:16 PM, Carlos Oliva <[email protected]> > wrote: > > > Hi Colm, > > I just noticed that the Security element fails to appear in the list > > of headers of the SOAPMessage. I added a SOAPHandlerInterceptor to > > my > > > client and listed the the headers (perhaps I need to add it in a > > different Phase). This is what I got: > > Message has 4 headers > > {http://www.w3.org/2005/08/addressing}Action > > {http://www.w3.org/2005/08/addressing}MessageID > > {http://www.w3.org/2005/08/addressing}To > > {http://www.w3.org/2005/08/addressing}ReplyTo > > > > The logging interceptor lists the outgoing message afterwards and > > the Security element appears as follows: > > ><wsse:Security > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > > ws > > se > > curity-secext-1.0.xsd" > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w > > ss ec urity-utility-1.0.xsd" soap:mustUnderstand="true"> > > > > Is it that the interceptor fails to understand the Security element > > as > > > part of the Header? I am asking because the webservice sends a > > fault message back with ta text like "An error occurred when > > verifying security for the message" > > > > -----Original Message----- > > From: Colm O hEigeartaigh [mailto:[email protected]] > > Sent: Monday, February 03, 2014 7:32 AM > > To: [email protected] > > Subject: Re: Client Apache CXF to a Windows webservice > > > > Do you have access to the logs on the service side to see why the > > request was rejected? I don't really see anything wrong with the CXF > > request. Could you attach the security policy that is being used? > > > > Colm. > > > > > > On Sat, Feb 1, 2014 at 9:52 PM, Carlos Oliva <[email protected]> > > wrote: > > > > > How can I mimic the message in the attached file, message.xml, > > > with a stand-alone Apache CXF client? The file is a trace output > > > from support at the remote server. I need to replicate the > > > message described in the file without the added artifacts created > > > be the > > tracer. > > > > > > > > > > > > I created a java client, attached file client.txt, by replicating > > > the > > > > > Greeter example in the Apache CXF web site. I created the > > > artifacts > > > > with wsdl2java from the wsdl quoted in the attached file, > > > (SecodnExchange.txt), and coded the client. My client created the > > > message listed in the file, SecondExchange.txt, and get the > > > response > > > > "An error occurred when verifying security for the message". The > > > support team for the service has told me that they had added my > > > public > > key to their configuration. > > > > > > > > > > > > I am stuck with this problem. It looks like the client is > > > creating code that is very similar to the one that succeeds. > > > Thank you very much in advance. > > > *PRIVILEGED AND CONFIDENTIAL: This document and the information > > > contained herein are confidential and protected from disclosure > > > under > > Federal law. > > > This message is intended only for the use of the addressee(s) and > > > may contain information that is PRIVILEGED and CONFIDENTIAL. If > > > you are not the intended recipient, you are hereby notified that > > > the use, dissemination, or copying of this information is strictly > prohibited. > > > If you received this communication in error, please erase all > > > copies > > > > of the message and its attachments and notify the sender > > > immediately.* > > > > > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > *PRIVILEGED AND CONFIDENTIAL: This document and the information > contained herein are confidential and protected from disclosure under Federal law. > This message is intended only for the use of the addressee(s) and may > contain information that is PRIVILEGED and CONFIDENTIAL. If you are > not the intended recipient, you are hereby notified that the use, > dissemination, or copying of this information is strictly prohibited. > If you received this communication in error, please erase all copies > of the message and its attachments and notify the sender immediately.* > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
