Hi,
I've also created CXF server (please find in
http://www.nabble.com/file/p24973027/wse-cxf-sign-server.zip attachment ).
As long as I did not provide keystore with client certificate I was getting
error:
org.apache.ws.security.WSSecurityException: WSHandler: Certificate path
verification failed for certificate with subject CN=WSE2QuickStartClient;
nested exception is:
org.apache.ws.security.WSSecurityException: General security error
(Error
during certificate path validation: basic constraints check failed: this is
not a CA certificate); nested exception is:
java.security.cert.CertPathValidatorException: basic constraints check
failed: this is not a CA certificate
at
org.apache.ws.security.handler.WSHandler.verifyTrust(WSHandler.java:1176)
So I found working configuration for CXF client <-> CXF server (however it
does not work as I expected - I thought that client's issuer certificate
should be only available on server side)
Anyway, problem I am trying to solve is connecting to .NET webservice not
CXF...
Regards,
Maciej
XyLus wrote:
>
> Hi Freeman
>
> Please find in attachment testcase bundle - it contains standalone cxf
> (wse-cxf-sign-client) application,
> smx test flow (smx-testcase) and sample .Net web service code (.NET) I am
> trying to connect.
>
> Speaking of cxf server, I have not tried it yet since my goal is to work
> out working configuration for smx client <-> .NET web service. However I
> will try this as well and send result.
>
>
>
> Regards,
> Maciej
>
> Attachment: http://www.nabble.com/file/p24954647/testcase-bundle.zip
> testcase-bundle.zip
>
>
>
>
> Freeman Fang wrote:
>>
>> Hi,
>> Could you please append your testcase, both the working standalone cxf
>> client and the problem smx one?
>> If possible, also a standalone server what we can test against to
>> reproduce the error, I understand you are using .NET server on
>> windows, but if you can provide a cxf server to simulate the error it
>> would be great.
>> Thanks
>> Freeman
>> On 2009-8-12, at 下午11:14, XyLus wrote:
>>
>>>
>>> Hi All,
>>>
>>> I have to connect to web service ( .NET implementation with WSE 3.0 on
>>> board) that requires signed
>>> request. I 've played with CXF framework and now I have solution
>>> that works
>>> just fine ( I get successful response from web service)
>>>
>>> When I use cxf bc provider with the same configuration I end up with
>>> 'The
>>> signature or decryption was invalid' error.
>>>
>>> I attach smx and cxf logs and requests produced by CXF standalone
>>> application and SMX flow.
>>> http://www.nabble.com/file/p24938687/cxf.log cxf.log
>>> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
>>> http://www.nabble.com/file/p24938687/smx.log smx.log
>>> http://www.nabble.com/file/p24938687/smx.xml smx.xml
>>>
>>> When you compare them they look ALMOST the same what makes me
>>> confused.
>>> (digest value and signature value are different and one additional
>>> namespace
>>> is avaialbe in smx request
>>> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
>>>
>>> So I turned on debug mode and tried to find root cause of differences.
>>> However I can't see any meaningful information in logs . On top of
>>> that I
>>> use the same version of wss4j and xmlsec library in both cases.
>>>
>>> Any help appreciated.
>>>
>>> Regards,
>>> Maciej
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
>>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>>
>>
>>
>> --
>> Freeman Fang
>> ------------------------
>> Open Source SOA: http://fusesource.com
>>
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24973027.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
