Hi
I am trying to test a Signature action from the client to the server. I
have imported the clients certificate into the server store. When I try
invoking the web service I get the following exception. I checked the
message in tcpmon and am not seeing anything to raise a flag except that
the serial number does not match the serial number shown by the keytool
[not sure if its encoded in different way]. I am not sure what I am
missing. I am attaching the server wsdd and the client wsdd and the keytool
commands.
AxisFault
faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: WSDoAllReceiver: security processing failed; nested exception
is:
org.apache.ws.security.WSSecurityException: The signature
verification failed
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}hostname:D2DFJ971
WSDoAllReceiver: security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: The signature
verification failed
soap header
---------------------
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1"><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>
<ds:Reference URI="#id-27173235">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>bIURuKkNJkvOePjL2w3nNum8KrA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
uH8F5vW9KKvWTs9hJtEq2mWn01+t+MHQCDWvC/gUn/dxqkWpdjfXtfWuhYEkjjE5U4PYpfyqY3De
D5JULLmW2qBJfFUbONFbcpR2VTUi+Ya9c+jcLpSP9dYZ/bys9ey/h5JhZWkEN2ERmwwQCJiKDg6R
522tMtlT9HMFa7GxZ18=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-24697864">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-26625789"><ds:X509IssuerSerial>
<ds:X509IssuerName>CN=testalias2</ds:X509IssuerName>
<ds:X509SerialNumber>1140456858</ds:X509SerialNumber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security>
Server wsdd
--------------------
<service name="MXINVOICEInterface" provider="java:MSG" style="message"
use="literal">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile" value="mysigcrypto.properties" />
</handler>
</requestFlow>
<wsdlFile>C:\bea8\user_projects\domains\mydomain\wsdl\MXINVOICEInterface.wsdl</wsdlFile>
<parameter name="allowedMethods" value="processDocument"/>
<parameter name="className"
value="psdi.iface.webservices.MEADocumentService"/>
<parameter name="scope" value="Application"/>
<parameter name="sendXsiTypes" value="false"/>
<parameter name="sendMultiRefs" value="false"/>
</service>
mysigcrypto.properties
-----------------------------------
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=testsp1
org.apache.ws.security.crypto.merlin.file=teststore1
Clients wsdd
---------------------
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow >
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature"/>
<parameter name="user" value="testalias2"/>
<parameter name="signaturePropFile" value="clientsigcrypto.properties"
/>
<parameter name="passwordCallbackClass"
value="psdi.iface.webservices.PWCallBack"/>
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
clientsigcrypto.properties
--------------------------------------
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=testsp2
org.apache.ws.security.crypto.merlin.file=teststore2
Keytool commands
------------------------------
keytool -genkey -alias testalias1 -keystore teststore1 -dname
"cn=testalias1" -keypass testkp1 -storepass testsp1 -keyalg RSA
keytool -genkey -alias testalias2 -keystore teststore2 -dname
"cn=testalias2" -keypass testkp2 -storepass testsp2 -keyalg RSA
keytool -selfcert -alias testalias1 -keystore teststore1 -keypass testkp1
-storepass testsp1
keytool -selfcert -alias testalias2 -keystore teststore2 -keypass testkp2
-storepass testsp2
keytool -export -keystore teststore2 -alias testalias2 -storepass testsp2
-file testcert2 -rfc
keytool -import -alias testcert2 -file testcert2 -keystore teststore1
-storepass testsp1
Any pointers appeciated.
thanks
Anamitra
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
