Hi
I have a working webservice (using axis) and I have successfully secured
the request to the server with the following deployment configurations:
Client
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature Encrypt Timestamp"/>
<parameter name="user" value="UserA"/>
<parameter name="passwordCallbackClass"
value="security.PWCallback"/>
<parameter name="signaturePropFile" value="cryptoclient.properties"
/>
<parameter name="encryptionUser" value="UserB" />
</handler>
</requestFlow>
Server
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="sekerhet.PWCallback"/>
<parameter name="action" value="Signature Encrypt Timestamp"/>
<parameter name="signaturePropFile" value="cryptoserver.properties"
/>
</handler>
</requestFlow>
Cryptoclient.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components
.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=JKS
org.apache.ws.security.crypto.merlin.keystore.password=secretpassword
org.apache.ws.security.crypto.merlin.keystore.alias=UserA
org.apache.ws.security.crypto.merlin.file=UserAkeystore
Cryptoserver.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components
.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=JKS
org.apache.ws.security.crypto.merlin.keystore.password=secretpassword
org.apache.ws.security.crypto.merlin.keystore.alias=UserB
org.apache.ws.security.crypto.merlin.file=UserBkeystore
This works like a charm. The request is being signed, encrypted and
timestamped. So the next logical step was to do the same for the
response from the server. I extended the deployment descriptions on the
server and the client to the following:
Client
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver" >
<parameter name="action" value="Signature Encrypt Timestamp"/>
<parameter name="passwordCallbackClass"
value="security.PWCallback"/>
<parameter name="signaturePropFile" value="cryptoclient.properties"
/>
</handler>
</responseFlow>
Server
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature Encrypt Timestamp"/>
<parameter name="user" value="UserB"/>
<parameter name="passwordCallbackClass"
value="sekerhet.PWCallback"/>
<parameter name="signaturePropFile" value="cryptoserver.properties"
/>
<parameter name="encryptionUser" value="UserA" />
</handler>
</responseFlow>
When I view the http POST and the coresponding response it looks right.
I have attached the output in this mail. Unfortunate when the client
recievies the response and starts to verify the signing, timestamp and
decrypt the message a null pointer occures. I have debugged to the
method decryptDataRef in WSSecurityEngine. So the password and the
location of the private key works fine. When the
WSSecurityUtil.getElementByWsuId(wssConfig, doc, dataRefURI) is called a
null pointer occurs. Further debug shows that the null pointer occures
in the WSSecurityUtil class in the method findElementById(Node
startNode, String value, String namespace) where value is
EncDataId-17351095 and namespace
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utili
ty-1.0.xsd. The startnode is:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd">
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"><wsu:Created>2006-04-27T09:38:38.454Z</wsu:Create
d><wsu:Expires>2006-04-27T09:43:38.454Z</wsu:Expires></wsu:Timestamp>
<xenc:EncryptedKey>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference><ds:X509IssuerSerial>
<ds:X509IssuerName>CN=UserA</ds:X509IssuerName>
<ds:X509SerialNumber>1141738619</ds:X509SerialNumber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData><xenc:CipherValue>xfq+orbQx69rMT3jqirpSFJI3IyUfRwoKTAiW
ok8bSwd5ZQpf1qrpRVmGfd9j+PTmpP3iXfHzsh8
mFFAVaX8rztYqiMMxFsG1K2l8MkFGslGrGeu7VGal3oKaPfx5PZUBT1ItEOTY6XQ6PcOPcEj
NM6u
riWlELWgFq20Q+paQ4M=</xenc:CipherValue></xenc:CipherData>
<xenc:ReferenceList><xenc:DataReference URI="#EncDataId-17351095"
/></xenc:ReferenceList></xenc:EncryptedKey><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<ds:Reference URI="#id-17351095">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>tPv0iDcb6Bwn2YVsYIO1qW7myKw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
XraagTh/ZA5iUJeCjkxvlEJVbeJOFPv2yAG+Htf8nUGPSuE0rZ6tH1ysyIpIMOvDb9zfiMmv
3eCm
E8UtfaL8xLOCNykZH4CUuxDvF4j5LwSAnT/8mm5pEXhJWn9jgT27o3eE+bDrerEbTNXj4wxf
UEhS
KNz/+o2k0qdJe4U2JxA=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-2850754">
<wsse:SecurityTokenReference wsu:Id="STRId-30456965"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"><ds:X509IssuerSerial>
<ds:X509IssuerName>CN=UserB</ds:X509IssuerName>
<ds:X509SerialNumber>1141738621</ds:X509SerialNumber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header><soapenv:Body
wsu:Id="id-17351095"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"><xenc:EncryptedData Id="EncDataId-17351095"
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
/><xenc:CipherData><xenc:CipherValue>RQEuGbKefpDGgyk3hEsKSCI+OqtX7hvFJ+h
1mCTu6e3usrc9KvW5MlJAny9fxFNMWcRLYOXOJEir
s7kzX1hDC54HfrTZ1MkEOelZQ7eUkmjplWtSSphGeAVqvF2BWyvYsd+6oNqx3nEfap9mSnnR
rRwk
6I0bi546CU9wAEMCaz5U/hCua91mzASVZmg4XkQIvh7/AkB+stCAvuwyN03U0lwP8y5ZL13B
BHv6
eDxsn5o3Ltc7sMpOqjRjENaJp0FDd5wnbQOiAq+m1dHAzQHOuybOcQz/Lnj80Nve44t9MR+C
aV17
3kK08JcBp+wc42xUwQqzxB7oQ3TbNeSEjsjIq3gWtlSE9ULKGU1AWQB+WrRu6cy/V2czrOcu
7fMZ
Fxn/q/v5MTAIyIYTve7UZ7l/35WgJLIfmS63I7G43KsGgHptV5rHwIM2DFMDp7zBic3PbF7g
xi6e
d1sE5gMpH43kmWgoCiC0vi91rlUprIPbvOtRjFzpVeoUmIluFjToQYg0Ur26o1C7EXe1Y2oq
oiFT
6w4fBYbZRgVgSLTtEv1iM7c=</xenc:CipherValue></xenc:CipherData></xenc:Encr
yptedData></soapenv:Body></soapenv:Envelope>
I am guessing it tries to find the element right under the body for
decrypting the body. But I can't understund why it doesnt find it. The
EncDataId is there and the element also. Does anyone has any guess on
whats causing this?
Thanks
Markus
==============
Listen Port: 8081
Target Host: localhost
Target Port: 8080
==== Request ====
POST /TDE_WS_FilialKund/services/PartFilialKundRegister HTTP/1.0
Content-Type: text/xml; charset=utf-8
Accept: application/soap+xml, application/dime, multipart/related, text/*
User-Agent: Axis/1.2.1
Host: localhost:8081
Cache-Control: no-cache
Pragma: no-cache
SOAPAction: ""
Content-Length: 4285
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wsu:Created>2006-04-27T09:38:37.904Z</wsu:Created><wsu:Expires>2006-04-27T09:43:37.904Z</wsu:Expires></wsu:Timestamp>
<xenc:EncryptedKey>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference><ds:X509IssuerSerial>
<ds:X509IssuerName>CN=fsb</ds:X509IssuerName>
<ds:X509SerialNumber>1141738621</ds:X509SerialNumber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData><xenc:CipherValue>tFirJohYp4Y53uOhrg57UH6X86fIQsqexNaHGHlvyMA2szq1R7yQa5CAcS+g1WT/cX7Mfxb98Qfh
KFCTyTXRZDlR7Sjk5cdZOkEIzDTmfor81GSymprLYzbADJbXT0BU1IUWI+dwH/eyMeXmkBqH1U3N
NFckwHqXXozhsUh4U8U=</xenc:CipherValue></xenc:CipherData>
<xenc:ReferenceList><xenc:DataReference
URI="#EncDataId-16166715"></xenc:DataReference></xenc:ReferenceList></xenc:EncryptedKey><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>
<ds:Reference URI="#id-16166715">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>r2FlrWy9EK6UDPXxrWG0pJjSiUs=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
OGPMsyg10bZN59D7651oF/lk8egZfv1GdbMdzfHDiImVkY4Z0sVFQrpAAM4vBd+OWlsXoNhoHtfS
JXLvMi3GaxhwOmDrIGGLmM2KE3RWjkFqIjm2MWaLQmwHR2wgBzhcLv9HoBAbKi8OYrKv0AUcxjcI
k0onDizkAkLgAX0S018=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-6467398">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-14768745"><ds:X509IssuerSerial>
<ds:X509IssuerName>CN=denmark</ds:X509IssuerName>
<ds:X509SerialNumber>1141738619</ds:X509SerialNumber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header><soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-16166715"><xenc:EncryptedData Id="EncDataId-16166715"
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>1K6Zv2MnGAcyQDN8OIa4ZXe96ohFV7+pCDAjrXGuFHn0GoPd48NuZW/wqOZPAHxp30heAUVnz/Hj
cbgbAw3lvU3mc8AQTf+knA8z2MR37uIzql7zG5yup9WkXYBJcuF27Ws5zW62UIzhf3z7A1PaCCHP
wFUSJpqHUYpOJiVJivBdnSKRrM+DKhlqT8flz+1kIVMtFd+CCtpDQEYkIPLF3RaNJNZWursC97DX
gukvqSbL2z+0nC73awWOgAndaTqfZOisjyqDPuLxfj7CBrwQ9ASPNYBRmKbF8VkCgJa8NwThqhs5
9xP3UaLn687sAwhMNsVCikfwJUqdXYmfhAjmh9q/FOBPVkbqAgRRyv2PR0R0OFk72c/bwI+5Dxm1
DUJ1sIjt4s/QJj8nwcjlD+Wa8f65or8Hk2cDRzd2XJo3pTr1vK2aeUezE5xXXifW9VZvok80+WKM
LTcTwJW/+zc7RBnKmqumeC8xL5eVjZvNo6oyuCvPjdzIaxARc4f/25l0HJnhlqpT42lc4ej6SlzG
3aTAdkoIyke5MKvNCqJ9XMNgO6l4I3Hsocx1lhSGfjZqZuR0Qwmx8SlLd2mVx2FsKxa9vTyNdAjT
srEU9tp7SCH5muDQgtuA38Rp3FT3dzAbVbGVVZTN5wCKhkqWyo1vnuO+7nFg385QQ70wYb9iKSDl
aL+y74G5PogFD07bQn+Fl9Z/JutNEI8qFAkzg8kJkyDhGuGFEYJNZ1pVLUf2m6L9zxGnbz1gCwgE
7XwhCkMeSJAF6R7rXUCPzFW4ODFiFCN0S+zx2MbmfcGrRvwCjuykkAKQ+BIRG11LnRbZuFO58M6n
BZf87rUfgbSch5jYnuSNQAL1L5UH0dM2zycToJNGg0u2hBAP1ZRaXtn3gLs+SEYFYh20d8bkSu+J
M7o+muR27y+l63g4ZFZZC0HBn3Ou7T6F3rj8H+yKJkFxNez3tiVPvb2Yrvidst1eCS9rIYUFobhI
cE8LeeESiB5BJgxLR+P80HTxJFPa+2NWr7a6aSqz3HVx0b2ad9gymAG2PL+ZHpEUY/g6MIbQq7Je
MH4uNgiLJ0ZR61NFHyk0oOXKoOUxrWG2AVPy6ht5X5Uu59y3uhl22ENxseZkmQQXd34wYL/MiFb2
PQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soapenv:Body></soapenv:Envelope>
==== Response ====
HTTP/1.1 200 OK
Content-Type: text/xml;charset=utf-8
Date: Thu, 27 Apr 2006 09:38:38 GMT
Server: Apache-Coyote/1.1
Connection: close
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wsu:Created>2006-04-27T09:38:38.454Z</wsu:Created><wsu:Expires>2006-04-27T09:43:38.454Z</wsu:Expires></wsu:Timestamp>
<xenc:EncryptedKey>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference><ds:X509IssuerSerial>
<ds:X509IssuerName>CN=UserA</ds:X509IssuerName>
<ds:X509SerialNumber>1141738619</ds:X509SerialNumber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData><xenc:CipherValue>xfq+orbQx69rMT3jqirpSFJI3IyUfRwoKTAiWok8bSwd5ZQpf1qrpRVmGfd9j+PTmpP3iXfHzsh8
mFFAVaX8rztYqiMMxFsG1K2l8MkFGslGrGeu7VGal3oKaPfx5PZUBT1ItEOTY6XQ6PcOPcEjNM6u
riWlELWgFq20Q+paQ4M=</xenc:CipherValue></xenc:CipherData>
<xenc:ReferenceList><xenc:DataReference
URI="#EncDataId-17351095"></xenc:DataReference></xenc:ReferenceList></xenc:EncryptedKey><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>
<ds:Reference URI="#id-17351095">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>tPv0iDcb6Bwn2YVsYIO1qW7myKw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
XraagTh/ZA5iUJeCjkxvlEJVbeJOFPv2yAG+Htf8nUGPSuE0rZ6tH1ysyIpIMOvDb9zfiMmv3eCm
E8UtfaL8xLOCNykZH4CUuxDvF4j5LwSAnT/8mm5pEXhJWn9jgT27o3eE+bDrerEbTNXj4wxfUEhS
KNz/+o2k0qdJe4U2JxA=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-2850754">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-30456965"><ds:X509IssuerSerial>
<ds:X509IssuerName>CN=UserB</ds:X509IssuerName>
<ds:X509SerialNumber>1141738621</ds:X509SerialNumber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header><soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-17351095"><xenc:EncryptedData Id="EncDataId-17351095"
Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";></xenc:EncryptionMethod><xenc:CipherData><xenc:CipherValue>RQEuGbKefpDGgyk3hEsKSCI+OqtX7hvFJ+h1mCTu6e3usrc9KvW5MlJAny9fxFNMWcRLYOXOJEir
s7kzX1hDC54HfrTZ1MkEOelZQ7eUkmjplWtSSphGeAVqvF2BWyvYsd+6oNqx3nEfap9mSnnRrRwk
6I0bi546CU9wAEMCaz5U/hCua91mzASVZmg4XkQIvh7/AkB+stCAvuwyN03U0lwP8y5ZL13BBHv6
eDxsn5o3Ltc7sMpOqjRjENaJp0FDd5wnbQOiAq+m1dHAzQHOuybOcQz/Lnj80Nve44t9MR+CaV17
3kK08JcBp+wc42xUwQqzxB7oQ3TbNeSEjsjIq3gWtlSE9ULKGU1AWQB+WrRu6cy/V2czrOcu7fMZ
Fxn/q/v5MTAIyIYTve7UZ7l/35WgJLIfmS63I7G43KsGgHptV5rHwIM2DFMDp7zBic3PbF7gxi6e
d1sE5gMpH43kmWgoCiC0vi91rlUprIPbvOtRjFzpVeoUmIluFjToQYg0Ur26o1C7EXe1Y2oqoiFT
6w4fBYbZRgVgSLTtEv1iM7c=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soapenv:Body></soapenv:Envelope>
==============
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
