Thanks, of course I had forgotten to include the xcerces jars when launching the client.
Regards, Werner -----Ursprungligt meddelande----- Från: Dittmann, Werner [mailto:[EMAIL PROTECTED] Skickat: den 27 april 2006 14:23 Till: Markus Backman; [email protected] Ämne: AW: Trouble when securing the response What is the environment that you use? Do you use Xerces as your XML parser? Or do you use the standard XML parser that comes with Sun's JDK? The latter one doesn't work correctly. Regards, Werner > -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 27. April 2006 11:47 > An: [email protected] > Betreff: Trouble when securing the response > > Hi > > I have a working webservice (using axis) and I have > successfully secured > the request to the server with the following deployment > configurations: > > Client > <requestFlow> > <handler type="java:org.apache.ws.axis.security.WSDoAllSender" > > <parameter name="action" value="Signature Encrypt Timestamp"/> > <parameter name="user" value="UserA"/> > > <parameter name="passwordCallbackClass" > value="security.PWCallback"/> > <parameter name="signaturePropFile" > value="cryptoclient.properties" > /> > <parameter name="encryptionUser" value="UserB" /> > </handler> > </requestFlow> > > Server > <requestFlow> > <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> > <parameter name="passwordCallbackClass" > value="sekerhet.PWCallback"/> > <parameter name="action" value="Signature Encrypt Timestamp"/> > <parameter name="signaturePropFile" > value="cryptoserver.properties" > /> > </handler> > </requestFlow> > > Cryptoclient.properties > org.apache.ws.security.crypto.provider=org.apache.ws.security. > components > .crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=JKS > org.apache.ws.security.crypto.merlin.keystore.password=secretpassword > org.apache.ws.security.crypto.merlin.keystore.alias=UserA > org.apache.ws.security.crypto.merlin.file=UserAkeystore > > Cryptoserver.properties > org.apache.ws.security.crypto.provider=org.apache.ws.security. > components > .crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=JKS > org.apache.ws.security.crypto.merlin.keystore.password=secretpassword > org.apache.ws.security.crypto.merlin.keystore.alias=UserB > org.apache.ws.security.crypto.merlin.file=UserBkeystore > > This works like a charm. The request is being signed, encrypted and > timestamped. So the next logical step was to do the same for the > response from the server. I extended the deployment descriptions on > the server and the client to the following: > > Client > <responseFlow> > <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver" > > <parameter name="action" value="Signature Encrypt Timestamp"/> > <parameter name="passwordCallbackClass" > value="security.PWCallback"/> > <parameter name="signaturePropFile" > value="cryptoclient.properties" > /> > </handler> > </responseFlow> > > Server > <responseFlow> > <handler type="java:org.apache.ws.axis.security.WSDoAllSender"> > <parameter name="action" value="Signature Encrypt Timestamp"/> > <parameter name="user" value="UserB"/> > <parameter name="passwordCallbackClass" > value="sekerhet.PWCallback"/> > <parameter name="signaturePropFile" > value="cryptoserver.properties" > /> > <parameter name="encryptionUser" value="UserA" /> > </handler> > </responseFlow> > > When I view the http POST and the coresponding response it > looks right. > I have attached the output in this mail. Unfortunate when the client > recievies the response and starts to verify the signing, timestamp and > decrypt the message a null pointer occures. I have debugged to the > method decryptDataRef in WSSecurityEngine. So the password and the > location of the private key works fine. When the > WSSecurityUtil.getElementByWsuId(wssConfig, doc, dataRefURI) > is called a > null pointer occurs. Further debug shows that the null pointer occures > in the WSSecurityUtil class in the method findElementById(Node > startNode, String value, String namespace) where value is > EncDataId-17351095 and namespace > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu rity-utili > ty-1.0.xsd. The startnode is: > > <soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <soapenv:Header> > <wsse:Security soapenv:mustUnderstand="1" > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 1-wss-wsse > curity-secext-1.0.xsd"> > <wsu:Timestamp > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssec > urity-utility-1.0.xsd"><wsu:Created>2006-04-27T09:38:38.454Z</ wsu:Create > d><wsu:Expires>2006-04-27T09:43:38.454Z</wsu:Expires></wsu:Timestamp> > <xenc:EncryptedKey> > <xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> <ds:KeyInfo > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <wsse:SecurityTokenReference><ds:X509IssuerSerial> > <ds:X509IssuerName>CN=UserA</ds:X509IssuerName> > > <ds:X509SerialNumber>1141738619</ds:X509SerialNumber> > </ds:X509IssuerSerial></wsse:SecurityTokenReference> > </ds:KeyInfo> > <xenc:CipherData><xenc:CipherValue>xfq+orbQx69rMT3jqirpSFJI3Iy UfRwoKTAiW > ok8bSwd5ZQpf1qrpRVmGfd9j+PTmpP3iXfHzsh8 > mFFAVaX8rztYqiMMxFsG1K2l8MkFGslGrGeu7VGal3oKaPfx5PZUBT1ItEOTY6 > XQ6PcOPcEj > NM6u > riWlELWgFq20Q+paQ4M=</xenc:CipherValue></xenc:CipherData> > <xenc:ReferenceList><xenc:DataReference URI="#EncDataId-17351095" > /></xenc:ReferenceList></xenc:EncryptedKey><ds:Signature > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > <ds:Reference URI="#id-17351095"> <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > <ds:DigestValue>tPv0iDcb6Bwn2YVsYIO1qW7myKw=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue> > XraagTh/ZA5iUJeCjkxvlEJVbeJOFPv2yAG+Htf8nUGPSuE0rZ6tH1ysyIpIMO > vDb9zfiMmv > 3eCm > E8UtfaL8xLOCNykZH4CUuxDvF4j5LwSAnT/8mm5pEXhJWn9jgT27o3eE+bDrer > EbTNXj4wxf > UEhS > KNz/+o2k0qdJe4U2JxA= > </ds:SignatureValue> > <ds:KeyInfo Id="KeyId-2850754"> > <wsse:SecurityTokenReference wsu:Id="STRId-30456965" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssec > urity-utility-1.0.xsd"><ds:X509IssuerSerial> > <ds:X509IssuerName>CN=UserB</ds:X509IssuerName> > > <ds:X509SerialNumber>1141738621</ds:X509SerialNumber> > </ds:X509IssuerSerial></wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature></wsse:Security></soapenv:Header><soapenv:Body > wsu:Id="id-17351095" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssec > urity-utility-1.0.xsd"><xenc:EncryptedData Id="EncDataId-17351095" > Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; > /><xenc:CipherData><xenc:CipherValue>RQEuGbKefpDGgyk3hEsKSCI+O qtX7hvFJ+h > 1mCTu6e3usrc9KvW5MlJAny9fxFNMWcRLYOXOJEir > s7kzX1hDC54HfrTZ1MkEOelZQ7eUkmjplWtSSphGeAVqvF2BWyvYsd+6oNqx3n Efap9mSnnR > rRwk 6I0bi546CU9wAEMCaz5U/hCua91mzASVZmg4XkQIvh7/AkB+stCAvuwyN03U0l > wP8y5ZL13B > BHv6 > eDxsn5o3Ltc7sMpOqjRjENaJp0FDd5wnbQOiAq+m1dHAzQHOuybOcQz/Lnj80N > ve44t9MR+C > aV17 > 3kK08JcBp+wc42xUwQqzxB7oQ3TbNeSEjsjIq3gWtlSE9ULKGU1AWQB+WrRu6c > y/V2czrOcu > 7fMZ Fxn/q/v5MTAIyIYTve7UZ7l/35WgJLIfmS63I7G43KsGgHptV5rHwIM2DFMDp7 > zBic3PbF7g > xi6e > d1sE5gMpH43kmWgoCiC0vi91rlUprIPbvOtRjFzpVeoUmIluFjToQYg0Ur26o1 > C7EXe1Y2oq > oiFT > 6w4fBYbZRgVgSLTtEv1iM7c=</xenc:CipherValue></xenc:CipherData>< > /xenc:Encr > yptedData></soapenv:Body></soapenv:Envelope> > > I am guessing it tries to find the element right under the body for > decrypting the body. But I can't understund why it doesnt find it. The > EncDataId is there and the element also. Does anyone has any guess on > whats causing this? > > Thanks > Markus > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
