axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Uthaiyashankar <shan...@wso2.com>
Subject Re: rampart_handler_util.c -- parameter not set
Date Sat, 04 Oct 2008 02:07:46 GMT
Hi Raghu,

I think your configurations are wrong. First of all, I have to be clear 
that whether message sent from server to client is also signed? It has 
to be signed, otherwise rampart will not work. From client side, still 
we don't have support to have different security policy for outgoing 
message and incoming message. Hence my further explanations will assume 
even the message from server to client is signed.

To sign from server to client, you have to give <rampc:Certificate> and 
<rampc:PrivateKey> in server side configuration. Also, you have to give 
<rampc:ReceiverCertificate> in client's configuration.

Sample4 shipped with Rampart[1] is actually the usecase you are trying 
to achieve. You can have a look at that.

Regards,
Shankar

[1] 
https://svn.apache.org/repos/asf/webservices/rampart/trunk/c/samples/secpolicy/scenario4

Raghu Udupa wrote:
> Thanks Shankar.
>
> I am a bit confused about specifying security phase in axis2.xml for
> client as well as for server. 
>
> We need to sign the documents that are sent to the client which need to
> be verified at the server.
>
> Could you tell me whether my settings of axis2.xml and policy.xml on the
> client side and axis2.xml and service.xml on the server side are correct
> for a correct implementation of signature verification
>
> CLIENT SIDE
>
> axis2.xml
> =========
>
>     <phaseOrder type="outflow">
>         <!-- User defined phases could be added here -->
>         <!--phase name="userphase1"/-->
>         <!--system predefined phase-->
>         <phase name="MessageOut"/>
>         <phase name="Security"/>
>         <!--phase name="Security"/-->
>     </phaseOrder>
>
> policy.xml
> ==========
>
> <rampc:RampartConfig
> xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> <rampc:Certificate>/usr/certdir/openssl_crt.pem</rampc:Certificate>
> <rampc:PrivateKey>/usr/certdir/sign.key</rampc:PrivateKey>
> </rampc:RampartConfig>
>
>
> SERVER SIDE
>
> axis2.xml
> =========
>
> <phaseOrder type="inflow">
>   <!-- System pre defined phases       -->
>   <phase name="Transport"/>
>   <phase name="PreDispatch"/>
>   <phase name="Dispatch"/>
>   <phase name="PostDispatch"/>
>   <phase name="Security"/>
>  </phaseOrder>
>
> service.xml
> ===========
>
> <service name="ReceiveEasyLinkFaxService">
> <parameter name="ServiceClass">ReceiveEasyLinkFaxService</parameter>
> <description>ReceiveEasyLinkFaxService Service</description>
> <module ref="rampart"/>
> <operation name="ReceiveFax">
> ....
> ....
> <rampc:RampartConfig
> xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> <rampc:ReceiverCertificate>/usr/certdir/openssl_crt.pem</rampc:ReceiverC
> ertificate> 
> </rampc:RampartConfig>
>
> Thanks,
> Raghu
>
> -----Original Message-----
> From: Uthaiyashankar [mailto:shankar@wso2.com] 
> Sent: Thursday, October 02, 2008 1:13 PM
> To: Apache AXIS C User List
> Subject: Re: rampart_handler_util.c -- parameter not set
>
> Raghu Udupa wrote:
>   
>> Thanks Samisa.
>>
>> The first reported error is parameter 0 not being set in
>> rampart_handler_util.c. I wanted to know which configuration parameter
>> method rampart_get_rampart_configuration in rampart_handler_util.c is
>> looking for.
>>   
>>     
>
> That error message is misleading. It is actually not an error. :). We 
> have to remove it. So, you can safely ignore it.
>
> Regards,
> Shankar.
>
>   
>> Regards,
>> Raghu
>>
>> -----Original Message-----
>> From: Samisa Abeysinghe [mailto:samisa@wso2.com] 
>> Sent: Wednesday, October 01, 2008 9:32 PM
>> To: Apache AXIS C User List
>> Subject: Re: rampart_handler_util.c -- parameter not set
>>
>>   
>>     
>>>    2. Also, the webservices client is getting following error while
>>>       attempting to engage rampart module.
>>>
>>> [Wed Oct  1 11:36:33 2008] [error] rampart_handler_util.c(241) 
>>> [rampart][rampart_handler_utils] 0 parameter is not set.
>>>
>>> [Wed Oct  1 11:36:33 2008] [warning] msg_ctx.c(1381) 
>>> RampartClientConfiguration not set in message context
>>>
>>> [Wed Oct  1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284 
>>> in openssl_x509_get_subject_key_identifier] oxs defualt error , The 
>>> extenension index of NID_subject_key_identifier is not valid
>>>
>>> [Wed Oct  1 11:36:33 2008] [error] http_sender.c(1374) Error occurred
>>>       
>
>   
>>> in transport
>>>
>>> [Wed Oct  1 11:36:33 2008] [error] rampart_engine.c(122) 
>>> [rampart][rampart_engine] Cannot get saved rampart_context
>>>
>>> [Wed Oct  1 11:36:33 2008] [error] rampart_in_handler.c(114) 
>>> [rampart][rampart_in_handler] rampart_context creation failed.
>>>
>>> [Wed Oct  1 11:36:33 2008] [error] phase.c(216) Handler 
>>> RampartInHandler invoke failed within phase PreDispatch
>>>
>>> [Wed Oct  1 11:36:33 2008] [error] engine.c(696) Invoking phase 
>>> PreDispatch failed
>>>
>>> [Wed Oct  1 11:36:33 2008] [error] soap11_builder_helper.c(368) 
>>> Unidentified character in SOAP 1.1 builder helper processing
>>>
>>>     
>>>       
>> As the error says, there is something wrong in your key.
>>
>> Samisa...
>>   
>>     
>>>    3. I am also including the server log. I am using a self signed
>>>       certificate generated using openssl to sign the message. Digest
>>>       verification is succeeding. But signature verification is
>>>     
>>>       
>> failing.
>>   
>>     
>>>  
>>>
>>> Thanks,
>>> Raghu
>>>     
>>>       
>> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>>
>>
>>
>>   
>>     
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org


Mime
View raw message