cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kasperih <kasper.ibsen.han...@gmail.com>
Subject RE: WS-Security - signature problems
Date Tue, 04 Mar 2008 11:29:07 GMT

Hi Colm

Thanks that was definetly wrong, I fixed that but it still doesn't work. I
also changed it a bit so that it also tries to encrypt, but it doesn't seem
to get by the signature. If I remove the signatrue action and only tries the
encrypt then that doesn't work either.
I gave both the cleint and the server the same alias, is that a problem?

I have attached the altered code again.

Here is part of my client.xml

 <bean id="wss4jOut"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
    <constructor-arg>
      <map>
        <entry key="action" value="Timestamp Signature Encrypt" />
        <entry key="user" value="football-client" />
        <!-- <entry key="passwordType" value="PasswordDigest" />-->
        <entry key="passwordCallbackClass"
value="football.demo.client.ClientPasswordCallback" />
        <entry key="signaturePropFile" value="client_sign.properties"/>
        <entry key="signatureKeyIdentifier" value="DirectReference"/>
        <entry key="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
        <entry key="encryptionPropFile" value="server_sign.properties"/>
        <entry key="encryptionUser" value="football-client"/>
        <entry key="encryptionParts"
value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
        <entry key="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>  
      </map>
    </constructor-arg>
  </bean>    

and here is the matching server.xml

 <bean id="wss4jIn"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
        <constructor-arg>
          <map>
            <entry key="action" value="Timestamp Signature Encrypt" />
            <!-- <entry key="passwordType" value="PasswordDigest" />-->
            <entry key="passwordCallbackClass"
value="football.demo.server.ServerPasswordCallback" />
            <entry key="signaturePropFile" value="client_sign.properties"/>
            <entry key="decryptionPropFile" value="server_sign.properties"/>
          </map>
        </constructor-arg>
      </bean>

Kasper


O hEigeartaigh, Colm wrote:
> 
> 
> Hi Kasper,
> 
> Here's the problem - you generate your keys with:
> 
> "-keypass keyStorePassword"
> 
> Yet your ClientPasswordCallback.java has:
> 
> " pc.setPassword("keyPassword");"
> 
> Change the above to "pc.setPassword("keyStorePassword");" and it should
> work ok.
> 
> Colm.
> 
> -----Original Message-----
> From: kasperih [mailto:kasper.ibsen.hansen@gmail.com] 
> Sent: 03 March 2008 19:54
> To: cxf-user@incubator.apache.org
> Subject: RE: WS-Security - signature problems
> 
> 
> I have attached all the files that you asked for. Its the entire
> folder with all the relvant files.
> 
> - keytool -genkey -alias football-client -keypass keyStorePassword
> -keystore  client-keystore.jks -storepass keyStorePassword -dname
> "cn=football-client" -keyalg RSA
> 
> - keytool -selfcert -alias football-client -keystore
> client-keystore.jks -   storepass keyStorePassword -keypass
> keyStorePassword
> 
> - keytool -export -alias football-client -file key.rsa -keystore
> client-keystore.jks -storepass keyStorePassword
> 
> - keytool -import -alias football-client  -file key.rsa -keystore
> server-keystore.jks -storepass keyStorePassword
> 
> 
> These are the commands I used in order to create the keys.
> 
> 
> Regards
> Kasper H
> 
> 
> 
> O hEigeartaigh, Colm wrote:
>> 
>> 
>> Can you attach the full code for your sample?
>> 
>> Colm.
>> 
>> -----Original Message-----
>> From: Kasper Hansen [mailto:kasper.ibsen.hansen@gmail.com] 
>> Sent: 03 March 2008 13:30
>> To: cxf-user@incubator.apache.org
>> Subject: WS-Security - signature problems
>> 
>> I am rather new to using the cxf. I checked out from svn and had a
>> look at the samples in the disrubution folder. I didn't find a sample
>> for the ws-security so I decided to make one myself.
>> I started with the UsernameToken and this worked fine, I added the
>> logging interceptor and i could see in the SOAP headers that
>> everything was working fine. But then I wanted to sign the message, I
>> followed the instrucions at the cxf page to make the keystores but i
>> cannot get it to work. When I run my server and client, the server
>> runs fine and so does the client, but before I saw the messages in my
>> client windows that was sent but now it seems that nothing gets send,
>> but there is no errors to see even though I turned logging on the log
>> ALL.
>> 
>> Here is what i have in my server.xml file:
>> 
>>   <bean id="saajIn"
>> class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>>       <bean id="wss4jIn"
>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>         <constructor-arg>
>>           <map>
>>             <entry key="action" value="UsernameToken Timestamp
>> Signature" />
>>             <entry key="passwordType" value="PasswordDigest" />
>>             <entry key="passwordCallbackClass"
>> value="football.demo.server.ServerPasswordCallback" />
>>             <entry key="signaturePropFile"
>> value="server_sign.properties"/>
>>           </map>
>>         </constructor-arg>
>>       </bean>
>> 
>>     <cxf:bus>
>>      <cxf:inInterceptors>
>>             <ref bean="saajIn"/>
>>             <ref bean="wss4jIn"/>
>>         </cxf:inInterceptors>
>>         <cxf:features>
>>             <cxf:logging/>
>>         </cxf:features>
>>     </cxf:bus>
>> </beans>
>> 
>> And in my client.xml file
>> 
>>  <bean id="saajOut"
>> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
>>   <bean id="wss4jOut"
>> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>>     <constructor-arg>
>>       <map>
>>         <entry key="action" value="UsernameToken Timestamp Signature"
> />
>>         <entry key="user" value="football-client" />
>>         <entry key="passwordType" value="PasswordDigest" />
>>         <entry key="passwordCallbackClass"
>> value="football.demo.client.ClientPasswordCallback" />
>>         <entry key="signaturePropFile"
> value="client_sign.properties"/>
>>       </map>
>>     </constructor-arg>
>>   </bean>
>> 
>>     <cxf:bus>
>>        <cxf:outInterceptors>
>>             <ref bean="saajOut"/>
>>             <ref bean="wss4jOut"/>
>>         </cxf:outInterceptors>
>>         <cxf:features>
>>             <cxf:logging/>
>>         </cxf:features>
>>     </cxf:bus>
>> 
>> </beans>
>> 
>> 
>> Thr request never reaches the server because it doesn't get send, here
>> is the last output in the client command prompt:
>> 
>>      [java]
>>      [java] 03-03-2008 14:13:11
>> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>>      [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.jaxws.handler.logical.LogicalHandlerOutIntercepto
>> r@f5b2e4
>>      [java] 03-03-2008 14:13:11
>> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>>      [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.interceptor.WrappedOutInterceptor@b29c9d
>>      [java] 03-03-2008 14:13:11
>> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>>      [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.interceptor.BareOutInterceptor@482bad
>>      [java] 03-03-2008 14:13:11
>> org.apache.cxf.phase.PhaseInterceptorChain doIntercept
>>      [java] FINE: Invoking handleMessage on interceptor
>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInt
>> erceptorInternal@b28980
>>      [java] 03-03-2008 14:13:11
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> Internal
>> handleM
>> essage
>>      [java] FINE: WSDoAllSender: enter invoke()
>>      [java] 03-03-2008 14:13:11
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> Internal
>> handleM
>> essage
>>      [java] FINE: Action: 35
>>      [java] 03-03-2008 14:13:11
>>
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptor
>> Internal
>> handleM
>> essage
>>      [java] FINE: Actor: null
>>      [java] 03-03-2008 14:13:11 org.apache.ws.security.WSSConfig
>> loadProvider
>>      [java] FINE: The provider JuiCE could not be added:
>> org.apache.security.juice.provider.JuiCEProviderOpenSSL
>>      [java] 03-03-2008 14:13:11 org.apache.ws.security.util.Loader
>> getResource
>>      [java] FINE: Trying to find [client_sign.properties] using
>> sun.misc.Launcher$AppClassLoader@df6ccd class loader.
>>      [java] 03-03-2008 14:13:11
>> org.apache.ws.security.components.crypto.CryptoFactory loadClass
>>      [java] FINE: Using Crypto Engine
>> [org.apache.ws.security.components.crypto.Merlin]
>>      [java] 03-03-2008 14:13:11 org.apache.ws.security.util.Loader
>> getResource
>>      [java] FINE: Trying to find [client-keystore.jks] using
>> sun.misc.Launcher$AppClassLoader@df6ccd class loader.
>>      [java] 03-03-2008 14:13:11
>> org.apache.ws.security.handler.WSHandler doSenderAction
>>      [java] FINE: Performing Action: 1
>>      [java] 03-03-2008 14:13:11
>> org.apache.ws.security.message.WSSecUsernameToken build
>>      [java] FINE: Begin add username token...
>>      [java] 03-03-2008 14:13:11
>> org.apache.ws.security.handler.WSHandler doSenderAction
>>      [java] FINE: Performing Action: 32
>>      [java] 03-03-2008 14:13:11
>> org.apache.ws.security.message.WSSecTimestamp build
>>      [java] FINE: Begin add timestamp...
>>      [java] 03-03-2008 14:13:11
>> org.apache.ws.security.handler.WSHandler doSenderAction
>>      [java] FINE: Performing Action: 2
>>      [java] 03-03-2008 14:13:11
>> org.apache.ws.security.message.WSSecSignature build
>>      [java] FINE: Beginning signing...
>>      [java] 03-03-2008 14:13:11
>> org.apache.ws.security.message.WSSecSignature prepare
>>      [java] FINE: automatic sig algo detection: RSA
>>      [java] 03-03-2008 14:13:11
>> org.apache.xml.security.algorithms.SignatureAlgorithm <init>
>>      [java] FINE: Create URI
>> "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class
>> org.apache.xml.security.algorithm
>> s.implementations.SignatureBaseRSA$SignatureRSASHA1"
>>      [java] 03-03-2008 14:13:11
>> org.apache.xml.security.algorithms.JCEMapper translateURItoJCEID
>>      [java] FINE: Request for URI
>> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>>      [java] 03-03-2008 14:13:11
>> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA
>> <init>
>>      [java] FINE: Created SignatureDSA using SHA1withRSA
>>      [java] 03-03-2008 14:13:11
>> org.apache.xml.security.utils.ElementProxy <init>
>>      [java] FINE: setElement("ds:SignatureMethod", "null")
>>      [java] 03-03-2008 14:13:11
>> org.apache.xml.security.algorithms.SignatureAlgorithm <init>
>>      [java] FINE: Create URI
>> "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class
>> org.apache.xml.security.algorithm
>> s.implementations.SignatureBaseRSA$SignatureRSASHA1"
>>      [java] 03-03-2008 14:13:11
>> org.apache.xml.security.algorithms.JCEMapper translateURItoJCEID
>>      [java] FINE: Request for URI
>> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>>      [java] 03-03-2008 14:13:11
>> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA
>> <init>
>>      [java] FINE: Created SignatureDSA using SHA1withRSA
>> 
>> BUILD SUCCESSFUL
>> Total time: 8 seconds
>> 
>> I would have expected to see a message? Could anyone help me with this
>> problem?
>> 
>> Regards
>> Kasper H
>> 
>> ----------------------------
>> IONA Technologies PLC (registered in Ireland)
>> Registered Number: 171387
>> Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
> Ireland
>> 
>> 
> http://www.nabble.com/file/p15812284/Football.zip Football.zip 
> -- 
> View this message in context:
> http://www.nabble.com/WS-Security---signature-problems-tp15805470p158122
> 84.html
> Sent from the cxf-user mailing list archive at Nabble.com.
> 
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
> 
> 
http://www.nabble.com/file/p15825240/Football.zip Football.zip 
-- 
View this message in context: http://www.nabble.com/WS-Security---signature-problems-tp15805470p15825240.html
Sent from the cxf-user mailing list archive at Nabble.com.


Mime
View raw message