ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dittmann, Werner" <werner.dittm...@siemens.com>
Subject AW: Signature verification
Date Wed, 06 Jul 2005 06:00:16 GMT
Mike,

you may be right. I can remeber (its some time ago)
when the path verification was implemented we had a
similar problem. Maybe the person who implemented it
firsthand can shed some light on it?

Regards,
Werner

> -----Urspr√ľngliche Nachricht-----
> Von: Mike [mailto:toaster@umiacs.umd.edu] 
> Gesendet: Dienstag, 5. Juli 2005 23:01
> An: fx-dev@ws.apache.org
> Betreff: Signature verification
> 
> 
> 
> Hi,
>   We're trying to use a SAMLToken w/ holder-of-key for 
> authentication. 
> The service side is set up according to the appropriate test case.
> 
> 	<requestFlow>
>              <handler 
> type="java:org.apache.ws.axis.security.WSDoAllReceiver">
>              <parameter name="action" value="Timestamp Signature 
> SAMLTokenUnsigned"/>
>              <parameter name="signaturePropFile" 
> value="servercrypto.properties" />
>              </handler>
>          </requestFlow>
> 
> servercrypto.properties:
> 
> org.apache.ws.security.crypto.provider=org.apache.ws.security.
> components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> org.apache.ws.security.crypto.merlin.keystore.provider=BC
> org.apache.ws.security.crypto.merlin.keystore.password=xxxx
> org.apache.ws.security.crypto.merlin.file=gensvr.keystore
> 
> Wss4j is able to find the properties, appropriate keystore, 
> and alias in 
> that keystore for the certificate issuer, but is unable to verify the 
> cert path between client and issuer.
> 
> AxisFault
>   faultCode: 
> {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
>   faultSubcode:
>   faultString: WSDoAllReceiver: Certificate path verification 
> failed for 
> certificate with subject OU=client, OU=umiacs; nested exception is:
>          org.apache.ws.security.WSSecurityException: General security 
> error (Error during certificate path validation: signature check 
> failed); nested exception is:
>          java.security.cert.CertPathValidatorException: 
> signature check 
> failed
> 
> Tracking this down, it appears that the SUN provider that is used by 
> default isn't happy when you use bouncycastle to handle keystore 
> activity. Changing 'CertPathValidator.getInstance' in 
> Merlin.java to use 
> the same provider as the keystore appears to fix this. Am I missing 
> something, or is this a bug?
> 
> -Mike
> 

Mime
View raw message