You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by CXF-de'per <pr...@gmail.com> on 2008/09/17 02:30:13 UTC

org.apache.xml.security.c14n.CanonicalizationException while using encrypt --help needed

I am stuck with this CanonicalizationException. When I use "Timestamp
UsernameToken" it works but if I add "Encrypt" to encrypt the body...

Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
Encryption: error during message
processingorg.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt
data; nested exception is:
        org.apache.xml.security.c14n.CanonicalizationException: Element Echo
has a relative namespace: xmlns="Amerisafe.Icams.Services.Ums"
        at
org.apache.ws.security.action.EncryptionAction.execute(EncryptionAction.java:64)
        at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
        at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4JOutInterceptor.java:166)
        ... 97 more

my configurations is the following:
++++++++++++++++++++++++++++
<bean id="wss4jOutConfiguration"
		class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
		<property name="properties">
			<map>
				<entry key="action" value="Timestamp UsernameToken Encrypt" />
				<entry key="user" value="fbest1" />
				<entry key="passwordType" value="PasswordText" />
				<entry key="encryptionUser" value="fbest1" />
				<entry key="encryptionKeyTransportAlgorithm"
					value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
				<!-- sign the body and the timestamp -->
				<entry key="signatureParts"
value="{}{http://www.w3.org/2003/05/soap-envelope}Body;{}{http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp"/>
				<!--<entry key="encryptionParts"
value="{}{http://www.w3.org/2003/05/soap-envelope}Body" /> -->
				<entry key="signatureKeyIdentifier"
					value="DirectReference" />
				<entry key="encryptionKeyIdentifier"
					value="SKIKeyIdentifier" />
				<entry key="signaturePropFile"
					value="crypto.properties" />
				<entry key="encryptionPropFile"
					value="crypto.properties" /> 
				<entry>
					<key>
						<value>passwordCallbackRef</value>
					</key>
					<ref bean="passwordCallback" />
				</entry>
			</map>
		</property>
	</bean>
-- 
View this message in context: http://www.nabble.com/org.apache.xml.security.c14n.CanonicalizationException-while-using-encrypt---help-needed-tp19523306p19523306.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: org.apache.xml.security.c14n.CanonicalizationException while using encrypt --help needed

Posted by Daniel Kulp <dk...@apache.org>.

I think this is the same as:
http://issues.apache.org/jira/browse/WSS-29
which basically says that namespace is invalid for XML Canonicalization.   You 
would need to update your service/wsdl to use a non-relative namespace.

Dan



On Tuesday 16 September 2008 8:30:13 pm CXF-de'per wrote:
> I am stuck with this CanonicalizationException. When I use "Timestamp
> UsernameToken" it works but if I add "Encrypt" to encrypt the body...
>
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
> Encryption: error during message
> processingorg.apache.ws.security.WSSecurityException: Cannot
> encrypt/decrypt data; nested exception is:
>         org.apache.xml.security.c14n.CanonicalizationException: Element
> Echo has a relative namespace: xmlns="Amerisafe.Icams.Services.Ums"
>         at
> org.apache.ws.security.action.EncryptionAction.execute(EncryptionAction.jav
>a:64) at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
>         at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4JOut
>Interceptor.java:166) ... 97 more
>
> my configurations is the following:
> ++++++++++++++++++++++++++++
> <bean id="wss4jOutConfiguration"
> 		class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> 		<property name="properties">
> 			<map>
> 				<entry key="action" value="Timestamp UsernameToken Encrypt" />
> 				<entry key="user" value="fbest1" />
> 				<entry key="passwordType" value="PasswordText" />
> 				<entry key="encryptionUser" value="fbest1" />
> 				<entry key="encryptionKeyTransportAlgorithm"
> 					value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
> 				<!-- sign the body and the timestamp -->
> 				<entry key="signatureParts"
> value="{}{http://www.w3.org/2003/05/soap-envelope}Body;{}{http://docs.oasis
>open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp"/
>> <!--<entry key="encryptionParts"
> value="{}{http://www.w3.org/2003/05/soap-envelope}Body" /> -->
> 				<entry key="signatureKeyIdentifier"
> 					value="DirectReference" />
> 				<entry key="encryptionKeyIdentifier"
> 					value="SKIKeyIdentifier" />
> 				<entry key="signaturePropFile"
> 					value="crypto.properties" />
> 				<entry key="encryptionPropFile"
> 					value="crypto.properties" />
> 				<entry>
> 					<key>
> 						<value>passwordCallbackRef</value>
> 					</key>
> 					<ref bean="passwordCallback" />
> 				</entry>
> 			</map>
> 		</property>
> 	</bean>



-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog