You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by CXF-de'per <pr...@gmail.com> on 2008/09/17 02:30:13 UTC
org.apache.xml.security.c14n.CanonicalizationException while using
encrypt --help needed
I am stuck with this CanonicalizationException. When I use "Timestamp
UsernameToken" it works but if I add "Encrypt" to encrypt the body...
Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
Encryption: error during message
processingorg.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt
data; nested exception is:
org.apache.xml.security.c14n.CanonicalizationException: Element Echo
has a relative namespace: xmlns="Amerisafe.Icams.Services.Ums"
at
org.apache.ws.security.action.EncryptionAction.execute(EncryptionAction.java:64)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4JOutInterceptor.java:166)
... 97 more
my configurations is the following:
++++++++++++++++++++++++++++
<bean id="wss4jOutConfiguration"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="Timestamp UsernameToken Encrypt" />
<entry key="user" value="fbest1" />
<entry key="passwordType" value="PasswordText" />
<entry key="encryptionUser" value="fbest1" />
<entry key="encryptionKeyTransportAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<!-- sign the body and the timestamp -->
<entry key="signatureParts"
value="{}{http://www.w3.org/2003/05/soap-envelope}Body;{}{http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp"/>
<!--<entry key="encryptionParts"
value="{}{http://www.w3.org/2003/05/soap-envelope}Body" /> -->
<entry key="signatureKeyIdentifier"
value="DirectReference" />
<entry key="encryptionKeyIdentifier"
value="SKIKeyIdentifier" />
<entry key="signaturePropFile"
value="crypto.properties" />
<entry key="encryptionPropFile"
value="crypto.properties" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
--
View this message in context: http://www.nabble.com/org.apache.xml.security.c14n.CanonicalizationException-while-using-encrypt---help-needed-tp19523306p19523306.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: org.apache.xml.security.c14n.CanonicalizationException while using encrypt --help needed
Posted by Daniel Kulp <dk...@apache.org>.
I think this is the same as:
http://issues.apache.org/jira/browse/WSS-29
which basically says that namespace is invalid for XML Canonicalization. You
would need to update your service/wsdl to use a non-relative namespace.
Dan
On Tuesday 16 September 2008 8:30:13 pm CXF-de'per wrote:
> I am stuck with this CanonicalizationException. When I use "Timestamp
> UsernameToken" it works but if I add "Encrypt" to encrypt the body...
>
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
> Encryption: error during message
> processingorg.apache.ws.security.WSSecurityException: Cannot
> encrypt/decrypt data; nested exception is:
> org.apache.xml.security.c14n.CanonicalizationException: Element
> Echo has a relative namespace: xmlns="Amerisafe.Icams.Services.Ums"
> at
> org.apache.ws.security.action.EncryptionAction.execute(EncryptionAction.jav
>a:64) at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4JOut
>Interceptor.java:166) ... 97 more
>
> my configurations is the following:
> ++++++++++++++++++++++++++++
> <bean id="wss4jOutConfiguration"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <property name="properties">
> <map>
> <entry key="action" value="Timestamp UsernameToken Encrypt" />
> <entry key="user" value="fbest1" />
> <entry key="passwordType" value="PasswordText" />
> <entry key="encryptionUser" value="fbest1" />
> <entry key="encryptionKeyTransportAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
> <!-- sign the body and the timestamp -->
> <entry key="signatureParts"
> value="{}{http://www.w3.org/2003/05/soap-envelope}Body;{}{http://docs.oasis
>open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp"/
>> <!--<entry key="encryptionParts"
> value="{}{http://www.w3.org/2003/05/soap-envelope}Body" /> -->
> <entry key="signatureKeyIdentifier"
> value="DirectReference" />
> <entry key="encryptionKeyIdentifier"
> value="SKIKeyIdentifier" />
> <entry key="signaturePropFile"
> value="crypto.properties" />
> <entry key="encryptionPropFile"
> value="crypto.properties" />
> <entry>
> <key>
> <value>passwordCallbackRef</value>
> </key>
> <ref bean="passwordCallback" />
> </entry>
> </map>
> </property>
> </bean>
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog