You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Shyam Shukla <sh...@persistent.co.in> on 2006/07/17 16:38:31 UTC
WSHandler: Signature: unknown key identification
Hi All,
I am working with axis2 1.0 and wss4j 1.5 to implement WS-Security feature
supported by this architecture.
I am using rampart module to sign the soap messages.
Now when I invoke a web service I get the following error message:
<< Start of Error Message>>
org.apache.axis2.AxisFault: WSHandler: Signature: unknown key
identification; ne
sted exception is:
org.apache.ws.security.WSSecurityException: WSHandler: Signature:
unknow
n key identification
at
org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
java:255)
at
org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
r.java:82)
at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
peration.java:328)
at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
isOperation.java:279)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
457)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
399)
at
sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
va:60)
Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature:
unk
nown key identification
at
org.apache.ws.security.handler.WSHandler.decodeSignatureParameter(WSH
andler.java:397)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
a:124)
at
org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
java:181)
... 9 more
<< End of Error Message >>
>From error it looks like I am not giving correct "signatureKeyIdentifier" in
axis2.xml. As per the document, I came to know that value of
"signatureKeyIdentifier" should be IssuerSerial number so I assigned CA's
serial number to this tag but it did no work?
Can anyone figure it out where I am going wrong?
Best Regards,
Shyam Shukla
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Ruchith,
I've solved this issue by going through the same way you have suggested.
Thanks a lot.
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Monday, July 31, 2006 4:15 PM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Hi,
for tips on generating Nonce and Created please refer to :
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
ecurity/message/token/UsernameToken.java
Thanks,
Ruchith
On 7/31/06, Ruchith Fernando <ru...@gmail.com> wrote:
> Hi,
>
> sorry about the delay in my response:
>
> Please have a look at
>
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
src/org/apache/rahas/TrustUtil.java
>
> to see how rahas creates the elements.
>
> Thanks,
> Ruchith
>
> On 7/25/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Hi Ruchith,
> >
> > Due to my project requirement I can not move to later versions 2005/02
or
> > 2005/12.
> >
> > So I've decided to get my hands dirty with AXIOM as you guys have
already
> > done .... :).
> >
> > To construct this request manually, I am not getting how to generate
values
> > of <wsse:Nonce> and <wsu:Created> tags inside <wsse:UsernameToken> tag.
> > I went through AXIOM APIs to find any method to accomplish this but it
was
> > my vain attempt.
> >
> > Could you please guide me to solve this issue?
> >
> > Best Regards,
> > Shyam Shukla
> >
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Monday, July 24, 2006 4:26 PM
> > To: Shyam Shukla
> > Cc: wss4j-dev@ws.apache.org
> > Subject: Re: WSHandler: Signature: unknown key identification
> >
> > Hi,
> >
> > I see one major issue here in using the Rahas WS-Trust impl.
> > Rahas supports only the two latest versions of WS-Trust. Therefore we
> > have support for 2005/02 version and 2005/12 (WS-SX) version.
> >
> > Therefore if you want to stick to 2004/04 version of WS-Trust you will
> > have to manually build the WS-Trust specific tokens.
> >
> > Is it possible for you to use a later version? If not you will have to
> > get your hands dirty with AXIOM :-) and construct the request
> > manually.
> >
> > Thanks,
> > Ruchith
> >
> > On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > Ruchith thanks once again for your kind suggestion.
> > > The exact format of SOAP body that I have to create is as below:
> > >
> > > <soap:Body>
> > > <wst:RequestSecurityToken
> > > xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
> > >
> > >
> >
<wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp
> > > e>
> > >
> > >
> >
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<
> > > /wst:RequestType>
> > > <wst:Base>
> > > <wsse:UsernameToken
> > >
> >
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> > > y-utility-1.0.xsd"
> > > wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb">
> > > <wsse:Username>SC789LKG3CHS</wsse:Username>
> > > <wsse:Password
> > >
> >
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
> > > -profile-1.0#PasswordDigest">
> > > CQLsBWC3oxXyxGNWdIhAYWoXKZE=
> > > </wsse:Password>
> > > <wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce>
> > > <wsu:Created>2005-09-05T14:31:59Z</wsu:Created>
> > > </wsse:UsernameToken>
> > > </wst:Base>
> > > <wsp:AppliesTo
> > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > <wsa:EndpointReference>
> > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > </wsa:EndpointReference>
> > > </wsp:AppliesTo>
> > > <wst:LifeTime>
> > > <wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires>
> > > </wst:LifeTime>
> > > </wst:RequestSecurityToken>
> > > </soap:Body>
> > >
> > > I went through the "TrustUtil.java" file and it looks promising to
> > implement
> > > this format except "<wst:Base>" tag because I don't see any method to
> > > implement this tag which could contain UsernameToken tag as its child
> > > element.
> > >
> > > Could you please tell me what other classes will be required from
"Apache
> > > Rahas" source code to implement this?
> > >
> > >
> > > Best Regards,
> > > Shyam Shukla
> > >
> > > -----Original Message-----
> > > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > > Sent: Monday, July 24, 2006 1:37 PM
> > > To: Shyam Shukla
> > > Cc: wss4j-dev@ws.apache.org
> > > Subject: Re: WSHandler: Signature: unknown key identification
> > >
> > > Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
> > > why I pointed you to the DOM AppliesTo element :-)
> > >
> > > If you are using AXIOM the piece of code that provides you this is in
> > > org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
> > > String address) [1]
> > >
> > > WS-Trust support for Axis2 is being developed as Apache Rahas within
> > > the Axis2 code base. If you are looking for a client components to
> > > talk to a SecrityTokenService then there are a set of utility methods
> > > available in Rahas [1].
> > >
> > > HTH
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > [1]
> > >
> >
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
> > > src/org/apache/rahas/TrustUtil.java
> > >
> > > On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > > Thanks a lot Ruchith for guiding me to solve my problems.
> > > > Now my only concern is left how to associate AppliesTo class with my
> > > client
> > > > program to create SOAP request body format mentioned in this email.
> > > > My client program is as below:
> > > >
> > > > << Start of Client Code >>
> > > >
> > > > public class ClientWebSecurityToken {
> > > >
> > > > /**
> > > > * @param args
> > > > */
> > > > public static void main(String[] args) {
> > > > try {
> > > >
> > > > OMElement payload = getEchoElement();
> > > > ConfigurationContext configContext =
> > > >
> > >
> >
ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> > > > yam\\WSSecurityTestCase\\client_repo",
"E:\\Shyam\\WSSecurityTestCase
> > > > \\client_repo\\conf\\axis2.xml");
> > > > ServiceClient serviceClient = new
> > ServiceClient(configContext,
> > > > null);
> > > > //serviceClient.engageModule(new
> > > QName("rampart"));
> > > > Options options = new Options();
> > > > options.setTo(new
EndpointReference("http://127.0.0.1:1234"
> > +
> > > > "/axis2/services/WSSecurityTestCaseService"));
> > > >
options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> > > > options.setProperty(Constants.Configuration.ENABLE_MTOM,
> > > > Constants.VALUE_TRUE);
> > > > options.setAction("urn:echo");
> > > > serviceClient.setOptions(options);
> > > >
> > > > //Blocking invocation
> > > > OMElement result = serviceClient.sendReceive(payload);
> > > >
> > > > StringWriter writer = new StringWriter();
> > > > result.serialize(XMLOutputFactory.newInstance()
> > > > .createXMLStreamWriter(writer));
> > > > writer.flush();
> > > >
> > > > System.out.println("Response: " + writer.toString());
> > > >
> > > > System.out.println("UKGateWayTestService Invocation
> > successful
> > > > :-)");
> > > > } catch (AxisFault axisFault) {
> > > > axisFault.printStackTrace();
> > > > } catch (XMLStreamException e) {
> > > > e.printStackTrace();
> > > > }
> > > > }
> > > >
> > > > private static OMElement getEchoElement() {
> > > > OMFactory fac = OMAbstractFactory.getOMFactory();
> > > > OMNamespace omNs = fac.createOMNamespace(
> > > > "http://example1.org/example1", "example1");
> > > > OMElement method = fac.createOMElement("echo", omNs);
> > > > OMElement value = fac.createOMElement("Text", omNs);
> > > > value.addChild(fac.createOMText(value, "Axis2 Echo String
"));
> > > > method.addChild(value);
> > > >
> > > > return method;
> > > > }
> > > >
> > > > }
> > > >
> > > > << End of Client Code >>
> > > >
> > > > This client program is using AXIOM APIs while AppliesTo class is
using
> > DOM
> > > > APIs which I believe can not be interoperated.
> > > > So please help me out how can I solve this issue?
> > > >
> > > >
> > > > Best Regards,
> > > > Shyam Shukla
> > > > -----Original Message-----
> > > > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > > > Sent: Friday, July 21, 2006 1:34 PM
> > > > To: Shyam Shukla
> > > > Cc: wss4j-dev@ws.apache.org
> > > > Subject: Re: WSHandler: Signature: unknown key identification
> > > >
> > > > Hi,
> > > >
> > > > Please see my comments in line:
> > > >
> > > > On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > > > Hi Ruchith,
> > > > >
> > > > > Now I have solved the problem mentioned in this email by making
few
> > > > changes
> > > > > as below:
> > > > >
> > > > > 1- My client program was using a different a Password CallBack
class
> > due
> > > > to
> > > > > wrong entry in the classpath environment variable so I modified it
to
> > > the
> > > > > correct path.
> > > > >
> > > > > 2- I was using two different keystore files i.e. one for client
and
> > > other
> > > > > for server and both were having keys which were signed by the same
CA
> > > > which
> > > > > I believe is okay but it was throwing "Signature Processing" error
at
> > > > > receiving end i.e. at server side. So I used the same keystore
file at
> > > > both
> > > > > end and it worked.
> > > > >
> > > > > Can you please explain me point2 why can not I use two different
> > > keystores
> > > > > which are having keys which were signed by same CA?
> > > >
> > > > You can certainly use different keystores which contains each
other's
> > > > (service and client) signed certs. I have done this and it works
with
> > > > the keystores created with the steps shown here:
> > > > http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
> > > >
> > > >
> > > > >
> > > > > Now my next target is to implement WS-Policy in soap
request/response
> > > for
> > > > > that I went through online documentation of "Neethi" but could
find a
> > > > > complete working example or document to implement it.
> > > > >
> > > > > Ruchith, In my current project I have to create following format
in
> > the
> > > > > SOAP's Request Body
> > > > >
> > > > > <wsp:AppliesTo
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > > > <wsa:EndpointReference>
> > > > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > > > </wsa:EndpointReference>
> > > > > </wsp:AppliesTo>
> > > > >
> > > > > Please guide me how to create above format.
> > > > > Thanks a lot for being so helpful.
> > > >
> > > > Does this solve your problem:
> > > >
> > >
> >
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> > > > andbox/security/policy/message/token/AppliesTo.java
> > > >
> > > > Thanks,
> > > > Ruchith
> > > >
> > > > --
> > > > www.ruchith.org
> > > >
> > > >
> > > > DISCLAIMER
> > > > ==========
> > > > This e-mail may contain privileged and confidential information
which is
> > > the property of Persistent Systems Pvt. Ltd. It is intended only for
the
> > use
> > > of the individual or entity to which it is addressed. If you are not
the
> > > intended recipient, you are not authorized to read, retain, copy,
print,
> > > distribute or use this message. If you have received this
communication in
> > > error, please notify the sender and delete all copies of this message.
> > > Persistent Systems Pvt. Ltd. does not accept any liability for virus
> > > infected mails.
> > > >
> > >
> > >
> > > --
> > > www.ruchith.org
> > >
> > >
> > > DISCLAIMER
> > > ==========
> > > This e-mail may contain privileged and confidential information which
is
> > the property of Persistent Systems Pvt. Ltd. It is intended only for the
use
> > of the individual or entity to which it is addressed. If you are not the
> > intended recipient, you are not authorized to read, retain, copy, print,
> > distribute or use this message. If you have received this communication
in
> > error, please notify the sender and delete all copies of this message.
> > Persistent Systems Pvt. Ltd. does not accept any liability for virus
> > infected mails.
> > >
> >
> >
> > --
> > www.ruchith.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
> > DISCLAIMER
> > ==========
> > This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Pvt. Ltd. It is intended only for the use
of the individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in
error, please notify the sender and delete all copies of this message.
Persistent Systems Pvt. Ltd. does not accept any liability for virus
infected mails.
> >
>
>
> --
> www.ruchith.org
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Ruchith,
I've solved this issue by going through the same way you have suggested.
Thanks a lot.
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Monday, July 31, 2006 4:15 PM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Hi,
for tips on generating Nonce and Created please refer to :
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
ecurity/message/token/UsernameToken.java
Thanks,
Ruchith
On 7/31/06, Ruchith Fernando <ru...@gmail.com> wrote:
> Hi,
>
> sorry about the delay in my response:
>
> Please have a look at
>
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
src/org/apache/rahas/TrustUtil.java
>
> to see how rahas creates the elements.
>
> Thanks,
> Ruchith
>
> On 7/25/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Hi Ruchith,
> >
> > Due to my project requirement I can not move to later versions 2005/02
or
> > 2005/12.
> >
> > So I've decided to get my hands dirty with AXIOM as you guys have
already
> > done .... :).
> >
> > To construct this request manually, I am not getting how to generate
values
> > of <wsse:Nonce> and <wsu:Created> tags inside <wsse:UsernameToken> tag.
> > I went through AXIOM APIs to find any method to accomplish this but it
was
> > my vain attempt.
> >
> > Could you please guide me to solve this issue?
> >
> > Best Regards,
> > Shyam Shukla
> >
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Monday, July 24, 2006 4:26 PM
> > To: Shyam Shukla
> > Cc: wss4j-dev@ws.apache.org
> > Subject: Re: WSHandler: Signature: unknown key identification
> >
> > Hi,
> >
> > I see one major issue here in using the Rahas WS-Trust impl.
> > Rahas supports only the two latest versions of WS-Trust. Therefore we
> > have support for 2005/02 version and 2005/12 (WS-SX) version.
> >
> > Therefore if you want to stick to 2004/04 version of WS-Trust you will
> > have to manually build the WS-Trust specific tokens.
> >
> > Is it possible for you to use a later version? If not you will have to
> > get your hands dirty with AXIOM :-) and construct the request
> > manually.
> >
> > Thanks,
> > Ruchith
> >
> > On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > Ruchith thanks once again for your kind suggestion.
> > > The exact format of SOAP body that I have to create is as below:
> > >
> > > <soap:Body>
> > > <wst:RequestSecurityToken
> > > xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
> > >
> > >
> >
<wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp
> > > e>
> > >
> > >
> >
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<
> > > /wst:RequestType>
> > > <wst:Base>
> > > <wsse:UsernameToken
> > >
> >
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> > > y-utility-1.0.xsd"
> > > wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb">
> > > <wsse:Username>SC789LKG3CHS</wsse:Username>
> > > <wsse:Password
> > >
> >
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
> > > -profile-1.0#PasswordDigest">
> > > CQLsBWC3oxXyxGNWdIhAYWoXKZE=
> > > </wsse:Password>
> > > <wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce>
> > > <wsu:Created>2005-09-05T14:31:59Z</wsu:Created>
> > > </wsse:UsernameToken>
> > > </wst:Base>
> > > <wsp:AppliesTo
> > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > <wsa:EndpointReference>
> > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > </wsa:EndpointReference>
> > > </wsp:AppliesTo>
> > > <wst:LifeTime>
> > > <wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires>
> > > </wst:LifeTime>
> > > </wst:RequestSecurityToken>
> > > </soap:Body>
> > >
> > > I went through the "TrustUtil.java" file and it looks promising to
> > implement
> > > this format except "<wst:Base>" tag because I don't see any method to
> > > implement this tag which could contain UsernameToken tag as its child
> > > element.
> > >
> > > Could you please tell me what other classes will be required from
"Apache
> > > Rahas" source code to implement this?
> > >
> > >
> > > Best Regards,
> > > Shyam Shukla
> > >
> > > -----Original Message-----
> > > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > > Sent: Monday, July 24, 2006 1:37 PM
> > > To: Shyam Shukla
> > > Cc: wss4j-dev@ws.apache.org
> > > Subject: Re: WSHandler: Signature: unknown key identification
> > >
> > > Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
> > > why I pointed you to the DOM AppliesTo element :-)
> > >
> > > If you are using AXIOM the piece of code that provides you this is in
> > > org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
> > > String address) [1]
> > >
> > > WS-Trust support for Axis2 is being developed as Apache Rahas within
> > > the Axis2 code base. If you are looking for a client components to
> > > talk to a SecrityTokenService then there are a set of utility methods
> > > available in Rahas [1].
> > >
> > > HTH
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > [1]
> > >
> >
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
> > > src/org/apache/rahas/TrustUtil.java
> > >
> > > On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > > Thanks a lot Ruchith for guiding me to solve my problems.
> > > > Now my only concern is left how to associate AppliesTo class with my
> > > client
> > > > program to create SOAP request body format mentioned in this email.
> > > > My client program is as below:
> > > >
> > > > << Start of Client Code >>
> > > >
> > > > public class ClientWebSecurityToken {
> > > >
> > > > /**
> > > > * @param args
> > > > */
> > > > public static void main(String[] args) {
> > > > try {
> > > >
> > > > OMElement payload = getEchoElement();
> > > > ConfigurationContext configContext =
> > > >
> > >
> >
ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> > > > yam\\WSSecurityTestCase\\client_repo",
"E:\\Shyam\\WSSecurityTestCase
> > > > \\client_repo\\conf\\axis2.xml");
> > > > ServiceClient serviceClient = new
> > ServiceClient(configContext,
> > > > null);
> > > > //serviceClient.engageModule(new
> > > QName("rampart"));
> > > > Options options = new Options();
> > > > options.setTo(new
EndpointReference("http://127.0.0.1:1234"
> > +
> > > > "/axis2/services/WSSecurityTestCaseService"));
> > > >
options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> > > > options.setProperty(Constants.Configuration.ENABLE_MTOM,
> > > > Constants.VALUE_TRUE);
> > > > options.setAction("urn:echo");
> > > > serviceClient.setOptions(options);
> > > >
> > > > //Blocking invocation
> > > > OMElement result = serviceClient.sendReceive(payload);
> > > >
> > > > StringWriter writer = new StringWriter();
> > > > result.serialize(XMLOutputFactory.newInstance()
> > > > .createXMLStreamWriter(writer));
> > > > writer.flush();
> > > >
> > > > System.out.println("Response: " + writer.toString());
> > > >
> > > > System.out.println("UKGateWayTestService Invocation
> > successful
> > > > :-)");
> > > > } catch (AxisFault axisFault) {
> > > > axisFault.printStackTrace();
> > > > } catch (XMLStreamException e) {
> > > > e.printStackTrace();
> > > > }
> > > > }
> > > >
> > > > private static OMElement getEchoElement() {
> > > > OMFactory fac = OMAbstractFactory.getOMFactory();
> > > > OMNamespace omNs = fac.createOMNamespace(
> > > > "http://example1.org/example1", "example1");
> > > > OMElement method = fac.createOMElement("echo", omNs);
> > > > OMElement value = fac.createOMElement("Text", omNs);
> > > > value.addChild(fac.createOMText(value, "Axis2 Echo String
"));
> > > > method.addChild(value);
> > > >
> > > > return method;
> > > > }
> > > >
> > > > }
> > > >
> > > > << End of Client Code >>
> > > >
> > > > This client program is using AXIOM APIs while AppliesTo class is
using
> > DOM
> > > > APIs which I believe can not be interoperated.
> > > > So please help me out how can I solve this issue?
> > > >
> > > >
> > > > Best Regards,
> > > > Shyam Shukla
> > > > -----Original Message-----
> > > > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > > > Sent: Friday, July 21, 2006 1:34 PM
> > > > To: Shyam Shukla
> > > > Cc: wss4j-dev@ws.apache.org
> > > > Subject: Re: WSHandler: Signature: unknown key identification
> > > >
> > > > Hi,
> > > >
> > > > Please see my comments in line:
> > > >
> > > > On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > > > Hi Ruchith,
> > > > >
> > > > > Now I have solved the problem mentioned in this email by making
few
> > > > changes
> > > > > as below:
> > > > >
> > > > > 1- My client program was using a different a Password CallBack
class
> > due
> > > > to
> > > > > wrong entry in the classpath environment variable so I modified it
to
> > > the
> > > > > correct path.
> > > > >
> > > > > 2- I was using two different keystore files i.e. one for client
and
> > > other
> > > > > for server and both were having keys which were signed by the same
CA
> > > > which
> > > > > I believe is okay but it was throwing "Signature Processing" error
at
> > > > > receiving end i.e. at server side. So I used the same keystore
file at
> > > > both
> > > > > end and it worked.
> > > > >
> > > > > Can you please explain me point2 why can not I use two different
> > > keystores
> > > > > which are having keys which were signed by same CA?
> > > >
> > > > You can certainly use different keystores which contains each
other's
> > > > (service and client) signed certs. I have done this and it works
with
> > > > the keystores created with the steps shown here:
> > > > http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
> > > >
> > > >
> > > > >
> > > > > Now my next target is to implement WS-Policy in soap
request/response
> > > for
> > > > > that I went through online documentation of "Neethi" but could
find a
> > > > > complete working example or document to implement it.
> > > > >
> > > > > Ruchith, In my current project I have to create following format
in
> > the
> > > > > SOAP's Request Body
> > > > >
> > > > > <wsp:AppliesTo
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > > > <wsa:EndpointReference>
> > > > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > > > </wsa:EndpointReference>
> > > > > </wsp:AppliesTo>
> > > > >
> > > > > Please guide me how to create above format.
> > > > > Thanks a lot for being so helpful.
> > > >
> > > > Does this solve your problem:
> > > >
> > >
> >
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> > > > andbox/security/policy/message/token/AppliesTo.java
> > > >
> > > > Thanks,
> > > > Ruchith
> > > >
> > > > --
> > > > www.ruchith.org
> > > >
> > > >
> > > > DISCLAIMER
> > > > ==========
> > > > This e-mail may contain privileged and confidential information
which is
> > > the property of Persistent Systems Pvt. Ltd. It is intended only for
the
> > use
> > > of the individual or entity to which it is addressed. If you are not
the
> > > intended recipient, you are not authorized to read, retain, copy,
print,
> > > distribute or use this message. If you have received this
communication in
> > > error, please notify the sender and delete all copies of this message.
> > > Persistent Systems Pvt. Ltd. does not accept any liability for virus
> > > infected mails.
> > > >
> > >
> > >
> > > --
> > > www.ruchith.org
> > >
> > >
> > > DISCLAIMER
> > > ==========
> > > This e-mail may contain privileged and confidential information which
is
> > the property of Persistent Systems Pvt. Ltd. It is intended only for the
use
> > of the individual or entity to which it is addressed. If you are not the
> > intended recipient, you are not authorized to read, retain, copy, print,
> > distribute or use this message. If you have received this communication
in
> > error, please notify the sender and delete all copies of this message.
> > Persistent Systems Pvt. Ltd. does not accept any liability for virus
> > infected mails.
> > >
> >
> >
> > --
> > www.ruchith.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
> > DISCLAIMER
> > ==========
> > This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Pvt. Ltd. It is intended only for the use
of the individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in
error, please notify the sender and delete all copies of this message.
Persistent Systems Pvt. Ltd. does not accept any liability for virus
infected mails.
> >
>
>
> --
> www.ruchith.org
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
for tips on generating Nonce and Created please refer to :
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
Thanks,
Ruchith
On 7/31/06, Ruchith Fernando <ru...@gmail.com> wrote:
> Hi,
>
> sorry about the delay in my response:
>
> Please have a look at
> https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
>
> to see how rahas creates the elements.
>
> Thanks,
> Ruchith
>
> On 7/25/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Hi Ruchith,
> >
> > Due to my project requirement I can not move to later versions 2005/02 or
> > 2005/12.
> >
> > So I've decided to get my hands dirty with AXIOM as you guys have already
> > done .... :).
> >
> > To construct this request manually, I am not getting how to generate values
> > of <wsse:Nonce> and <wsu:Created> tags inside <wsse:UsernameToken> tag.
> > I went through AXIOM APIs to find any method to accomplish this but it was
> > my vain attempt.
> >
> > Could you please guide me to solve this issue?
> >
> > Best Regards,
> > Shyam Shukla
> >
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Monday, July 24, 2006 4:26 PM
> > To: Shyam Shukla
> > Cc: wss4j-dev@ws.apache.org
> > Subject: Re: WSHandler: Signature: unknown key identification
> >
> > Hi,
> >
> > I see one major issue here in using the Rahas WS-Trust impl.
> > Rahas supports only the two latest versions of WS-Trust. Therefore we
> > have support for 2005/02 version and 2005/12 (WS-SX) version.
> >
> > Therefore if you want to stick to 2004/04 version of WS-Trust you will
> > have to manually build the WS-Trust specific tokens.
> >
> > Is it possible for you to use a later version? If not you will have to
> > get your hands dirty with AXIOM :-) and construct the request
> > manually.
> >
> > Thanks,
> > Ruchith
> >
> > On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > Ruchith thanks once again for your kind suggestion.
> > > The exact format of SOAP body that I have to create is as below:
> > >
> > > <soap:Body>
> > > <wst:RequestSecurityToken
> > > xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
> > >
> > >
> > <wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp
> > > e>
> > >
> > >
> > <wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<
> > > /wst:RequestType>
> > > <wst:Base>
> > > <wsse:UsernameToken
> > >
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> > > y-utility-1.0.xsd"
> > > wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb">
> > > <wsse:Username>SC789LKG3CHS</wsse:Username>
> > > <wsse:Password
> > >
> > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
> > > -profile-1.0#PasswordDigest">
> > > CQLsBWC3oxXyxGNWdIhAYWoXKZE=
> > > </wsse:Password>
> > > <wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce>
> > > <wsu:Created>2005-09-05T14:31:59Z</wsu:Created>
> > > </wsse:UsernameToken>
> > > </wst:Base>
> > > <wsp:AppliesTo
> > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > <wsa:EndpointReference>
> > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > </wsa:EndpointReference>
> > > </wsp:AppliesTo>
> > > <wst:LifeTime>
> > > <wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires>
> > > </wst:LifeTime>
> > > </wst:RequestSecurityToken>
> > > </soap:Body>
> > >
> > > I went through the "TrustUtil.java" file and it looks promising to
> > implement
> > > this format except "<wst:Base>" tag because I don't see any method to
> > > implement this tag which could contain UsernameToken tag as its child
> > > element.
> > >
> > > Could you please tell me what other classes will be required from "Apache
> > > Rahas" source code to implement this?
> > >
> > >
> > > Best Regards,
> > > Shyam Shukla
> > >
> > > -----Original Message-----
> > > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > > Sent: Monday, July 24, 2006 1:37 PM
> > > To: Shyam Shukla
> > > Cc: wss4j-dev@ws.apache.org
> > > Subject: Re: WSHandler: Signature: unknown key identification
> > >
> > > Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
> > > why I pointed you to the DOM AppliesTo element :-)
> > >
> > > If you are using AXIOM the piece of code that provides you this is in
> > > org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
> > > String address) [1]
> > >
> > > WS-Trust support for Axis2 is being developed as Apache Rahas within
> > > the Axis2 code base. If you are looking for a client components to
> > > talk to a SecrityTokenService then there are a set of utility methods
> > > available in Rahas [1].
> > >
> > > HTH
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > [1]
> > >
> > https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
> > > src/org/apache/rahas/TrustUtil.java
> > >
> > > On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > > Thanks a lot Ruchith for guiding me to solve my problems.
> > > > Now my only concern is left how to associate AppliesTo class with my
> > > client
> > > > program to create SOAP request body format mentioned in this email.
> > > > My client program is as below:
> > > >
> > > > << Start of Client Code >>
> > > >
> > > > public class ClientWebSecurityToken {
> > > >
> > > > /**
> > > > * @param args
> > > > */
> > > > public static void main(String[] args) {
> > > > try {
> > > >
> > > > OMElement payload = getEchoElement();
> > > > ConfigurationContext configContext =
> > > >
> > >
> > ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> > > > yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
> > > > \\client_repo\\conf\\axis2.xml");
> > > > ServiceClient serviceClient = new
> > ServiceClient(configContext,
> > > > null);
> > > > //serviceClient.engageModule(new
> > > QName("rampart"));
> > > > Options options = new Options();
> > > > options.setTo(new EndpointReference("http://127.0.0.1:1234"
> > +
> > > > "/axis2/services/WSSecurityTestCaseService"));
> > > > options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> > > > options.setProperty(Constants.Configuration.ENABLE_MTOM,
> > > > Constants.VALUE_TRUE);
> > > > options.setAction("urn:echo");
> > > > serviceClient.setOptions(options);
> > > >
> > > > //Blocking invocation
> > > > OMElement result = serviceClient.sendReceive(payload);
> > > >
> > > > StringWriter writer = new StringWriter();
> > > > result.serialize(XMLOutputFactory.newInstance()
> > > > .createXMLStreamWriter(writer));
> > > > writer.flush();
> > > >
> > > > System.out.println("Response: " + writer.toString());
> > > >
> > > > System.out.println("UKGateWayTestService Invocation
> > successful
> > > > :-)");
> > > > } catch (AxisFault axisFault) {
> > > > axisFault.printStackTrace();
> > > > } catch (XMLStreamException e) {
> > > > e.printStackTrace();
> > > > }
> > > > }
> > > >
> > > > private static OMElement getEchoElement() {
> > > > OMFactory fac = OMAbstractFactory.getOMFactory();
> > > > OMNamespace omNs = fac.createOMNamespace(
> > > > "http://example1.org/example1", "example1");
> > > > OMElement method = fac.createOMElement("echo", omNs);
> > > > OMElement value = fac.createOMElement("Text", omNs);
> > > > value.addChild(fac.createOMText(value, "Axis2 Echo String "));
> > > > method.addChild(value);
> > > >
> > > > return method;
> > > > }
> > > >
> > > > }
> > > >
> > > > << End of Client Code >>
> > > >
> > > > This client program is using AXIOM APIs while AppliesTo class is using
> > DOM
> > > > APIs which I believe can not be interoperated.
> > > > So please help me out how can I solve this issue?
> > > >
> > > >
> > > > Best Regards,
> > > > Shyam Shukla
> > > > -----Original Message-----
> > > > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > > > Sent: Friday, July 21, 2006 1:34 PM
> > > > To: Shyam Shukla
> > > > Cc: wss4j-dev@ws.apache.org
> > > > Subject: Re: WSHandler: Signature: unknown key identification
> > > >
> > > > Hi,
> > > >
> > > > Please see my comments in line:
> > > >
> > > > On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > > > Hi Ruchith,
> > > > >
> > > > > Now I have solved the problem mentioned in this email by making few
> > > > changes
> > > > > as below:
> > > > >
> > > > > 1- My client program was using a different a Password CallBack class
> > due
> > > > to
> > > > > wrong entry in the classpath environment variable so I modified it to
> > > the
> > > > > correct path.
> > > > >
> > > > > 2- I was using two different keystore files i.e. one for client and
> > > other
> > > > > for server and both were having keys which were signed by the same CA
> > > > which
> > > > > I believe is okay but it was throwing "Signature Processing" error at
> > > > > receiving end i.e. at server side. So I used the same keystore file at
> > > > both
> > > > > end and it worked.
> > > > >
> > > > > Can you please explain me point2 why can not I use two different
> > > keystores
> > > > > which are having keys which were signed by same CA?
> > > >
> > > > You can certainly use different keystores which contains each other's
> > > > (service and client) signed certs. I have done this and it works with
> > > > the keystores created with the steps shown here:
> > > > http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
> > > >
> > > >
> > > > >
> > > > > Now my next target is to implement WS-Policy in soap request/response
> > > for
> > > > > that I went through online documentation of "Neethi" but could find a
> > > > > complete working example or document to implement it.
> > > > >
> > > > > Ruchith, In my current project I have to create following format in
> > the
> > > > > SOAP's Request Body
> > > > >
> > > > > <wsp:AppliesTo
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > > > <wsa:EndpointReference>
> > > > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > > > </wsa:EndpointReference>
> > > > > </wsp:AppliesTo>
> > > > >
> > > > > Please guide me how to create above format.
> > > > > Thanks a lot for being so helpful.
> > > >
> > > > Does this solve your problem:
> > > >
> > >
> > https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> > > > andbox/security/policy/message/token/AppliesTo.java
> > > >
> > > > Thanks,
> > > > Ruchith
> > > >
> > > > --
> > > > www.ruchith.org
> > > >
> > > >
> > > > DISCLAIMER
> > > > ==========
> > > > This e-mail may contain privileged and confidential information which is
> > > the property of Persistent Systems Pvt. Ltd. It is intended only for the
> > use
> > > of the individual or entity to which it is addressed. If you are not the
> > > intended recipient, you are not authorized to read, retain, copy, print,
> > > distribute or use this message. If you have received this communication in
> > > error, please notify the sender and delete all copies of this message.
> > > Persistent Systems Pvt. Ltd. does not accept any liability for virus
> > > infected mails.
> > > >
> > >
> > >
> > > --
> > > www.ruchith.org
> > >
> > >
> > > DISCLAIMER
> > > ==========
> > > This e-mail may contain privileged and confidential information which is
> > the property of Persistent Systems Pvt. Ltd. It is intended only for the use
> > of the individual or entity to which it is addressed. If you are not the
> > intended recipient, you are not authorized to read, retain, copy, print,
> > distribute or use this message. If you have received this communication in
> > error, please notify the sender and delete all copies of this message.
> > Persistent Systems Pvt. Ltd. does not accept any liability for virus
> > infected mails.
> > >
> >
> >
> > --
> > www.ruchith.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
> > DISCLAIMER
> > ==========
> > This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
> >
>
>
> --
> www.ruchith.org
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
for tips on generating Nonce and Created please refer to :
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/UsernameToken.java
Thanks,
Ruchith
On 7/31/06, Ruchith Fernando <ru...@gmail.com> wrote:
> Hi,
>
> sorry about the delay in my response:
>
> Please have a look at
> https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
>
> to see how rahas creates the elements.
>
> Thanks,
> Ruchith
>
> On 7/25/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Hi Ruchith,
> >
> > Due to my project requirement I can not move to later versions 2005/02 or
> > 2005/12.
> >
> > So I've decided to get my hands dirty with AXIOM as you guys have already
> > done .... :).
> >
> > To construct this request manually, I am not getting how to generate values
> > of <wsse:Nonce> and <wsu:Created> tags inside <wsse:UsernameToken> tag.
> > I went through AXIOM APIs to find any method to accomplish this but it was
> > my vain attempt.
> >
> > Could you please guide me to solve this issue?
> >
> > Best Regards,
> > Shyam Shukla
> >
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Monday, July 24, 2006 4:26 PM
> > To: Shyam Shukla
> > Cc: wss4j-dev@ws.apache.org
> > Subject: Re: WSHandler: Signature: unknown key identification
> >
> > Hi,
> >
> > I see one major issue here in using the Rahas WS-Trust impl.
> > Rahas supports only the two latest versions of WS-Trust. Therefore we
> > have support for 2005/02 version and 2005/12 (WS-SX) version.
> >
> > Therefore if you want to stick to 2004/04 version of WS-Trust you will
> > have to manually build the WS-Trust specific tokens.
> >
> > Is it possible for you to use a later version? If not you will have to
> > get your hands dirty with AXIOM :-) and construct the request
> > manually.
> >
> > Thanks,
> > Ruchith
> >
> > On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > Ruchith thanks once again for your kind suggestion.
> > > The exact format of SOAP body that I have to create is as below:
> > >
> > > <soap:Body>
> > > <wst:RequestSecurityToken
> > > xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
> > >
> > >
> > <wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp
> > > e>
> > >
> > >
> > <wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<
> > > /wst:RequestType>
> > > <wst:Base>
> > > <wsse:UsernameToken
> > >
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> > > y-utility-1.0.xsd"
> > > wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb">
> > > <wsse:Username>SC789LKG3CHS</wsse:Username>
> > > <wsse:Password
> > >
> > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
> > > -profile-1.0#PasswordDigest">
> > > CQLsBWC3oxXyxGNWdIhAYWoXKZE=
> > > </wsse:Password>
> > > <wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce>
> > > <wsu:Created>2005-09-05T14:31:59Z</wsu:Created>
> > > </wsse:UsernameToken>
> > > </wst:Base>
> > > <wsp:AppliesTo
> > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > <wsa:EndpointReference>
> > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > </wsa:EndpointReference>
> > > </wsp:AppliesTo>
> > > <wst:LifeTime>
> > > <wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires>
> > > </wst:LifeTime>
> > > </wst:RequestSecurityToken>
> > > </soap:Body>
> > >
> > > I went through the "TrustUtil.java" file and it looks promising to
> > implement
> > > this format except "<wst:Base>" tag because I don't see any method to
> > > implement this tag which could contain UsernameToken tag as its child
> > > element.
> > >
> > > Could you please tell me what other classes will be required from "Apache
> > > Rahas" source code to implement this?
> > >
> > >
> > > Best Regards,
> > > Shyam Shukla
> > >
> > > -----Original Message-----
> > > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > > Sent: Monday, July 24, 2006 1:37 PM
> > > To: Shyam Shukla
> > > Cc: wss4j-dev@ws.apache.org
> > > Subject: Re: WSHandler: Signature: unknown key identification
> > >
> > > Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
> > > why I pointed you to the DOM AppliesTo element :-)
> > >
> > > If you are using AXIOM the piece of code that provides you this is in
> > > org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
> > > String address) [1]
> > >
> > > WS-Trust support for Axis2 is being developed as Apache Rahas within
> > > the Axis2 code base. If you are looking for a client components to
> > > talk to a SecrityTokenService then there are a set of utility methods
> > > available in Rahas [1].
> > >
> > > HTH
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > [1]
> > >
> > https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
> > > src/org/apache/rahas/TrustUtil.java
> > >
> > > On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > > Thanks a lot Ruchith for guiding me to solve my problems.
> > > > Now my only concern is left how to associate AppliesTo class with my
> > > client
> > > > program to create SOAP request body format mentioned in this email.
> > > > My client program is as below:
> > > >
> > > > << Start of Client Code >>
> > > >
> > > > public class ClientWebSecurityToken {
> > > >
> > > > /**
> > > > * @param args
> > > > */
> > > > public static void main(String[] args) {
> > > > try {
> > > >
> > > > OMElement payload = getEchoElement();
> > > > ConfigurationContext configContext =
> > > >
> > >
> > ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> > > > yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
> > > > \\client_repo\\conf\\axis2.xml");
> > > > ServiceClient serviceClient = new
> > ServiceClient(configContext,
> > > > null);
> > > > //serviceClient.engageModule(new
> > > QName("rampart"));
> > > > Options options = new Options();
> > > > options.setTo(new EndpointReference("http://127.0.0.1:1234"
> > +
> > > > "/axis2/services/WSSecurityTestCaseService"));
> > > > options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> > > > options.setProperty(Constants.Configuration.ENABLE_MTOM,
> > > > Constants.VALUE_TRUE);
> > > > options.setAction("urn:echo");
> > > > serviceClient.setOptions(options);
> > > >
> > > > //Blocking invocation
> > > > OMElement result = serviceClient.sendReceive(payload);
> > > >
> > > > StringWriter writer = new StringWriter();
> > > > result.serialize(XMLOutputFactory.newInstance()
> > > > .createXMLStreamWriter(writer));
> > > > writer.flush();
> > > >
> > > > System.out.println("Response: " + writer.toString());
> > > >
> > > > System.out.println("UKGateWayTestService Invocation
> > successful
> > > > :-)");
> > > > } catch (AxisFault axisFault) {
> > > > axisFault.printStackTrace();
> > > > } catch (XMLStreamException e) {
> > > > e.printStackTrace();
> > > > }
> > > > }
> > > >
> > > > private static OMElement getEchoElement() {
> > > > OMFactory fac = OMAbstractFactory.getOMFactory();
> > > > OMNamespace omNs = fac.createOMNamespace(
> > > > "http://example1.org/example1", "example1");
> > > > OMElement method = fac.createOMElement("echo", omNs);
> > > > OMElement value = fac.createOMElement("Text", omNs);
> > > > value.addChild(fac.createOMText(value, "Axis2 Echo String "));
> > > > method.addChild(value);
> > > >
> > > > return method;
> > > > }
> > > >
> > > > }
> > > >
> > > > << End of Client Code >>
> > > >
> > > > This client program is using AXIOM APIs while AppliesTo class is using
> > DOM
> > > > APIs which I believe can not be interoperated.
> > > > So please help me out how can I solve this issue?
> > > >
> > > >
> > > > Best Regards,
> > > > Shyam Shukla
> > > > -----Original Message-----
> > > > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > > > Sent: Friday, July 21, 2006 1:34 PM
> > > > To: Shyam Shukla
> > > > Cc: wss4j-dev@ws.apache.org
> > > > Subject: Re: WSHandler: Signature: unknown key identification
> > > >
> > > > Hi,
> > > >
> > > > Please see my comments in line:
> > > >
> > > > On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > > > Hi Ruchith,
> > > > >
> > > > > Now I have solved the problem mentioned in this email by making few
> > > > changes
> > > > > as below:
> > > > >
> > > > > 1- My client program was using a different a Password CallBack class
> > due
> > > > to
> > > > > wrong entry in the classpath environment variable so I modified it to
> > > the
> > > > > correct path.
> > > > >
> > > > > 2- I was using two different keystore files i.e. one for client and
> > > other
> > > > > for server and both were having keys which were signed by the same CA
> > > > which
> > > > > I believe is okay but it was throwing "Signature Processing" error at
> > > > > receiving end i.e. at server side. So I used the same keystore file at
> > > > both
> > > > > end and it worked.
> > > > >
> > > > > Can you please explain me point2 why can not I use two different
> > > keystores
> > > > > which are having keys which were signed by same CA?
> > > >
> > > > You can certainly use different keystores which contains each other's
> > > > (service and client) signed certs. I have done this and it works with
> > > > the keystores created with the steps shown here:
> > > > http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
> > > >
> > > >
> > > > >
> > > > > Now my next target is to implement WS-Policy in soap request/response
> > > for
> > > > > that I went through online documentation of "Neethi" but could find a
> > > > > complete working example or document to implement it.
> > > > >
> > > > > Ruchith, In my current project I have to create following format in
> > the
> > > > > SOAP's Request Body
> > > > >
> > > > > <wsp:AppliesTo
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > > > <wsa:EndpointReference>
> > > > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > > > </wsa:EndpointReference>
> > > > > </wsp:AppliesTo>
> > > > >
> > > > > Please guide me how to create above format.
> > > > > Thanks a lot for being so helpful.
> > > >
> > > > Does this solve your problem:
> > > >
> > >
> > https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> > > > andbox/security/policy/message/token/AppliesTo.java
> > > >
> > > > Thanks,
> > > > Ruchith
> > > >
> > > > --
> > > > www.ruchith.org
> > > >
> > > >
> > > > DISCLAIMER
> > > > ==========
> > > > This e-mail may contain privileged and confidential information which is
> > > the property of Persistent Systems Pvt. Ltd. It is intended only for the
> > use
> > > of the individual or entity to which it is addressed. If you are not the
> > > intended recipient, you are not authorized to read, retain, copy, print,
> > > distribute or use this message. If you have received this communication in
> > > error, please notify the sender and delete all copies of this message.
> > > Persistent Systems Pvt. Ltd. does not accept any liability for virus
> > > infected mails.
> > > >
> > >
> > >
> > > --
> > > www.ruchith.org
> > >
> > >
> > > DISCLAIMER
> > > ==========
> > > This e-mail may contain privileged and confidential information which is
> > the property of Persistent Systems Pvt. Ltd. It is intended only for the use
> > of the individual or entity to which it is addressed. If you are not the
> > intended recipient, you are not authorized to read, retain, copy, print,
> > distribute or use this message. If you have received this communication in
> > error, please notify the sender and delete all copies of this message.
> > Persistent Systems Pvt. Ltd. does not accept any liability for virus
> > infected mails.
> > >
> >
> >
> > --
> > www.ruchith.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
> > DISCLAIMER
> > ==========
> > This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
> >
>
>
> --
> www.ruchith.org
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
sorry about the delay in my response:
Please have a look at
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
to see how rahas creates the elements.
Thanks,
Ruchith
On 7/25/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Hi Ruchith,
>
> Due to my project requirement I can not move to later versions 2005/02 or
> 2005/12.
>
> So I've decided to get my hands dirty with AXIOM as you guys have already
> done .... :).
>
> To construct this request manually, I am not getting how to generate values
> of <wsse:Nonce> and <wsu:Created> tags inside <wsse:UsernameToken> tag.
> I went through AXIOM APIs to find any method to accomplish this but it was
> my vain attempt.
>
> Could you please guide me to solve this issue?
>
> Best Regards,
> Shyam Shukla
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Monday, July 24, 2006 4:26 PM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Hi,
>
> I see one major issue here in using the Rahas WS-Trust impl.
> Rahas supports only the two latest versions of WS-Trust. Therefore we
> have support for 2005/02 version and 2005/12 (WS-SX) version.
>
> Therefore if you want to stick to 2004/04 version of WS-Trust you will
> have to manually build the WS-Trust specific tokens.
>
> Is it possible for you to use a later version? If not you will have to
> get your hands dirty with AXIOM :-) and construct the request
> manually.
>
> Thanks,
> Ruchith
>
> On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Ruchith thanks once again for your kind suggestion.
> > The exact format of SOAP body that I have to create is as below:
> >
> > <soap:Body>
> > <wst:RequestSecurityToken
> > xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
> >
> >
> <wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp
> > e>
> >
> >
> <wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<
> > /wst:RequestType>
> > <wst:Base>
> > <wsse:UsernameToken
> >
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> > y-utility-1.0.xsd"
> > wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb">
> > <wsse:Username>SC789LKG3CHS</wsse:Username>
> > <wsse:Password
> >
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
> > -profile-1.0#PasswordDigest">
> > CQLsBWC3oxXyxGNWdIhAYWoXKZE=
> > </wsse:Password>
> > <wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce>
> > <wsu:Created>2005-09-05T14:31:59Z</wsu:Created>
> > </wsse:UsernameToken>
> > </wst:Base>
> > <wsp:AppliesTo
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > <wsa:EndpointReference>
> > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > </wsa:EndpointReference>
> > </wsp:AppliesTo>
> > <wst:LifeTime>
> > <wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires>
> > </wst:LifeTime>
> > </wst:RequestSecurityToken>
> > </soap:Body>
> >
> > I went through the "TrustUtil.java" file and it looks promising to
> implement
> > this format except "<wst:Base>" tag because I don't see any method to
> > implement this tag which could contain UsernameToken tag as its child
> > element.
> >
> > Could you please tell me what other classes will be required from "Apache
> > Rahas" source code to implement this?
> >
> >
> > Best Regards,
> > Shyam Shukla
> >
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Monday, July 24, 2006 1:37 PM
> > To: Shyam Shukla
> > Cc: wss4j-dev@ws.apache.org
> > Subject: Re: WSHandler: Signature: unknown key identification
> >
> > Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
> > why I pointed you to the DOM AppliesTo element :-)
> >
> > If you are using AXIOM the piece of code that provides you this is in
> > org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
> > String address) [1]
> >
> > WS-Trust support for Axis2 is being developed as Apache Rahas within
> > the Axis2 code base. If you are looking for a client components to
> > talk to a SecrityTokenService then there are a set of utility methods
> > available in Rahas [1].
> >
> > HTH
> >
> > Thanks,
> > Ruchith
> >
> > [1]
> >
> https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
> > src/org/apache/rahas/TrustUtil.java
> >
> > On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > Thanks a lot Ruchith for guiding me to solve my problems.
> > > Now my only concern is left how to associate AppliesTo class with my
> > client
> > > program to create SOAP request body format mentioned in this email.
> > > My client program is as below:
> > >
> > > << Start of Client Code >>
> > >
> > > public class ClientWebSecurityToken {
> > >
> > > /**
> > > * @param args
> > > */
> > > public static void main(String[] args) {
> > > try {
> > >
> > > OMElement payload = getEchoElement();
> > > ConfigurationContext configContext =
> > >
> >
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> > > yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
> > > \\client_repo\\conf\\axis2.xml");
> > > ServiceClient serviceClient = new
> ServiceClient(configContext,
> > > null);
> > > //serviceClient.engageModule(new
> > QName("rampart"));
> > > Options options = new Options();
> > > options.setTo(new EndpointReference("http://127.0.0.1:1234"
> +
> > > "/axis2/services/WSSecurityTestCaseService"));
> > > options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> > > options.setProperty(Constants.Configuration.ENABLE_MTOM,
> > > Constants.VALUE_TRUE);
> > > options.setAction("urn:echo");
> > > serviceClient.setOptions(options);
> > >
> > > //Blocking invocation
> > > OMElement result = serviceClient.sendReceive(payload);
> > >
> > > StringWriter writer = new StringWriter();
> > > result.serialize(XMLOutputFactory.newInstance()
> > > .createXMLStreamWriter(writer));
> > > writer.flush();
> > >
> > > System.out.println("Response: " + writer.toString());
> > >
> > > System.out.println("UKGateWayTestService Invocation
> successful
> > > :-)");
> > > } catch (AxisFault axisFault) {
> > > axisFault.printStackTrace();
> > > } catch (XMLStreamException e) {
> > > e.printStackTrace();
> > > }
> > > }
> > >
> > > private static OMElement getEchoElement() {
> > > OMFactory fac = OMAbstractFactory.getOMFactory();
> > > OMNamespace omNs = fac.createOMNamespace(
> > > "http://example1.org/example1", "example1");
> > > OMElement method = fac.createOMElement("echo", omNs);
> > > OMElement value = fac.createOMElement("Text", omNs);
> > > value.addChild(fac.createOMText(value, "Axis2 Echo String "));
> > > method.addChild(value);
> > >
> > > return method;
> > > }
> > >
> > > }
> > >
> > > << End of Client Code >>
> > >
> > > This client program is using AXIOM APIs while AppliesTo class is using
> DOM
> > > APIs which I believe can not be interoperated.
> > > So please help me out how can I solve this issue?
> > >
> > >
> > > Best Regards,
> > > Shyam Shukla
> > > -----Original Message-----
> > > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > > Sent: Friday, July 21, 2006 1:34 PM
> > > To: Shyam Shukla
> > > Cc: wss4j-dev@ws.apache.org
> > > Subject: Re: WSHandler: Signature: unknown key identification
> > >
> > > Hi,
> > >
> > > Please see my comments in line:
> > >
> > > On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > > Hi Ruchith,
> > > >
> > > > Now I have solved the problem mentioned in this email by making few
> > > changes
> > > > as below:
> > > >
> > > > 1- My client program was using a different a Password CallBack class
> due
> > > to
> > > > wrong entry in the classpath environment variable so I modified it to
> > the
> > > > correct path.
> > > >
> > > > 2- I was using two different keystore files i.e. one for client and
> > other
> > > > for server and both were having keys which were signed by the same CA
> > > which
> > > > I believe is okay but it was throwing "Signature Processing" error at
> > > > receiving end i.e. at server side. So I used the same keystore file at
> > > both
> > > > end and it worked.
> > > >
> > > > Can you please explain me point2 why can not I use two different
> > keystores
> > > > which are having keys which were signed by same CA?
> > >
> > > You can certainly use different keystores which contains each other's
> > > (service and client) signed certs. I have done this and it works with
> > > the keystores created with the steps shown here:
> > > http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
> > >
> > >
> > > >
> > > > Now my next target is to implement WS-Policy in soap request/response
> > for
> > > > that I went through online documentation of "Neethi" but could find a
> > > > complete working example or document to implement it.
> > > >
> > > > Ruchith, In my current project I have to create following format in
> the
> > > > SOAP's Request Body
> > > >
> > > > <wsp:AppliesTo
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > > <wsa:EndpointReference>
> > > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > > </wsa:EndpointReference>
> > > > </wsp:AppliesTo>
> > > >
> > > > Please guide me how to create above format.
> > > > Thanks a lot for being so helpful.
> > >
> > > Does this solve your problem:
> > >
> >
> https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> > > andbox/security/policy/message/token/AppliesTo.java
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > --
> > > www.ruchith.org
> > >
> > >
> > > DISCLAIMER
> > > ==========
> > > This e-mail may contain privileged and confidential information which is
> > the property of Persistent Systems Pvt. Ltd. It is intended only for the
> use
> > of the individual or entity to which it is addressed. If you are not the
> > intended recipient, you are not authorized to read, retain, copy, print,
> > distribute or use this message. If you have received this communication in
> > error, please notify the sender and delete all copies of this message.
> > Persistent Systems Pvt. Ltd. does not accept any liability for virus
> > infected mails.
> > >
> >
> >
> > --
> > www.ruchith.org
> >
> >
> > DISCLAIMER
> > ==========
> > This e-mail may contain privileged and confidential information which is
> the property of Persistent Systems Pvt. Ltd. It is intended only for the use
> of the individual or entity to which it is addressed. If you are not the
> intended recipient, you are not authorized to read, retain, copy, print,
> distribute or use this message. If you have received this communication in
> error, please notify the sender and delete all copies of this message.
> Persistent Systems Pvt. Ltd. does not accept any liability for virus
> infected mails.
> >
>
>
> --
> www.ruchith.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
sorry about the delay in my response:
Please have a look at
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
to see how rahas creates the elements.
Thanks,
Ruchith
On 7/25/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Hi Ruchith,
>
> Due to my project requirement I can not move to later versions 2005/02 or
> 2005/12.
>
> So I've decided to get my hands dirty with AXIOM as you guys have already
> done .... :).
>
> To construct this request manually, I am not getting how to generate values
> of <wsse:Nonce> and <wsu:Created> tags inside <wsse:UsernameToken> tag.
> I went through AXIOM APIs to find any method to accomplish this but it was
> my vain attempt.
>
> Could you please guide me to solve this issue?
>
> Best Regards,
> Shyam Shukla
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Monday, July 24, 2006 4:26 PM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Hi,
>
> I see one major issue here in using the Rahas WS-Trust impl.
> Rahas supports only the two latest versions of WS-Trust. Therefore we
> have support for 2005/02 version and 2005/12 (WS-SX) version.
>
> Therefore if you want to stick to 2004/04 version of WS-Trust you will
> have to manually build the WS-Trust specific tokens.
>
> Is it possible for you to use a later version? If not you will have to
> get your hands dirty with AXIOM :-) and construct the request
> manually.
>
> Thanks,
> Ruchith
>
> On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Ruchith thanks once again for your kind suggestion.
> > The exact format of SOAP body that I have to create is as below:
> >
> > <soap:Body>
> > <wst:RequestSecurityToken
> > xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
> >
> >
> <wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp
> > e>
> >
> >
> <wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<
> > /wst:RequestType>
> > <wst:Base>
> > <wsse:UsernameToken
> >
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> > y-utility-1.0.xsd"
> > wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb">
> > <wsse:Username>SC789LKG3CHS</wsse:Username>
> > <wsse:Password
> >
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
> > -profile-1.0#PasswordDigest">
> > CQLsBWC3oxXyxGNWdIhAYWoXKZE=
> > </wsse:Password>
> > <wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce>
> > <wsu:Created>2005-09-05T14:31:59Z</wsu:Created>
> > </wsse:UsernameToken>
> > </wst:Base>
> > <wsp:AppliesTo
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > <wsa:EndpointReference>
> > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > </wsa:EndpointReference>
> > </wsp:AppliesTo>
> > <wst:LifeTime>
> > <wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires>
> > </wst:LifeTime>
> > </wst:RequestSecurityToken>
> > </soap:Body>
> >
> > I went through the "TrustUtil.java" file and it looks promising to
> implement
> > this format except "<wst:Base>" tag because I don't see any method to
> > implement this tag which could contain UsernameToken tag as its child
> > element.
> >
> > Could you please tell me what other classes will be required from "Apache
> > Rahas" source code to implement this?
> >
> >
> > Best Regards,
> > Shyam Shukla
> >
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Monday, July 24, 2006 1:37 PM
> > To: Shyam Shukla
> > Cc: wss4j-dev@ws.apache.org
> > Subject: Re: WSHandler: Signature: unknown key identification
> >
> > Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
> > why I pointed you to the DOM AppliesTo element :-)
> >
> > If you are using AXIOM the piece of code that provides you this is in
> > org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
> > String address) [1]
> >
> > WS-Trust support for Axis2 is being developed as Apache Rahas within
> > the Axis2 code base. If you are looking for a client components to
> > talk to a SecrityTokenService then there are a set of utility methods
> > available in Rahas [1].
> >
> > HTH
> >
> > Thanks,
> > Ruchith
> >
> > [1]
> >
> https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
> > src/org/apache/rahas/TrustUtil.java
> >
> > On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > Thanks a lot Ruchith for guiding me to solve my problems.
> > > Now my only concern is left how to associate AppliesTo class with my
> > client
> > > program to create SOAP request body format mentioned in this email.
> > > My client program is as below:
> > >
> > > << Start of Client Code >>
> > >
> > > public class ClientWebSecurityToken {
> > >
> > > /**
> > > * @param args
> > > */
> > > public static void main(String[] args) {
> > > try {
> > >
> > > OMElement payload = getEchoElement();
> > > ConfigurationContext configContext =
> > >
> >
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> > > yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
> > > \\client_repo\\conf\\axis2.xml");
> > > ServiceClient serviceClient = new
> ServiceClient(configContext,
> > > null);
> > > //serviceClient.engageModule(new
> > QName("rampart"));
> > > Options options = new Options();
> > > options.setTo(new EndpointReference("http://127.0.0.1:1234"
> +
> > > "/axis2/services/WSSecurityTestCaseService"));
> > > options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> > > options.setProperty(Constants.Configuration.ENABLE_MTOM,
> > > Constants.VALUE_TRUE);
> > > options.setAction("urn:echo");
> > > serviceClient.setOptions(options);
> > >
> > > //Blocking invocation
> > > OMElement result = serviceClient.sendReceive(payload);
> > >
> > > StringWriter writer = new StringWriter();
> > > result.serialize(XMLOutputFactory.newInstance()
> > > .createXMLStreamWriter(writer));
> > > writer.flush();
> > >
> > > System.out.println("Response: " + writer.toString());
> > >
> > > System.out.println("UKGateWayTestService Invocation
> successful
> > > :-)");
> > > } catch (AxisFault axisFault) {
> > > axisFault.printStackTrace();
> > > } catch (XMLStreamException e) {
> > > e.printStackTrace();
> > > }
> > > }
> > >
> > > private static OMElement getEchoElement() {
> > > OMFactory fac = OMAbstractFactory.getOMFactory();
> > > OMNamespace omNs = fac.createOMNamespace(
> > > "http://example1.org/example1", "example1");
> > > OMElement method = fac.createOMElement("echo", omNs);
> > > OMElement value = fac.createOMElement("Text", omNs);
> > > value.addChild(fac.createOMText(value, "Axis2 Echo String "));
> > > method.addChild(value);
> > >
> > > return method;
> > > }
> > >
> > > }
> > >
> > > << End of Client Code >>
> > >
> > > This client program is using AXIOM APIs while AppliesTo class is using
> DOM
> > > APIs which I believe can not be interoperated.
> > > So please help me out how can I solve this issue?
> > >
> > >
> > > Best Regards,
> > > Shyam Shukla
> > > -----Original Message-----
> > > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > > Sent: Friday, July 21, 2006 1:34 PM
> > > To: Shyam Shukla
> > > Cc: wss4j-dev@ws.apache.org
> > > Subject: Re: WSHandler: Signature: unknown key identification
> > >
> > > Hi,
> > >
> > > Please see my comments in line:
> > >
> > > On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > > Hi Ruchith,
> > > >
> > > > Now I have solved the problem mentioned in this email by making few
> > > changes
> > > > as below:
> > > >
> > > > 1- My client program was using a different a Password CallBack class
> due
> > > to
> > > > wrong entry in the classpath environment variable so I modified it to
> > the
> > > > correct path.
> > > >
> > > > 2- I was using two different keystore files i.e. one for client and
> > other
> > > > for server and both were having keys which were signed by the same CA
> > > which
> > > > I believe is okay but it was throwing "Signature Processing" error at
> > > > receiving end i.e. at server side. So I used the same keystore file at
> > > both
> > > > end and it worked.
> > > >
> > > > Can you please explain me point2 why can not I use two different
> > keystores
> > > > which are having keys which were signed by same CA?
> > >
> > > You can certainly use different keystores which contains each other's
> > > (service and client) signed certs. I have done this and it works with
> > > the keystores created with the steps shown here:
> > > http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
> > >
> > >
> > > >
> > > > Now my next target is to implement WS-Policy in soap request/response
> > for
> > > > that I went through online documentation of "Neethi" but could find a
> > > > complete working example or document to implement it.
> > > >
> > > > Ruchith, In my current project I have to create following format in
> the
> > > > SOAP's Request Body
> > > >
> > > > <wsp:AppliesTo
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > > <wsa:EndpointReference>
> > > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > > </wsa:EndpointReference>
> > > > </wsp:AppliesTo>
> > > >
> > > > Please guide me how to create above format.
> > > > Thanks a lot for being so helpful.
> > >
> > > Does this solve your problem:
> > >
> >
> https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> > > andbox/security/policy/message/token/AppliesTo.java
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > --
> > > www.ruchith.org
> > >
> > >
> > > DISCLAIMER
> > > ==========
> > > This e-mail may contain privileged and confidential information which is
> > the property of Persistent Systems Pvt. Ltd. It is intended only for the
> use
> > of the individual or entity to which it is addressed. If you are not the
> > intended recipient, you are not authorized to read, retain, copy, print,
> > distribute or use this message. If you have received this communication in
> > error, please notify the sender and delete all copies of this message.
> > Persistent Systems Pvt. Ltd. does not accept any liability for virus
> > infected mails.
> > >
> >
> >
> > --
> > www.ruchith.org
> >
> >
> > DISCLAIMER
> > ==========
> > This e-mail may contain privileged and confidential information which is
> the property of Persistent Systems Pvt. Ltd. It is intended only for the use
> of the individual or entity to which it is addressed. If you are not the
> intended recipient, you are not authorized to read, retain, copy, print,
> distribute or use this message. If you have received this communication in
> error, please notify the sender and delete all copies of this message.
> Persistent Systems Pvt. Ltd. does not accept any liability for virus
> infected mails.
> >
>
>
> --
> www.ruchith.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Hi Ruchith,
Due to my project requirement I can not move to later versions 2005/02 or
2005/12.
So I've decided to get my hands dirty with AXIOM as you guys have already
done .... :).
To construct this request manually, I am not getting how to generate values
of <wsse:Nonce> and <wsu:Created> tags inside <wsse:UsernameToken> tag.
I went through AXIOM APIs to find any method to accomplish this but it was
my vain attempt.
Could you please guide me to solve this issue?
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Monday, July 24, 2006 4:26 PM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Hi,
I see one major issue here in using the Rahas WS-Trust impl.
Rahas supports only the two latest versions of WS-Trust. Therefore we
have support for 2005/02 version and 2005/12 (WS-SX) version.
Therefore if you want to stick to 2004/04 version of WS-Trust you will
have to manually build the WS-Trust specific tokens.
Is it possible for you to use a later version? If not you will have to
get your hands dirty with AXIOM :-) and construct the request
manually.
Thanks,
Ruchith
On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Ruchith thanks once again for your kind suggestion.
> The exact format of SOAP body that I have to create is as below:
>
> <soap:Body>
> <wst:RequestSecurityToken
> xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
>
>
<wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp
> e>
>
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<
> /wst:RequestType>
> <wst:Base>
> <wsse:UsernameToken
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd"
> wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb">
> <wsse:Username>SC789LKG3CHS</wsse:Username>
> <wsse:Password
>
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
> -profile-1.0#PasswordDigest">
> CQLsBWC3oxXyxGNWdIhAYWoXKZE=
> </wsse:Password>
> <wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce>
> <wsu:Created>2005-09-05T14:31:59Z</wsu:Created>
> </wsse:UsernameToken>
> </wst:Base>
> <wsp:AppliesTo
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> <wsa:EndpointReference>
> <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
> <wst:LifeTime>
> <wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires>
> </wst:LifeTime>
> </wst:RequestSecurityToken>
> </soap:Body>
>
> I went through the "TrustUtil.java" file and it looks promising to
implement
> this format except "<wst:Base>" tag because I don't see any method to
> implement this tag which could contain UsernameToken tag as its child
> element.
>
> Could you please tell me what other classes will be required from "Apache
> Rahas" source code to implement this?
>
>
> Best Regards,
> Shyam Shukla
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Monday, July 24, 2006 1:37 PM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
> why I pointed you to the DOM AppliesTo element :-)
>
> If you are using AXIOM the piece of code that provides you this is in
> org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
> String address) [1]
>
> WS-Trust support for Axis2 is being developed as Apache Rahas within
> the Axis2 code base. If you are looking for a client components to
> talk to a SecrityTokenService then there are a set of utility methods
> available in Rahas [1].
>
> HTH
>
> Thanks,
> Ruchith
>
> [1]
>
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
> src/org/apache/rahas/TrustUtil.java
>
> On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Thanks a lot Ruchith for guiding me to solve my problems.
> > Now my only concern is left how to associate AppliesTo class with my
> client
> > program to create SOAP request body format mentioned in this email.
> > My client program is as below:
> >
> > << Start of Client Code >>
> >
> > public class ClientWebSecurityToken {
> >
> > /**
> > * @param args
> > */
> > public static void main(String[] args) {
> > try {
> >
> > OMElement payload = getEchoElement();
> > ConfigurationContext configContext =
> >
>
ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> > yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
> > \\client_repo\\conf\\axis2.xml");
> > ServiceClient serviceClient = new
ServiceClient(configContext,
> > null);
> > //serviceClient.engageModule(new
> QName("rampart"));
> > Options options = new Options();
> > options.setTo(new EndpointReference("http://127.0.0.1:1234"
+
> > "/axis2/services/WSSecurityTestCaseService"));
> > options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> > options.setProperty(Constants.Configuration.ENABLE_MTOM,
> > Constants.VALUE_TRUE);
> > options.setAction("urn:echo");
> > serviceClient.setOptions(options);
> >
> > //Blocking invocation
> > OMElement result = serviceClient.sendReceive(payload);
> >
> > StringWriter writer = new StringWriter();
> > result.serialize(XMLOutputFactory.newInstance()
> > .createXMLStreamWriter(writer));
> > writer.flush();
> >
> > System.out.println("Response: " + writer.toString());
> >
> > System.out.println("UKGateWayTestService Invocation
successful
> > :-)");
> > } catch (AxisFault axisFault) {
> > axisFault.printStackTrace();
> > } catch (XMLStreamException e) {
> > e.printStackTrace();
> > }
> > }
> >
> > private static OMElement getEchoElement() {
> > OMFactory fac = OMAbstractFactory.getOMFactory();
> > OMNamespace omNs = fac.createOMNamespace(
> > "http://example1.org/example1", "example1");
> > OMElement method = fac.createOMElement("echo", omNs);
> > OMElement value = fac.createOMElement("Text", omNs);
> > value.addChild(fac.createOMText(value, "Axis2 Echo String "));
> > method.addChild(value);
> >
> > return method;
> > }
> >
> > }
> >
> > << End of Client Code >>
> >
> > This client program is using AXIOM APIs while AppliesTo class is using
DOM
> > APIs which I believe can not be interoperated.
> > So please help me out how can I solve this issue?
> >
> >
> > Best Regards,
> > Shyam Shukla
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Friday, July 21, 2006 1:34 PM
> > To: Shyam Shukla
> > Cc: wss4j-dev@ws.apache.org
> > Subject: Re: WSHandler: Signature: unknown key identification
> >
> > Hi,
> >
> > Please see my comments in line:
> >
> > On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > Hi Ruchith,
> > >
> > > Now I have solved the problem mentioned in this email by making few
> > changes
> > > as below:
> > >
> > > 1- My client program was using a different a Password CallBack class
due
> > to
> > > wrong entry in the classpath environment variable so I modified it to
> the
> > > correct path.
> > >
> > > 2- I was using two different keystore files i.e. one for client and
> other
> > > for server and both were having keys which were signed by the same CA
> > which
> > > I believe is okay but it was throwing "Signature Processing" error at
> > > receiving end i.e. at server side. So I used the same keystore file at
> > both
> > > end and it worked.
> > >
> > > Can you please explain me point2 why can not I use two different
> keystores
> > > which are having keys which were signed by same CA?
> >
> > You can certainly use different keystores which contains each other's
> > (service and client) signed certs. I have done this and it works with
> > the keystores created with the steps shown here:
> > http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
> >
> >
> > >
> > > Now my next target is to implement WS-Policy in soap request/response
> for
> > > that I went through online documentation of "Neethi" but could find a
> > > complete working example or document to implement it.
> > >
> > > Ruchith, In my current project I have to create following format in
the
> > > SOAP's Request Body
> > >
> > > <wsp:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > <wsa:EndpointReference>
> > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > </wsa:EndpointReference>
> > > </wsp:AppliesTo>
> > >
> > > Please guide me how to create above format.
> > > Thanks a lot for being so helpful.
> >
> > Does this solve your problem:
> >
>
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> > andbox/security/policy/message/token/AppliesTo.java
> >
> > Thanks,
> > Ruchith
> >
> > --
> > www.ruchith.org
> >
> >
> > DISCLAIMER
> > ==========
> > This e-mail may contain privileged and confidential information which is
> the property of Persistent Systems Pvt. Ltd. It is intended only for the
use
> of the individual or entity to which it is addressed. If you are not the
> intended recipient, you are not authorized to read, retain, copy, print,
> distribute or use this message. If you have received this communication in
> error, please notify the sender and delete all copies of this message.
> Persistent Systems Pvt. Ltd. does not accept any liability for virus
> infected mails.
> >
>
>
> --
> www.ruchith.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Pvt. Ltd. It is intended only for the use
of the individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in
error, please notify the sender and delete all copies of this message.
Persistent Systems Pvt. Ltd. does not accept any liability for virus
infected mails.
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Hi Ruchith,
Due to my project requirement I can not move to later versions 2005/02 or
2005/12.
So I've decided to get my hands dirty with AXIOM as you guys have already
done .... :).
To construct this request manually, I am not getting how to generate values
of <wsse:Nonce> and <wsu:Created> tags inside <wsse:UsernameToken> tag.
I went through AXIOM APIs to find any method to accomplish this but it was
my vain attempt.
Could you please guide me to solve this issue?
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Monday, July 24, 2006 4:26 PM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Hi,
I see one major issue here in using the Rahas WS-Trust impl.
Rahas supports only the two latest versions of WS-Trust. Therefore we
have support for 2005/02 version and 2005/12 (WS-SX) version.
Therefore if you want to stick to 2004/04 version of WS-Trust you will
have to manually build the WS-Trust specific tokens.
Is it possible for you to use a later version? If not you will have to
get your hands dirty with AXIOM :-) and construct the request
manually.
Thanks,
Ruchith
On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Ruchith thanks once again for your kind suggestion.
> The exact format of SOAP body that I have to create is as below:
>
> <soap:Body>
> <wst:RequestSecurityToken
> xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
>
>
<wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp
> e>
>
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<
> /wst:RequestType>
> <wst:Base>
> <wsse:UsernameToken
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd"
> wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb">
> <wsse:Username>SC789LKG3CHS</wsse:Username>
> <wsse:Password
>
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
> -profile-1.0#PasswordDigest">
> CQLsBWC3oxXyxGNWdIhAYWoXKZE=
> </wsse:Password>
> <wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce>
> <wsu:Created>2005-09-05T14:31:59Z</wsu:Created>
> </wsse:UsernameToken>
> </wst:Base>
> <wsp:AppliesTo
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> <wsa:EndpointReference>
> <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
> <wst:LifeTime>
> <wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires>
> </wst:LifeTime>
> </wst:RequestSecurityToken>
> </soap:Body>
>
> I went through the "TrustUtil.java" file and it looks promising to
implement
> this format except "<wst:Base>" tag because I don't see any method to
> implement this tag which could contain UsernameToken tag as its child
> element.
>
> Could you please tell me what other classes will be required from "Apache
> Rahas" source code to implement this?
>
>
> Best Regards,
> Shyam Shukla
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Monday, July 24, 2006 1:37 PM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
> why I pointed you to the DOM AppliesTo element :-)
>
> If you are using AXIOM the piece of code that provides you this is in
> org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
> String address) [1]
>
> WS-Trust support for Axis2 is being developed as Apache Rahas within
> the Axis2 code base. If you are looking for a client components to
> talk to a SecrityTokenService then there are a set of utility methods
> available in Rahas [1].
>
> HTH
>
> Thanks,
> Ruchith
>
> [1]
>
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
> src/org/apache/rahas/TrustUtil.java
>
> On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Thanks a lot Ruchith for guiding me to solve my problems.
> > Now my only concern is left how to associate AppliesTo class with my
> client
> > program to create SOAP request body format mentioned in this email.
> > My client program is as below:
> >
> > << Start of Client Code >>
> >
> > public class ClientWebSecurityToken {
> >
> > /**
> > * @param args
> > */
> > public static void main(String[] args) {
> > try {
> >
> > OMElement payload = getEchoElement();
> > ConfigurationContext configContext =
> >
>
ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> > yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
> > \\client_repo\\conf\\axis2.xml");
> > ServiceClient serviceClient = new
ServiceClient(configContext,
> > null);
> > //serviceClient.engageModule(new
> QName("rampart"));
> > Options options = new Options();
> > options.setTo(new EndpointReference("http://127.0.0.1:1234"
+
> > "/axis2/services/WSSecurityTestCaseService"));
> > options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> > options.setProperty(Constants.Configuration.ENABLE_MTOM,
> > Constants.VALUE_TRUE);
> > options.setAction("urn:echo");
> > serviceClient.setOptions(options);
> >
> > //Blocking invocation
> > OMElement result = serviceClient.sendReceive(payload);
> >
> > StringWriter writer = new StringWriter();
> > result.serialize(XMLOutputFactory.newInstance()
> > .createXMLStreamWriter(writer));
> > writer.flush();
> >
> > System.out.println("Response: " + writer.toString());
> >
> > System.out.println("UKGateWayTestService Invocation
successful
> > :-)");
> > } catch (AxisFault axisFault) {
> > axisFault.printStackTrace();
> > } catch (XMLStreamException e) {
> > e.printStackTrace();
> > }
> > }
> >
> > private static OMElement getEchoElement() {
> > OMFactory fac = OMAbstractFactory.getOMFactory();
> > OMNamespace omNs = fac.createOMNamespace(
> > "http://example1.org/example1", "example1");
> > OMElement method = fac.createOMElement("echo", omNs);
> > OMElement value = fac.createOMElement("Text", omNs);
> > value.addChild(fac.createOMText(value, "Axis2 Echo String "));
> > method.addChild(value);
> >
> > return method;
> > }
> >
> > }
> >
> > << End of Client Code >>
> >
> > This client program is using AXIOM APIs while AppliesTo class is using
DOM
> > APIs which I believe can not be interoperated.
> > So please help me out how can I solve this issue?
> >
> >
> > Best Regards,
> > Shyam Shukla
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Friday, July 21, 2006 1:34 PM
> > To: Shyam Shukla
> > Cc: wss4j-dev@ws.apache.org
> > Subject: Re: WSHandler: Signature: unknown key identification
> >
> > Hi,
> >
> > Please see my comments in line:
> >
> > On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > Hi Ruchith,
> > >
> > > Now I have solved the problem mentioned in this email by making few
> > changes
> > > as below:
> > >
> > > 1- My client program was using a different a Password CallBack class
due
> > to
> > > wrong entry in the classpath environment variable so I modified it to
> the
> > > correct path.
> > >
> > > 2- I was using two different keystore files i.e. one for client and
> other
> > > for server and both were having keys which were signed by the same CA
> > which
> > > I believe is okay but it was throwing "Signature Processing" error at
> > > receiving end i.e. at server side. So I used the same keystore file at
> > both
> > > end and it worked.
> > >
> > > Can you please explain me point2 why can not I use two different
> keystores
> > > which are having keys which were signed by same CA?
> >
> > You can certainly use different keystores which contains each other's
> > (service and client) signed certs. I have done this and it works with
> > the keystores created with the steps shown here:
> > http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
> >
> >
> > >
> > > Now my next target is to implement WS-Policy in soap request/response
> for
> > > that I went through online documentation of "Neethi" but could find a
> > > complete working example or document to implement it.
> > >
> > > Ruchith, In my current project I have to create following format in
the
> > > SOAP's Request Body
> > >
> > > <wsp:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > <wsa:EndpointReference>
> > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > </wsa:EndpointReference>
> > > </wsp:AppliesTo>
> > >
> > > Please guide me how to create above format.
> > > Thanks a lot for being so helpful.
> >
> > Does this solve your problem:
> >
>
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> > andbox/security/policy/message/token/AppliesTo.java
> >
> > Thanks,
> > Ruchith
> >
> > --
> > www.ruchith.org
> >
> >
> > DISCLAIMER
> > ==========
> > This e-mail may contain privileged and confidential information which is
> the property of Persistent Systems Pvt. Ltd. It is intended only for the
use
> of the individual or entity to which it is addressed. If you are not the
> intended recipient, you are not authorized to read, retain, copy, print,
> distribute or use this message. If you have received this communication in
> error, please notify the sender and delete all copies of this message.
> Persistent Systems Pvt. Ltd. does not accept any liability for virus
> infected mails.
> >
>
>
> --
> www.ruchith.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Pvt. Ltd. It is intended only for the use
of the individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in
error, please notify the sender and delete all copies of this message.
Persistent Systems Pvt. Ltd. does not accept any liability for virus
infected mails.
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
I see one major issue here in using the Rahas WS-Trust impl.
Rahas supports only the two latest versions of WS-Trust. Therefore we
have support for 2005/02 version and 2005/12 (WS-SX) version.
Therefore if you want to stick to 2004/04 version of WS-Trust you will
have to manually build the WS-Trust specific tokens.
Is it possible for you to use a later version? If not you will have to
get your hands dirty with AXIOM :-) and construct the request
manually.
Thanks,
Ruchith
On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Ruchith thanks once again for your kind suggestion.
> The exact format of SOAP body that I have to create is as below:
>
> <soap:Body>
> <wst:RequestSecurityToken
> xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
>
> <wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp
> e>
>
> <wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<
> /wst:RequestType>
> <wst:Base>
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd"
> wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb">
> <wsse:Username>SC789LKG3CHS</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
> -profile-1.0#PasswordDigest">
> CQLsBWC3oxXyxGNWdIhAYWoXKZE=
> </wsse:Password>
> <wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce>
> <wsu:Created>2005-09-05T14:31:59Z</wsu:Created>
> </wsse:UsernameToken>
> </wst:Base>
> <wsp:AppliesTo
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> <wsa:EndpointReference>
> <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
> <wst:LifeTime>
> <wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires>
> </wst:LifeTime>
> </wst:RequestSecurityToken>
> </soap:Body>
>
> I went through the "TrustUtil.java" file and it looks promising to implement
> this format except "<wst:Base>" tag because I don't see any method to
> implement this tag which could contain UsernameToken tag as its child
> element.
>
> Could you please tell me what other classes will be required from "Apache
> Rahas" source code to implement this?
>
>
> Best Regards,
> Shyam Shukla
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Monday, July 24, 2006 1:37 PM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
> why I pointed you to the DOM AppliesTo element :-)
>
> If you are using AXIOM the piece of code that provides you this is in
> org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
> String address) [1]
>
> WS-Trust support for Axis2 is being developed as Apache Rahas within
> the Axis2 code base. If you are looking for a client components to
> talk to a SecrityTokenService then there are a set of utility methods
> available in Rahas [1].
>
> HTH
>
> Thanks,
> Ruchith
>
> [1]
> https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
> src/org/apache/rahas/TrustUtil.java
>
> On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Thanks a lot Ruchith for guiding me to solve my problems.
> > Now my only concern is left how to associate AppliesTo class with my
> client
> > program to create SOAP request body format mentioned in this email.
> > My client program is as below:
> >
> > << Start of Client Code >>
> >
> > public class ClientWebSecurityToken {
> >
> > /**
> > * @param args
> > */
> > public static void main(String[] args) {
> > try {
> >
> > OMElement payload = getEchoElement();
> > ConfigurationContext configContext =
> >
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> > yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
> > \\client_repo\\conf\\axis2.xml");
> > ServiceClient serviceClient = new ServiceClient(configContext,
> > null);
> > //serviceClient.engageModule(new
> QName("rampart"));
> > Options options = new Options();
> > options.setTo(new EndpointReference("http://127.0.0.1:1234" +
> > "/axis2/services/WSSecurityTestCaseService"));
> > options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> > options.setProperty(Constants.Configuration.ENABLE_MTOM,
> > Constants.VALUE_TRUE);
> > options.setAction("urn:echo");
> > serviceClient.setOptions(options);
> >
> > //Blocking invocation
> > OMElement result = serviceClient.sendReceive(payload);
> >
> > StringWriter writer = new StringWriter();
> > result.serialize(XMLOutputFactory.newInstance()
> > .createXMLStreamWriter(writer));
> > writer.flush();
> >
> > System.out.println("Response: " + writer.toString());
> >
> > System.out.println("UKGateWayTestService Invocation successful
> > :-)");
> > } catch (AxisFault axisFault) {
> > axisFault.printStackTrace();
> > } catch (XMLStreamException e) {
> > e.printStackTrace();
> > }
> > }
> >
> > private static OMElement getEchoElement() {
> > OMFactory fac = OMAbstractFactory.getOMFactory();
> > OMNamespace omNs = fac.createOMNamespace(
> > "http://example1.org/example1", "example1");
> > OMElement method = fac.createOMElement("echo", omNs);
> > OMElement value = fac.createOMElement("Text", omNs);
> > value.addChild(fac.createOMText(value, "Axis2 Echo String "));
> > method.addChild(value);
> >
> > return method;
> > }
> >
> > }
> >
> > << End of Client Code >>
> >
> > This client program is using AXIOM APIs while AppliesTo class is using DOM
> > APIs which I believe can not be interoperated.
> > So please help me out how can I solve this issue?
> >
> >
> > Best Regards,
> > Shyam Shukla
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Friday, July 21, 2006 1:34 PM
> > To: Shyam Shukla
> > Cc: wss4j-dev@ws.apache.org
> > Subject: Re: WSHandler: Signature: unknown key identification
> >
> > Hi,
> >
> > Please see my comments in line:
> >
> > On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > Hi Ruchith,
> > >
> > > Now I have solved the problem mentioned in this email by making few
> > changes
> > > as below:
> > >
> > > 1- My client program was using a different a Password CallBack class due
> > to
> > > wrong entry in the classpath environment variable so I modified it to
> the
> > > correct path.
> > >
> > > 2- I was using two different keystore files i.e. one for client and
> other
> > > for server and both were having keys which were signed by the same CA
> > which
> > > I believe is okay but it was throwing "Signature Processing" error at
> > > receiving end i.e. at server side. So I used the same keystore file at
> > both
> > > end and it worked.
> > >
> > > Can you please explain me point2 why can not I use two different
> keystores
> > > which are having keys which were signed by same CA?
> >
> > You can certainly use different keystores which contains each other's
> > (service and client) signed certs. I have done this and it works with
> > the keystores created with the steps shown here:
> > http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
> >
> >
> > >
> > > Now my next target is to implement WS-Policy in soap request/response
> for
> > > that I went through online documentation of "Neethi" but could find a
> > > complete working example or document to implement it.
> > >
> > > Ruchith, In my current project I have to create following format in the
> > > SOAP's Request Body
> > >
> > > <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > <wsa:EndpointReference>
> > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > </wsa:EndpointReference>
> > > </wsp:AppliesTo>
> > >
> > > Please guide me how to create above format.
> > > Thanks a lot for being so helpful.
> >
> > Does this solve your problem:
> >
> https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> > andbox/security/policy/message/token/AppliesTo.java
> >
> > Thanks,
> > Ruchith
> >
> > --
> > www.ruchith.org
> >
> >
> > DISCLAIMER
> > ==========
> > This e-mail may contain privileged and confidential information which is
> the property of Persistent Systems Pvt. Ltd. It is intended only for the use
> of the individual or entity to which it is addressed. If you are not the
> intended recipient, you are not authorized to read, retain, copy, print,
> distribute or use this message. If you have received this communication in
> error, please notify the sender and delete all copies of this message.
> Persistent Systems Pvt. Ltd. does not accept any liability for virus
> infected mails.
> >
>
>
> --
> www.ruchith.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
I see one major issue here in using the Rahas WS-Trust impl.
Rahas supports only the two latest versions of WS-Trust. Therefore we
have support for 2005/02 version and 2005/12 (WS-SX) version.
Therefore if you want to stick to 2004/04 version of WS-Trust you will
have to manually build the WS-Trust specific tokens.
Is it possible for you to use a later version? If not you will have to
get your hands dirty with AXIOM :-) and construct the request
manually.
Thanks,
Ruchith
On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Ruchith thanks once again for your kind suggestion.
> The exact format of SOAP body that I have to create is as below:
>
> <soap:Body>
> <wst:RequestSecurityToken
> xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
>
> <wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp
> e>
>
> <wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<
> /wst:RequestType>
> <wst:Base>
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd"
> wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb">
> <wsse:Username>SC789LKG3CHS</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
> -profile-1.0#PasswordDigest">
> CQLsBWC3oxXyxGNWdIhAYWoXKZE=
> </wsse:Password>
> <wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce>
> <wsu:Created>2005-09-05T14:31:59Z</wsu:Created>
> </wsse:UsernameToken>
> </wst:Base>
> <wsp:AppliesTo
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> <wsa:EndpointReference>
> <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
> <wst:LifeTime>
> <wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires>
> </wst:LifeTime>
> </wst:RequestSecurityToken>
> </soap:Body>
>
> I went through the "TrustUtil.java" file and it looks promising to implement
> this format except "<wst:Base>" tag because I don't see any method to
> implement this tag which could contain UsernameToken tag as its child
> element.
>
> Could you please tell me what other classes will be required from "Apache
> Rahas" source code to implement this?
>
>
> Best Regards,
> Shyam Shukla
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Monday, July 24, 2006 1:37 PM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
> why I pointed you to the DOM AppliesTo element :-)
>
> If you are using AXIOM the piece of code that provides you this is in
> org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
> String address) [1]
>
> WS-Trust support for Axis2 is being developed as Apache Rahas within
> the Axis2 code base. If you are looking for a client components to
> talk to a SecrityTokenService then there are a set of utility methods
> available in Rahas [1].
>
> HTH
>
> Thanks,
> Ruchith
>
> [1]
> https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
> src/org/apache/rahas/TrustUtil.java
>
> On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Thanks a lot Ruchith for guiding me to solve my problems.
> > Now my only concern is left how to associate AppliesTo class with my
> client
> > program to create SOAP request body format mentioned in this email.
> > My client program is as below:
> >
> > << Start of Client Code >>
> >
> > public class ClientWebSecurityToken {
> >
> > /**
> > * @param args
> > */
> > public static void main(String[] args) {
> > try {
> >
> > OMElement payload = getEchoElement();
> > ConfigurationContext configContext =
> >
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> > yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
> > \\client_repo\\conf\\axis2.xml");
> > ServiceClient serviceClient = new ServiceClient(configContext,
> > null);
> > //serviceClient.engageModule(new
> QName("rampart"));
> > Options options = new Options();
> > options.setTo(new EndpointReference("http://127.0.0.1:1234" +
> > "/axis2/services/WSSecurityTestCaseService"));
> > options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> > options.setProperty(Constants.Configuration.ENABLE_MTOM,
> > Constants.VALUE_TRUE);
> > options.setAction("urn:echo");
> > serviceClient.setOptions(options);
> >
> > //Blocking invocation
> > OMElement result = serviceClient.sendReceive(payload);
> >
> > StringWriter writer = new StringWriter();
> > result.serialize(XMLOutputFactory.newInstance()
> > .createXMLStreamWriter(writer));
> > writer.flush();
> >
> > System.out.println("Response: " + writer.toString());
> >
> > System.out.println("UKGateWayTestService Invocation successful
> > :-)");
> > } catch (AxisFault axisFault) {
> > axisFault.printStackTrace();
> > } catch (XMLStreamException e) {
> > e.printStackTrace();
> > }
> > }
> >
> > private static OMElement getEchoElement() {
> > OMFactory fac = OMAbstractFactory.getOMFactory();
> > OMNamespace omNs = fac.createOMNamespace(
> > "http://example1.org/example1", "example1");
> > OMElement method = fac.createOMElement("echo", omNs);
> > OMElement value = fac.createOMElement("Text", omNs);
> > value.addChild(fac.createOMText(value, "Axis2 Echo String "));
> > method.addChild(value);
> >
> > return method;
> > }
> >
> > }
> >
> > << End of Client Code >>
> >
> > This client program is using AXIOM APIs while AppliesTo class is using DOM
> > APIs which I believe can not be interoperated.
> > So please help me out how can I solve this issue?
> >
> >
> > Best Regards,
> > Shyam Shukla
> > -----Original Message-----
> > From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> > Sent: Friday, July 21, 2006 1:34 PM
> > To: Shyam Shukla
> > Cc: wss4j-dev@ws.apache.org
> > Subject: Re: WSHandler: Signature: unknown key identification
> >
> > Hi,
> >
> > Please see my comments in line:
> >
> > On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > > Hi Ruchith,
> > >
> > > Now I have solved the problem mentioned in this email by making few
> > changes
> > > as below:
> > >
> > > 1- My client program was using a different a Password CallBack class due
> > to
> > > wrong entry in the classpath environment variable so I modified it to
> the
> > > correct path.
> > >
> > > 2- I was using two different keystore files i.e. one for client and
> other
> > > for server and both were having keys which were signed by the same CA
> > which
> > > I believe is okay but it was throwing "Signature Processing" error at
> > > receiving end i.e. at server side. So I used the same keystore file at
> > both
> > > end and it worked.
> > >
> > > Can you please explain me point2 why can not I use two different
> keystores
> > > which are having keys which were signed by same CA?
> >
> > You can certainly use different keystores which contains each other's
> > (service and client) signed certs. I have done this and it works with
> > the keystores created with the steps shown here:
> > http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
> >
> >
> > >
> > > Now my next target is to implement WS-Policy in soap request/response
> for
> > > that I went through online documentation of "Neethi" but could find a
> > > complete working example or document to implement it.
> > >
> > > Ruchith, In my current project I have to create following format in the
> > > SOAP's Request Body
> > >
> > > <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > > <wsa:EndpointReference>
> > > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > > </wsa:EndpointReference>
> > > </wsp:AppliesTo>
> > >
> > > Please guide me how to create above format.
> > > Thanks a lot for being so helpful.
> >
> > Does this solve your problem:
> >
> https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> > andbox/security/policy/message/token/AppliesTo.java
> >
> > Thanks,
> > Ruchith
> >
> > --
> > www.ruchith.org
> >
> >
> > DISCLAIMER
> > ==========
> > This e-mail may contain privileged and confidential information which is
> the property of Persistent Systems Pvt. Ltd. It is intended only for the use
> of the individual or entity to which it is addressed. If you are not the
> intended recipient, you are not authorized to read, retain, copy, print,
> distribute or use this message. If you have received this communication in
> error, please notify the sender and delete all copies of this message.
> Persistent Systems Pvt. Ltd. does not accept any liability for virus
> infected mails.
> >
>
>
> --
> www.ruchith.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Ruchith thanks once again for your kind suggestion.
The exact format of SOAP body that I have to create is as below:
<soap:Body>
<wst:RequestSecurityToken
xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
<wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp
e>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<
/wst:RequestType>
<wst:Base>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb">
<wsse:Username>SC789LKG3CHS</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordDigest">
CQLsBWC3oxXyxGNWdIhAYWoXKZE=
</wsse:Password>
<wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce>
<wsu:Created>2005-09-05T14:31:59Z</wsu:Created>
</wsse:UsernameToken>
</wst:Base>
<wsp:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
<wsa:EndpointReference>
<wsa:Address>urn:mosw.test.com:target1</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires>
</wst:LifeTime>
</wst:RequestSecurityToken>
</soap:Body>
I went through the "TrustUtil.java" file and it looks promising to implement
this format except "<wst:Base>" tag because I don't see any method to
implement this tag which could contain UsernameToken tag as its child
element.
Could you please tell me what other classes will be required from "Apache
Rahas" source code to implement this?
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Monday, July 24, 2006 1:37 PM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
why I pointed you to the DOM AppliesTo element :-)
If you are using AXIOM the piece of code that provides you this is in
org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
String address) [1]
WS-Trust support for Axis2 is being developed as Apache Rahas within
the Axis2 code base. If you are looking for a client components to
talk to a SecrityTokenService then there are a set of utility methods
available in Rahas [1].
HTH
Thanks,
Ruchith
[1]
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
src/org/apache/rahas/TrustUtil.java
On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Thanks a lot Ruchith for guiding me to solve my problems.
> Now my only concern is left how to associate AppliesTo class with my
client
> program to create SOAP request body format mentioned in this email.
> My client program is as below:
>
> << Start of Client Code >>
>
> public class ClientWebSecurityToken {
>
> /**
> * @param args
> */
> public static void main(String[] args) {
> try {
>
> OMElement payload = getEchoElement();
> ConfigurationContext configContext =
>
ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
> \\client_repo\\conf\\axis2.xml");
> ServiceClient serviceClient = new ServiceClient(configContext,
> null);
> //serviceClient.engageModule(new
QName("rampart"));
> Options options = new Options();
> options.setTo(new EndpointReference("http://127.0.0.1:1234" +
> "/axis2/services/WSSecurityTestCaseService"));
> options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> options.setProperty(Constants.Configuration.ENABLE_MTOM,
> Constants.VALUE_TRUE);
> options.setAction("urn:echo");
> serviceClient.setOptions(options);
>
> //Blocking invocation
> OMElement result = serviceClient.sendReceive(payload);
>
> StringWriter writer = new StringWriter();
> result.serialize(XMLOutputFactory.newInstance()
> .createXMLStreamWriter(writer));
> writer.flush();
>
> System.out.println("Response: " + writer.toString());
>
> System.out.println("UKGateWayTestService Invocation successful
> :-)");
> } catch (AxisFault axisFault) {
> axisFault.printStackTrace();
> } catch (XMLStreamException e) {
> e.printStackTrace();
> }
> }
>
> private static OMElement getEchoElement() {
> OMFactory fac = OMAbstractFactory.getOMFactory();
> OMNamespace omNs = fac.createOMNamespace(
> "http://example1.org/example1", "example1");
> OMElement method = fac.createOMElement("echo", omNs);
> OMElement value = fac.createOMElement("Text", omNs);
> value.addChild(fac.createOMText(value, "Axis2 Echo String "));
> method.addChild(value);
>
> return method;
> }
>
> }
>
> << End of Client Code >>
>
> This client program is using AXIOM APIs while AppliesTo class is using DOM
> APIs which I believe can not be interoperated.
> So please help me out how can I solve this issue?
>
>
> Best Regards,
> Shyam Shukla
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Friday, July 21, 2006 1:34 PM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Hi,
>
> Please see my comments in line:
>
> On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Hi Ruchith,
> >
> > Now I have solved the problem mentioned in this email by making few
> changes
> > as below:
> >
> > 1- My client program was using a different a Password CallBack class due
> to
> > wrong entry in the classpath environment variable so I modified it to
the
> > correct path.
> >
> > 2- I was using two different keystore files i.e. one for client and
other
> > for server and both were having keys which were signed by the same CA
> which
> > I believe is okay but it was throwing "Signature Processing" error at
> > receiving end i.e. at server side. So I used the same keystore file at
> both
> > end and it worked.
> >
> > Can you please explain me point2 why can not I use two different
keystores
> > which are having keys which were signed by same CA?
>
> You can certainly use different keystores which contains each other's
> (service and client) signed certs. I have done this and it works with
> the keystores created with the steps shown here:
> http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
>
>
> >
> > Now my next target is to implement WS-Policy in soap request/response
for
> > that I went through online documentation of "Neethi" but could find a
> > complete working example or document to implement it.
> >
> > Ruchith, In my current project I have to create following format in the
> > SOAP's Request Body
> >
> > <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > <wsa:EndpointReference>
> > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > </wsa:EndpointReference>
> > </wsp:AppliesTo>
> >
> > Please guide me how to create above format.
> > Thanks a lot for being so helpful.
>
> Does this solve your problem:
>
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> andbox/security/policy/message/token/AppliesTo.java
>
> Thanks,
> Ruchith
>
> --
> www.ruchith.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Pvt. Ltd. It is intended only for the use
of the individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in
error, please notify the sender and delete all copies of this message.
Persistent Systems Pvt. Ltd. does not accept any liability for virus
infected mails.
>
--
www.ruchith.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Ruchith thanks once again for your kind suggestion.
The exact format of SOAP body that I have to create is as below:
<soap:Body>
<wst:RequestSecurityToken
xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
<wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion#Assertion</wst:TokenTyp
e>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<
/wst:RequestType>
<wst:Base>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-f2b83dc5-33e4-4f32-9195-8eb1b87179bb">
<wsse:Username>SC789LKG3CHS</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordDigest">
CQLsBWC3oxXyxGNWdIhAYWoXKZE=
</wsse:Password>
<wsse:Nonce>hPoIb95U7g5SBBeBuOONpQ==</wsse:Nonce>
<wsu:Created>2005-09-05T14:31:59Z</wsu:Created>
</wsse:UsernameToken>
</wst:Base>
<wsp:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
<wsa:EndpointReference>
<wsa:Address>urn:mosw.test.com:target1</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Expires>2005-09-05T18:32:00Z</wsu:Expires>
</wst:LifeTime>
</wst:RequestSecurityToken>
</soap:Body>
I went through the "TrustUtil.java" file and it looks promising to implement
this format except "<wst:Base>" tag because I don't see any method to
implement this tag which could contain UsernameToken tag as its child
element.
Could you please tell me what other classes will be required from "Apache
Rahas" source code to implement this?
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Monday, July 24, 2006 1:37 PM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
why I pointed you to the DOM AppliesTo element :-)
If you are using AXIOM the piece of code that provides you this is in
org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
String address) [1]
WS-Trust support for Axis2 is being developed as Apache Rahas within
the Axis2 code base. If you are looking for a client components to
talk to a SecrityTokenService then there are a set of utility methods
available in Rahas [1].
HTH
Thanks,
Ruchith
[1]
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/
src/org/apache/rahas/TrustUtil.java
On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Thanks a lot Ruchith for guiding me to solve my problems.
> Now my only concern is left how to associate AppliesTo class with my
client
> program to create SOAP request body format mentioned in this email.
> My client program is as below:
>
> << Start of Client Code >>
>
> public class ClientWebSecurityToken {
>
> /**
> * @param args
> */
> public static void main(String[] args) {
> try {
>
> OMElement payload = getEchoElement();
> ConfigurationContext configContext =
>
ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
> \\client_repo\\conf\\axis2.xml");
> ServiceClient serviceClient = new ServiceClient(configContext,
> null);
> //serviceClient.engageModule(new
QName("rampart"));
> Options options = new Options();
> options.setTo(new EndpointReference("http://127.0.0.1:1234" +
> "/axis2/services/WSSecurityTestCaseService"));
> options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> options.setProperty(Constants.Configuration.ENABLE_MTOM,
> Constants.VALUE_TRUE);
> options.setAction("urn:echo");
> serviceClient.setOptions(options);
>
> //Blocking invocation
> OMElement result = serviceClient.sendReceive(payload);
>
> StringWriter writer = new StringWriter();
> result.serialize(XMLOutputFactory.newInstance()
> .createXMLStreamWriter(writer));
> writer.flush();
>
> System.out.println("Response: " + writer.toString());
>
> System.out.println("UKGateWayTestService Invocation successful
> :-)");
> } catch (AxisFault axisFault) {
> axisFault.printStackTrace();
> } catch (XMLStreamException e) {
> e.printStackTrace();
> }
> }
>
> private static OMElement getEchoElement() {
> OMFactory fac = OMAbstractFactory.getOMFactory();
> OMNamespace omNs = fac.createOMNamespace(
> "http://example1.org/example1", "example1");
> OMElement method = fac.createOMElement("echo", omNs);
> OMElement value = fac.createOMElement("Text", omNs);
> value.addChild(fac.createOMText(value, "Axis2 Echo String "));
> method.addChild(value);
>
> return method;
> }
>
> }
>
> << End of Client Code >>
>
> This client program is using AXIOM APIs while AppliesTo class is using DOM
> APIs which I believe can not be interoperated.
> So please help me out how can I solve this issue?
>
>
> Best Regards,
> Shyam Shukla
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Friday, July 21, 2006 1:34 PM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Hi,
>
> Please see my comments in line:
>
> On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Hi Ruchith,
> >
> > Now I have solved the problem mentioned in this email by making few
> changes
> > as below:
> >
> > 1- My client program was using a different a Password CallBack class due
> to
> > wrong entry in the classpath environment variable so I modified it to
the
> > correct path.
> >
> > 2- I was using two different keystore files i.e. one for client and
other
> > for server and both were having keys which were signed by the same CA
> which
> > I believe is okay but it was throwing "Signature Processing" error at
> > receiving end i.e. at server side. So I used the same keystore file at
> both
> > end and it worked.
> >
> > Can you please explain me point2 why can not I use two different
keystores
> > which are having keys which were signed by same CA?
>
> You can certainly use different keystores which contains each other's
> (service and client) signed certs. I have done this and it works with
> the keystores created with the steps shown here:
> http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
>
>
> >
> > Now my next target is to implement WS-Policy in soap request/response
for
> > that I went through online documentation of "Neethi" but could find a
> > complete working example or document to implement it.
> >
> > Ruchith, In my current project I have to create following format in the
> > SOAP's Request Body
> >
> > <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > <wsa:EndpointReference>
> > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > </wsa:EndpointReference>
> > </wsp:AppliesTo>
> >
> > Please guide me how to create above format.
> > Thanks a lot for being so helpful.
>
> Does this solve your problem:
>
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> andbox/security/policy/message/token/AppliesTo.java
>
> Thanks,
> Ruchith
>
> --
> www.ruchith.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Pvt. Ltd. It is intended only for the use
of the individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in
error, please notify the sender and delete all copies of this message.
Persistent Systems Pvt. Ltd. does not accept any liability for virus
infected mails.
>
--
www.ruchith.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
why I pointed you to the DOM AppliesTo element :-)
If you are using AXIOM the piece of code that provides you this is in
org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
String address) [1]
WS-Trust support for Axis2 is being developed as Apache Rahas within
the Axis2 code base. If you are looking for a client components to
talk to a SecrityTokenService then there are a set of utility methods
available in Rahas [1].
HTH
Thanks,
Ruchith
[1] https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Thanks a lot Ruchith for guiding me to solve my problems.
> Now my only concern is left how to associate AppliesTo class with my client
> program to create SOAP request body format mentioned in this email.
> My client program is as below:
>
> << Start of Client Code >>
>
> public class ClientWebSecurityToken {
>
> /**
> * @param args
> */
> public static void main(String[] args) {
> try {
>
> OMElement payload = getEchoElement();
> ConfigurationContext configContext =
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
> \\client_repo\\conf\\axis2.xml");
> ServiceClient serviceClient = new ServiceClient(configContext,
> null);
> //serviceClient.engageModule(new QName("rampart"));
> Options options = new Options();
> options.setTo(new EndpointReference("http://127.0.0.1:1234" +
> "/axis2/services/WSSecurityTestCaseService"));
> options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> options.setProperty(Constants.Configuration.ENABLE_MTOM,
> Constants.VALUE_TRUE);
> options.setAction("urn:echo");
> serviceClient.setOptions(options);
>
> //Blocking invocation
> OMElement result = serviceClient.sendReceive(payload);
>
> StringWriter writer = new StringWriter();
> result.serialize(XMLOutputFactory.newInstance()
> .createXMLStreamWriter(writer));
> writer.flush();
>
> System.out.println("Response: " + writer.toString());
>
> System.out.println("UKGateWayTestService Invocation successful
> :-)");
> } catch (AxisFault axisFault) {
> axisFault.printStackTrace();
> } catch (XMLStreamException e) {
> e.printStackTrace();
> }
> }
>
> private static OMElement getEchoElement() {
> OMFactory fac = OMAbstractFactory.getOMFactory();
> OMNamespace omNs = fac.createOMNamespace(
> "http://example1.org/example1", "example1");
> OMElement method = fac.createOMElement("echo", omNs);
> OMElement value = fac.createOMElement("Text", omNs);
> value.addChild(fac.createOMText(value, "Axis2 Echo String "));
> method.addChild(value);
>
> return method;
> }
>
> }
>
> << End of Client Code >>
>
> This client program is using AXIOM APIs while AppliesTo class is using DOM
> APIs which I believe can not be interoperated.
> So please help me out how can I solve this issue?
>
>
> Best Regards,
> Shyam Shukla
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Friday, July 21, 2006 1:34 PM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Hi,
>
> Please see my comments in line:
>
> On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Hi Ruchith,
> >
> > Now I have solved the problem mentioned in this email by making few
> changes
> > as below:
> >
> > 1- My client program was using a different a Password CallBack class due
> to
> > wrong entry in the classpath environment variable so I modified it to the
> > correct path.
> >
> > 2- I was using two different keystore files i.e. one for client and other
> > for server and both were having keys which were signed by the same CA
> which
> > I believe is okay but it was throwing "Signature Processing" error at
> > receiving end i.e. at server side. So I used the same keystore file at
> both
> > end and it worked.
> >
> > Can you please explain me point2 why can not I use two different keystores
> > which are having keys which were signed by same CA?
>
> You can certainly use different keystores which contains each other's
> (service and client) signed certs. I have done this and it works with
> the keystores created with the steps shown here:
> http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
>
>
> >
> > Now my next target is to implement WS-Policy in soap request/response for
> > that I went through online documentation of "Neethi" but could find a
> > complete working example or document to implement it.
> >
> > Ruchith, In my current project I have to create following format in the
> > SOAP's Request Body
> >
> > <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > <wsa:EndpointReference>
> > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > </wsa:EndpointReference>
> > </wsp:AppliesTo>
> >
> > Please guide me how to create above format.
> > Thanks a lot for being so helpful.
>
> Does this solve your problem:
> https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> andbox/security/policy/message/token/AppliesTo.java
>
> Thanks,
> Ruchith
>
> --
> www.ruchith.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Oh ... my bad ... I thought you are using Axis1.x stuff ... that's
why I pointed you to the DOM AppliesTo element :-)
If you are using AXIOM the piece of code that provides you this is in
org.apache.rahas.TrustUtil#createAppliesToElement(OMElement parent,
String address) [1]
WS-Trust support for Axis2 is being developed as Apache Rahas within
the Axis2 code base. If you are looking for a client components to
talk to a SecrityTokenService then there are a set of utility methods
available in Rahas [1].
HTH
Thanks,
Ruchith
[1] https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
On 7/24/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Thanks a lot Ruchith for guiding me to solve my problems.
> Now my only concern is left how to associate AppliesTo class with my client
> program to create SOAP request body format mentioned in this email.
> My client program is as below:
>
> << Start of Client Code >>
>
> public class ClientWebSecurityToken {
>
> /**
> * @param args
> */
> public static void main(String[] args) {
> try {
>
> OMElement payload = getEchoElement();
> ConfigurationContext configContext =
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
> yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
> \\client_repo\\conf\\axis2.xml");
> ServiceClient serviceClient = new ServiceClient(configContext,
> null);
> //serviceClient.engageModule(new QName("rampart"));
> Options options = new Options();
> options.setTo(new EndpointReference("http://127.0.0.1:1234" +
> "/axis2/services/WSSecurityTestCaseService"));
> options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
> options.setProperty(Constants.Configuration.ENABLE_MTOM,
> Constants.VALUE_TRUE);
> options.setAction("urn:echo");
> serviceClient.setOptions(options);
>
> //Blocking invocation
> OMElement result = serviceClient.sendReceive(payload);
>
> StringWriter writer = new StringWriter();
> result.serialize(XMLOutputFactory.newInstance()
> .createXMLStreamWriter(writer));
> writer.flush();
>
> System.out.println("Response: " + writer.toString());
>
> System.out.println("UKGateWayTestService Invocation successful
> :-)");
> } catch (AxisFault axisFault) {
> axisFault.printStackTrace();
> } catch (XMLStreamException e) {
> e.printStackTrace();
> }
> }
>
> private static OMElement getEchoElement() {
> OMFactory fac = OMAbstractFactory.getOMFactory();
> OMNamespace omNs = fac.createOMNamespace(
> "http://example1.org/example1", "example1");
> OMElement method = fac.createOMElement("echo", omNs);
> OMElement value = fac.createOMElement("Text", omNs);
> value.addChild(fac.createOMText(value, "Axis2 Echo String "));
> method.addChild(value);
>
> return method;
> }
>
> }
>
> << End of Client Code >>
>
> This client program is using AXIOM APIs while AppliesTo class is using DOM
> APIs which I believe can not be interoperated.
> So please help me out how can I solve this issue?
>
>
> Best Regards,
> Shyam Shukla
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Friday, July 21, 2006 1:34 PM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Hi,
>
> Please see my comments in line:
>
> On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> > Hi Ruchith,
> >
> > Now I have solved the problem mentioned in this email by making few
> changes
> > as below:
> >
> > 1- My client program was using a different a Password CallBack class due
> to
> > wrong entry in the classpath environment variable so I modified it to the
> > correct path.
> >
> > 2- I was using two different keystore files i.e. one for client and other
> > for server and both were having keys which were signed by the same CA
> which
> > I believe is okay but it was throwing "Signature Processing" error at
> > receiving end i.e. at server side. So I used the same keystore file at
> both
> > end and it worked.
> >
> > Can you please explain me point2 why can not I use two different keystores
> > which are having keys which were signed by same CA?
>
> You can certainly use different keystores which contains each other's
> (service and client) signed certs. I have done this and it works with
> the keystores created with the steps shown here:
> http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
>
>
> >
> > Now my next target is to implement WS-Policy in soap request/response for
> > that I went through online documentation of "Neethi" but could find a
> > complete working example or document to implement it.
> >
> > Ruchith, In my current project I have to create following format in the
> > SOAP's Request Body
> >
> > <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> > <wsa:EndpointReference>
> > <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> > </wsa:EndpointReference>
> > </wsp:AppliesTo>
> >
> > Please guide me how to create above format.
> > Thanks a lot for being so helpful.
>
> Does this solve your problem:
> https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
> andbox/security/policy/message/token/AppliesTo.java
>
> Thanks,
> Ruchith
>
> --
> www.ruchith.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Thanks a lot Ruchith for guiding me to solve my problems.
Now my only concern is left how to associate AppliesTo class with my client
program to create SOAP request body format mentioned in this email.
My client program is as below:
<< Start of Client Code >>
public class ClientWebSecurityToken {
/**
* @param args
*/
public static void main(String[] args) {
try {
OMElement payload = getEchoElement();
ConfigurationContext configContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
\\client_repo\\conf\\axis2.xml");
ServiceClient serviceClient = new ServiceClient(configContext,
null);
//serviceClient.engageModule(new QName("rampart"));
Options options = new Options();
options.setTo(new EndpointReference("http://127.0.0.1:1234" +
"/axis2/services/WSSecurityTestCaseService"));
options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
options.setProperty(Constants.Configuration.ENABLE_MTOM,
Constants.VALUE_TRUE);
options.setAction("urn:echo");
serviceClient.setOptions(options);
//Blocking invocation
OMElement result = serviceClient.sendReceive(payload);
StringWriter writer = new StringWriter();
result.serialize(XMLOutputFactory.newInstance()
.createXMLStreamWriter(writer));
writer.flush();
System.out.println("Response: " + writer.toString());
System.out.println("UKGateWayTestService Invocation successful
:-)");
} catch (AxisFault axisFault) {
axisFault.printStackTrace();
} catch (XMLStreamException e) {
e.printStackTrace();
}
}
private static OMElement getEchoElement() {
OMFactory fac = OMAbstractFactory.getOMFactory();
OMNamespace omNs = fac.createOMNamespace(
"http://example1.org/example1", "example1");
OMElement method = fac.createOMElement("echo", omNs);
OMElement value = fac.createOMElement("Text", omNs);
value.addChild(fac.createOMText(value, "Axis2 Echo String "));
method.addChild(value);
return method;
}
}
<< End of Client Code >>
This client program is using AXIOM APIs while AppliesTo class is using DOM
APIs which I believe can not be interoperated.
So please help me out how can I solve this issue?
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Friday, July 21, 2006 1:34 PM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Hi,
Please see my comments in line:
On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Hi Ruchith,
>
> Now I have solved the problem mentioned in this email by making few
changes
> as below:
>
> 1- My client program was using a different a Password CallBack class due
to
> wrong entry in the classpath environment variable so I modified it to the
> correct path.
>
> 2- I was using two different keystore files i.e. one for client and other
> for server and both were having keys which were signed by the same CA
which
> I believe is okay but it was throwing "Signature Processing" error at
> receiving end i.e. at server side. So I used the same keystore file at
both
> end and it worked.
>
> Can you please explain me point2 why can not I use two different keystores
> which are having keys which were signed by same CA?
You can certainly use different keystores which contains each other's
(service and client) signed certs. I have done this and it works with
the keystores created with the steps shown here:
http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
>
> Now my next target is to implement WS-Policy in soap request/response for
> that I went through online documentation of "Neethi" but could find a
> complete working example or document to implement it.
>
> Ruchith, In my current project I have to create following format in the
> SOAP's Request Body
>
> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> <wsa:EndpointReference>
> <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
>
> Please guide me how to create above format.
> Thanks a lot for being so helpful.
Does this solve your problem:
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
andbox/security/policy/message/token/AppliesTo.java
Thanks,
Ruchith
--
www.ruchith.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Thanks a lot Ruchith for guiding me to solve my problems.
Now my only concern is left how to associate AppliesTo class with my client
program to create SOAP request body format mentioned in this email.
My client program is as below:
<< Start of Client Code >>
public class ClientWebSecurityToken {
/**
* @param args
*/
public static void main(String[] args) {
try {
OMElement payload = getEchoElement();
ConfigurationContext configContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem("E:\\Sh
yam\\WSSecurityTestCase\\client_repo", "E:\\Shyam\\WSSecurityTestCase
\\client_repo\\conf\\axis2.xml");
ServiceClient serviceClient = new ServiceClient(configContext,
null);
//serviceClient.engageModule(new QName("rampart"));
Options options = new Options();
options.setTo(new EndpointReference("http://127.0.0.1:1234" +
"/axis2/services/WSSecurityTestCaseService"));
options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
options.setProperty(Constants.Configuration.ENABLE_MTOM,
Constants.VALUE_TRUE);
options.setAction("urn:echo");
serviceClient.setOptions(options);
//Blocking invocation
OMElement result = serviceClient.sendReceive(payload);
StringWriter writer = new StringWriter();
result.serialize(XMLOutputFactory.newInstance()
.createXMLStreamWriter(writer));
writer.flush();
System.out.println("Response: " + writer.toString());
System.out.println("UKGateWayTestService Invocation successful
:-)");
} catch (AxisFault axisFault) {
axisFault.printStackTrace();
} catch (XMLStreamException e) {
e.printStackTrace();
}
}
private static OMElement getEchoElement() {
OMFactory fac = OMAbstractFactory.getOMFactory();
OMNamespace omNs = fac.createOMNamespace(
"http://example1.org/example1", "example1");
OMElement method = fac.createOMElement("echo", omNs);
OMElement value = fac.createOMElement("Text", omNs);
value.addChild(fac.createOMText(value, "Axis2 Echo String "));
method.addChild(value);
return method;
}
}
<< End of Client Code >>
This client program is using AXIOM APIs while AppliesTo class is using DOM
APIs which I believe can not be interoperated.
So please help me out how can I solve this issue?
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Friday, July 21, 2006 1:34 PM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Hi,
Please see my comments in line:
On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Hi Ruchith,
>
> Now I have solved the problem mentioned in this email by making few
changes
> as below:
>
> 1- My client program was using a different a Password CallBack class due
to
> wrong entry in the classpath environment variable so I modified it to the
> correct path.
>
> 2- I was using two different keystore files i.e. one for client and other
> for server and both were having keys which were signed by the same CA
which
> I believe is okay but it was throwing "Signature Processing" error at
> receiving end i.e. at server side. So I used the same keystore file at
both
> end and it worked.
>
> Can you please explain me point2 why can not I use two different keystores
> which are having keys which were signed by same CA?
You can certainly use different keystores which contains each other's
(service and client) signed certs. I have done this and it works with
the keystores created with the steps shown here:
http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
>
> Now my next target is to implement WS-Policy in soap request/response for
> that I went through online documentation of "Neethi" but could find a
> complete working example or document to implement it.
>
> Ruchith, In my current project I have to create following format in the
> SOAP's Request Body
>
> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> <wsa:EndpointReference>
> <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
>
> Please guide me how to create above format.
> Thanks a lot for being so helpful.
Does this solve your problem:
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/s
andbox/security/policy/message/token/AppliesTo.java
Thanks,
Ruchith
--
www.ruchith.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
Please see my comments in line:
On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Hi Ruchith,
>
> Now I have solved the problem mentioned in this email by making few changes
> as below:
>
> 1- My client program was using a different a Password CallBack class due to
> wrong entry in the classpath environment variable so I modified it to the
> correct path.
>
> 2- I was using two different keystore files i.e. one for client and other
> for server and both were having keys which were signed by the same CA which
> I believe is okay but it was throwing "Signature Processing" error at
> receiving end i.e. at server side. So I used the same keystore file at both
> end and it worked.
>
> Can you please explain me point2 why can not I use two different keystores
> which are having keys which were signed by same CA?
You can certainly use different keystores which contains each other's
(service and client) signed certs. I have done this and it works with
the keystores created with the steps shown here:
http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
>
> Now my next target is to implement WS-Policy in soap request/response for
> that I went through online documentation of "Neethi" but could find a
> complete working example or document to implement it.
>
> Ruchith, In my current project I have to create following format in the
> SOAP's Request Body
>
> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> <wsa:EndpointReference>
> <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
>
> Please guide me how to create above format.
> Thanks a lot for being so helpful.
Does this solve your problem:
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/sandbox/security/policy/message/token/AppliesTo.java
Thanks,
Ruchith
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
Please see my comments in line:
On 7/20/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Hi Ruchith,
>
> Now I have solved the problem mentioned in this email by making few changes
> as below:
>
> 1- My client program was using a different a Password CallBack class due to
> wrong entry in the classpath environment variable so I modified it to the
> correct path.
>
> 2- I was using two different keystore files i.e. one for client and other
> for server and both were having keys which were signed by the same CA which
> I believe is okay but it was throwing "Signature Processing" error at
> receiving end i.e. at server side. So I used the same keystore file at both
> end and it worked.
>
> Can you please explain me point2 why can not I use two different keystores
> which are having keys which were signed by same CA?
You can certainly use different keystores which contains each other's
(service and client) signed certs. I have done this and it works with
the keystores created with the steps shown here:
http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
>
> Now my next target is to implement WS-Policy in soap request/response for
> that I went through online documentation of "Neethi" but could find a
> complete working example or document to implement it.
>
> Ruchith, In my current project I have to create following format in the
> SOAP's Request Body
>
> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
> <wsa:EndpointReference>
> <wsa:Address>urn:mosw.test.com:target1</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
>
> Please guide me how to create above format.
> Thanks a lot for being so helpful.
Does this solve your problem:
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/sandbox/security/policy/message/token/AppliesTo.java
Thanks,
Ruchith
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Yes Ruchith I've specified correct private key password i.e. "security" in
callback handler class.
Find below the code snippet of callback handler class.
<< Start of Code >>
public class PWCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
// set the password given a username
if
("wss4jclient".equalsIgnoreCase(pc.getIdentifer().trim())) {
pc.setPassword("security");
}
} else {
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
}
}
}
}
<< End of Code >>
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Tuesday, July 18, 2006 12:24 PM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Hi,
Did you specify the private key password properly in your password
callback handler class?
Thanks,
Ruchith
On 7/18/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Thanks Ruchith,
>
> I used "IssuerSerial" for signatureKeyIdentifier tag in axis2.xml and
> verified the alias of the private key in my keystore which was same as I
> have defined in <user> tag in axis2.xml.
> Now I am getting following error:
>
> << Start of Error >>
>
> org.apache.axis2.AxisFault: WSHandler: Signature: error during message
> procesing
> org.apache.ws.security.WSSecurityException: Signature creation failed;
> nested ex
> ception is:
> java.security.UnrecoverableKeyException: Cannot recover key;
nested
> exce
> ption is:
> org.apache.ws.security.WSSecurityException: WSHandler: Signature:
> error
> during message procesingorg.apache.ws.security.WSSecurityException:
> Signature cr
> eation failed; nested exception is:
> java.security.UnrecoverableKeyException: Cannot recover key
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> java:255)
> at
> org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
> r.java:82)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
> peration.java:328)
> at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
> isOperation.java:279)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> 457)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> 399)
> at
> sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
> va:60)
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
Signature:
> err
> or during message procesingorg.apache.ws.security.WSSecurityException:
> Signature
> creation failed; nested exception is:
> java.security.UnrecoverableKeyException: Cannot recover key
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction
> .java:57)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
> a:191)
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> java:181)
> ... 9 more
>
> << End of Error >>
>
> The relevant section of code from axis2.xml that I am using is as below:
>
> << Start of axis2.xml snippet >>
>
> <!-- Engage the addressing module -->
> <module ref="addressing"/>
>
> <!-- Engage the security module -->
> <module ref="rampart"/>
>
> <!-- Test with addressing and MTOM: Client's Configuration:START-->
>
> <parameter name="OutflowSecurity">
> <action>
> <items>Timestamp Signature</items>
> <user>wss4jclient</user>
>
> <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
> <signaturePropFile>cryptoSender.properties</signaturePropFile>
> <signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
>
>
<signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{
>
http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/200
>
5/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/o
> asis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
>
>
>
<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimi
> zeParts>
> </action>
> </parameter>
>
> <parameter name="InflowSecurity">
> <action>
> <items>Timestamp Signature</items>
>
> <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
> <signaturePropFile>cryptoSender.properties</signaturePropFile>
> </action>
> </parameter>
>
> << End of axis2.xml snippet >>
>
> Please also find below the contents of my keystore file:
>
> << Start of wss4jClient.jks file >>
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 2 entries
>
> Alias name: wss4jca
> Creation date: Jun 26, 2006
> Entry type: trustedCertEntry
>
> Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Persi
> stent Systems, L=Pune, ST=Mah, C=IN
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: f15acfb74d13af3c
> Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
> GMT+05
> :30 2016
> Certificate fingerprints:
> MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
> SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
>
>
> *******************************************
> *******************************************
>
>
> Alias name: wss4jclient
> Creation date: Jun 26, 2006
> Entry type: keyEntry
> Certificate chain length: 2
> Certificate[1]:
> Owner: CN=wss4j client, OU=technical, O=Persistent Systems, L=Pune,
ST=Mah,
> C=IN
>
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: 2
> Valid from: Mon Jun 26 17:01:47 GMT+05:30 2006 until: Tue Jun 26 17:01:47
> GMT+05
> :30 2007
> Certificate fingerprints:
> MD5: 3E:1C:C9:44:F0:17:64:40:8D:81:2B:87:4E:21:91:81
> SHA1: 70:BC:F1:EF:72:81:0A:69:50:03:00:7C:9F:AB:33:B0:EC:1D:F0:F6
> Certificate[2]:
> Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Persi
> stent Systems, L=Pune, ST=Mah, C=IN
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: f15acfb74d13af3c
> Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
> GMT+05
> :30 2016
> Certificate fingerprints:
> MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
> SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
>
>
> *******************************************
> *******************************************
>
> << End of wss4jClient.jks file >>
>
> And contents of cryptoSender.properties file are as below:
>
>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
> pto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=security
> org.apache.ws.security.crypto.merlin.file=wss4jClient.jks
>
> Please let me know what's going wrong??
>
> Best Regards,
> Shyam Shukla
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Tuesday, July 18, 2006 10:30 AM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Hi ,
>
> Please try using any of the following values for the
> "signatureKeyIdentifier":
>
> DirectReference
> IssuerSerial
> X509KeyIdentifier
> SKIKeyIdentifier
> Thumbprint
>
> These are different ways of referencing the signature key.
>
> The value of the "user" is the alias of the private key used for
> signature and wss4j will extract and set the required key reference
> info appropriately. Therefore you DON'T have to specify the value.
>
> Thanks,
> Ruchith
>
> On 7/17/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> >
> >
> >
> >
> > Hi All,
> >
> >
> >
> > I am working with axis2 1.0 and wss4j 1.5 to implement WS-Security
feature
> > supported by this architecture.
> >
> > I am using rampart module to sign the soap messages.
> >
> > Now when I invoke a web service I get the following error message:
> >
> >
> >
> > << Start of Error Message>>
> >
> >
> >
> > org.apache.axis2.AxisFault: WSHandler: Signature: unknown key
> > identification; ne
> >
> > sted exception is:
> >
> > org.apache.ws.security.WSSecurityException:
> > WSHandler: Signature: unknow
> >
> > n key identification
> >
> > at
> > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> >
> > java:255)
> >
> > at
> > org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
> >
> > r.java:82)
> >
> > at
> > org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> >
> > at
> > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
> >
> > at
> > org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
> >
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
> >
> > peration.java:328)
> >
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
> >
> > isOperation.java:279)
> >
> > at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> >
> > 457)
> >
> > at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> >
> > 399)
> >
> > at
> > sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
> >
> > va:60)
> >
> > Caused by: org.apache.ws.security.WSSecurityException:
> > WSHandler: Signature: unk
> >
> > nown key identification
> >
> > at
> > org.apache.ws.security.handler.WSHandler.decodeSignatureParameter(WSH
> >
> > andler.java:397)
> >
> > at
> > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
> >
> > a:124)
> >
> > at
> > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> >
> > java:181)
> >
> > ... 9 more
> >
> >
> >
> > << End of Error Message >>
> >
> >
> >
> > From error it looks like I am not giving correct
"signatureKeyIdentifier"
> in
> > axis2.xml. As per the document, I came to know that value of
> > "signatureKeyIdentifier" should be IssuerSerial number so I assigned
CA's
> > serial number to this tag but it did no work?
> >
> > Can anyone figure it out where I am going wrong?
> >
> >
> >
> > Best Regards,
> > Shyam Shukla
> >
> >
> >
> > DISCLAIMER ========== This e-mail may contain privileged and
> confidential
> > information which is the property of Persistent Systems Pvt. Ltd. It is
> > intended only for the use of the individual or entity to which it is
> > addressed. If you are not the intended recipient, you are not authorized
> to
> > read, retain, copy, print, distribute or use this message. If you have
> > received this communication in error, please notify the sender and
delete
> > all copies of this message. Persistent Systems Pvt. Ltd. does not accept
> any
> > liability for virus infected mails.
>
>
> --
> www.ruchith.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Pvt. Ltd. It is intended only for the use
of the individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in
error, please notify the sender and delete all copies of this message.
Persistent Systems Pvt. Ltd. does not accept any liability for virus
infected mails.
>
--
www.ruchith.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Hi Ruchith,
Now I have solved the problem mentioned in this email by making few changes
as below:
1- My client program was using a different a Password CallBack class due to
wrong entry in the classpath environment variable so I modified it to the
correct path.
2- I was using two different keystore files i.e. one for client and other
for server and both were having keys which were signed by the same CA which
I believe is okay but it was throwing "Signature Processing" error at
receiving end i.e. at server side. So I used the same keystore file at both
end and it worked.
Can you please explain me point2 why can not I use two different keystores
which are having keys which were signed by same CA?
Now my next target is to implement WS-Policy in soap request/response for
that I went through online documentation of "Neethi" but could find a
complete working example or document to implement it.
Ruchith, In my current project I have to create following format in the
SOAP's Request Body
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
<wsa:EndpointReference>
<wsa:Address>urn:mosw.test.com:target1</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
Please guide me how to create above format.
Thanks a lot for being so helpful.
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Tuesday, July 18, 2006 12:24 PM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Hi,
Did you specify the private key password properly in your password
callback handler class?
Thanks,
Ruchith
On 7/18/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Thanks Ruchith,
>
> I used "IssuerSerial" for signatureKeyIdentifier tag in axis2.xml and
> verified the alias of the private key in my keystore which was same as I
> have defined in <user> tag in axis2.xml.
> Now I am getting following error:
>
> << Start of Error >>
>
> org.apache.axis2.AxisFault: WSHandler: Signature: error during message
> procesing
> org.apache.ws.security.WSSecurityException: Signature creation failed;
> nested ex
> ception is:
> java.security.UnrecoverableKeyException: Cannot recover key;
nested
> exce
> ption is:
> org.apache.ws.security.WSSecurityException: WSHandler: Signature:
> error
> during message procesingorg.apache.ws.security.WSSecurityException:
> Signature cr
> eation failed; nested exception is:
> java.security.UnrecoverableKeyException: Cannot recover key
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> java:255)
> at
> org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
> r.java:82)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
> peration.java:328)
> at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
> isOperation.java:279)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> 457)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> 399)
> at
> sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
> va:60)
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
Signature:
> err
> or during message procesingorg.apache.ws.security.WSSecurityException:
> Signature
> creation failed; nested exception is:
> java.security.UnrecoverableKeyException: Cannot recover key
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction
> .java:57)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
> a:191)
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> java:181)
> ... 9 more
>
> << End of Error >>
>
> The relevant section of code from axis2.xml that I am using is as below:
>
> << Start of axis2.xml snippet >>
>
> <!-- Engage the addressing module -->
> <module ref="addressing"/>
>
> <!-- Engage the security module -->
> <module ref="rampart"/>
>
> <!-- Test with addressing and MTOM: Client's Configuration:START-->
>
> <parameter name="OutflowSecurity">
> <action>
> <items>Timestamp Signature</items>
> <user>wss4jclient</user>
>
> <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
> <signaturePropFile>cryptoSender.properties</signaturePropFile>
> <signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
>
>
<signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{
>
http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/200
>
5/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/o
> asis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
>
>
>
<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimi
> zeParts>
> </action>
> </parameter>
>
> <parameter name="InflowSecurity">
> <action>
> <items>Timestamp Signature</items>
>
> <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
> <signaturePropFile>cryptoSender.properties</signaturePropFile>
> </action>
> </parameter>
>
> << End of axis2.xml snippet >>
>
> Please also find below the contents of my keystore file:
>
> << Start of wss4jClient.jks file >>
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 2 entries
>
> Alias name: wss4jca
> Creation date: Jun 26, 2006
> Entry type: trustedCertEntry
>
> Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Persi
> stent Systems, L=Pune, ST=Mah, C=IN
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: f15acfb74d13af3c
> Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
> GMT+05
> :30 2016
> Certificate fingerprints:
> MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
> SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
>
>
> *******************************************
> *******************************************
>
>
> Alias name: wss4jclient
> Creation date: Jun 26, 2006
> Entry type: keyEntry
> Certificate chain length: 2
> Certificate[1]:
> Owner: CN=wss4j client, OU=technical, O=Persistent Systems, L=Pune,
ST=Mah,
> C=IN
>
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: 2
> Valid from: Mon Jun 26 17:01:47 GMT+05:30 2006 until: Tue Jun 26 17:01:47
> GMT+05
> :30 2007
> Certificate fingerprints:
> MD5: 3E:1C:C9:44:F0:17:64:40:8D:81:2B:87:4E:21:91:81
> SHA1: 70:BC:F1:EF:72:81:0A:69:50:03:00:7C:9F:AB:33:B0:EC:1D:F0:F6
> Certificate[2]:
> Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Persi
> stent Systems, L=Pune, ST=Mah, C=IN
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: f15acfb74d13af3c
> Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
> GMT+05
> :30 2016
> Certificate fingerprints:
> MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
> SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
>
>
> *******************************************
> *******************************************
>
> << End of wss4jClient.jks file >>
>
> And contents of cryptoSender.properties file are as below:
>
>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
> pto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=security
> org.apache.ws.security.crypto.merlin.file=wss4jClient.jks
>
> Please let me know what's going wrong??
>
> Best Regards,
> Shyam Shukla
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Tuesday, July 18, 2006 10:30 AM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Hi ,
>
> Please try using any of the following values for the
> "signatureKeyIdentifier":
>
> DirectReference
> IssuerSerial
> X509KeyIdentifier
> SKIKeyIdentifier
> Thumbprint
>
> These are different ways of referencing the signature key.
>
> The value of the "user" is the alias of the private key used for
> signature and wss4j will extract and set the required key reference
> info appropriately. Therefore you DON'T have to specify the value.
>
> Thanks,
> Ruchith
>
> On 7/17/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> >
> >
> >
> >
> > Hi All,
> >
> >
> >
> > I am working with axis2 1.0 and wss4j 1.5 to implement WS-Security
feature
> > supported by this architecture.
> >
> > I am using rampart module to sign the soap messages.
> >
> > Now when I invoke a web service I get the following error message:
> >
> >
> >
> > << Start of Error Message>>
> >
> >
> >
> > org.apache.axis2.AxisFault: WSHandler: Signature: unknown key
> > identification; ne
> >
> > sted exception is:
> >
> > org.apache.ws.security.WSSecurityException:
> > WSHandler: Signature: unknow
> >
> > n key identification
> >
> > at
> > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> >
> > java:255)
> >
> > at
> > org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
> >
> > r.java:82)
> >
> > at
> > org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> >
> > at
> > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
> >
> > at
> > org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
> >
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
> >
> > peration.java:328)
> >
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
> >
> > isOperation.java:279)
> >
> > at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> >
> > 457)
> >
> > at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> >
> > 399)
> >
> > at
> > sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
> >
> > va:60)
> >
> > Caused by: org.apache.ws.security.WSSecurityException:
> > WSHandler: Signature: unk
> >
> > nown key identification
> >
> > at
> > org.apache.ws.security.handler.WSHandler.decodeSignatureParameter(WSH
> >
> > andler.java:397)
> >
> > at
> > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
> >
> > a:124)
> >
> > at
> > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> >
> > java:181)
> >
> > ... 9 more
> >
> >
> >
> > << End of Error Message >>
> >
> >
> >
> > From error it looks like I am not giving correct
"signatureKeyIdentifier"
> in
> > axis2.xml. As per the document, I came to know that value of
> > "signatureKeyIdentifier" should be IssuerSerial number so I assigned
CA's
> > serial number to this tag but it did no work?
> >
> > Can anyone figure it out where I am going wrong?
> >
> >
> >
> > Best Regards,
> > Shyam Shukla
> >
> >
> >
> > DISCLAIMER ========== This e-mail may contain privileged and
> confidential
> > information which is the property of Persistent Systems Pvt. Ltd. It is
> > intended only for the use of the individual or entity to which it is
> > addressed. If you are not the intended recipient, you are not authorized
> to
> > read, retain, copy, print, distribute or use this message. If you have
> > received this communication in error, please notify the sender and
delete
> > all copies of this message. Persistent Systems Pvt. Ltd. does not accept
> any
> > liability for virus infected mails.
>
>
> --
> www.ruchith.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Pvt. Ltd. It is intended only for the use
of the individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in
error, please notify the sender and delete all copies of this message.
Persistent Systems Pvt. Ltd. does not accept any liability for virus
infected mails.
>
--
www.ruchith.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Hi Ruchith,
Now I have solved the problem mentioned in this email by making few changes
as below:
1- My client program was using a different a Password CallBack class due to
wrong entry in the classpath environment variable so I modified it to the
correct path.
2- I was using two different keystore files i.e. one for client and other
for server and both were having keys which were signed by the same CA which
I believe is okay but it was throwing "Signature Processing" error at
receiving end i.e. at server side. So I used the same keystore file at both
end and it worked.
Can you please explain me point2 why can not I use two different keystores
which are having keys which were signed by same CA?
Now my next target is to implement WS-Policy in soap request/response for
that I went through online documentation of "Neethi" but could find a
complete working example or document to implement it.
Ruchith, In my current project I have to create following format in the
SOAP's Request Body
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
<wsa:EndpointReference>
<wsa:Address>urn:mosw.test.com:target1</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
Please guide me how to create above format.
Thanks a lot for being so helpful.
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Tuesday, July 18, 2006 12:24 PM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Hi,
Did you specify the private key password properly in your password
callback handler class?
Thanks,
Ruchith
On 7/18/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Thanks Ruchith,
>
> I used "IssuerSerial" for signatureKeyIdentifier tag in axis2.xml and
> verified the alias of the private key in my keystore which was same as I
> have defined in <user> tag in axis2.xml.
> Now I am getting following error:
>
> << Start of Error >>
>
> org.apache.axis2.AxisFault: WSHandler: Signature: error during message
> procesing
> org.apache.ws.security.WSSecurityException: Signature creation failed;
> nested ex
> ception is:
> java.security.UnrecoverableKeyException: Cannot recover key;
nested
> exce
> ption is:
> org.apache.ws.security.WSSecurityException: WSHandler: Signature:
> error
> during message procesingorg.apache.ws.security.WSSecurityException:
> Signature cr
> eation failed; nested exception is:
> java.security.UnrecoverableKeyException: Cannot recover key
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> java:255)
> at
> org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
> r.java:82)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
> peration.java:328)
> at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
> isOperation.java:279)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> 457)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> 399)
> at
> sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
> va:60)
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
Signature:
> err
> or during message procesingorg.apache.ws.security.WSSecurityException:
> Signature
> creation failed; nested exception is:
> java.security.UnrecoverableKeyException: Cannot recover key
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction
> .java:57)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
> a:191)
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> java:181)
> ... 9 more
>
> << End of Error >>
>
> The relevant section of code from axis2.xml that I am using is as below:
>
> << Start of axis2.xml snippet >>
>
> <!-- Engage the addressing module -->
> <module ref="addressing"/>
>
> <!-- Engage the security module -->
> <module ref="rampart"/>
>
> <!-- Test with addressing and MTOM: Client's Configuration:START-->
>
> <parameter name="OutflowSecurity">
> <action>
> <items>Timestamp Signature</items>
> <user>wss4jclient</user>
>
> <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
> <signaturePropFile>cryptoSender.properties</signaturePropFile>
> <signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
>
>
<signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{
>
http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/200
>
5/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/o
> asis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
>
>
>
<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimi
> zeParts>
> </action>
> </parameter>
>
> <parameter name="InflowSecurity">
> <action>
> <items>Timestamp Signature</items>
>
> <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
> <signaturePropFile>cryptoSender.properties</signaturePropFile>
> </action>
> </parameter>
>
> << End of axis2.xml snippet >>
>
> Please also find below the contents of my keystore file:
>
> << Start of wss4jClient.jks file >>
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 2 entries
>
> Alias name: wss4jca
> Creation date: Jun 26, 2006
> Entry type: trustedCertEntry
>
> Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Persi
> stent Systems, L=Pune, ST=Mah, C=IN
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: f15acfb74d13af3c
> Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
> GMT+05
> :30 2016
> Certificate fingerprints:
> MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
> SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
>
>
> *******************************************
> *******************************************
>
>
> Alias name: wss4jclient
> Creation date: Jun 26, 2006
> Entry type: keyEntry
> Certificate chain length: 2
> Certificate[1]:
> Owner: CN=wss4j client, OU=technical, O=Persistent Systems, L=Pune,
ST=Mah,
> C=IN
>
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: 2
> Valid from: Mon Jun 26 17:01:47 GMT+05:30 2006 until: Tue Jun 26 17:01:47
> GMT+05
> :30 2007
> Certificate fingerprints:
> MD5: 3E:1C:C9:44:F0:17:64:40:8D:81:2B:87:4E:21:91:81
> SHA1: 70:BC:F1:EF:72:81:0A:69:50:03:00:7C:9F:AB:33:B0:EC:1D:F0:F6
> Certificate[2]:
> Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Persi
> stent Systems, L=Pune, ST=Mah, C=IN
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: f15acfb74d13af3c
> Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
> GMT+05
> :30 2016
> Certificate fingerprints:
> MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
> SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
>
>
> *******************************************
> *******************************************
>
> << End of wss4jClient.jks file >>
>
> And contents of cryptoSender.properties file are as below:
>
>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
> pto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=security
> org.apache.ws.security.crypto.merlin.file=wss4jClient.jks
>
> Please let me know what's going wrong??
>
> Best Regards,
> Shyam Shukla
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Tuesday, July 18, 2006 10:30 AM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Hi ,
>
> Please try using any of the following values for the
> "signatureKeyIdentifier":
>
> DirectReference
> IssuerSerial
> X509KeyIdentifier
> SKIKeyIdentifier
> Thumbprint
>
> These are different ways of referencing the signature key.
>
> The value of the "user" is the alias of the private key used for
> signature and wss4j will extract and set the required key reference
> info appropriately. Therefore you DON'T have to specify the value.
>
> Thanks,
> Ruchith
>
> On 7/17/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> >
> >
> >
> >
> > Hi All,
> >
> >
> >
> > I am working with axis2 1.0 and wss4j 1.5 to implement WS-Security
feature
> > supported by this architecture.
> >
> > I am using rampart module to sign the soap messages.
> >
> > Now when I invoke a web service I get the following error message:
> >
> >
> >
> > << Start of Error Message>>
> >
> >
> >
> > org.apache.axis2.AxisFault: WSHandler: Signature: unknown key
> > identification; ne
> >
> > sted exception is:
> >
> > org.apache.ws.security.WSSecurityException:
> > WSHandler: Signature: unknow
> >
> > n key identification
> >
> > at
> > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> >
> > java:255)
> >
> > at
> > org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
> >
> > r.java:82)
> >
> > at
> > org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> >
> > at
> > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
> >
> > at
> > org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
> >
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
> >
> > peration.java:328)
> >
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
> >
> > isOperation.java:279)
> >
> > at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> >
> > 457)
> >
> > at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> >
> > 399)
> >
> > at
> > sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
> >
> > va:60)
> >
> > Caused by: org.apache.ws.security.WSSecurityException:
> > WSHandler: Signature: unk
> >
> > nown key identification
> >
> > at
> > org.apache.ws.security.handler.WSHandler.decodeSignatureParameter(WSH
> >
> > andler.java:397)
> >
> > at
> > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
> >
> > a:124)
> >
> > at
> > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> >
> > java:181)
> >
> > ... 9 more
> >
> >
> >
> > << End of Error Message >>
> >
> >
> >
> > From error it looks like I am not giving correct
"signatureKeyIdentifier"
> in
> > axis2.xml. As per the document, I came to know that value of
> > "signatureKeyIdentifier" should be IssuerSerial number so I assigned
CA's
> > serial number to this tag but it did no work?
> >
> > Can anyone figure it out where I am going wrong?
> >
> >
> >
> > Best Regards,
> > Shyam Shukla
> >
> >
> >
> > DISCLAIMER ========== This e-mail may contain privileged and
> confidential
> > information which is the property of Persistent Systems Pvt. Ltd. It is
> > intended only for the use of the individual or entity to which it is
> > addressed. If you are not the intended recipient, you are not authorized
> to
> > read, retain, copy, print, distribute or use this message. If you have
> > received this communication in error, please notify the sender and
delete
> > all copies of this message. Persistent Systems Pvt. Ltd. does not accept
> any
> > liability for virus infected mails.
>
>
> --
> www.ruchith.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Pvt. Ltd. It is intended only for the use
of the individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in
error, please notify the sender and delete all copies of this message.
Persistent Systems Pvt. Ltd. does not accept any liability for virus
infected mails.
>
--
www.ruchith.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Yes Ruchith I've specified correct private key password i.e. "security" in
callback handler class.
Find below the code snippet of callback handler class.
<< Start of Code >>
public class PWCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
// set the password given a username
if
("wss4jclient".equalsIgnoreCase(pc.getIdentifer().trim())) {
pc.setPassword("security");
}
} else {
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
}
}
}
}
<< End of Code >>
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Tuesday, July 18, 2006 12:24 PM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Hi,
Did you specify the private key password properly in your password
callback handler class?
Thanks,
Ruchith
On 7/18/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Thanks Ruchith,
>
> I used "IssuerSerial" for signatureKeyIdentifier tag in axis2.xml and
> verified the alias of the private key in my keystore which was same as I
> have defined in <user> tag in axis2.xml.
> Now I am getting following error:
>
> << Start of Error >>
>
> org.apache.axis2.AxisFault: WSHandler: Signature: error during message
> procesing
> org.apache.ws.security.WSSecurityException: Signature creation failed;
> nested ex
> ception is:
> java.security.UnrecoverableKeyException: Cannot recover key;
nested
> exce
> ption is:
> org.apache.ws.security.WSSecurityException: WSHandler: Signature:
> error
> during message procesingorg.apache.ws.security.WSSecurityException:
> Signature cr
> eation failed; nested exception is:
> java.security.UnrecoverableKeyException: Cannot recover key
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> java:255)
> at
> org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
> r.java:82)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
> peration.java:328)
> at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
> isOperation.java:279)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> 457)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> 399)
> at
> sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
> va:60)
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
Signature:
> err
> or during message procesingorg.apache.ws.security.WSSecurityException:
> Signature
> creation failed; nested exception is:
> java.security.UnrecoverableKeyException: Cannot recover key
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction
> .java:57)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
> a:191)
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> java:181)
> ... 9 more
>
> << End of Error >>
>
> The relevant section of code from axis2.xml that I am using is as below:
>
> << Start of axis2.xml snippet >>
>
> <!-- Engage the addressing module -->
> <module ref="addressing"/>
>
> <!-- Engage the security module -->
> <module ref="rampart"/>
>
> <!-- Test with addressing and MTOM: Client's Configuration:START-->
>
> <parameter name="OutflowSecurity">
> <action>
> <items>Timestamp Signature</items>
> <user>wss4jclient</user>
>
> <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
> <signaturePropFile>cryptoSender.properties</signaturePropFile>
> <signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
>
>
<signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{
>
http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/200
>
5/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/o
> asis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
>
>
>
<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimi
> zeParts>
> </action>
> </parameter>
>
> <parameter name="InflowSecurity">
> <action>
> <items>Timestamp Signature</items>
>
> <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
> <signaturePropFile>cryptoSender.properties</signaturePropFile>
> </action>
> </parameter>
>
> << End of axis2.xml snippet >>
>
> Please also find below the contents of my keystore file:
>
> << Start of wss4jClient.jks file >>
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 2 entries
>
> Alias name: wss4jca
> Creation date: Jun 26, 2006
> Entry type: trustedCertEntry
>
> Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Persi
> stent Systems, L=Pune, ST=Mah, C=IN
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: f15acfb74d13af3c
> Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
> GMT+05
> :30 2016
> Certificate fingerprints:
> MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
> SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
>
>
> *******************************************
> *******************************************
>
>
> Alias name: wss4jclient
> Creation date: Jun 26, 2006
> Entry type: keyEntry
> Certificate chain length: 2
> Certificate[1]:
> Owner: CN=wss4j client, OU=technical, O=Persistent Systems, L=Pune,
ST=Mah,
> C=IN
>
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: 2
> Valid from: Mon Jun 26 17:01:47 GMT+05:30 2006 until: Tue Jun 26 17:01:47
> GMT+05
> :30 2007
> Certificate fingerprints:
> MD5: 3E:1C:C9:44:F0:17:64:40:8D:81:2B:87:4E:21:91:81
> SHA1: 70:BC:F1:EF:72:81:0A:69:50:03:00:7C:9F:AB:33:B0:EC:1D:F0:F6
> Certificate[2]:
> Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Persi
> stent Systems, L=Pune, ST=Mah, C=IN
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: f15acfb74d13af3c
> Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
> GMT+05
> :30 2016
> Certificate fingerprints:
> MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
> SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
>
>
> *******************************************
> *******************************************
>
> << End of wss4jClient.jks file >>
>
> And contents of cryptoSender.properties file are as below:
>
>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
> pto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=security
> org.apache.ws.security.crypto.merlin.file=wss4jClient.jks
>
> Please let me know what's going wrong??
>
> Best Regards,
> Shyam Shukla
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Tuesday, July 18, 2006 10:30 AM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Hi ,
>
> Please try using any of the following values for the
> "signatureKeyIdentifier":
>
> DirectReference
> IssuerSerial
> X509KeyIdentifier
> SKIKeyIdentifier
> Thumbprint
>
> These are different ways of referencing the signature key.
>
> The value of the "user" is the alias of the private key used for
> signature and wss4j will extract and set the required key reference
> info appropriately. Therefore you DON'T have to specify the value.
>
> Thanks,
> Ruchith
>
> On 7/17/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> >
> >
> >
> >
> > Hi All,
> >
> >
> >
> > I am working with axis2 1.0 and wss4j 1.5 to implement WS-Security
feature
> > supported by this architecture.
> >
> > I am using rampart module to sign the soap messages.
> >
> > Now when I invoke a web service I get the following error message:
> >
> >
> >
> > << Start of Error Message>>
> >
> >
> >
> > org.apache.axis2.AxisFault: WSHandler: Signature: unknown key
> > identification; ne
> >
> > sted exception is:
> >
> > org.apache.ws.security.WSSecurityException:
> > WSHandler: Signature: unknow
> >
> > n key identification
> >
> > at
> > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> >
> > java:255)
> >
> > at
> > org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
> >
> > r.java:82)
> >
> > at
> > org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> >
> > at
> > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
> >
> > at
> > org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
> >
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
> >
> > peration.java:328)
> >
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
> >
> > isOperation.java:279)
> >
> > at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> >
> > 457)
> >
> > at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> >
> > 399)
> >
> > at
> > sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
> >
> > va:60)
> >
> > Caused by: org.apache.ws.security.WSSecurityException:
> > WSHandler: Signature: unk
> >
> > nown key identification
> >
> > at
> > org.apache.ws.security.handler.WSHandler.decodeSignatureParameter(WSH
> >
> > andler.java:397)
> >
> > at
> > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
> >
> > a:124)
> >
> > at
> > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> >
> > java:181)
> >
> > ... 9 more
> >
> >
> >
> > << End of Error Message >>
> >
> >
> >
> > From error it looks like I am not giving correct
"signatureKeyIdentifier"
> in
> > axis2.xml. As per the document, I came to know that value of
> > "signatureKeyIdentifier" should be IssuerSerial number so I assigned
CA's
> > serial number to this tag but it did no work?
> >
> > Can anyone figure it out where I am going wrong?
> >
> >
> >
> > Best Regards,
> > Shyam Shukla
> >
> >
> >
> > DISCLAIMER ========== This e-mail may contain privileged and
> confidential
> > information which is the property of Persistent Systems Pvt. Ltd. It is
> > intended only for the use of the individual or entity to which it is
> > addressed. If you are not the intended recipient, you are not authorized
> to
> > read, retain, copy, print, distribute or use this message. If you have
> > received this communication in error, please notify the sender and
delete
> > all copies of this message. Persistent Systems Pvt. Ltd. does not accept
> any
> > liability for virus infected mails.
>
>
> --
> www.ruchith.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Pvt. Ltd. It is intended only for the use
of the individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in
error, please notify the sender and delete all copies of this message.
Persistent Systems Pvt. Ltd. does not accept any liability for virus
infected mails.
>
--
www.ruchith.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
Did you specify the private key password properly in your password
callback handler class?
Thanks,
Ruchith
On 7/18/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Thanks Ruchith,
>
> I used "IssuerSerial" for signatureKeyIdentifier tag in axis2.xml and
> verified the alias of the private key in my keystore which was same as I
> have defined in <user> tag in axis2.xml.
> Now I am getting following error:
>
> << Start of Error >>
>
> org.apache.axis2.AxisFault: WSHandler: Signature: error during message
> procesing
> org.apache.ws.security.WSSecurityException: Signature creation failed;
> nested ex
> ception is:
> java.security.UnrecoverableKeyException: Cannot recover key; nested
> exce
> ption is:
> org.apache.ws.security.WSSecurityException: WSHandler: Signature:
> error
> during message procesingorg.apache.ws.security.WSSecurityException:
> Signature cr
> eation failed; nested exception is:
> java.security.UnrecoverableKeyException: Cannot recover key
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> java:255)
> at
> org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
> r.java:82)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
> peration.java:328)
> at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
> isOperation.java:279)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> 457)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> 399)
> at
> sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
> va:60)
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature:
> err
> or during message procesingorg.apache.ws.security.WSSecurityException:
> Signature
> creation failed; nested exception is:
> java.security.UnrecoverableKeyException: Cannot recover key
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction
> .java:57)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
> a:191)
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> java:181)
> ... 9 more
>
> << End of Error >>
>
> The relevant section of code from axis2.xml that I am using is as below:
>
> << Start of axis2.xml snippet >>
>
> <!-- Engage the addressing module -->
> <module ref="addressing"/>
>
> <!-- Engage the security module -->
> <module ref="rampart"/>
>
> <!-- Test with addressing and MTOM: Client's Configuration:START-->
>
> <parameter name="OutflowSecurity">
> <action>
> <items>Timestamp Signature</items>
> <user>wss4jclient</user>
>
> <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
> <signaturePropFile>cryptoSender.properties</signaturePropFile>
> <signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
>
> <signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{
> http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/200
> 5/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/o
> asis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
>
>
> <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimi
> zeParts>
> </action>
> </parameter>
>
> <parameter name="InflowSecurity">
> <action>
> <items>Timestamp Signature</items>
>
> <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
> <signaturePropFile>cryptoSender.properties</signaturePropFile>
> </action>
> </parameter>
>
> << End of axis2.xml snippet >>
>
> Please also find below the contents of my keystore file:
>
> << Start of wss4jClient.jks file >>
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 2 entries
>
> Alias name: wss4jca
> Creation date: Jun 26, 2006
> Entry type: trustedCertEntry
>
> Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Persi
> stent Systems, L=Pune, ST=Mah, C=IN
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: f15acfb74d13af3c
> Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
> GMT+05
> :30 2016
> Certificate fingerprints:
> MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
> SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
>
>
> *******************************************
> *******************************************
>
>
> Alias name: wss4jclient
> Creation date: Jun 26, 2006
> Entry type: keyEntry
> Certificate chain length: 2
> Certificate[1]:
> Owner: CN=wss4j client, OU=technical, O=Persistent Systems, L=Pune, ST=Mah,
> C=IN
>
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: 2
> Valid from: Mon Jun 26 17:01:47 GMT+05:30 2006 until: Tue Jun 26 17:01:47
> GMT+05
> :30 2007
> Certificate fingerprints:
> MD5: 3E:1C:C9:44:F0:17:64:40:8D:81:2B:87:4E:21:91:81
> SHA1: 70:BC:F1:EF:72:81:0A:69:50:03:00:7C:9F:AB:33:B0:EC:1D:F0:F6
> Certificate[2]:
> Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Persi
> stent Systems, L=Pune, ST=Mah, C=IN
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: f15acfb74d13af3c
> Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
> GMT+05
> :30 2016
> Certificate fingerprints:
> MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
> SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
>
>
> *******************************************
> *******************************************
>
> << End of wss4jClient.jks file >>
>
> And contents of cryptoSender.properties file are as below:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
> pto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=security
> org.apache.ws.security.crypto.merlin.file=wss4jClient.jks
>
> Please let me know what's going wrong??
>
> Best Regards,
> Shyam Shukla
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Tuesday, July 18, 2006 10:30 AM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Hi ,
>
> Please try using any of the following values for the
> "signatureKeyIdentifier":
>
> DirectReference
> IssuerSerial
> X509KeyIdentifier
> SKIKeyIdentifier
> Thumbprint
>
> These are different ways of referencing the signature key.
>
> The value of the "user" is the alias of the private key used for
> signature and wss4j will extract and set the required key reference
> info appropriately. Therefore you DON'T have to specify the value.
>
> Thanks,
> Ruchith
>
> On 7/17/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> >
> >
> >
> >
> > Hi All,
> >
> >
> >
> > I am working with axis2 1.0 and wss4j 1.5 to implement WS-Security feature
> > supported by this architecture.
> >
> > I am using rampart module to sign the soap messages.
> >
> > Now when I invoke a web service I get the following error message:
> >
> >
> >
> > << Start of Error Message>>
> >
> >
> >
> > org.apache.axis2.AxisFault: WSHandler: Signature: unknown key
> > identification; ne
> >
> > sted exception is:
> >
> > org.apache.ws.security.WSSecurityException:
> > WSHandler: Signature: unknow
> >
> > n key identification
> >
> > at
> > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> >
> > java:255)
> >
> > at
> > org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
> >
> > r.java:82)
> >
> > at
> > org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> >
> > at
> > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
> >
> > at
> > org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
> >
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
> >
> > peration.java:328)
> >
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
> >
> > isOperation.java:279)
> >
> > at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> >
> > 457)
> >
> > at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> >
> > 399)
> >
> > at
> > sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
> >
> > va:60)
> >
> > Caused by: org.apache.ws.security.WSSecurityException:
> > WSHandler: Signature: unk
> >
> > nown key identification
> >
> > at
> > org.apache.ws.security.handler.WSHandler.decodeSignatureParameter(WSH
> >
> > andler.java:397)
> >
> > at
> > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
> >
> > a:124)
> >
> > at
> > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> >
> > java:181)
> >
> > ... 9 more
> >
> >
> >
> > << End of Error Message >>
> >
> >
> >
> > From error it looks like I am not giving correct "signatureKeyIdentifier"
> in
> > axis2.xml. As per the document, I came to know that value of
> > "signatureKeyIdentifier" should be IssuerSerial number so I assigned CA's
> > serial number to this tag but it did no work?
> >
> > Can anyone figure it out where I am going wrong?
> >
> >
> >
> > Best Regards,
> > Shyam Shukla
> >
> >
> >
> > DISCLAIMER ========== This e-mail may contain privileged and
> confidential
> > information which is the property of Persistent Systems Pvt. Ltd. It is
> > intended only for the use of the individual or entity to which it is
> > addressed. If you are not the intended recipient, you are not authorized
> to
> > read, retain, copy, print, distribute or use this message. If you have
> > received this communication in error, please notify the sender and delete
> > all copies of this message. Persistent Systems Pvt. Ltd. does not accept
> any
> > liability for virus infected mails.
>
>
> --
> www.ruchith.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
Did you specify the private key password properly in your password
callback handler class?
Thanks,
Ruchith
On 7/18/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> Thanks Ruchith,
>
> I used "IssuerSerial" for signatureKeyIdentifier tag in axis2.xml and
> verified the alias of the private key in my keystore which was same as I
> have defined in <user> tag in axis2.xml.
> Now I am getting following error:
>
> << Start of Error >>
>
> org.apache.axis2.AxisFault: WSHandler: Signature: error during message
> procesing
> org.apache.ws.security.WSSecurityException: Signature creation failed;
> nested ex
> ception is:
> java.security.UnrecoverableKeyException: Cannot recover key; nested
> exce
> ption is:
> org.apache.ws.security.WSSecurityException: WSHandler: Signature:
> error
> during message procesingorg.apache.ws.security.WSSecurityException:
> Signature cr
> eation failed; nested exception is:
> java.security.UnrecoverableKeyException: Cannot recover key
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> java:255)
> at
> org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
> r.java:82)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
> peration.java:328)
> at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
> isOperation.java:279)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> 457)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> 399)
> at
> sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
> va:60)
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature:
> err
> or during message procesingorg.apache.ws.security.WSSecurityException:
> Signature
> creation failed; nested exception is:
> java.security.UnrecoverableKeyException: Cannot recover key
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction
> .java:57)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
> a:191)
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> java:181)
> ... 9 more
>
> << End of Error >>
>
> The relevant section of code from axis2.xml that I am using is as below:
>
> << Start of axis2.xml snippet >>
>
> <!-- Engage the addressing module -->
> <module ref="addressing"/>
>
> <!-- Engage the security module -->
> <module ref="rampart"/>
>
> <!-- Test with addressing and MTOM: Client's Configuration:START-->
>
> <parameter name="OutflowSecurity">
> <action>
> <items>Timestamp Signature</items>
> <user>wss4jclient</user>
>
> <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
> <signaturePropFile>cryptoSender.properties</signaturePropFile>
> <signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
>
> <signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{
> http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/200
> 5/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/o
> asis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
>
>
> <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimi
> zeParts>
> </action>
> </parameter>
>
> <parameter name="InflowSecurity">
> <action>
> <items>Timestamp Signature</items>
>
> <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
> <signaturePropFile>cryptoSender.properties</signaturePropFile>
> </action>
> </parameter>
>
> << End of axis2.xml snippet >>
>
> Please also find below the contents of my keystore file:
>
> << Start of wss4jClient.jks file >>
>
> Keystore type: jks
> Keystore provider: SUN
>
> Your keystore contains 2 entries
>
> Alias name: wss4jca
> Creation date: Jun 26, 2006
> Entry type: trustedCertEntry
>
> Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Persi
> stent Systems, L=Pune, ST=Mah, C=IN
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: f15acfb74d13af3c
> Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
> GMT+05
> :30 2016
> Certificate fingerprints:
> MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
> SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
>
>
> *******************************************
> *******************************************
>
>
> Alias name: wss4jclient
> Creation date: Jun 26, 2006
> Entry type: keyEntry
> Certificate chain length: 2
> Certificate[1]:
> Owner: CN=wss4j client, OU=technical, O=Persistent Systems, L=Pune, ST=Mah,
> C=IN
>
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: 2
> Valid from: Mon Jun 26 17:01:47 GMT+05:30 2006 until: Tue Jun 26 17:01:47
> GMT+05
> :30 2007
> Certificate fingerprints:
> MD5: 3E:1C:C9:44:F0:17:64:40:8D:81:2B:87:4E:21:91:81
> SHA1: 70:BC:F1:EF:72:81:0A:69:50:03:00:7C:9F:AB:33:B0:EC:1D:F0:F6
> Certificate[2]:
> Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Persi
> stent Systems, L=Pune, ST=Mah, C=IN
> Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
> O=Pers
> istent Systems, L=Pune, ST=Mah, C=IN
> Serial number: f15acfb74d13af3c
> Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
> GMT+05
> :30 2016
> Certificate fingerprints:
> MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
> SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
>
>
> *******************************************
> *******************************************
>
> << End of wss4jClient.jks file >>
>
> And contents of cryptoSender.properties file are as below:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
> pto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=security
> org.apache.ws.security.crypto.merlin.file=wss4jClient.jks
>
> Please let me know what's going wrong??
>
> Best Regards,
> Shyam Shukla
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Tuesday, July 18, 2006 10:30 AM
> To: Shyam Shukla
> Cc: wss4j-dev@ws.apache.org
> Subject: Re: WSHandler: Signature: unknown key identification
>
> Hi ,
>
> Please try using any of the following values for the
> "signatureKeyIdentifier":
>
> DirectReference
> IssuerSerial
> X509KeyIdentifier
> SKIKeyIdentifier
> Thumbprint
>
> These are different ways of referencing the signature key.
>
> The value of the "user" is the alias of the private key used for
> signature and wss4j will extract and set the required key reference
> info appropriately. Therefore you DON'T have to specify the value.
>
> Thanks,
> Ruchith
>
> On 7/17/06, Shyam Shukla <sh...@persistent.co.in> wrote:
> >
> >
> >
> >
> > Hi All,
> >
> >
> >
> > I am working with axis2 1.0 and wss4j 1.5 to implement WS-Security feature
> > supported by this architecture.
> >
> > I am using rampart module to sign the soap messages.
> >
> > Now when I invoke a web service I get the following error message:
> >
> >
> >
> > << Start of Error Message>>
> >
> >
> >
> > org.apache.axis2.AxisFault: WSHandler: Signature: unknown key
> > identification; ne
> >
> > sted exception is:
> >
> > org.apache.ws.security.WSSecurityException:
> > WSHandler: Signature: unknow
> >
> > n key identification
> >
> > at
> > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> >
> > java:255)
> >
> > at
> > org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
> >
> > r.java:82)
> >
> > at
> > org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> >
> > at
> > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
> >
> > at
> > org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
> >
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
> >
> > peration.java:328)
> >
> > at
> > org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
> >
> > isOperation.java:279)
> >
> > at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> >
> > 457)
> >
> > at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
> >
> > 399)
> >
> > at
> > sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
> >
> > va:60)
> >
> > Caused by: org.apache.ws.security.WSSecurityException:
> > WSHandler: Signature: unk
> >
> > nown key identification
> >
> > at
> > org.apache.ws.security.handler.WSHandler.decodeSignatureParameter(WSH
> >
> > andler.java:397)
> >
> > at
> > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
> >
> > a:124)
> >
> > at
> > org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
> >
> > java:181)
> >
> > ... 9 more
> >
> >
> >
> > << End of Error Message >>
> >
> >
> >
> > From error it looks like I am not giving correct "signatureKeyIdentifier"
> in
> > axis2.xml. As per the document, I came to know that value of
> > "signatureKeyIdentifier" should be IssuerSerial number so I assigned CA's
> > serial number to this tag but it did no work?
> >
> > Can anyone figure it out where I am going wrong?
> >
> >
> >
> > Best Regards,
> > Shyam Shukla
> >
> >
> >
> > DISCLAIMER ========== This e-mail may contain privileged and
> confidential
> > information which is the property of Persistent Systems Pvt. Ltd. It is
> > intended only for the use of the individual or entity to which it is
> > addressed. If you are not the intended recipient, you are not authorized
> to
> > read, retain, copy, print, distribute or use this message. If you have
> > received this communication in error, please notify the sender and delete
> > all copies of this message. Persistent Systems Pvt. Ltd. does not accept
> any
> > liability for virus infected mails.
>
>
> --
> www.ruchith.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Thanks Ruchith,
I used "IssuerSerial" for signatureKeyIdentifier tag in axis2.xml and
verified the alias of the private key in my keystore which was same as I
have defined in <user> tag in axis2.xml.
Now I am getting following error:
<< Start of Error >>
org.apache.axis2.AxisFault: WSHandler: Signature: error during message
procesing
org.apache.ws.security.WSSecurityException: Signature creation failed;
nested ex
ception is:
java.security.UnrecoverableKeyException: Cannot recover key; nested
exce
ption is:
org.apache.ws.security.WSSecurityException: WSHandler: Signature:
error
during message procesingorg.apache.ws.security.WSSecurityException:
Signature cr
eation failed; nested exception is:
java.security.UnrecoverableKeyException: Cannot recover key
at
org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
java:255)
at
org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
r.java:82)
at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
peration.java:328)
at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
isOperation.java:279)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
457)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
399)
at
sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
va:60)
Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature:
err
or during message procesingorg.apache.ws.security.WSSecurityException:
Signature
creation failed; nested exception is:
java.security.UnrecoverableKeyException: Cannot recover key
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction
.java:57)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
a:191)
at
org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
java:181)
... 9 more
<< End of Error >>
The relevant section of code from axis2.xml that I am using is as below:
<< Start of axis2.xml snippet >>
<!-- Engage the addressing module -->
<module ref="addressing"/>
<!-- Engage the security module -->
<module ref="rampart"/>
<!-- Test with addressing and MTOM: Client's Configuration:START-->
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature</items>
<user>wss4jclient</user>
<passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
<signaturePropFile>cryptoSender.properties</signaturePropFile>
<signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
<signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{
http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/200
5/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/o
asis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimi
zeParts>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature</items>
<passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
<signaturePropFile>cryptoSender.properties</signaturePropFile>
</action>
</parameter>
<< End of axis2.xml snippet >>
Please also find below the contents of my keystore file:
<< Start of wss4jClient.jks file >>
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: wss4jca
Creation date: Jun 26, 2006
Entry type: trustedCertEntry
Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
O=Persi
stent Systems, L=Pune, ST=Mah, C=IN
Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
O=Pers
istent Systems, L=Pune, ST=Mah, C=IN
Serial number: f15acfb74d13af3c
Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
GMT+05
:30 2016
Certificate fingerprints:
MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
*******************************************
*******************************************
Alias name: wss4jclient
Creation date: Jun 26, 2006
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=wss4j client, OU=technical, O=Persistent Systems, L=Pune, ST=Mah,
C=IN
Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
O=Pers
istent Systems, L=Pune, ST=Mah, C=IN
Serial number: 2
Valid from: Mon Jun 26 17:01:47 GMT+05:30 2006 until: Tue Jun 26 17:01:47
GMT+05
:30 2007
Certificate fingerprints:
MD5: 3E:1C:C9:44:F0:17:64:40:8D:81:2B:87:4E:21:91:81
SHA1: 70:BC:F1:EF:72:81:0A:69:50:03:00:7C:9F:AB:33:B0:EC:1D:F0:F6
Certificate[2]:
Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
O=Persi
stent Systems, L=Pune, ST=Mah, C=IN
Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
O=Pers
istent Systems, L=Pune, ST=Mah, C=IN
Serial number: f15acfb74d13af3c
Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
GMT+05
:30 2016
Certificate fingerprints:
MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
*******************************************
*******************************************
<< End of wss4jClient.jks file >>
And contents of cryptoSender.properties file are as below:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.file=wss4jClient.jks
Please let me know what's going wrong??
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Tuesday, July 18, 2006 10:30 AM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Hi ,
Please try using any of the following values for the
"signatureKeyIdentifier":
DirectReference
IssuerSerial
X509KeyIdentifier
SKIKeyIdentifier
Thumbprint
These are different ways of referencing the signature key.
The value of the "user" is the alias of the private key used for
signature and wss4j will extract and set the required key reference
info appropriately. Therefore you DON'T have to specify the value.
Thanks,
Ruchith
On 7/17/06, Shyam Shukla <sh...@persistent.co.in> wrote:
>
>
>
>
> Hi All,
>
>
>
> I am working with axis2 1.0 and wss4j 1.5 to implement WS-Security feature
> supported by this architecture.
>
> I am using rampart module to sign the soap messages.
>
> Now when I invoke a web service I get the following error message:
>
>
>
> << Start of Error Message>>
>
>
>
> org.apache.axis2.AxisFault: WSHandler: Signature: unknown key
> identification; ne
>
> sted exception is:
>
> org.apache.ws.security.WSSecurityException:
> WSHandler: Signature: unknow
>
> n key identification
>
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
>
> java:255)
>
> at
> org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
>
> r.java:82)
>
> at
> org.apache.axis2.engine.Phase.invoke(Phase.java:381)
>
> at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
>
> at
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
>
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
>
> peration.java:328)
>
> at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
>
> isOperation.java:279)
>
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
>
> 457)
>
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
>
> 399)
>
> at
> sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
>
> va:60)
>
> Caused by: org.apache.ws.security.WSSecurityException:
> WSHandler: Signature: unk
>
> nown key identification
>
> at
> org.apache.ws.security.handler.WSHandler.decodeSignatureParameter(WSH
>
> andler.java:397)
>
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
>
> a:124)
>
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
>
> java:181)
>
> ... 9 more
>
>
>
> << End of Error Message >>
>
>
>
> From error it looks like I am not giving correct "signatureKeyIdentifier"
in
> axis2.xml. As per the document, I came to know that value of
> "signatureKeyIdentifier" should be IssuerSerial number so I assigned CA's
> serial number to this tag but it did no work?
>
> Can anyone figure it out where I am going wrong?
>
>
>
> Best Regards,
> Shyam Shukla
>
>
>
> DISCLAIMER ========== This e-mail may contain privileged and
confidential
> information which is the property of Persistent Systems Pvt. Ltd. It is
> intended only for the use of the individual or entity to which it is
> addressed. If you are not the intended recipient, you are not authorized
to
> read, retain, copy, print, distribute or use this message. If you have
> received this communication in error, please notify the sender and delete
> all copies of this message. Persistent Systems Pvt. Ltd. does not accept
any
> liability for virus infected mails.
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSHandler: Signature: unknown key identification
Posted by Shyam Shukla <sh...@persistent.co.in>.
Thanks Ruchith,
I used "IssuerSerial" for signatureKeyIdentifier tag in axis2.xml and
verified the alias of the private key in my keystore which was same as I
have defined in <user> tag in axis2.xml.
Now I am getting following error:
<< Start of Error >>
org.apache.axis2.AxisFault: WSHandler: Signature: error during message
procesing
org.apache.ws.security.WSSecurityException: Signature creation failed;
nested ex
ception is:
java.security.UnrecoverableKeyException: Cannot recover key; nested
exce
ption is:
org.apache.ws.security.WSSecurityException: WSHandler: Signature:
error
during message procesingorg.apache.ws.security.WSSecurityException:
Signature cr
eation failed; nested exception is:
java.security.UnrecoverableKeyException: Cannot recover key
at
org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
java:255)
at
org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
r.java:82)
at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
peration.java:328)
at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
isOperation.java:279)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
457)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
399)
at
sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
va:60)
Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature:
err
or during message procesingorg.apache.ws.security.WSSecurityException:
Signature
creation failed; nested exception is:
java.security.UnrecoverableKeyException: Cannot recover key
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction
.java:57)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
a:191)
at
org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
java:181)
... 9 more
<< End of Error >>
The relevant section of code from axis2.xml that I am using is as below:
<< Start of axis2.xml snippet >>
<!-- Engage the addressing module -->
<module ref="addressing"/>
<!-- Engage the security module -->
<module ref="rampart"/>
<!-- Test with addressing and MTOM: Client's Configuration:START-->
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature</items>
<user>wss4jclient</user>
<passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
<signaturePropFile>cryptoSender.properties</signaturePropFile>
<signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
<signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{
http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/200
5/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/o
asis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimi
zeParts>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature</items>
<passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass>
<signaturePropFile>cryptoSender.properties</signaturePropFile>
</action>
</parameter>
<< End of axis2.xml snippet >>
Please also find below the contents of my keystore file:
<< Start of wss4jClient.jks file >>
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: wss4jca
Creation date: Jun 26, 2006
Entry type: trustedCertEntry
Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
O=Persi
stent Systems, L=Pune, ST=Mah, C=IN
Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
O=Pers
istent Systems, L=Pune, ST=Mah, C=IN
Serial number: f15acfb74d13af3c
Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
GMT+05
:30 2016
Certificate fingerprints:
MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
*******************************************
*******************************************
Alias name: wss4jclient
Creation date: Jun 26, 2006
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=wss4j client, OU=technical, O=Persistent Systems, L=Pune, ST=Mah,
C=IN
Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
O=Pers
istent Systems, L=Pune, ST=Mah, C=IN
Serial number: 2
Valid from: Mon Jun 26 17:01:47 GMT+05:30 2006 until: Tue Jun 26 17:01:47
GMT+05
:30 2007
Certificate fingerprints:
MD5: 3E:1C:C9:44:F0:17:64:40:8D:81:2B:87:4E:21:91:81
SHA1: 70:BC:F1:EF:72:81:0A:69:50:03:00:7C:9F:AB:33:B0:EC:1D:F0:F6
Certificate[2]:
Owner: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
O=Persi
stent Systems, L=Pune, ST=Mah, C=IN
Issuer: EMAILADDRESS=ws4j_ca@persistent.co.in, CN=wss4j ca, OU=Technical,
O=Pers
istent Systems, L=Pune, ST=Mah, C=IN
Serial number: f15acfb74d13af3c
Valid from: Mon Jun 26 16:44:53 GMT+05:30 2006 until: Thu Jun 23 16:44:53
GMT+05
:30 2016
Certificate fingerprints:
MD5: 7A:30:CC:FC:7A:0D:63:EC:61:6D:4D:23:19:40:07:2A
SHA1: 06:D5:CE:C3:B3:52:D3:BC:DA:D9:B0:0E:5A:4F:3C:05:28:FD:95:C5
*******************************************
*******************************************
<< End of wss4jClient.jks file >>
And contents of cryptoSender.properties file are as below:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.file=wss4jClient.jks
Please let me know what's going wrong??
Best Regards,
Shyam Shukla
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Tuesday, July 18, 2006 10:30 AM
To: Shyam Shukla
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSHandler: Signature: unknown key identification
Hi ,
Please try using any of the following values for the
"signatureKeyIdentifier":
DirectReference
IssuerSerial
X509KeyIdentifier
SKIKeyIdentifier
Thumbprint
These are different ways of referencing the signature key.
The value of the "user" is the alias of the private key used for
signature and wss4j will extract and set the required key reference
info appropriately. Therefore you DON'T have to specify the value.
Thanks,
Ruchith
On 7/17/06, Shyam Shukla <sh...@persistent.co.in> wrote:
>
>
>
>
> Hi All,
>
>
>
> I am working with axis2 1.0 and wss4j 1.5 to implement WS-Security feature
> supported by this architecture.
>
> I am using rampart module to sign the soap messages.
>
> Now when I invoke a web service I get the following error message:
>
>
>
> << Start of Error Message>>
>
>
>
> org.apache.axis2.AxisFault: WSHandler: Signature: unknown key
> identification; ne
>
> sted exception is:
>
> org.apache.ws.security.WSSecurityException:
> WSHandler: Signature: unknow
>
> n key identification
>
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
>
> java:255)
>
> at
> org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
>
> r.java:82)
>
> at
> org.apache.axis2.engine.Phase.invoke(Phase.java:381)
>
> at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
>
> at
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
>
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
>
> peration.java:328)
>
> at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
>
> isOperation.java:279)
>
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
>
> 457)
>
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
>
> 399)
>
> at
> sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
>
> va:60)
>
> Caused by: org.apache.ws.security.WSSecurityException:
> WSHandler: Signature: unk
>
> nown key identification
>
> at
> org.apache.ws.security.handler.WSHandler.decodeSignatureParameter(WSH
>
> andler.java:397)
>
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
>
> a:124)
>
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
>
> java:181)
>
> ... 9 more
>
>
>
> << End of Error Message >>
>
>
>
> From error it looks like I am not giving correct "signatureKeyIdentifier"
in
> axis2.xml. As per the document, I came to know that value of
> "signatureKeyIdentifier" should be IssuerSerial number so I assigned CA's
> serial number to this tag but it did no work?
>
> Can anyone figure it out where I am going wrong?
>
>
>
> Best Regards,
> Shyam Shukla
>
>
>
> DISCLAIMER ========== This e-mail may contain privileged and
confidential
> information which is the property of Persistent Systems Pvt. Ltd. It is
> intended only for the use of the individual or entity to which it is
> addressed. If you are not the intended recipient, you are not authorized
to
> read, retain, copy, print, distribute or use this message. If you have
> received this communication in error, please notify the sender and delete
> all copies of this message. Persistent Systems Pvt. Ltd. does not accept
any
> liability for virus infected mails.
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi ,
Please try using any of the following values for the "signatureKeyIdentifier":
DirectReference
IssuerSerial
X509KeyIdentifier
SKIKeyIdentifier
Thumbprint
These are different ways of referencing the signature key.
The value of the "user" is the alias of the private key used for
signature and wss4j will extract and set the required key reference
info appropriately. Therefore you DON'T have to specify the value.
Thanks,
Ruchith
On 7/17/06, Shyam Shukla <sh...@persistent.co.in> wrote:
>
>
>
>
> Hi All,
>
>
>
> I am working with axis2 1.0 and wss4j 1.5 to implement WS-Security feature
> supported by this architecture.
>
> I am using rampart module to sign the soap messages.
>
> Now when I invoke a web service I get the following error message:
>
>
>
> << Start of Error Message>>
>
>
>
> org.apache.axis2.AxisFault: WSHandler: Signature: unknown key
> identification; ne
>
> sted exception is:
>
> org.apache.ws.security.WSSecurityException:
> WSHandler: Signature: unknow
>
> n key identification
>
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
>
> java:255)
>
> at
> org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
>
> r.java:82)
>
> at
> org.apache.axis2.engine.Phase.invoke(Phase.java:381)
>
> at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
>
> at
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
>
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
>
> peration.java:328)
>
> at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
>
> isOperation.java:279)
>
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
>
> 457)
>
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
>
> 399)
>
> at
> sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
>
> va:60)
>
> Caused by: org.apache.ws.security.WSSecurityException:
> WSHandler: Signature: unk
>
> nown key identification
>
> at
> org.apache.ws.security.handler.WSHandler.decodeSignatureParameter(WSH
>
> andler.java:397)
>
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
>
> a:124)
>
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
>
> java:181)
>
> ... 9 more
>
>
>
> << End of Error Message >>
>
>
>
> From error it looks like I am not giving correct "signatureKeyIdentifier" in
> axis2.xml. As per the document, I came to know that value of
> "signatureKeyIdentifier" should be IssuerSerial number so I assigned CA's
> serial number to this tag but it did no work?
>
> Can anyone figure it out where I am going wrong?
>
>
>
> Best Regards,
> Shyam Shukla
>
>
>
> DISCLAIMER ========== This e-mail may contain privileged and confidential
> information which is the property of Persistent Systems Pvt. Ltd. It is
> intended only for the use of the individual or entity to which it is
> addressed. If you are not the intended recipient, you are not authorized to
> read, retain, copy, print, distribute or use this message. If you have
> received this communication in error, please notify the sender and delete
> all copies of this message. Persistent Systems Pvt. Ltd. does not accept any
> liability for virus infected mails.
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSHandler: Signature: unknown key identification
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi ,
Please try using any of the following values for the "signatureKeyIdentifier":
DirectReference
IssuerSerial
X509KeyIdentifier
SKIKeyIdentifier
Thumbprint
These are different ways of referencing the signature key.
The value of the "user" is the alias of the private key used for
signature and wss4j will extract and set the required key reference
info appropriately. Therefore you DON'T have to specify the value.
Thanks,
Ruchith
On 7/17/06, Shyam Shukla <sh...@persistent.co.in> wrote:
>
>
>
>
> Hi All,
>
>
>
> I am working with axis2 1.0 and wss4j 1.5 to implement WS-Security feature
> supported by this architecture.
>
> I am using rampart module to sign the soap messages.
>
> Now when I invoke a web service I get the following error message:
>
>
>
> << Start of Error Message>>
>
>
>
> org.apache.axis2.AxisFault: WSHandler: Signature: unknown key
> identification; ne
>
> sted exception is:
>
> org.apache.ws.security.WSSecurityException:
> WSHandler: Signature: unknow
>
> n key identification
>
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
>
> java:255)
>
> at
> org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandle
>
> r.java:82)
>
> at
> org.apache.axis2.engine.Phase.invoke(Phase.java:381)
>
> at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
>
> at
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:572)
>
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisO
>
> peration.java:328)
>
> at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
>
> isOperation.java:279)
>
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
>
> 457)
>
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
>
> 399)
>
> at
> sample.security.ClientWebSecurityToken.main(ClientWebSecurityToken.ja
>
> va:60)
>
> Caused by: org.apache.ws.security.WSSecurityException:
> WSHandler: Signature: unk
>
> nown key identification
>
> at
> org.apache.ws.security.handler.WSHandler.decodeSignatureParameter(WSH
>
> andler.java:397)
>
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.jav
>
> a:124)
>
> at
> org.apache.axis2.security.WSDoAllSender.processMessage(WSDoAllSender.
>
> java:181)
>
> ... 9 more
>
>
>
> << End of Error Message >>
>
>
>
> From error it looks like I am not giving correct "signatureKeyIdentifier" in
> axis2.xml. As per the document, I came to know that value of
> "signatureKeyIdentifier" should be IssuerSerial number so I assigned CA's
> serial number to this tag but it did no work?
>
> Can anyone figure it out where I am going wrong?
>
>
>
> Best Regards,
> Shyam Shukla
>
>
>
> DISCLAIMER ========== This e-mail may contain privileged and confidential
> information which is the property of Persistent Systems Pvt. Ltd. It is
> intended only for the use of the individual or entity to which it is
> addressed. If you are not the intended recipient, you are not authorized to
> read, retain, copy, print, distribute or use this message. If you have
> received this communication in error, please notify the sender and delete
> all copies of this message. Persistent Systems Pvt. Ltd. does not accept any
> liability for virus infected mails.
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org