You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Kaushalye Kapuruge <ka...@wso2.com> on 2007/09/20 17:20:40 UTC
Re: [wsf-php-user] signature and encryption
Hi Shams,
Have you resolved the issue setting up your Java service? Otherwise
there is no point of trying sending client requests.
Can you see the <wsse:Security> header is in the request? Please attach
log and trace of SOAP messages when you post a problem (as there is no
other way we can find the reason). :)
Please find a complete PHP sample here[1].
Cheers,
Kaushalye
[1]http://wso2.org/repos/wso2/trunk/wsf/php/samples/security/complete/
shams jawaid wrote:
> Hi, i am trying to implement sample 03 of rampart 1.3 policy samples
> using wsf php extension and axis2/java 1.3 + rampart 1.3, however i
> get the error:
>
> policy creation failedSoap Fault: Missing wsse:Security header in request
>
> i have just referenced the sample policy file from my php client, and
> used the sample services.xml file as well, and i havent changed
> anything apart from the reference to the PWCBHanlder class.
>
> here is my php client :
>
> <?php
> $reqPayloadString = <<<XML
> <ns1:add
> xmlns:ns1='http://math'><ns1:Param0>1</ns1:Param0><ns1:Param1>1</ns1:Param1>
> </ns1:add>
> XML;
> try {
> $my_cert = ws_get_cert_from_file('alice_cert.cert'); // client side
> certificate( public key)
> $my_key = ws_get_key_from_file('alice_key.pem'); // client side key
> $rec_cert = ws_get_cert_from_file('bob_cert.cert'); // server side
> certificate (public key )
>
> $reqMessage = new WSMessage($reqPayloadString,
> array('to'=>'http://localhost:8181/axis2/services/Math','action' =>
> 'urn:add'));
>
>
> $sec_token = new WSSecurityToken(array('privateKey' => $my_key,
> 'certificate' => $my_cert,
> 'receiverCertificate' => $rec_cert,
> 'ttl'=> 60));
> $policy_xml = file_get_contents('policy.xml');
> $policy = new WSPolicy($policy_xml);
>
>
> $client = new WSClient(array('useWSA' => TRUE,
> 'policy' => $policy,
> 'securityToken' => $sec_token));
>
> $resMessage = $client->request($reqMessage);
>
> printf('Response = %s \n', $resMessage->str);
> } catch (Exception $e) {
> if ($e instanceof WSFault) {
> printf('Soap Fault: %s\n', $e->Reason);
> } else {
> printf('Message = %s\n',$e->getMessage());
> }
> }
> ?>
>
> i have been trying non-stop just to get encryption and signature
> working :(, but i keep getting errors, if anyone has a working sample
> please can i see it? or if anyone knows the reason for this error
> please let me know. thanks
>
> ------------------------------------------------------------------------
> Do you know a place like the back of your hand? Share local knowledge
> with BackOfMyHand.com <http://www.backofmyhand.com>
> ------------------------------------------------------------------------
>
> <service name="Math" scope="application">
> <description>
> MathService
> </description>
>
>
>
> <messageReceivers>
>
> <messageReceiver
> mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>
> <messageReceiver
> mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>
> <messageReceiver
> mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>
> <messageReceiver
> mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
> </messageReceivers>
>
>
>
> <parameter name="ServiceClass">
> math.Math
> </parameter>
>
> <module ref="rampart" />
> <module ref="addressing" />
>
> <wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefIssuerSerial/>
> </wsp:Policy>
> </sp:Wss10>
> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:SignedParts>
> <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:EncryptedParts>
>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>service</ramp:user>
> <ramp:encryptionUser>client</ramp:encryptionUser>
> <ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass>
>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
>
> </service>
> ------------------------------------------------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> !
> ! Copyright 2006 The Apache Software Foundation.
> !
> ! Licensed under the Apache License, Version 2.0 (the "License");
> ! you may not use this file except in compliance with the License.
> ! You may obtain a copy of the License at
> !
> ! http://www.apache.org/licenses/LICENSE-2.0
> !
> ! Unless required by applicable law or agreed to in writing, software
> ! distributed under the License is distributed on an "AS IS" BASIS,
> ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> ! See the License for the specific language governing permissions and
> ! limitations under the License.
> !-->
>
> <wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefIssuerSerial/>
> </wsp:Policy>
> </sp:Wss10>
> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:SignedParts>
> <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:EncryptedParts>
>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>client</ramp:user>
> <ramp:encryptionUser>service</ramp:encryptionUser>
> <ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass>
>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Wsf-php-user mailing list
> Wsf-php-user@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
>
--
http://kaushalye.blogspot.com/
http://wso2.org/