You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Konstantinos Pateras <kp...@googlemail.com> on 2007/03/18 20:44:56 UTC
Cannot encrypt SOAP body
Hi, I am relatively new in web services and security and I am facing a
problem. I have set up Axis2 1.1.1 and Rampart 1.1 and configure it (I
followed the configuration instructions for Rampart 1.0 that are still
supported). I use the actions Timestamp Sign Encrypt to sign the body
and then encrypt it. The messages are generated fine and I get the
response from the server but I only see from SOAP monitor the
signature of the body. The actual data are still there unencrypted and
the response is also in plain text.
Client configuration:
<parameter name = "OutflowSecurity">
<action>
<items>Timestamp Encrypt Signature</items>
<user>client</user>
<passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
<signaturePropFile>client.properties</signaturePropFile>
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionUser>srv_cert</encryptionUser>
</action>
</parameter>
<parameter name = "InflowSecurity">
<action>
<items>Timestamp Encrypt Signature</items>
<passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
<signaturePropFile>client.properties</signaturePropFile>
</action>
</parameter>
Server configuration:
<parameter name = "InflowSecurity">
<action>
<items>Timestamp Encrypt Signature</items>
<passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
<signaturePropFile>service.properties</signaturePropFile>
</action>
</parameter>
<parameter name = "OutflowSecurity">
<action>
<items>Timestamp Encrypt Signature</items>
<user>authsrv</user>
<passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
<signaturePropFile>service.properties</signaturePropFile>
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionUser>useReqSigCert</encryptionUser>
</action>
</parameter>
Please help!
Thanks in advance
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
RE: Cannot encrypt SOAP body
Posted by Vibhor_Sharma <vs...@gryphonnetworks.com>.
Hi Konstantinos
Just curious to know what configurations did you do in the
client.properties and service.properties file? In order to plug in the
provider "portecle-1.2"?
Did you also change the property name in client,Service.properties File?
From
org.apache.ws.security.crypto.merlin.keystore
To
org.apache.ws.security.crypto.portecle-1.2.keystore
Which version of JDK you were using and did you do any special
configurations in the java.security file in JAVA_HOME/jre/lib/security?
Thanks
Vibhor
-----Original Message-----
From: Konstantinos Pateras [mailto:kpateras@googlemail.com]
Sent: Monday, March 19, 2007 5:57 PM
To: axis-user@ws.apache.org
Subject: Re: Cannot encrypt SOAP body
I found that the SOAP Monitor phase is the last one called in inflow
messages and the first one called in outflow messages. So I used
tcpmon to see the exchanged SOAP messages and are OK.
Thanks for your interest
On 3/19/07, Konstantinos Pateras <kp...@googlemail.com> wrote:
> I tried with the minimum configuration and I don't get any error but
> the SOAP message is as follows:
>
> <?xml version='1.0' encoding='utf-8'?>
> <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> xmlns:wsa="http://www.w3.org/2005/08/addressing"
> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Header>
> <wsse:Security
>
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd"
> soapenv:mustUnderstand="true">
> <xenc:EncryptedKey Id="EncKeyId-32486590">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference>
> <ds:X509Data>
> <ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=Authentication
> Server,OU=Edu,O=AIT,L=Athens,ST=Peania,C=GR</ds:X509IssuerName>
> <ds:X509SerialNumber>1173638140</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
>
<xenc:CipherValue>KnhinK1pV33fTV5ahejZbG7FEBVN7I2detR3Tr2g/D+ifniNcyw1gR
dW/Kj0fu2YL0s6EQp5GPPAZwmaNNrosKlb55alXflJ9LgLLHG3wR7Be/VsZ/kkOtexcJg1Ou
Zy895ZjOBPc4ijeAyfgawP9B+EViMlWgZxGDxvQiJipE21U/8/EWbYvQuUI7/YkpHJFxUZyO
ly5oXlNX9O6gDxQkgEAUn3MwjeBqqfQzDaI5+FmazNZc7mj1bj+shXCVXA9XCf11N/FCzyCp
CNMOYrU15iy/u5t8lRP58MI5OkoICNWw29M6oz0NtXOmDk7/BLkJG9W+H2tsjWf4jYx2w7Lg
==</xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference URI="#EncDataId-30303902" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> </wsse:Security>
>
<wsa:To>http://localhost:8080/axis2/services/ClientServices</wsa:To>
> <wsa:ReplyTo>
>
<wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address
>
> </wsa:ReplyTo>
>
<wsa:MessageID>urn:uuid:97213E266FA84B68CC1174331962751</wsa:MessageID>
> <wsa:Action>urn:grantAccess</wsa:Action>
> </soapenv:Header>
> <soapenv:Body>
> <ns1:grantAccess xmlns:ns1="http://thesis/xsd">
> <clntReq xmlns="http://thesis/xsd">
> <appServerIdentity>appserveridentity</appServerIdentity>
> <password>109</password>
> <password>121</password>
> <password>116</password>
> <password>101</password>
> <password>115</password>
> <password>116</password>
> <username>mytest</username>
> </clntReq>
> </ns1:grantAccess>
> </soapenv:Body>
> </soapenv:Envelope>
>
> The SOAP body is in clear text!!! Any suggestions?
>
> On 3/19/07, Konstantinos Pateras <kp...@googlemail.com> wrote:
> > Hi Ruchith,
> >
> > I just use an Axis2.xml file to configure the client and a
Service.xml
> > file to configure the server. I did some tests with only action
> > Encrypt and they failed with the Generic error X509Data invalid
length
> > of data to encrypt or something like that. So I suppose that no
> > encryption was taking place due to an error and the error message
> > wasn't displayed. Any clue on this error?
> >
> > On 3/19/07, Ruchith Fernando <ru...@gmail.com> wrote:
> > > Hi,
> > >
> > > Did you use the axis2.xml file of the service to configure the
service?
> > >
> > > This can happen is if you have a different configuration in the
> > > service.xml file which does only signature. In this case the
> > > configuration of the axis2.xml will be overridden (unless you use
the
> > > locked="true" attribute of the parameters).
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > p.s. Please use rampart-dev@ws.apache.org for rampart related
posts.
> > >
> > > On 3/19/07, Konstantinos Pateras <kp...@googlemail.com> wrote:
> > > > Hi, I am relatively new in web services and security and I am
facing a
> > > > problem. I have set up Axis2 1.1.1 and Rampart 1.1 and configure
it (I
> > > > followed the configuration instructions for Rampart 1.0 that are
still
> > > > supported). I use the actions Timestamp Sign Encrypt to sign the
body
> > > > and then encrypt it. The messages are generated fine and I get
the
> > > > response from the server but I only see from SOAP monitor the
> > > > signature of the body. The actual data are still there
unencrypted and
> > > > the response is also in plain text.
> > > >
> > > > Client configuration:
> > > >
> > > > <parameter name = "OutflowSecurity">
> > > > <action>
> > > > <items>Timestamp Encrypt Signature</items>
> > > > <user>client</user>
> > > >
<passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > >
<signaturePropFile>client.properties</signaturePropFile>
> > > >
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
> > > >
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> > > > <encryptionUser>srv_cert</encryptionUser>
> > > > </action>
> > > > </parameter>
> > > > <parameter name = "InflowSecurity">
> > > > <action>
> > > > <items>Timestamp Encrypt Signature</items>
> > > >
<passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > >
<signaturePropFile>client.properties</signaturePropFile>
> > > > </action>
> > > > </parameter>
> > > >
> > > >
> > > > Server configuration:
> > > >
> > > > <parameter name = "InflowSecurity">
> > > > <action>
> > > > <items>Timestamp Encrypt Signature</items>
> > > >
<passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > >
<signaturePropFile>service.properties</signaturePropFile>
> > > > </action>
> > > > </parameter>
> > > > <parameter name = "OutflowSecurity">
> > > > <action>
> > > > <items>Timestamp Encrypt Signature</items>
> > > > <user>authsrv</user>
> > > >
<passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > >
<signaturePropFile>service.properties</signaturePropFile>
> > > >
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
> > > >
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> > > > <encryptionUser>useReqSigCert</encryptionUser>
> > > > </action>
> > > > </parameter>
> > > >
> > > > Please help!
> > > > Thanks in advance
> > > >
> > > >
---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > > >
> > > >
> > >
> > >
> > > --
> > > www.ruchith.org
> > > www.wso2.org
> > >
> > >
---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> > >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Cannot encrypt SOAP body
Posted by Konstantinos Pateras <kp...@googlemail.com>.
I found that the SOAP Monitor phase is the last one called in inflow
messages and the first one called in outflow messages. So I used
tcpmon to see the exchanged SOAP messages and are OK.
Thanks for your interest
On 3/19/07, Konstantinos Pateras <kp...@googlemail.com> wrote:
> I tried with the minimum configuration and I don't get any error but
> the SOAP message is as follows:
>
> <?xml version='1.0' encoding='utf-8'?>
> <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> xmlns:wsa="http://www.w3.org/2005/08/addressing"
> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="true">
> <xenc:EncryptedKey Id="EncKeyId-32486590">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference>
> <ds:X509Data>
> <ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=Authentication
> Server,OU=Edu,O=AIT,L=Athens,ST=Peania,C=GR</ds:X509IssuerName>
> <ds:X509SerialNumber>1173638140</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>KnhinK1pV33fTV5ahejZbG7FEBVN7I2detR3Tr2g/D+ifniNcyw1gRdW/Kj0fu2YL0s6EQp5GPPAZwmaNNrosKlb55alXflJ9LgLLHG3wR7Be/VsZ/kkOtexcJg1OuZy895ZjOBPc4ijeAyfgawP9B+EViMlWgZxGDxvQiJipE21U/8/EWbYvQuUI7/YkpHJFxUZyOly5oXlNX9O6gDxQkgEAUn3MwjeBqqfQzDaI5+FmazNZc7mj1bj+shXCVXA9XCf11N/FCzyCpCNMOYrU15iy/u5t8lRP58MI5OkoICNWw29M6oz0NtXOmDk7/BLkJG9W+H2tsjWf4jYx2w7Lg==</xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference URI="#EncDataId-30303902" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> </wsse:Security>
> <wsa:To>http://localhost:8080/axis2/services/ClientServices</wsa:To>
> <wsa:ReplyTo>
> <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
> </wsa:ReplyTo>
> <wsa:MessageID>urn:uuid:97213E266FA84B68CC1174331962751</wsa:MessageID>
> <wsa:Action>urn:grantAccess</wsa:Action>
> </soapenv:Header>
> <soapenv:Body>
> <ns1:grantAccess xmlns:ns1="http://thesis/xsd">
> <clntReq xmlns="http://thesis/xsd">
> <appServerIdentity>appserveridentity</appServerIdentity>
> <password>109</password>
> <password>121</password>
> <password>116</password>
> <password>101</password>
> <password>115</password>
> <password>116</password>
> <username>mytest</username>
> </clntReq>
> </ns1:grantAccess>
> </soapenv:Body>
> </soapenv:Envelope>
>
> The SOAP body is in clear text!!! Any suggestions?
>
> On 3/19/07, Konstantinos Pateras <kp...@googlemail.com> wrote:
> > Hi Ruchith,
> >
> > I just use an Axis2.xml file to configure the client and a Service.xml
> > file to configure the server. I did some tests with only action
> > Encrypt and they failed with the Generic error X509Data invalid length
> > of data to encrypt or something like that. So I suppose that no
> > encryption was taking place due to an error and the error message
> > wasn't displayed. Any clue on this error?
> >
> > On 3/19/07, Ruchith Fernando <ru...@gmail.com> wrote:
> > > Hi,
> > >
> > > Did you use the axis2.xml file of the service to configure the service?
> > >
> > > This can happen is if you have a different configuration in the
> > > service.xml file which does only signature. In this case the
> > > configuration of the axis2.xml will be overridden (unless you use the
> > > locked="true" attribute of the parameters).
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > p.s. Please use rampart-dev@ws.apache.org for rampart related posts.
> > >
> > > On 3/19/07, Konstantinos Pateras <kp...@googlemail.com> wrote:
> > > > Hi, I am relatively new in web services and security and I am facing a
> > > > problem. I have set up Axis2 1.1.1 and Rampart 1.1 and configure it (I
> > > > followed the configuration instructions for Rampart 1.0 that are still
> > > > supported). I use the actions Timestamp Sign Encrypt to sign the body
> > > > and then encrypt it. The messages are generated fine and I get the
> > > > response from the server but I only see from SOAP monitor the
> > > > signature of the body. The actual data are still there unencrypted and
> > > > the response is also in plain text.
> > > >
> > > > Client configuration:
> > > >
> > > > <parameter name = "OutflowSecurity">
> > > > <action>
> > > > <items>Timestamp Encrypt Signature</items>
> > > > <user>client</user>
> > > > <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > > <signaturePropFile>client.properties</signaturePropFile>
> > > > <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
> > > > <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> > > > <encryptionUser>srv_cert</encryptionUser>
> > > > </action>
> > > > </parameter>
> > > > <parameter name = "InflowSecurity">
> > > > <action>
> > > > <items>Timestamp Encrypt Signature</items>
> > > > <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > > <signaturePropFile>client.properties</signaturePropFile>
> > > > </action>
> > > > </parameter>
> > > >
> > > >
> > > > Server configuration:
> > > >
> > > > <parameter name = "InflowSecurity">
> > > > <action>
> > > > <items>Timestamp Encrypt Signature</items>
> > > > <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > > <signaturePropFile>service.properties</signaturePropFile>
> > > > </action>
> > > > </parameter>
> > > > <parameter name = "OutflowSecurity">
> > > > <action>
> > > > <items>Timestamp Encrypt Signature</items>
> > > > <user>authsrv</user>
> > > > <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > > <signaturePropFile>service.properties</signaturePropFile>
> > > > <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
> > > > <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> > > > <encryptionUser>useReqSigCert</encryptionUser>
> > > > </action>
> > > > </parameter>
> > > >
> > > > Please help!
> > > > Thanks in advance
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > > >
> > > >
> > >
> > >
> > > --
> > > www.ruchith.org
> > > www.wso2.org
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> > >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Encountered wrong key usage exception with WSS4J/Axis 1.4
Posted by Ken Tam <ke...@proteustech.com>.
Hi all,
I was able to use the x509.pfx.msft sample key file included with the WSS4J
download to encrypt a SOAP request. However, I got the "Wrong key usage"
exception when using a different PFX file exported from IE (both
public/private keys were exported). Is there something special about the
included sample key file?
Thanks,
Ken
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Cannot encrypt SOAP body
Posted by Konstantinos Pateras <kp...@googlemail.com>.
I tried with the minimum configuration and I don't get any error but
the SOAP message is as follows:
<?xml version='1.0' encoding='utf-8'?>
<soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="true">
<xenc:EncryptedKey Id="EncKeyId-32486590">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Authentication
Server,OU=Edu,O=AIT,L=Athens,ST=Peania,C=GR</ds:X509IssuerName>
<ds:X509SerialNumber>1173638140</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>KnhinK1pV33fTV5ahejZbG7FEBVN7I2detR3Tr2g/D+ifniNcyw1gRdW/Kj0fu2YL0s6EQp5GPPAZwmaNNrosKlb55alXflJ9LgLLHG3wR7Be/VsZ/kkOtexcJg1OuZy895ZjOBPc4ijeAyfgawP9B+EViMlWgZxGDxvQiJipE21U/8/EWbYvQuUI7/YkpHJFxUZyOly5oXlNX9O6gDxQkgEAUn3MwjeBqqfQzDaI5+FmazNZc7mj1bj+shXCVXA9XCf11N/FCzyCpCNMOYrU15iy/u5t8lRP58MI5OkoICNWw29M6oz0NtXOmDk7/BLkJG9W+H2tsjWf4jYx2w7Lg==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-30303902" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>
<wsa:To>http://localhost:8080/axis2/services/ClientServices</wsa:To>
<wsa:ReplyTo>
<wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:MessageID>urn:uuid:97213E266FA84B68CC1174331962751</wsa:MessageID>
<wsa:Action>urn:grantAccess</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<ns1:grantAccess xmlns:ns1="http://thesis/xsd">
<clntReq xmlns="http://thesis/xsd">
<appServerIdentity>appserveridentity</appServerIdentity>
<password>109</password>
<password>121</password>
<password>116</password>
<password>101</password>
<password>115</password>
<password>116</password>
<username>mytest</username>
</clntReq>
</ns1:grantAccess>
</soapenv:Body>
</soapenv:Envelope>
The SOAP body is in clear text!!! Any suggestions?
On 3/19/07, Konstantinos Pateras <kp...@googlemail.com> wrote:
> Hi Ruchith,
>
> I just use an Axis2.xml file to configure the client and a Service.xml
> file to configure the server. I did some tests with only action
> Encrypt and they failed with the Generic error X509Data invalid length
> of data to encrypt or something like that. So I suppose that no
> encryption was taking place due to an error and the error message
> wasn't displayed. Any clue on this error?
>
> On 3/19/07, Ruchith Fernando <ru...@gmail.com> wrote:
> > Hi,
> >
> > Did you use the axis2.xml file of the service to configure the service?
> >
> > This can happen is if you have a different configuration in the
> > service.xml file which does only signature. In this case the
> > configuration of the axis2.xml will be overridden (unless you use the
> > locked="true" attribute of the parameters).
> >
> > Thanks,
> > Ruchith
> >
> > p.s. Please use rampart-dev@ws.apache.org for rampart related posts.
> >
> > On 3/19/07, Konstantinos Pateras <kp...@googlemail.com> wrote:
> > > Hi, I am relatively new in web services and security and I am facing a
> > > problem. I have set up Axis2 1.1.1 and Rampart 1.1 and configure it (I
> > > followed the configuration instructions for Rampart 1.0 that are still
> > > supported). I use the actions Timestamp Sign Encrypt to sign the body
> > > and then encrypt it. The messages are generated fine and I get the
> > > response from the server but I only see from SOAP monitor the
> > > signature of the body. The actual data are still there unencrypted and
> > > the response is also in plain text.
> > >
> > > Client configuration:
> > >
> > > <parameter name = "OutflowSecurity">
> > > <action>
> > > <items>Timestamp Encrypt Signature</items>
> > > <user>client</user>
> > > <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > <signaturePropFile>client.properties</signaturePropFile>
> > > <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
> > > <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> > > <encryptionUser>srv_cert</encryptionUser>
> > > </action>
> > > </parameter>
> > > <parameter name = "InflowSecurity">
> > > <action>
> > > <items>Timestamp Encrypt Signature</items>
> > > <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > <signaturePropFile>client.properties</signaturePropFile>
> > > </action>
> > > </parameter>
> > >
> > >
> > > Server configuration:
> > >
> > > <parameter name = "InflowSecurity">
> > > <action>
> > > <items>Timestamp Encrypt Signature</items>
> > > <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > <signaturePropFile>service.properties</signaturePropFile>
> > > </action>
> > > </parameter>
> > > <parameter name = "OutflowSecurity">
> > > <action>
> > > <items>Timestamp Encrypt Signature</items>
> > > <user>authsrv</user>
> > > <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > > <signaturePropFile>service.properties</signaturePropFile>
> > > <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
> > > <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> > > <encryptionUser>useReqSigCert</encryptionUser>
> > > </action>
> > > </parameter>
> > >
> > > Please help!
> > > Thanks in advance
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Cannot encrypt SOAP body
Posted by Konstantinos Pateras <kp...@googlemail.com>.
Hi Ruchith,
I just use an Axis2.xml file to configure the client and a Service.xml
file to configure the server. I did some tests with only action
Encrypt and they failed with the Generic error X509Data invalid length
of data to encrypt or something like that. So I suppose that no
encryption was taking place due to an error and the error message
wasn't displayed. Any clue on this error?
On 3/19/07, Ruchith Fernando <ru...@gmail.com> wrote:
> Hi,
>
> Did you use the axis2.xml file of the service to configure the service?
>
> This can happen is if you have a different configuration in the
> service.xml file which does only signature. In this case the
> configuration of the axis2.xml will be overridden (unless you use the
> locked="true" attribute of the parameters).
>
> Thanks,
> Ruchith
>
> p.s. Please use rampart-dev@ws.apache.org for rampart related posts.
>
> On 3/19/07, Konstantinos Pateras <kp...@googlemail.com> wrote:
> > Hi, I am relatively new in web services and security and I am facing a
> > problem. I have set up Axis2 1.1.1 and Rampart 1.1 and configure it (I
> > followed the configuration instructions for Rampart 1.0 that are still
> > supported). I use the actions Timestamp Sign Encrypt to sign the body
> > and then encrypt it. The messages are generated fine and I get the
> > response from the server but I only see from SOAP monitor the
> > signature of the body. The actual data are still there unencrypted and
> > the response is also in plain text.
> >
> > Client configuration:
> >
> > <parameter name = "OutflowSecurity">
> > <action>
> > <items>Timestamp Encrypt Signature</items>
> > <user>client</user>
> > <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > <signaturePropFile>client.properties</signaturePropFile>
> > <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
> > <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> > <encryptionUser>srv_cert</encryptionUser>
> > </action>
> > </parameter>
> > <parameter name = "InflowSecurity">
> > <action>
> > <items>Timestamp Encrypt Signature</items>
> > <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > <signaturePropFile>client.properties</signaturePropFile>
> > </action>
> > </parameter>
> >
> >
> > Server configuration:
> >
> > <parameter name = "InflowSecurity">
> > <action>
> > <items>Timestamp Encrypt Signature</items>
> > <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > <signaturePropFile>service.properties</signaturePropFile>
> > </action>
> > </parameter>
> > <parameter name = "OutflowSecurity">
> > <action>
> > <items>Timestamp Encrypt Signature</items>
> > <user>authsrv</user>
> > <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> > <signaturePropFile>service.properties</signaturePropFile>
> > <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
> > <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> > <encryptionUser>useReqSigCert</encryptionUser>
> > </action>
> > </parameter>
> >
> > Please help!
> > Thanks in advance
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Cannot encrypt SOAP body
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
Did you use the axis2.xml file of the service to configure the service?
This can happen is if you have a different configuration in the
service.xml file which does only signature. In this case the
configuration of the axis2.xml will be overridden (unless you use the
locked="true" attribute of the parameters).
Thanks,
Ruchith
p.s. Please use rampart-dev@ws.apache.org for rampart related posts.
On 3/19/07, Konstantinos Pateras <kp...@googlemail.com> wrote:
> Hi, I am relatively new in web services and security and I am facing a
> problem. I have set up Axis2 1.1.1 and Rampart 1.1 and configure it (I
> followed the configuration instructions for Rampart 1.0 that are still
> supported). I use the actions Timestamp Sign Encrypt to sign the body
> and then encrypt it. The messages are generated fine and I get the
> response from the server but I only see from SOAP monitor the
> signature of the body. The actual data are still there unencrypted and
> the response is also in plain text.
>
> Client configuration:
>
> <parameter name = "OutflowSecurity">
> <action>
> <items>Timestamp Encrypt Signature</items>
> <user>client</user>
> <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> <signaturePropFile>client.properties</signaturePropFile>
> <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
> <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> <encryptionUser>srv_cert</encryptionUser>
> </action>
> </parameter>
> <parameter name = "InflowSecurity">
> <action>
> <items>Timestamp Encrypt Signature</items>
> <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> <signaturePropFile>client.properties</signaturePropFile>
> </action>
> </parameter>
>
>
> Server configuration:
>
> <parameter name = "InflowSecurity">
> <action>
> <items>Timestamp Encrypt Signature</items>
> <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> <signaturePropFile>service.properties</signaturePropFile>
> </action>
> </parameter>
> <parameter name = "OutflowSecurity">
> <action>
> <items>Timestamp Encrypt Signature</items>
> <user>authsrv</user>
> <passwordCallbackClass>thesis.PWCBHandler</passwordCallbackClass>
> <signaturePropFile>service.properties</signaturePropFile>
> <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
> <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
> <encryptionUser>useReqSigCert</encryptionUser>
> </action>
> </parameter>
>
> Please help!
> Thanks in advance
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org