You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Paul Ryan <pa...@gmail.com> on 2008/02/20 13:12:01 UTC

rampart decryption issue

Hi,

I'm attempting to call a secure web service hosted within Oracles OWSM using
an Axis2 client.

The client is using rampart 1.3 and wss4j 1.5.3 to handle the singing and
encrypting of the SOAP message.

Signing and encrypting the SOAP request works fine, the message is
successfully verified and decrypted on the Oracle side but the Axis2 client
seems to be having a problem decrypting the response message. I get an np
exception as follows

org.apache.axis2.AxisFault
    at org.apache.rampart.handler.WSDoAllReceiver.processMessage(
WSDoAllReceiver.java:92)
    at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java
:72)
    at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
    at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132)
    at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(
OutInAxisOperation.java:336)
    at org.apache.axis2.description.OutInAxisOperationClient.send(
OutInAxisOperation.java:389)
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(
OutInAxisOperation.java:211)
    at org.apache.axis2.client.OperationClient.execute(OperationClient.java
:163)
    at test.VehicleStub.getVehicle(VehicleStub.java:142)
    at test.VehicleTest.testgetVehicle(VehicleTest.java:35)
Caused by: java.lang.NullPointerException
    at org.apache.ws.security.message.token.X509Security.getX509Certificate(
X509Security.java:87)
    at
org.apache.ws.security.processor.BinarySecurityTokenProcessor.getCertificatesTokenReference
(BinarySecurityTokenProcessor.java:92)
    at
org.apache.ws.security.processor.BinarySecurityTokenProcessor.handleToken(
BinarySecurityTokenProcessor.java:74)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
WSSecurityEngine.java:284)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
WSSecurityEngine.java:206)
    at org.apache.rampart.handler.WSDoAllReceiver.processBasic(
WSDoAllReceiver.java:213)
    at org.apache.rampart.handler.WSDoAllReceiver.processMessage(
WSDoAllReceiver.java:86)
    ... 25 more


I've debugged the code and have followed the processing from the rampart
WSDoAllReceiver  wss4j WSSecurityEngine  wss4j
BinarySecurityTokenProcessor

In the BinarySecurityTokenProcessor I can see that the crypto variable is
null and the decCrypto variable is set but in the following code only the
crypto variable is passed to the
getCertificatesTokenReference() method causing the npe.

    public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
            CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults,
            WSSConfig config) throws WSSecurityException {
        this.getCertificatesTokenReference(elem, crypto);
        returnResults.add(0, new WSSecurityEngineResult(WSConstants.BST,
this.token, this.certificates));
    }

    private void getCertificatesTokenReference(Element elem, Crypto crypto)
            throws WSSecurityException {
        this.createSecurityToken(elem);
        if (token instanceof PKIPathSecurity) {
            this.certificates = ((PKIPathSecurity)
token).getX509Certificates(false, crypto);
        } else if (token instanceof X509Security) {
NPE ****            X509Certificate cert = ((X509Security)
token).getX509Certificate(crypto);
            this.certificates = new X509Certificate[1];
            this.certificates[0] = cert;
        }
    }

My rampart client configuration section is as follows

    <parameter name="OutflowSecurity">
      <action>
        <items>Timestamp Signature Encrypt</items>
        <user>paul1</user>
        <signaturePropFile>client.properties</signaturePropFile>
        <passwordCallbackClass>test.PasswordHandler</passwordCallbackClass>
        <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
        <encryptionUser>paul1</encryptionUser>
        <encryptionPropFile>client.properties</encryptionPropFile>
        <encryptionKeyIdentifier>DirectReference</encryptionKeyIdentifier>
      </action>
    </parameter>

    <parameter name="InflowSecurity">
      <action>
        <items>Timestamp Encrypt</items>
        <passwordCallbackClass>test.PasswordHandler</passwordCallbackClass>
        <decryptionPropFile>client.properties</decryptionPropFile>
      </action>
    </parameter>


I probably have a mis-configuration problem, any help would be welcome.

Regards,
Paul.

Re: rampart decryption issue

Posted by Ruchith Fernando <ru...@gmail.com>.

Please specify "signaturePropFile" element in your "inflowSecurity" parameter :


    <parameter name="InflowSecurity">
      <action>
        <items>Timestamp Encrypt</items>
        <passwordCallbackClass>test.PasswordHandler</passwordCallbackClass>
        <decryptionPropFile>client.properties</decryptionPropFile>
        <signaturePropFile>......</signaturePropFile>
      </action>
    </parameter>

Thanks,
Ruchith

On Wed, Feb 20, 2008 at 5:42 PM, Paul Ryan <pa...@gmail.com> wrote:
> Hi,
>
> I'm attempting to call a secure web service hosted within Oracles OWSM using
> an Axis2 client.
>
> The client is using rampart 1.3 and wss4j 1.5.3 to handle the singing and
> encrypting of the SOAP message.
>
>  Signing and encrypting the SOAP request works fine, the message is
> successfully verified and decrypted on the Oracle side but the Axis2 client
> seems to be having a problem decrypting the response message. I get an np
> exception as follows
>
> org.apache.axis2.AxisFault
>     at
> org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:92)
>     at
> org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
>     at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
>      at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
>     at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132)
>     at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:336)
>      at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
>     at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
>     at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
>      at test.VehicleStub.getVehicle(VehicleStub.java:142)
>     at test.VehicleTest.testgetVehicle(VehicleTest.java:35)
> Caused by: java.lang.NullPointerException
>     at
> org.apache.ws.security.message.token.X509Security.getX509Certificate(X509Security.java:87)
>      at
> org.apache.ws.security.processor.BinarySecurityTokenProcessor.getCertificatesTokenReference(BinarySecurityTokenProcessor.java:92)
>     at
> org.apache.ws.security.processor.BinarySecurityTokenProcessor.handleToken(BinarySecurityTokenProcessor.java:74)
>      at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:284)
>     at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:206)
>     at
> org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:213)
>      at
> org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:86)
>     ... 25 more
>
>
> I've debugged the code and have followed the processing from the rampart
> WSDoAllReceiver  wss4j WSSecurityEngine  wss4j
> BinarySecurityTokenProcessor
>
> In the BinarySecurityTokenProcessor I can see that the crypto variable is
> null and the decCrypto variable is set but in the following code only the
> crypto variable is passed to the
> getCertificatesTokenReference() method causing the npe.
>
>     public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
>             CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults,
>             WSSConfig config) throws WSSecurityException {
>          this.getCertificatesTokenReference(elem, crypto);
>         returnResults.add(0, new WSSecurityEngineResult(WSConstants.BST,
> this.token, this.certificates));
>     }
>
>     private void getCertificatesTokenReference(Element elem, Crypto crypto)
>              throws WSSecurityException {
>         this.createSecurityToken(elem);
>         if (token instanceof PKIPathSecurity) {
>             this.certificates = ((PKIPathSecurity)
> token).getX509Certificates(false, crypto);
>          } else if (token instanceof X509Security) {
> NPE ****            X509Certificate cert = ((X509Security)
> token).getX509Certificate(crypto);
>             this.certificates = new X509Certificate[1];
>             this.certificates[0] = cert;
>          }
>     }
>
> My rampart client configuration section is as follows
>
>     <parameter name="OutflowSecurity">
>       <action>
>         <items>Timestamp Signature Encrypt</items>
>          <user>paul1</user>
>         <signaturePropFile>client.properties</signaturePropFile>
>         <passwordCallbackClass>test.PasswordHandler</passwordCallbackClass>
>         <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
>          <encryptionUser>paul1</encryptionUser>
>         <encryptionPropFile>client.properties</encryptionPropFile>
>         <encryptionKeyIdentifier>DirectReference</encryptionKeyIdentifier>
>        </action>
>     </parameter>
>
>     <parameter name="InflowSecurity">
>       <action>
>         <items>Timestamp Encrypt</items>
>         <passwordCallbackClass>test.PasswordHandler</passwordCallbackClass>
>          <decryptionPropFile>client.properties</decryptionPropFile>
>       </action>
>     </parameter>
>
>
> I probably have a mis-configuration problem, any help would be welcome.
>
> Regards,
>  Paul.
>



-- 
http://blog.ruchith.org
http://wso2.org