You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Sridhar <sv...@gmail.com> on 2006/11/03 21:26:01 UTC

Axis2 - Security (Please Help)

Hello,
    This could be a lengthy post, any help would be greatly appreciated.

    I'm a newbie in web services. Started a week back learning web services.
I wrote a sample service and client using axis2 and don't have any problems.
Coming to the real time application, I have to consume a Webservice provided
by a client. The Webservice is written in .NET. I have generated the Handler
and Stub using the WSDL2Java tool provided in axis2. Sending the SOAP
request and getting the response is fine. The problem comes when I use
Timestamp Signature Encryption. When I use just Timestamp Encryption, it
works fine. I'm getting a soap response but in the Body, I'm not getting the
complete data. Getting a message "internal error occurred, please contact
www.XYZ.com". When I contacted the service provider, he said, the SOAP
message is getting into the front door but something is going wrong at the
method level.
   I'm thinking, this could be because I'm not using the Signature
Encryption.

If I use the following properties in axis2.xml

<parameter name="OutflowSecurity">
      <action>
        <items>Timestamp Encrypt </items>
        <user>test</user>
        <passwordCallbackClass>com.cp.labs.PWCallback
</passwordCallbackClass>
        <encryptionPropFile>sec.properties</encryptionPropFile>
        <encryptionKeyIdentifier>DirectReference</encryptionKeyIdentifier>
        <encryptionUser>test</encryptionUser>

<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
      </action>
    </parameter>

I don't get any error, able to send SOAP request and getting the SOAP
response, but with incomplete data.

If I use the following properties.


<parameter name="OutflowSecurity">
      <action>
        <items>Timestamp Signature Encrypt </items>
        <user>test</user>
        <passwordCallbackClass>com.cp.labs.PWCallback
</passwordCallbackClass>
        <signaturePropFile>sec.properties</signaturePropFile>
       <!--  <encryptionPropFile>sec.properties</encryptionPropFile> -->
        <encryptionKeyIdentifier>DirectReference</encryptionKeyIdentifier>
        <encryptionUser>test</encryptionUser>

<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
      </action>
    </parameter>


I get the following exception while sending the SOAP request.

java.lang.Exception: Cannot find key for alias: test; nested exception is:
    org.apache.ws.security.WSSecurityException: WSHandler: Signature: error
during message procesingorg.apache.ws.security.WSSecurityException:
Signature creation failed; nested exception is:
    java.lang.Exception: Cannot find key for alias: test


I have a key store file. I opened it using the "keytool" command. The
password I'm providing to open this file is same a that I'm using in the "
sec.properties" file. Here're the file contents.

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=medtoxtest
org.apache.ws.security.crypto.merlin.alias.password=password
org.apache.ws.security.crypto.merlin.file=medToxTestKeyStore


I would be greatly thankful if someone can tell me what I'm missing in order
to do Signature Encryption.


Thanks in advance,
Sridhar.

Re: Axis2 - Security (Please Help)

Posted by Ruchith Fernando <ru...@gmail.com>.

Hi Sridhar,

On 11/4/06, Sridhar <sv...@gmail.com> wrote:
> Hello,
>     This could be a lengthy post, any help would be greatly appreciated.
>
>     I'm a newbie in web services. Started a week back learning web services.
> I wrote a sample service and client using axis2 and don't have any problems.
> Coming to the real time application, I have to consume a Webservice provided
> by a client. The Webservice is written in .NET. I have generated the Handler
> and Stub using the WSDL2Java tool provided in axis2. Sending the SOAP
> request and getting the response is fine. The problem comes when I use
> Timestamp Signature Encryption. When I use just Timestamp Encryption, it
> works fine. I'm getting a soap response but in the Body, I'm not getting the
> complete data. Getting a message "internal error occurred, please contact
> www.XYZ.com". When I contacted the service provider, he said, the SOAP
> message is getting into the front door but something is going wrong at the
> method level.
>    I'm thinking, this could be because I'm not using the Signature
> Encryption.

Which version of Axis2 are you using? Please try the latest axis2
SNAPSHOT [1] with the latest rampart SNAPSHOT[2].

>
> If I use the following properties in axis2.xml
>
> <parameter name="OutflowSecurity">
>       <action>
>         <items>Timestamp Encrypt </items>
>         <user>test</user>
>
> <passwordCallbackClass>com.cp.labs.PWCallback</passwordCallbackClass>
>         <encryptionPropFile>sec.properties</encryptionPropFile>
>
> <encryptionKeyIdentifier>DirectReference</encryptionKeyIdentifier>
>         <encryptionUser>test</encryptionUser>
>
> <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
>       </action>
>     </parameter>
>
> I don't get any error, able to send SOAP request and getting the SOAP
> response, but with incomplete data.
>
> If I use the following properties.
>
>
> <parameter name="OutflowSecurity">
>       <action>
>         <items>Timestamp Signature Encrypt </items>
>         <user>test</user>
>
> <passwordCallbackClass>com.cp.labs.PWCallback</passwordCallbackClass>
>         <signaturePropFile> sec.properties</signaturePropFile>
>        <!--  <encryptionPropFile>sec.properties</encryptionPropFile> -->
>
> <encryptionKeyIdentifier>DirectReference</encryptionKeyIdentifier>
>         <encryptionUser>test</encryptionUser>
>
> <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
>       </action>
>     </parameter>
>
>
> I get the following exception while sending the SOAP request.
>
> java.lang.Exception: Cannot find key for alias: test; nested exception is:
>     org.apache.ws.security.WSSecurityException: WSHandler:
> Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException:
> Signature creation failed; nested exception is:
>     java.lang.Exception: Cannot find key for alias: test
>

You have to provide the password for the private key using the
password callback handler class. For signature the alias of the
private key is identified by the value of the "user" element in the
outflow configuration.

For further information please have a look at this[3] as well.

Thanks,
Ruchith

[1] http://ws.zones.apache.org/dist/axis2/nightly/
[2] http://ws.zones.apache.org/dist/rampart/nightly/rampart-1.1-SNAPSHOT.zip
[3] http://www.wso2.net/tutorials/rampart/java/2006/09/06/sec-msg-exchg
>
> I have a key store file. I opened it using the "keytool" command. The
> password I'm providing to open this file is same a that I'm using in the "
> sec.properties" file. Here're the file contents.
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=password
> org.apache.ws.security.crypto.merlin.keystore.alias=medtoxtest
> org.apache.ws.security.crypto.merlin.alias.password=password
> org.apache.ws.security.crypto.merlin.file=medToxTestKeyStore
>
>
> I would be greatly thankful if someone can tell me what I'm missing in order
> to do Signature Encryption.
>
>
> Thanks in advance,
> Sridhar.


-- 
www.ruchith.org

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org