You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Augusto Lima Filho <au...@gmail.com> on 2010/06/07 19:33:56 UTC
WS-SecurityPolicy Interoperability Problem
Hello everyone,
since my last message was kinda disorganized I'm rewriting it.
I'm trying to use a CXF Client to access a Web Service which uses a
WS-Policy enforced by an Oracle Tool but I'm having some
interoperability issues. The Oracle Client obviously works but the CXF
Client for some reason sends a different request format and then an
error is shown. As what it seams CXF makes a SAML Reference althought
there is no mention about it in the policy. Because of that the Oracle
Server shows the following error:
<WSM-00035> <Error in Signature reference mechanism compliance :
Expected : http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
, Actual : http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#EncryptedKey.>
I have no idea why CXF has this kind of behavior.
The WS-SecurityPolicy in the WSDL is inserted by the Oracle tool and
not mannualy written, so I suppose the problem is not in it.
I'll show in sequence the WSDL, the Oracle Request, CXF request and
my CXF Client Config:
WSDL of the service:
<definitions name="SwapTestService" targetNamespace="http://swap/test/v01">
<wsp:Policy wsu:Id="SwapTestPort_Fault_Policy" />
<wsp:Policy wsu:Id="SwapTestPort_Input_Policy">
<sp:SignedParts>
<sp:Body />
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
<sp:Header Name="fmw-context"
Namespace="http://xmlns.oracle.com/fmw/context/1.0" />
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body />
<sp:Header Name="fmw-context"
Namespace="http://xmlns.oracle.com/fmw/context/1.0" />
</sp:EncryptedParts>
</wsp:Policy>
<wsp:Policy wsu:Id="SwapTestPort_Output_Policy">
<sp:SignedParts>
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
</wsp:Policy>
<wsp:Policy wsu:Id="wss11_x509_token_with_message_protection_service_policy">
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token11 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:ProtectTokens />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:SymmetricBinding>
<sp:EndorsingSupportingTokens>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token11 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:RequireSignatureConfirmation />
<sp:MustSupportRefEncryptedKey />
</wsp:Policy>
</sp:Wss11>
</wsp:Policy>
<types>
<xsd:schema>
<xsd:import namespace="http://swap/test/v01"
schemaLocation="http://localhost:7001/swaptest/SwapTest?xsd=1" />
</xsd:schema>
</types>
<message name="testSwap">
<part name="parameters" element="tns:testSwap" />
</message>
<message name="testSwapResponse">
<part name="parameters" element="tns:testSwapResponse" />
</message>
<portType name="TestWSImpl">
<operation name="testSwap">
<input message="tns:testSwap" />
<output message="tns:testSwapResponse" />
</operation>
</portType>
<binding name="SwapTestPortBinding" type="tns:TestWSImpl">
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http" />
<wsp:PolicyReference
URI="#wss11_x509_token_with_message_protection_service_policy"
wsdl:required="false" />
<operation name="testSwap">
<soap:operation soapAction="" />
<input>
<soap:body use="literal" />
<wsp:PolicyReference URI="#SwapTestPort_Input_Policy"
wsdl:required="false" />
</input>
<output>
<soap:body use="literal" />
<wsp:PolicyReference URI="#SwapTestPort_Output_Policy"
wsdl:required="false" />
</output>
</operation>
</binding>
<service name="SwapTestService">
<port name="SwapTestPort" binding="tns:SwapTestPortBinding">
<soap:address location="http://localhost:7001/swaptest/SwapTest" />
<wsa:EndpointReference>
<wsa:Address>http://localhost:7001/swaptest/SwapTest</wsa:Address>
<wsid:Identity>
<dsig:KeyInfo>
<dsig:X509Data>
<dsig:X509Certificate> MIIEUDCCAjigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCQlIxEzARBgNVBAgTClBlcm5hbWJ1Y28xDzANBgNVBAcTBlJlY2lmZTENMAsGA1UEChMEVEpQRTEfMB0GA1UECxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzEfMB0GA1UEAxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzAeFw0wOTA4MTEyMTI1MDdaFw0xNDA4MTEyMTI1MDdaMFkxCzAJBgNVBAYTAkJSMQ0wCwYDVQQKEwRUSlBFMR8wHQYDVQQLExZBcnF1aXRldHVyYSBlIElub3ZhY2FvMRowGAYDVQQDExFJbnRlZ3JhY2FvIEZpc2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAictuCNxhLJ2kP9p6TZvwRUTvuoKHS2HMUVjVR3u42BoMf7t83eZMUvBxc3+KdF4MjABgn8H/dPzlc09xCQcd/E5NbYEqagvW3mcJRmO/RyTQEbEySzHLoG/yEJZSz/5adwrTMaZCdm5SLzqfbL8g2Ojmrw11kGNOgLhD9W4UpnECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPNBvtmMi8wQ6I2PjOWjTNcICTV6MB8GA1UdIwQYMBaAFDv3oNoqns9YZw4QoyP4tzKaZv1SMA0GCSqGSIb3DQEBBQUAA4ICAQBkDVoCKmkMGdDF7sQAPfv6kKXQoWutQZ62jgoXLy9TLnGFDh1lde+AF6uE68PwzhpSq0+LVtysW0nwoV5lm0bqU4xw/eopelyMrXLjRaWEZ45owDzOE/+qOATMsV4AfXb5MVnQVpAQXQPntJtwFivw1AIBacluL8RXWepz1N5dols1HSERDI3jyPZ067nfFLfCbv9pTrRjLk5MQiQ4+Ri7lFT7Oj8gxqO+4mMt4W9xE4SfR3rUDq3Srtz9bQE2sP5vyG3+D+smmtENb5Wv+TlmNzBzYjvBe76gChMDG9ftGuaiX4NOERod0u7x2s2Q94pDngL7wxRuVpI1cCQ2LxYMGeZ1Nf9fqdj9fvG+prg17OPP/Jp/LiO9rz8CZs3krFFcZI0KXvsCfSK67moxW4acE14pBbkNnGsV1V9AogCUHPmrxs/vaAF/+5GKr0USIHIfS/LsSvW0A8I8BFoa72nLtp7nfsx43sXgzGZ/O0XV75guzu/CEA7XtvvYcgcibEjW+1IaXsIWjUljMDFC81IKP+bbUX0lQEfu9lLiwXBh8EPiVmR59ioQIdAZsiPWSn54146aqWoL2qpPrjMBtvQat9q+XZOdwPn0KlmPUdz/khLp8AInFmuUnGJz6/9CPYP+eG/5vJ7kjAGmt8ckkmAdC4dntC6hxYJpLaq418SEtw==
</dsig:X509Certificate>
<dsig:X509IssuerSerial>
<dsig:X509IssuerName>
CN=AI, OU=AI, O=ORG, L=Ra,
ST=SP, C=BR
</dsig:X509IssuerName>
<dsig:X509SerialNumber>1</dsig:X509SerialNumber>
</dsig:X509IssuerSerial>
<dsig:X509SubjectName>
CN=AI, OU=AAI, O=ORG, C=BR
</dsig:X509SubjectName>
<dsig:X509SKI>80G+2YyLzBDojY+M5aNM1wgJNXo=</dsig:X509SKI>
</dsig:X509Data>
</dsig:KeyInfo>
</wsid:Identity>
</wsa:EndpointReference>
</port>
</service>
</definitions>
ORACLE REQUEST:
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
S:mustUnderstand="1">
<wsse:BinarySecurityToken
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="bst_GELucxc7pxqk1Tf8">MIIEBDCCAeygAwIBAgIBBzANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCQlIxEzARBgNVBAgTClBlcm5hbWJ1Y28xDzANBgNVBAcTBlJlY2lmZTENMAsGA1UEChMEVEpQRTEfMB0GA1UECxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzEfMB0GA1UEAxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzAeFw0xMDA0MTIyMDE5MzlaFw0xNTA0MTIyMDE5MzlaMGAxCzAJBgNVBAYTAkJSMRMwEQYDVQQIEwpQZXJuYW1idWNvMQ0wCwYDVQQKEwRUSlBFMR8wHQYDVQQLExZBcnF1aXRldHVyYSBlIElub3ZhY2FvMQwwCgYDVQQDEwNwZ2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMjyb4xMGkHngVgNxITgBXqg1dcIH7UDnDxg8XXSv35vPkF2kLAWeVGPSCSdMV4F2SNvYIA3sEa+3biAjjpFM4S/y4W0UxXPYF7BXGtweXfvXAEFZxHvjv/pepFvQ+mYML4vSuGe2iTHCqgLv8NKLAaDWUEYeX5yKasOPKc3KD8pAgMBAAGjKDAmMCQGA1UdEQQdMBugGQYFYEwBAwOgEBMOMTAxMjMxMjMwMDAxODEwDQYJKoZIhvcNAQEFBQADggIBABJkSTUASP+xIazYFv9pX7nVWG6B8s7q51j81mhFpgJHz91dGP3tx3OxU0IwCWnb7HJ53+0YcaGt0WuIhCHMW74VqnUfdudLw+xz9ZRQBGKCChdLxLvjb8BJlLoM5kmURrAKxShZfg4uc5FB2AeNaWb01DeYUie1qmIsrQ8hKWAsvy/gU38D8q+4WTlWxhyXhQ1p0zF2bEoNZKv7D2jezcb6gJ1Jiw9i4oOCDW6zxnDL3/SqL1kKXuzvdboxxElodCf17jmo9aAGjLXaFwiR0M2UaXTOw0mM2ztW8ZDZjeorzCKDjgACpopRjjrjFofJVNdFDJ9W+zgWEUnocsgAWeA9naPAZbRO9fXmKiY5Dh7nMmHAinugcvyboInwRRXKWCnJabmmNTWPfOlEslVc/SRq7k2uDBbKRktFtqsLmZ1llxjnMDOOh9el0eFr2/tdFP4BaIzKmTGs/M54E0ASr5alN6yVGLat0nsvQejayILLONpyPos31873QvxbJ+B8OiGyvYNN9vsAGVpOR3m1Iyp7Jp0h0rt5F/cCm5Acn22KXUQ9FOs3YFdQ/XHYaf+TIFOtZ9O13E1MutYGB2QLKQ1KF7dTvxQNqiLbhj2ZWOpEPiNAMjAoT92LVGKnbY+7ifd6w9ild+hZ24qRhhwB3waYlUC0YT7rXHEJscANbQHv</wsse:BinarySecurityToken>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#Signature_2PtJxCbJQACoJEYy">
<dsig:Transforms>
<dsig:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>VF6Q9S4yJobMW2rNYFrBzjOLWZ4=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#bst_GELucxc7pxqk1Tf8">
<dsig:Transforms>
<dsig:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>h+DAcvTzAt3iP0EJfDFeNbR9Vy4=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>DHvSnT+bZXPhPeyX6inJDBv+zs7gL7kTsFRf3lKGZZaAdf1RPTP7TymZq+x0wP1JRQugBcqEh+UD85Xfu7mM095A0MX7hGSwEZxuAy87i2NwAOSzcuEzfqEOag3HzmjjmOYpHu5hP3R/J9dQDy70+dVBUpVdF8APpAOAfkuWfbM=</dsig:SignatureValue>
<dsig:KeyInfo>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="str_bBCxbnYKwqvOXMwl">
<wsse:Reference URI="#bst_GELucxc7pxqk1Tf8"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
</dsig:Signature>
<ns1:EncryptedKey
xmlns:ns1="http://www.w3.org/2001/04/xmlenc#"
Id="encKey_gnMqPPZMpJhyJPdZ">
<ns1:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ns2:DigestMethod
xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</ns1:EncryptionMethod>
<ns3:KeyInfo xmlns:ns3="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="str_VmKZYaHRFydHrhgA">
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">4iSUz0GV88TQRCsKTya/PyGfV3M=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ns3:KeyInfo>
<ns1:CipherData>
<ns1:CipherValue>egJ+Mr2HbKdEkXImrufJVsqXRy4iKOtR8+7jvQ+T714a2L6KENOCTFm4QVmFM3dnG5HQC3RBloDzCIlymKbyHKrxV5cJf2amav1aZAU/jTABJkZt2B6hDCbYj17++nr4YlrTYTRHovoQ8k+74XArFyhEKafs+iCda9rF7bXqNqI=</ns1:CipherValue>
</ns1:CipherData>
<ns1:ReferenceList>
<ns1:DataReference URI="#qST12BwW5F8x26wb"/>
</ns1:ReferenceList>
</ns1:EncryptedKey>
<dsig:Signature
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
Id="Signature_2PtJxCbJQACoJEYy">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<dsig:Reference URI="#Timestamp_gdUhkY5lkSIBfMZt">
<dsig:Transforms>
<dsig:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>yZw0xMrw8Q25UM1nBLnIvaaqyus=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#Body_NspfiAs6Y9rYpuEU">
<dsig:Transforms>
<dsig:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>blH5NEUOdBs3o6S5KdF20VuoXBg=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>pUVKqLckwQzy6n1R6l0fd20OLFQ=</dsig:SignatureValue>
<dsig:KeyInfo>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
wsu:Id="str_oLlXyqJASBPoe8tn">
<wsse:Reference URI="#encKey_gnMqPPZMpJhyJPdZ"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/>
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
</dsig:Signature>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp_gdUhkY5lkSIBfMZt">
<wsu:Created>2010-06-07T17:05:06Z</wsu:Created>
<wsu:Expires>2010-06-07T17:06:06Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</S:Header>
<S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Body_NspfiAs6Y9rYpuEU">
<ns1:EncryptedData
xmlns:ns1="http://www.w3.org/2001/04/xmlenc#" Encoding="UTF-8"
Id="qST12BwW5F8x26wb" MimeType="text/xml"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<ns1:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ns1:CipherData>
<ns1:CipherValue>yJAm4Z+fHxLZMEoW2RiIR+eScoxGyXNQEQGVkhdO08p9GFTZK39J3b5UsSz0WxmyQguz5OySBcqLBhujnepaqbCfBayyvfIdCxXszGJfMtkOXiEay5X1jpVaa3Ch+OigZn6ZrhHRlWj5urTp9w6zDA==</ns1:CipherValue>
</ns1:CipherData>
</ns1:EncryptedData>
</S:Body>
</S:Envelope>
CXF REQUEST:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<soap:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soap:mustUnderstand="1">
<wsse:BinarySecurityToken
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="CertId-51539E84A0AE53F92912759303819093">MIIESTCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCQlIxEzARBgNVBAgTClBlcm5hbWJ1Y28xDzANBgNVBAcTBlJlY2lmZTENMAsGA1UEChMEVEpQRTEfMB0GA1UECxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzEfMB0GA1UEAxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzAeFw0wOTA4MTEyMTA2MTRaFw0xNDA4MTEyMTA2MTRaMFIxCzAJBgNVBAYTAkJSMQ0wCwYDVQQKEwRUSlBFMR8wHQYDVQQLExZBcnF1aXRldHVyYSBlIElub3ZhY2FvMRMwEQYDVQQDEwpDbGllbnRlIElGMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCX0AijGz0BPnri43wFpfqKBJl7tPoWl/yoS1Nt6UaIcFWr23eOWDtsEU+V+tuaxYOLSmu4GMq9raWCeER4xN2OBw4U/YSTPLjwo5HJs8kVcZUKZR0EYncqRXegPm4bLnhjg/8lVzJvQNWvYmieHqGqYpiTl+t8oqsKQ9EPPkp+JQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUiLn0wahXkOWryZKuNfGpXafhDrIwHwYDVR0jBBgwFoAUO/eg2iqez1hnDhCjI/i3Mppm/VIwDQYJKoZIhvcNAQEFBQADggIBACBRUD9kqCM7TDSxyvxKwHniuS2HfnUsss3XSsGFrGq2ywLN522knUXDt4+blK4DarSXt128IEfBrs9QwxhFdzc1tgfAx04p7b4/yhVnfLTy15tNlbcXlYr7vnzLPcQfUjWR6AS262emS5iNN/aIiB7fniIDOCvkp8RD/BBV8Vl5bS/EF8jMXLRAnWtFyKekJEChEHDAixG9CIAxiX0dXjxlBkiGMPC6tq/w2Le6/hWrjdSVObqGXxfmHjG3R47Am8SgKxe6OCp0pIVs/JQmeC8KojMA/vKbv7LRWBLpKKVmdgLdsoOL+zV5DHtfZc3Mxi1q9VMaT6jczixU37De4OdHxcYltoAN70i7TaRi6PVQv9hQsReRX3LH6+Uc/x3xtzUkVGwMQ0NsQwEl3jFiEkB6ZC9ruFlgE6Gm34erSEMadclwNQUA66jm+4xQYA7Ur88Mpdjva5ypcfGxKCmvJ/SoXG2gdt3OpAONj8PWA2bZ7yRDQrJBLYZv5zBT4aeVkcLmu5zBt1DtNiOln6RbjmwRkCnyVCVT01ti5/iRfU3g661gXZITK0vrlSvSenEQCCNOtoGa4OrWELap0uymm6MZqtEIw5qQBvboUxJB6RSt7ziZjWsf6CUaGjJ/mxNcwVVmG2CLUfx0yKebkPiEbsogt4WDhRyoizK2yhOgaLFn</wsse:BinarySecurityToken>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp-3">
<wsu:Created>2010-06-07T17:06:21.571Z</wsu:Created>
<wsu:Expires>2010-06-07T17:11:21.571Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="EncKeyId-51539E84A0AE53F92912759303818952">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">4iSUz0GV88TQRCsKTya/PyGfV3M=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>WSeOC/F+hV5N4SNOEd0axiGp5gFGkcOnDfcKMCumiiGc3rqHH4FfEW0u5WlLbcGP2DB32PeC6wIvUV+79AxQQM5g70rEXKTdTQxN2rTPXi2YADPyyeRmDeKuzdJNX3U6gC5b57PQUwnRfMCk5fcNsTvLn3lYxp1Gnceg8xy4Kfc=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-6" />
</xenc:ReferenceList>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="Signature-5">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<ds:Reference URI="#Id-32219102">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>A8EnoPs2s+gNAJW6SG7F8FccOa8=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timeef5stamp-3">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>tZ6suHFPmOdOdGdbtI1ypA0t29g=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>bWOaBam1Q/uiNbWcG/SbgQgNiLo=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-51539E84A0AE53F92912759303819186">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="STRId-51539E84A0AE53F92912759303819187">
<wsse:Reference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
URI="#EncKeyId-51539E84A0AE53F92912759303818952"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#EncryptedKey"
/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="Signature-4">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#Signature-5">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>kgw/sOxBHZfaYsNpl8bo6qvflO8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>BQaZGuWidcweXCrjFy7TpCZOhuRKnrZFwYqpOI6D56jPcHG1ZvhRpTW6MR8Mog2lAhvJkGXyGZWVLRH71i+f2lkqT4+uh492KQVdADZ48EfPebT6rZElJLNCviD3Q70cIzriIhCcrIum8nrpJZ+TQSj551fGIz+LwWrdmndBDRI=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-51539E84A0AE53F92912759303819174">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="STRId-51539E84A0AE53F92912759303819175">
<wsse:Reference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
URI="#CertId-51539E84A0AE53F92912759303819093"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Id-32219102">
<xenc:EncryptedData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-6"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
URI="#EncKeyId-51539E84A0AE53F92912759303818952" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">39o8mG9MsyahakuL2A40G2oRQza++Vp7DQQfBmOx2k5D2CPHSsvWWK0u521FPWa8aPmW8mpuAcP8Cs6oPcjfLaSWxp+Ztn5fGbm7vR1bkL0l2aQOoQX4biBaULE/c5HRtvymbw4xIWbVssTdkdfRMpB/8diYmvc09nSnXSD7Bbp3ID3QvlXrwLB6r0L+79ElRJs7sYVbpOBfLopP9pUzV15P+itwMOBjcyhsrO5TaI4zXEBQWPryKV8q5yAYycW1CBA/Kz9bfLoCu+bDdsAKNdQHfl9HoO9eqxdqPDvHWSLSu2q19zE20JvFitZx2MyziO8oTXwNGXIGol1/6bKZZYF3FSZEPtX0PpZU453KKlz1y3cbmt/t8uMlkuBiTpI5E6NLDcI/+BsTGB76ff8PgQ==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body></soap:Envelope>
CXF Client Config:
Config File cxf.xml:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:soap="http://cxf.apache.org/bindings/soap"
xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy"
xsi:schemaLocation="
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd ">
<jaxws:client name="{http://swap/test/v01}SwapTestPort"
createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.username" value="clientif" />
<entry key="ws-security.callback-handler"
value="br.jus.tjpe.seguranca.ClientKeystorePasswordCallback" />
<entry key="ws-security.signature.properties" value="client.properties" />
<entry key="ws-security.encryption.properties" value="service.properties" />
</jaxws:properties>
</jaxws:client>
</beans>
Config File client.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.alias=clientif
org.apache.ws.security.crypto.merlin.keystore.password=cspass
org.apache.ws.security.crypto.merlin.file=clientstore.jks
Config file service.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.alias=if
org.apache.ws.security.crypto.merlin.keystore.password=cspass
org.apache.ws.security.crypto.merlin.file=clientstore.jks
This is exactly what's in my environment except for the certificate
info which I changed for privacy reasons.
Any help will be much appretiated
Thank you !