RE: [wsf-php-user ] signature and encryption [Service Side Keystore]

[shams jawaid <sh...@hotmail.com>]

Hi kaushale and ruchith,  i have corrected my services.xml file, to this: <service name='Math' scope='application'><description>MathService</description> <messageReceivers><messageReceivermep='http://www.w3.org/2004/08/wsdl/in-out'class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/><messageReceivermep='http://www.w3.org/2004/08/wsdl/in-out'class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/><messageReceivermep='http://www.w3.org/2004/08/wsdl/in-out'class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/><messageReceivermep='http://www.w3.org/2004/08/wsdl/in-out'class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/></messageReceivers> <parameter name='ServiceClass'>math.Math</parameter><module ref='rampart' /> <module ref='addressing' /> <wsp:Policy wsu:Id='SigEncr'xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Tokensp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'><wsp:Policy><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Tokensp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never'><wsp:Policy><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout><sp:IncludeTimestamp/><sp:EncryptSignature/><sp:OnlySignEntireHeadersAndBody/></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><wsp:Policy><sp:MustSupportRefKeyIdentifier/><sp:MustSupportRefIssuerSerial/></wsp:Policy></sp:Wss10><sp:SignedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><sp:Body/></sp:SignedParts><sp:EncryptedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><sp:Body/></sp:EncryptedParts><ramp:RampartConfig xmlns:ramp='http://ws.apache.org/rampart/policy'> <ramp:user>service</ramp:user><ramp:encryptionUser>client</ramp:encryptionUser><ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass><ramp:signatureCrypto><ramp:crypto provider='org.apache.ws.security.components.crypto.Merlin'><ramp:property name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property><ramp:property name='org.apache.ws.security.crypto.merlin.file'>service.jks</ramp:property><ramp:property name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property></ramp:crypto></ramp:signatureCrypto><ramp:encryptionCypto><ramp:crypto provider='org.apache.ws.security.components.crypto.Merlin'><ramp:property name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property><ramp:property name='org.apache.ws.security.crypto.merlin.file'>service.jks</ramp:property><ramp:property name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property></ramp:crypto></ramp:encryptionCypto></ramp:RampartConfig></wsp:All></wsp:ExactlyOne></wsp:Policy></service> and i am ALREADY using the wsf keys provided by the wsf php extension for the client side like this in my client like this: <?php$reqPayloadString = <<<XML<ns1:add xmlns:ns1='http://math'><ns1:Param0>1</ns1:Param0><ns1:Param1>1</ns1:Param1></ns1:add>XML;try {$my_cert = ws_get_cert_from_file('alice_cert.cert'); // client side certificate( public key) $my_key = ws_get_key_from_file('alice_key.pem'); // client side key $rec_cert = ws_get_cert_from_file('bob_cert.cert'); // server side certificate (public key ) $reqMessage = new WSMessage($reqPayloadString,array('to'=>'http://localhost:8181/axis2/services/Math','action' => 'urn:add'));$sec_token = new WSSecurityToken(array('privateKey' => $my_key,                                               'certificate' => $my_cert,                                               'receiverCertificate' => $rec_cert,                                              'ttl'=> 60));$policy_xml = file_get_contents('policy.xml');$policy = new WSPolicy($policy_xml); $client = new WSClient(array('useWSA' => TRUE,'useSOAP' =>'1.1','policy' => $policy,'securityToken' => $sec_token));$resMessage = $client->request($reqMessage);printf('Response = %s \n', $resMessage->str);} catch (Exception $e) {if ($e instanceof WSFault) {printf('Soap Fault: %s\n', $e->Reason);} else {printf('Message = %s\n',$e->getMessage());}}?> and i am using this policy.xml file, which you have given: <wsp:Policy wsu:Id='SigEncr'xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Tokensp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'><wsp:Policy><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Tokensp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never'><wsp:Policy><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout><sp:IncludeTimestamp/><sp:EncryptSignature/><sp:OnlySignEntireHeadersAndBody/></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><wsp:Policy><sp:MustSupportRefKeyIdentifier/><sp:MustSupportRefIssuerSerial/></wsp:Policy></sp:Wss10><sp:SignedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><sp:Body/></sp:SignedParts><sp:EncryptedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><sp:Body/></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy> but i get this output in tcpmon: HTTP/1.1 500 Internal Server ErrorServer: Apache-Coyote/1.1Content-Type: text/xml;charset=UTF-8Transfer-Encoding: chunkedDate: Mon, 24 Sep 2007 18:20:09 GMTConnection: close236<?xml version='1.0' encoding='UTF-8'?>   <soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsa='http://www.w3.org/2005/08/addressing'>      <soapenv:Header>         <wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action>         <wsa:RelatesTo>331a4ded-927c-45b2-925f-1bb214263066</wsa:RelatesTo>      </soapenv:Header>      <soapenv:Body>         <soapenv:Fault>            <faultcode>soapenv:Server</faultcode>            <faultstring>General security error (Unexpected number of X509Data: for decryption (KeyId))</faultstring>            <detail />         </soapenv:Fault>      </soapenv:Body>   </soapenv:Envelope>0i have attached the full request and response messages, that i got in tcpmon and i got no output in the tomcat window.what i think i need is the keystore files, used at the SERVICE side please, that you have used with your interoperability example(the keystores that include the alice/bob certificates + keys), because in the rampart configuration in my services.xml file, it uses the .jks keystores, and i am not 100% sure that the .jks i made myslef are correct. i tried to put the alice_cert + alice_key and bob_cert + bob_key into a .jks file, so that rampart can use them. i think that can be the only error left. i have attached my client.jks and service.jks that i made, if you can have a look at them that would be great, but could you please also send me the .jks files you have used in your internoperability example at the service side for rampart. i think i am nearly there, please help :)
 
thanks alot!> Date: Mon, 24 Sep 2007 14:04:54 +0530> From: kaushalye@wso2.com> To: rampart-dev@ws.apache.org; wsf-php-user@wso2.org> Subject: Re: RE: [wsf-php-user] signature and encryption> > Hi,> Please use the attached PHP client and keys.> -Kaushalye> PS: CCing to wsf-php list as well> > Ruchith Fernando wrote:> > Hi,> >> > You are getting this NPE because you have not added the RampartConfig> > assertion in the policy of services.xml> >> > Please see here for a sample :> > https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample03/services.xml> >> > Please add the configured 'RampartConfig' assertion and then try again.> >> > We rested php-java interop with a WSO2 WSAS instance (which uses Axis2> > and Rampart), if you are interested I can host that WSAS instance for> > you to download.> >> > Thanks,> > Ruchith> >> > shams jawaid wrote:> > > >> Hi kaushalye,> >> > >> sorry about that!! ill stick to this wsf/rampart/java service problem> >> first and provide details :). its good to hear the interoperablity> >> worked fine with a php client and java web service! is it possible that> >> i can see your interop example including the java service, and the> >> service configuration you used? because i checked my client against> >> yours and used your policy.xml file, but i got a :> >> nullpointer error in tcp mon and something about x509 in the tomcat> >> output, i attached those errors(tcpmon output, and a tomcat window> >> output - ) and my services.xml file. Can you see any differences..> >>> >>> >> > >>> Date: Fri, 21 Sep 2007 11:40:15 +0530> >>> From: kaushalye@wso2.com> >>> To: wsf-php-user@wso2.org; rampart-dev@ws.apache.org> >>> Subject: Re:RE: [wsf-php-user] signature and encryption> >>>> >>> Hi Shams,> >>> We did an interop between a PHP client and a Java service. It all worked> >>> fine.:)> >>> And we used the certificate/key pairs available in the PHP. Herewith> >>> I'll attach my sample code and the policy.> >>> So again that Exception can be caused by a misconfiguration in the Java> >>> service. You may try the latest version available here[1] as nightly> >>> builds.> >>> Also I'd like to pay your attention on this. When you troubleshoot,> >>> please try to use the elimination criteria, where you identify possible> >>> reasons for the problem and eliminate one by one. If you try to jump to> >>> another case in the middle of the process you will probably miss the> >>> chance of isolating the exact reason. Since there are many people> >>> willing to help you. It's much easier for us if you can stick to a> >>> certain problem and resolve it first. As in Manjula's reply you might> >>> get a correct answer but for another issue, which makes it's invalid and> >>> probably misguide you wasting your time. :)> >>> You are most welcome to post your problems and we are happy to help you> >>> to overcome those. But you have to include information. For example> >>> logs, client code, policy files and message traces. Just saying that I> >>> get more errors doesn't make any sense.> >>> Cheers,> >>> Kaushalye> >>> [1] http://dist.wso2.org/products/wsf/php/nightly-build/> >>>> >>>> >>> shams jawaid wrote:> >>> > >>>> Hi kaushalye,> >>>> thats cool! i am doing my final year project with him at city> >>>> university! :D i havent tried it with a php service, but when i try to> >>>> use differnt services.xml files or policy.xml files, the badencoding> >>>> error goes away, but i get more errors..i keep thinking i have an> >>>> error there, did my java keystore verify this time :S i havent tried> >>>> using a php service yet..> >>>> > >>>>> Date: Thu, 20 Sep 2007 22:24:02 +0530> >>>>> From: kaushalye@wso2.com> >>>>> To: wsf-php-user@wso2.org> >>>>> Subject: Re: [wsf-php-user] signature and encryption> >>>>> CC: rampart-dev@ws.apache.org> >>>>>> >>>>> Hi,> >>>>> Your client seems perfect to me. So as the generated message. Though> >>>>> I'm not an expert understanding the Java exception, I feel like> >>>>> > >>>> there is> >>>> > >>>>> a configuration error in the service end. It says badEncoding resource> >>>>> property. May be java guys have a better answer(this will be posted in> >>>>> rampart-dev as well). I need sometime to look into this issue.> >>>>> > >> Have you> >> > >>>>> tried PHP client with a PHP service? You may use the sample code I've> >>>>> sent in my previous reply.> >>>>> Cheers,> >>>>> Kaushalye> >>>>> PS: Indeed I know Dasun. He is a good friend of mine. :)> >>>>>> >>>>> shams jawaid wrote:> >>>>> > >>>>>> Hi kaushalye,> >>>>>>> >>>>>> my java web service works alright and it shows up on axis2, and> >>>>>> > >> i can> >> > >>>>>> see the wsse security headers as well. i also converted the sample> >>>>>> keys you get with the wsf samples into a keystore so that they> >>>>>> > >> can be> >> > >>>>>> used in rampart. i only get the message signed and encrypted, but at> >>>>>> the recieving end i get :> >>>>>>> >>>>>> HTTP/1.1 500 Internal Server Error> >>>>>> Server: Apache-Coyote/1.1> >>>>>> Content-Type: application/soap+xml;> >>>>>>> >>>>>> > >>>> action='http://www.w3.org/2005/08/addressing/soap/fault';charset=UTF-8> >>>> > >>>>>> <http://www.w3.org/2005/08/addressing/soap/fault>> >>>>>> Transfer-Encoding: chunked> >>>>>> Date: Thu, 20 Sep 2007 17:01:36 GMT> >>>>>> Connection: close> >>>>>> 28E> >>>>>> <?xml version='1.0' encoding='UTF-8'?>> >>>>>> <soapenv:Envelope> >>>>>> xmlns:soapenv='http://www.w3.org/2003/05/soap-envelope'> >>>>>> xmlns:wsa='http://www.w3.org/2005/08/addressing'>> >>>>>> <soapenv:Header>> >>>>>>> >>>>>>> >>>>>> > >>>> <wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action>> >>>> > >>>>>> <wsa:RelatesTo>9a11d849-d295-42c1-ae0b-0697b8280fc8</wsa:RelatesTo>> >>>>>> </soapenv:Header>> >>>>>> <soapenv:Body>> >>>>>> <soapenv:Fault>> >>>>>> <soapenv:Code>> >>>>>> <soapenv:Value>soapenv:Receiver</soapenv:Value>> >>>>>> </soapenv:Code>> >>>>>> <soapenv:Reason>> >>>>>> <soapenv:Text> >>>>>> xml:lang='en-US'>java.lang.RuntimeException: Undefined 'badEncoding'> >>>>>> resource property</soapenv:Text>> >>>>>> </soapenv:Reason>> >>>>>> <soapenv:Detail />> >>>>>> </soapenv:Fault>> >>>>>> </soapenv:Body>> >>>>>> </soapenv:Envelope>> >>>>>> 0> >>>>>>> >>>>>> ill attach the files here, and if you can, please have a look, i> >>>>>> > >> dont> >> > >>>>>> know what else to do really :S> >>>>>> thanks for your help! and by the way, do you know dasun weerasinghe?> >>>>>> my project supervisor says he knows you!> >>>>>>> >>>>>>> >>>>>> > >>>>>>> Date: Thu, 20 Sep 2007 20:50:40 +0530> >>>>>>> From: kaushalye@wso2.com> >>>>>>> To: wsf-php-user@wso2.org> >>>>>>> CC: rampart-dev@ws.apache.org> >>>>>>> Subject: Re: [wsf-php-user] signature and encryption> >>>>>>>> >>>>>>> Hi Shams,> >>>>>>> Have you resolved the issue setting up your Java service?> >>>>>>> > >> Otherwise> >> > >>>>>>> there is no point of trying sending client requests.> >>>>>>> Can you see the <wsse:Security> header is in the request? Please> >>>>>>> > >>>> attach> >>>> > >>>>>>> log and trace of SOAP messages when you post a problem (as there> >>>>>>> > >>>> is no> >>>> > >>>>>>> other way we can find the reason). :)> >>>>>>> Please find a complete PHP sample here[1].> >>>>>>> Cheers,> >>>>>>> Kaushalye> >>>>>>>> >>>>>>> > >>>> [1]http://wso2.org/repos/wso2/trunk/wsf/php/samples/security/complete/> >>>> > >>>>>>> shams jawaid wrote:> >>>>>>> > >>>>>>>> Hi, i am trying to implement sample 03 of rampart 1.3 policy> >>>>>>>> > >>>> samples> >>>> > >>>>>>>> using wsf php extension and axis2/java 1.3 + rampart 1.3,> >>>>>>>> > >>>> however i> >>>> > >>>>>>>> get the error:> >>>>>>>>> >>>>>>>> policy creation failedSoap Fault: Missing wsse:Security> >>>>>>>> > >> header in> >> > >>>>>> request> >>>>>> > >>>>>>>> i have just referenced the sample policy file from my php> >>>>>>>> > >>>> client, and> >>>> > >>>>>>>> used the sample services.xml file as well, and i havent changed> >>>>>>>> anything apart from the reference to the PWCBHanlder class.> >>>>>>>>> >>>>>>>> here is my php client :> >>>>>>>>> >>>>>>>> <?php> >>>>>>>> $reqPayloadString = <<<XML> >>>>>>>> <ns1:add> >>>>>>>>> >>>>>>>> > >> xmlns:ns1='http://math'><ns1:Param0>1</ns1:Param0><ns1:Param1>1</ns1:Param1>> >> > >>>>>>>> </ns1:add>> >>>>>>>> XML;> >>>>>>>> try {> >>>>>>>> $my_cert = ws_get_cert_from_file('alice_cert.cert'); // client> >>>>>>>> > >>>> side> >>>> > >>>>>>>> certificate( public key)> >>>>>>>> $my_key = ws_get_key_from_file('alice_key.pem'); // client> >>>>>>>> > >>>> side key> >>>> > >>>>>>>> $rec_cert = ws_get_cert_from_file('bob_cert.cert'); //> >>>>>>>> > >> server side> >> > >>>>>>>> certificate (public key )> >>>>>>>>> >>>>>>>> $reqMessage = new WSMessage($reqPayloadString,> >>>>>>>>> >>>>>>>> > >>>> array('to'=>'http://localhost:8181/axis2/services/Math','action' =>> >>>> > >>>>>>>> 'urn:add'));> >>>>>>>>> >>>>>>>>> >>>>>>>> $sec_token = new WSSecurityToken(array('privateKey' => $my_key,> >>>>>>>> 'certificate' => $my_cert,> >>>>>>>> 'receiverCertificate' => $rec_cert,> >>>>>>>> 'ttl'=> 60));> >>>>>>>> $policy_xml = file_get_contents('policy.xml');> >>>>>>>> $policy = new WSPolicy($policy_xml);> >>>>>>>>> >>>>>>>>> >>>>>>>> $client = new WSClient(array('useWSA' => TRUE,> >>>>>>>> 'policy' => $policy,> >>>>>>>> 'securityToken' => $sec_token));> >>>>>>>>> >>>>>>>> $resMessage = $client->request($reqMessage);> >>>>>>>>> >>>>>>>> printf('Response = %s \n', $resMessage->str);> >>>>>>>> } catch (Exception $e) {> >>>>>>>> if ($e instanceof WSFault) {> >>>>>>>> printf('Soap Fault: %s\n', $e->Reason);> >>>>>>>> } else {> >>>>>>>> printf('Message = %s\n',$e->getMessage());> >>>>>>>> }> >>>>>>>> }> >>>>>>>> ?>> >>>>>>>>> >>>>>>>> i have been trying non-stop just to get encryption and signature> >>>>>>>> working :(, but i keep getting errors, if anyone has a working> >>>>>>>> > >>>> sample> >>>> > >>>>>>>> please can i see it? or if anyone knows the reason for this> >>>>>>>> > >> error> >> > >>>>>>>> please let me know. thanks> >>>>>>>>> >>>>>>>>> >>>>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>>>> Do you know a place like the back of your hand? Share local> >>>>>>>> > >>>> knowledge> >>>> > >>>>>>>> with BackOfMyHand.com <http://www.backofmyhand.com>> >>>>>>>>> >>>>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>>>> <service name='Math' scope='application'>> >>>>>>>> <description>> >>>>>>>> MathService> >>>>>>>> </description>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> <messageReceivers>> >>>>>>>>> >>>>>>>> <messageReceiver> >>>>>>>> mep='http://www.w3.org/2004/08/wsdl/in-out'> >>>>>>>> class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/>> >>>>>>>>> >>>>>>>> <messageReceiver> >>>>>>>> mep='http://www.w3.org/2004/08/wsdl/in-out'> >>>>>>>> class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/>> >>>>>>>>> >>>>>>>> <messageReceiver> >>>>>>>> mep='http://www.w3.org/2004/08/wsdl/in-out'> >>>>>>>> class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/>> >>>>>>>>> >>>>>>>> <messageReceiver> >>>>>>>> mep='http://www.w3.org/2004/08/wsdl/in-out'> >>>>>>>> class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/>> >>>>>>>> </messageReceivers>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> <parameter name='ServiceClass'>> >>>>>>>> math.Math> >>>>>>>> </parameter>> >>>>>>>>> >>>>>>>> <module ref='rampart' />> >>>>>>>> <module ref='addressing' />> >>>>>>>>> >>>>>>>> <wsp:Policy wsu:Id='SigEncr'> >>>>>>>> > >> xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'> >>> >> > >>>>>> xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>> >>>>>> > >>>>>>>> <wsp:ExactlyOne>> >>>>>>>> <wsp:All>> >>>>>>>> <sp:AsymmetricBinding> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:InitiatorToken>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:X509Token> >>>>>>>> > >> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>> >> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:WssX509V3Token10/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:X509Token>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:InitiatorToken>> >>>>>>>> <sp:RecipientToken>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:X509Token> >>>>>>>> > >> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never'>> >> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:WssX509V3Token10/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:X509Token>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:RecipientToken>> >>>>>>>> <sp:AlgorithmSuite>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:TripleDesRsa15/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:AlgorithmSuite>> >>>>>>>> <sp:Layout>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:Strict/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:Layout>> >>>>>>>> <sp:IncludeTimestamp/>> >>>>>>>> <sp:OnlySignEntireHeadersAndBody/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:AsymmetricBinding>> >>>>>>>> <sp:Wss10> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:MustSupportRefKeyIdentifier/>> >>>>>>>> <sp:MustSupportRefIssuerSerial/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:Wss10>> >>>>>>>> <sp:SignedParts> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <sp:Body/>> >>>>>>>> </sp:SignedParts>> >>>>>>>> <sp:EncryptedParts> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <sp:Body/>> >>>>>>>> </sp:EncryptedParts>> >>>>>>>>> >>>>>>>> <ramp:RampartConfig> >>>>>>>> > >>>> xmlns:ramp='http://ws.apache.org/rampart/policy'>> >>>> > >>>>>>>> <ramp:user>service</ramp:user>> >>>>>>>> <ramp:encryptionUser>client</ramp:encryptionUser>> >>>>>>>>> >>>>>>>> > >> <ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass>> >> > >>>>>>>> <ramp:signatureCrypto>> >>>>>>>> <ramp:crypto> >>>>>>>> > >>>>>> provider='org.apache.ws.security.components.crypto.Merlin'>> >>>>>> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.file'>service.jks</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property>> >> > >>>>>>>> </ramp:crypto>> >>>>>>>> </ramp:signatureCrypto>> >>>>>>>> <ramp:encryptionCypto>> >>>>>>>> <ramp:crypto> >>>>>>>> > >>>>>> provider='org.apache.ws.security.components.crypto.Merlin'>> >>>>>> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.file'>service.jks</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property>> >> > >>>>>>>> </ramp:crypto>> >>>>>>>> </ramp:encryptionCypto>> >>>>>>>> </ramp:RampartConfig>> >>>>>>>>> >>>>>>>> </wsp:All>> >>>>>>>> </wsp:ExactlyOne>> >>>>>>>> </wsp:Policy>> >>>>>>>>> >>>>>>>>> >>>>>>>> </service>> >>>>>>>>> >>>>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>>>> <?xml version='1.0' encoding='UTF-8'?>> >>>>>>>> <!--> >>>>>>>> !> >>>>>>>> ! Copyright 2006 The Apache Software Foundation.> >>>>>>>> !> >>>>>>>> ! Licensed under the Apache License, Version 2.0 (the> >>>>>>>> > >> 'License');> >> > >>>>>>>> ! you may not use this file except in compliance with the> >>>>>>>> > >> License.> >> > >>>>>>>> ! You may obtain a copy of the License at> >>>>>>>> !> >>>>>>>> ! http://www.apache.org/licenses/LICENSE-2.0> >>>>>>>> !> >>>>>>>> ! Unless required by applicable law or agreed to in writing,> >>>>>>>> > >>>> software> >>>> > >>>>>>>> ! distributed under the License is distributed on an 'AS IS'> >>>>>>>> > >>>> BASIS,> >>>> > >>>>>>>> ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either> >>>>>>>> > >> express or> >> > >>>>>> implied.> >>>>>> > >>>>>>>> ! See the License for the specific language governing> >>>>>>>> > >>>> permissions and> >>>> > >>>>>>>> ! limitations under the License.> >>>>>>>> !-->> >>>>>>>>> >>>>>>>> <wsp:Policy wsu:Id='SigEncr'> >>>>>>>> > >> xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'> >>> >> > >>>>>> xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>> >>>>>> > >>>>>>>> <wsp:ExactlyOne>> >>>>>>>> <wsp:All>> >>>>>>>> <sp:AsymmetricBinding> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:InitiatorToken>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:X509Token> >>>>>>>> > >> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>> >> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:WssX509V3Token10/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:X509Token>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:InitiatorToken>> >>>>>>>> <sp:RecipientToken>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:X509Token> >>>>>>>> > >> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never'>> >> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:WssX509V3Token10/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:X509Token>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:RecipientToken>> >>>>>>>> <sp:AlgorithmSuite>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:TripleDesRsa15/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:AlgorithmSuite>> >>>>>>>> <sp:Layout>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:Strict/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:Layout>> >>>>>>>> <sp:IncludeTimestamp/>> >>>>>>>> <sp:OnlySignEntireHeadersAndBody/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:AsymmetricBinding>> >>>>>>>> <sp:Wss10> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:MustSupportRefKeyIdentifier/>> >>>>>>>> <sp:MustSupportRefIssuerSerial/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:Wss10>> >>>>>>>> <sp:SignedParts> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <sp:Body/>> >>>>>>>> </sp:SignedParts>> >>>>>>>> <sp:EncryptedParts> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <sp:Body/>> >>>>>>>> </sp:EncryptedParts>> >>>>>>>>> >>>>>>>> <ramp:RampartConfig> >>>>>>>> > >>>> xmlns:ramp='http://ws.apache.org/rampart/policy'>> >>>> > >>>>>>>> <ramp:user>client</ramp:user>> >>>>>>>> <ramp:encryptionUser>service</ramp:encryptionUser>> >>>>>>>>> >>>>>>>> > >> <ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass>> >> > >>>>>>>> <ramp:signatureCrypto>> >>>>>>>> <ramp:crypto> >>>>>>>> > >>>>>> provider='org.apache.ws.security.components.crypto.Merlin'>> >>>>>> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.file'>client.jks</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property>> >> > >>>>>>>> </ramp:crypto>> >>>>>>>> </ramp:signatureCrypto>> >>>>>>>> <ramp:encryptionCypto>> >>>>>>>> <ramp:crypto> >>>>>>>> > >>>>>> provider='org.apache.ws.security.components.crypto.Merlin'>> >>>>>> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.file'>client.jks</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property>> >> > >>>>>>>> </ramp:crypto>> >>>>>>>> </ramp:encryptionCypto>> >>>>>>>> </ramp:RampartConfig>> >>>>>>>>> >>>>>>>> </wsp:All>> >>>>>>>> </wsp:ExactlyOne>> >>>>>>>> </wsp:Policy>> >>>>>>>>> >>>>>>>>> >>>>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>>>> _______________________________________________> >>>>>>>> Wsf-php-user mailing list> >>>>>>>> Wsf-php-user@wso2.org> >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user> >>>>>>>>> >>>>>>>> > >>>>>>> --> >>>>>>> http://kaushalye.blogspot.com/> >>>>>>> http://wso2.org/> >>>>>>>> >>>>>>> > >>>>>>> >>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>> Get free emoticon packs and customisation from Windows Live. Pimp My> >>>>>> Live! <http://www.pimpmylive.co.uk>> >>>>>>> >>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>> _______________________________________________> >>>>>> Wsf-php-user mailing list> >>>>>> Wsf-php-user@wso2.org> >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user> >>>>>>> >>>>>> > >>>>> --> >>>>> http://kaushalye.blogspot.com/> >>>>> http://wso2.org/> >>>>>> >>>>>> >>>>> _______________________________________________> >>>>> Wsf-php-user mailing list> >>>>> Wsf-php-user@wso2.org> >>>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user> >>>>> > >>>> ------------------------------------------------------------------------> >>>> Are you the Quizmaster? Play BrainBattle with a friend now!> >>>> <http://specials.uk.msn.com/brainbattle>> >>>> ------------------------------------------------------------------------> >>>>> >>>> _______________________________________________> >>>> Wsf-php-user mailing list> >>>> Wsf-php-user@wso2.org> >>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user> >>>>> >>>> > >>> --> >>> http://kaushalye.blogspot.com/> >>> http://wso2.org/> >>>> >>> > >> ------------------------------------------------------------------------> >> Play Movie Mash-up and win BIG prizes! <https://www.moviemashup.co.uk>> >>> >> > >> >> > > > > -- > http://kaushalye.blogspot.com/> http://wso2.org/> 
_________________________________________________________________
The next generation of MSN Hotmail has arrived - Windows Live Hotmail
http://www.newhotmail.co.uk

RE: [wsf-php-user] RE: [wsf-php-user ] signature and encryption [Service Side Keystore] [correction]

[shams jawaid <sh...@hotmail.com>]

Hi kaushalye and ruchith, 
 
just wanted to correct something, in my last email i wrote:
 
"i just thought id add that i have been using notepad to copy and paste private keys/certificates! i think this might be the cause of the error im getting" 
 
what i really meant to say was, i have been using notepad to copy and paste keys/certificates when i have tried to export them from the keystores provided by rampart, so i can use them in pem format for the php client(attempt to solve problem before). at the moment i am just using the wsf keys (bob/alice) provided in the samples(client side) and i have tried to generate a keystore which includes the wsf keys (which i attached in my previous email, for service side, rampart). anyways, sorry for the confusion!!
 
thanks


From: shams4d@hotmail.comTo: rampart-dev@ws.apache.org; wsf-php-user@wso2.org; kaushalye@wso2.comDate: Wed, 26 Sep 2007 00:01:26 +0000Subject: [wsf-php-user] RE: [wsf-php-user ] signature and encryption [Service Side Keystore]


Hi kaushale and ruchith,  i was reading the book Pro OpenSSH - CHAPTER 6 - page 121  Quote: 
"The public key file looks very similar to the private file. Please note the main string of the
public key file is all one line inside of a UNIX editor such as vi or emacs. If you try to copy and
paste a key file from an editor that inserts return carriages, such as notepad.exe, the key will
not be valid. Listing 6-6 shows a public key file."
 
i just thought id add that i have been using notepad to copy and paste private keys/certificates! i think this might be the cause of the error im getting ( details of the error was in the last email i sent which included 'server side keystore' in the subject). Have you got any ideas as to why i got that error : 
 
General security error (Unexpected number of X509Data: for decryption (KeyId))
 
error? anyways, if i could use your sample keystore file used in the service side for rampart in the interoperability example, that would be great.
 
thanks again!  


From: shams4d@hotmail.comTo: wsf-php-user@wso2.org; rampart-dev@ws.apache.org; kaushalye@wso2.comSubject: RE: [wsf-php-user ] signature and encryption [Service Side Keystore]Date: Mon, 24 Sep 2007 17:39:32 +0000

Hi kaushale and ruchith,  i have corrected my services.xml file, to this: <service name='Math' scope='application'><description>MathService</description> <messageReceivers><messageReceivermep='http://www.w3.org/2004/08/wsdl/in-out'class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/><messageReceivermep='http://www.w3.org/2004/08/wsdl/in-out'class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/><messageReceivermep='http://www.w3.org/2004/08/wsdl/in-out'class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/><messageReceivermep='http://www.w3.org/2004/08/wsdl/in-out'class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/></messageReceivers> <parameter name='ServiceClass'>math.Math</parameter><module ref='rampart' /> <module ref='addressing' /> <wsp:Policy wsu:Id='SigEncr'xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Tokensp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'><wsp:Policy><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Tokensp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never'><wsp:Policy><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout><sp:IncludeTimestamp/><sp:EncryptSignature/><sp:OnlySignEntireHeadersAndBody/></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><wsp:Policy><sp:MustSupportRefKeyIdentifier/><sp:MustSupportRefIssuerSerial/></wsp:Policy></sp:Wss10><sp:SignedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><sp:Body/></sp:SignedParts><sp:EncryptedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><sp:Body/></sp:EncryptedParts><ramp:RampartConfig xmlns:ramp='http://ws.apache.org/rampart/policy'> <ramp:user>service</ramp:user><ramp:encryptionUser>client</ramp:encryptionUser><ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass><ramp:signatureCrypto><ramp:crypto provider='org.apache.ws.security.components.crypto.Merlin'><ramp:property name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property><ramp:property name='org.apache.ws.security.crypto.merlin.file'>service.jks</ramp:property><ramp:property name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property></ramp:crypto></ramp:signatureCrypto><ramp:encryptionCypto><ramp:crypto provider='org.apache.ws.security.components.crypto.Merlin'><ramp:property name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property><ramp:property name='org.apache.ws.security.crypto.merlin.file'>service.jks</ramp:property><ramp:property name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property></ramp:crypto></ramp:encryptionCypto></ramp:RampartConfig></wsp:All></wsp:ExactlyOne></wsp:Policy></service> and i am ALREADY using the wsf keys provided by the wsf php extension for the client side like this in my client like this: <?php$reqPayloadString = <<<XML<ns1:add xmlns:ns1='http://math'><ns1:Param0>1</ns1:Param0><ns1:Param1>1</ns1:Param1></ns1:add>XML;try {$my_cert = ws_get_cert_from_file('alice_cert.cert'); // client side certificate( public key) $my_key = ws_get_key_from_file('alice_key.pem'); // client side key $rec_cert = ws_get_cert_from_file('bob_cert.cert'); // server side certificate (public key ) $reqMessage = new WSMessage($reqPayloadString,array('to'=>'http://localhost:8181/axis2/services/Math','action' => 'urn:add'));$sec_token = new WSSecurityToken(array('privateKey' => $my_key,                                               'certificate' => $my_cert,                                               'receiverCertificate' => $rec_cert,                                              'ttl'=> 60));$policy_xml = file_get_contents('policy.xml');$policy = new WSPolicy($policy_xml); $client = new WSClient(array('useWSA' => TRUE,'useSOAP' =>'1.1','policy' => $policy,'securityToken' => $sec_token));$resMessage = $client->request($reqMessage);printf('Response = %s \n', $resMessage->str);} catch (Exception $e) {if ($e instanceof WSFault) {printf('Soap Fault: %s\n', $e->Reason);} else {printf('Message = %s\n',$e->getMessage());}}?> and i am using this policy.xml file, which you have given: <wsp:Policy wsu:Id='SigEncr'xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Tokensp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'><wsp:Policy><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Tokensp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never'><wsp:Policy><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout><sp:IncludeTimestamp/><sp:EncryptSignature/><sp:OnlySignEntireHeadersAndBody/></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><wsp:Policy><sp:MustSupportRefKeyIdentifier/><sp:MustSupportRefIssuerSerial/></wsp:Policy></sp:Wss10><sp:SignedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><sp:Body/></sp:SignedParts><sp:EncryptedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><sp:Body/></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy> but i get this output in tcpmon: HTTP/1.1 500 Internal Server ErrorServer: Apache-Coyote/1.1Content-Type: text/xml;charset=UTF-8Transfer-Encoding: chunkedDate: Mon, 24 Sep 2007 18:20:09 GMTConnection: close236<?xml version='1.0' encoding='UTF-8'?>   <soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsa='http://www.w3.org/2005/08/addressing'>      <soapenv:Header>         <wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action>         <wsa:RelatesTo>331a4ded-927c-45b2-925f-1bb214263066</wsa:RelatesTo>      </soapenv:Header>      <soapenv:Body>         <soapenv:Fault>            <faultcode>soapenv:Server</faultcode>            <faultstring>General security error (Unexpected number of X509Data: for decryption (KeyId))</faultstring>            <detail />         </soapenv:Fault>      </soapenv:Body>   </soapenv:Envelope>0i have attached the full request and response messages, that i got in tcpmon and i got no output in the tomcat window.what i think i need is the keystore files, used at the SERVICE side please, that you have used with your interoperability example(the keystores that include the alice/bob certificates + keys), because in the rampart configuration in my services.xml file, it uses the .jks keystores, and i am not 100% sure that the .jks i made myslef are correct. i tried to put the alice_cert + alice_key and bob_cert + bob_key into a .jks file, so that rampart can use them. i think that can be the only error left. i have attached my client.jks and service.jks that i made, if you can have a look at them that would be great, but could you please also send me the .jks files you have used in your internoperability example at the service side for rampart. i think i am nearly there, please help :) thanks alot!> Date: Mon, 24 Sep 2007 14:04:54 +0530> From: kaushalye@wso2.com> To: rampart-dev@ws.apache.org; wsf-php-user@wso2.org> Subject: Re: RE: [wsf-php-user] signature and encryption> > Hi,> Please use the attached PHP client and keys.> -Kaushalye> PS: CCing to wsf-php list as well> > Ruchith Fernando wrote:> > Hi,> >> > You are getting this NPE because you have not added the RampartConfig> > assertion in the policy of services.xml> >> > Please see here for a sample :> > https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample03/services.xml> >> > Please add the configured 'RampartConfig' assertion and then try again.> >> > We rested php-java interop with a WSO2 WSAS instance (which uses Axis2> > and Rampart), if you are interested I can host that WSAS instance for> > you to download.> >> > Thanks,> > Ruchith> >> > shams jawaid wrote:> > > >> Hi kaushalye,> >> > >> sorry about that!! ill stick to this wsf/rampart/java service problem> >> first and provide details :). its good to hear the interoperablity> >> worked fine with a php client and java web service! is it possible that> >> i can see your interop example including the java service, and the> >> service configuration you used? because i checked my client against> >> yours and used your policy.xml file, but i got a :> >> nullpointer error in tcp mon and something about x509 in the tomcat> >> output, i attached those errors(tcpmon output, and a tomcat window> >> output - ) and my services.xml file. Can you see any differences..> >>> >>> >> > >>> Date: Fri, 21 Sep 2007 11:40:15 +0530> >>> From: kaushalye@wso2.com> >>> To: wsf-php-user@wso2.org; rampart-dev@ws.apache.org> >>> Subject: Re:RE: [wsf-php-user] signature and encryption> >>>> >>> Hi Shams,> >>> We did an interop between a PHP client and a Java service. It all worked> >>> fine.:)> >>> And we used the certificate/key pairs available in the PHP. Herewith> >>> I'll attach my sample code and the policy.> >>> So again that Exception can be caused by a misconfiguration in the Java> >>> service. You may try the latest version available here[1] as nightly> >>> builds.> >>> Also I'd like to pay your attention on this. When you troubleshoot,> >>> please try to use the elimination criteria, where you identify possible> >>> reasons for the problem and eliminate one by one. If you try to jump to> >>> another case in the middle of the process you will probably miss the> >>> chance of isolating the exact reason. Since there are many people> >>> willing to help you. It's much easier for us if you can stick to a> >>> certain problem and resolve it first. As in Manjula's reply you might> >>> get a correct answer but for another issue, which makes it's invalid and> >>> probably misguide you wasting your time. :)> >>> You are most welcome to post your problems and we are happy to help you> >>> to overcome those. But you have to include information. For example> >>> logs, client code, policy files and message traces. Just saying that I> >>> get more errors doesn't make any sense.> >>> Cheers,> >>> Kaushalye> >>> [1] http://dist.wso2.org/products/wsf/php/nightly-build/> >>>> >>>> >>> shams jawaid wrote:> >>> > >>>> Hi kaushalye,> >>>> thats cool! i am doing my final year project with him at city> >>>> university! :D i havent tried it with a php service, but when i try to> >>>> use differnt services.xml files or policy.xml files, the badencoding> >>>> error goes away, but i get more errors..i keep thinking i have an> >>>> error there, did my java keystore verify this time :S i havent tried> >>>> using a php service yet..> >>>> > >>>>> Date: Thu, 20 Sep 2007 22:24:02 +0530> >>>>> From: kaushalye@wso2.com> >>>>> To: wsf-php-user@wso2.org> >>>>> Subject: Re: [wsf-php-user] signature and encryption> >>>>> CC: rampart-dev@ws.apache.org> >>>>>> >>>>> Hi,> >>>>> Your client seems perfect to me. So as the generated message. Though> >>>>> I'm not an expert understanding the Java exception, I feel like> >>>>> > >>>> there is> >>>> > >>>>> a configuration error in the service end. It says badEncoding resource> >>>>> property. May be java guys have a better answer(this will be posted in> >>>>> rampart-dev as well). I need sometime to look into this issue.> >>>>> > >> Have you> >> > >>>>> tried PHP client with a PHP service? You may use the sample code I've> >>>>> sent in my previous reply.> >>>>> Cheers,> >>>>> Kaushalye> >>>>> PS: Indeed I know Dasun. He is a good friend of mine. :)> >>>>>> >>>>> shams jawaid wrote:> >>>>> > >>>>>> Hi kaushalye,> >>>>>>> >>>>>> my java web service works alright and it shows up on axis2, and> >>>>>> > >> i can> >> > >>>>>> see the wsse security headers as well. i also converted the sample> >>>>>> keys you get with the wsf samples into a keystore so that they> >>>>>> > >> can be> >> > >>>>>> used in rampart. i only get the message signed and encrypted, but at> >>>>>> the recieving end i get :> >>>>>>> >>>>>> HTTP/1.1 500 Internal Server Error> >>>>>> Server: Apache-Coyote/1.1> >>>>>> Content-Type: application/soap+xml;> >>>>>>> >>>>>> > >>>> action='http://www.w3.org/2005/08/addressing/soap/fault';charset=UTF-8> >>>> > >>>>>> <http://www.w3.org/2005/08/addressing/soap/fault>> >>>>>> Transfer-Encoding: chunked> >>>>>> Date: Thu, 20 Sep 2007 17:01:36 GMT> >>>>>> Connection: close> >>>>>> 28E> >>>>>> <?xml version='1.0' encoding='UTF-8'?>> >>>>>> <soapenv:Envelope> >>>>>> xmlns:soapenv='http://www.w3.org/2003/05/soap-envelope'> >>>>>> xmlns:wsa='http://www.w3.org/2005/08/addressing'>> >>>>>> <soapenv:Header>> >>>>>>> >>>>>>> >>>>>> > >>>> <wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action>> >>>> > >>>>>> <wsa:RelatesTo>9a11d849-d295-42c1-ae0b-0697b8280fc8</wsa:RelatesTo>> >>>>>> </soapenv:Header>> >>>>>> <soapenv:Body>> >>>>>> <soapenv:Fault>> >>>>>> <soapenv:Code>> >>>>>> <soapenv:Value>soapenv:Receiver</soapenv:Value>> >>>>>> </soapenv:Code>> >>>>>> <soapenv:Reason>> >>>>>> <soapenv:Text> >>>>>> xml:lang='en-US'>java.lang.RuntimeException: Undefined 'badEncoding'> >>>>>> resource property</soapenv:Text>> >>>>>> </soapenv:Reason>> >>>>>> <soapenv:Detail />> >>>>>> </soapenv:Fault>> >>>>>> </soapenv:Body>> >>>>>> </soapenv:Envelope>> >>>>>> 0> >>>>>>> >>>>>> ill attach the files here, and if you can, please have a look, i> >>>>>> > >> dont> >> > >>>>>> know what else to do really :S> >>>>>> thanks for your help! and by the way, do you know dasun weerasinghe?> >>>>>> my project supervisor says he knows you!> >>>>>>> >>>>>>> >>>>>> > >>>>>>> Date: Thu, 20 Sep 2007 20:50:40 +0530> >>>>>>> From: kaushalye@wso2.com> >>>>>>> To: wsf-php-user@wso2.org> >>>>>>> CC: rampart-dev@ws.apache.org> >>>>>>> Subject: Re: [wsf-php-user] signature and encryption> >>>>>>>> >>>>>>> Hi Shams,> >>>>>>> Have you resolved the issue setting up your Java service?> >>>>>>> > >> Otherwise> >> > >>>>>>> there is no point of trying sending client requests.> >>>>>>> Can you see the <wsse:Security> header is in the request? Please> >>>>>>> > >>>> attach> >>>> > >>>>>>> log and trace of SOAP messages when you post a problem (as there> >>>>>>> > >>>> is no> >>>> > >>>>>>> other way we can find the reason). :)> >>>>>>> Please find a complete PHP sample here[1].> >>>>>>> Cheers,> >>>>>>> Kaushalye> >>>>>>>> >>>>>>> > >>>> [1]http://wso2.org/repos/wso2/trunk/wsf/php/samples/security/complete/> >>>> > >>>>>>> shams jawaid wrote:> >>>>>>> > >>>>>>>> Hi, i am trying to implement sample 03 of rampart 1.3 policy> >>>>>>>> > >>>> samples> >>>> > >>>>>>>> using wsf php extension and axis2/java 1.3 + rampart 1.3,> >>>>>>>> > >>>> however i> >>>> > >>>>>>>> get the error:> >>>>>>>>> >>>>>>>> policy creation failedSoap Fault: Missing wsse:Security> >>>>>>>> > >> header in> >> > >>>>>> request> >>>>>> > >>>>>>>> i have just referenced the sample policy file from my php> >>>>>>>> > >>>> client, and> >>>> > >>>>>>>> used the sample services.xml file as well, and i havent changed> >>>>>>>> anything apart from the reference to the PWCBHanlder class.> >>>>>>>>> >>>>>>>> here is my php client :> >>>>>>>>> >>>>>>>> <?php> >>>>>>>> $reqPayloadString = <<<XML> >>>>>>>> <ns1:add> >>>>>>>>> >>>>>>>> > >> xmlns:ns1='http://math'><ns1:Param0>1</ns1:Param0><ns1:Param1>1</ns1:Param1>> >> > >>>>>>>> </ns1:add>> >>>>>>>> XML;> >>>>>>>> try {> >>>>>>>> $my_cert = ws_get_cert_from_file('alice_cert.cert'); // client> >>>>>>>> > >>>> side> >>>> > >>>>>>>> certificate( public key)> >>>>>>>> $my_key = ws_get_key_from_file('alice_key.pem'); // client> >>>>>>>> > >>>> side key> >>>> > >>>>>>>> $rec_cert = ws_get_cert_from_file('bob_cert.cert'); //> >>>>>>>> > >> server side> >> > >>>>>>>> certificate (public key )> >>>>>>>>> >>>>>>>> $reqMessage = new WSMessage($reqPayloadString,> >>>>>>>>> >>>>>>>> > >>>> array('to'=>'http://localhost:8181/axis2/services/Math','action' =>> >>>> > >>>>>>>> 'urn:add'));> >>>>>>>>> >>>>>>>>> >>>>>>>> $sec_token = new WSSecurityToken(array('privateKey' => $my_key,> >>>>>>>> 'certificate' => $my_cert,> >>>>>>>> 'receiverCertificate' => $rec_cert,> >>>>>>>> 'ttl'=> 60));> >>>>>>>> $policy_xml = file_get_contents('policy.xml');> >>>>>>>> $policy = new WSPolicy($policy_xml);> >>>>>>>>> >>>>>>>>> >>>>>>>> $client = new WSClient(array('useWSA' => TRUE,> >>>>>>>> 'policy' => $policy,> >>>>>>>> 'securityToken' => $sec_token));> >>>>>>>>> >>>>>>>> $resMessage = $client->request($reqMessage);> >>>>>>>>> >>>>>>>> printf('Response = %s \n', $resMessage->str);> >>>>>>>> } catch (Exception $e) {> >>>>>>>> if ($e instanceof WSFault) {> >>>>>>>> printf('Soap Fault: %s\n', $e->Reason);> >>>>>>>> } else {> >>>>>>>> printf('Message = %s\n',$e->getMessage());> >>>>>>>> }> >>>>>>>> }> >>>>>>>> ?>> >>>>>>>>> >>>>>>>> i have been trying non-stop just to get encryption and signature> >>>>>>>> working :(, but i keep getting errors, if anyone has a working> >>>>>>>> > >>>> sample> >>>> > >>>>>>>> please can i see it? or if anyone knows the reason for this> >>>>>>>> > >> error> >> > >>>>>>>> please let me know. thanks> >>>>>>>>> >>>>>>>>> >>>>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>>>> Do you know a place like the back of your hand? Share local> >>>>>>>> > >>>> knowledge> >>>> > >>>>>>>> with BackOfMyHand.com <http://www.backofmyhand.com>> >>>>>>>>> >>>>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>>>> <service name='Math' scope='application'>> >>>>>>>> <description>> >>>>>>>> MathService> >>>>>>>> </description>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> <messageReceivers>> >>>>>>>>> >>>>>>>> <messageReceiver> >>>>>>>> mep='http://www.w3.org/2004/08/wsdl/in-out'> >>>>>>>> class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/>> >>>>>>>>> >>>>>>>> <messageReceiver> >>>>>>>> mep='http://www.w3.org/2004/08/wsdl/in-out'> >>>>>>>> class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/>> >>>>>>>>> >>>>>>>> <messageReceiver> >>>>>>>> mep='http://www.w3.org/2004/08/wsdl/in-out'> >>>>>>>> class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/>> >>>>>>>>> >>>>>>>> <messageReceiver> >>>>>>>> mep='http://www.w3.org/2004/08/wsdl/in-out'> >>>>>>>> class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/>> >>>>>>>> </messageReceivers>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> <parameter name='ServiceClass'>> >>>>>>>> math.Math> >>>>>>>> </parameter>> >>>>>>>>> >>>>>>>> <module ref='rampart' />> >>>>>>>> <module ref='addressing' />> >>>>>>>>> >>>>>>>> <wsp:Policy wsu:Id='SigEncr'> >>>>>>>> > >> xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'> >>> >> > >>>>>> xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>> >>>>>> > >>>>>>>> <wsp:ExactlyOne>> >>>>>>>> <wsp:All>> >>>>>>>> <sp:AsymmetricBinding> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:InitiatorToken>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:X509Token> >>>>>>>> > >> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>> >> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:WssX509V3Token10/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:X509Token>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:InitiatorToken>> >>>>>>>> <sp:RecipientToken>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:X509Token> >>>>>>>> > >> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never'>> >> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:WssX509V3Token10/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:X509Token>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:RecipientToken>> >>>>>>>> <sp:AlgorithmSuite>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:TripleDesRsa15/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:AlgorithmSuite>> >>>>>>>> <sp:Layout>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:Strict/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:Layout>> >>>>>>>> <sp:IncludeTimestamp/>> >>>>>>>> <sp:OnlySignEntireHeadersAndBody/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:AsymmetricBinding>> >>>>>>>> <sp:Wss10> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:MustSupportRefKeyIdentifier/>> >>>>>>>> <sp:MustSupportRefIssuerSerial/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:Wss10>> >>>>>>>> <sp:SignedParts> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <sp:Body/>> >>>>>>>> </sp:SignedParts>> >>>>>>>> <sp:EncryptedParts> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <sp:Body/>> >>>>>>>> </sp:EncryptedParts>> >>>>>>>>> >>>>>>>> <ramp:RampartConfig> >>>>>>>> > >>>> xmlns:ramp='http://ws.apache.org/rampart/policy'>> >>>> > >>>>>>>> <ramp:user>service</ramp:user>> >>>>>>>> <ramp:encryptionUser>client</ramp:encryptionUser>> >>>>>>>>> >>>>>>>> > >> <ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass>> >> > >>>>>>>> <ramp:signatureCrypto>> >>>>>>>> <ramp:crypto> >>>>>>>> > >>>>>> provider='org.apache.ws.security.components.crypto.Merlin'>> >>>>>> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.file'>service.jks</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property>> >> > >>>>>>>> </ramp:crypto>> >>>>>>>> </ramp:signatureCrypto>> >>>>>>>> <ramp:encryptionCypto>> >>>>>>>> <ramp:crypto> >>>>>>>> > >>>>>> provider='org.apache.ws.security.components.crypto.Merlin'>> >>>>>> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.file'>service.jks</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property>> >> > >>>>>>>> </ramp:crypto>> >>>>>>>> </ramp:encryptionCypto>> >>>>>>>> </ramp:RampartConfig>> >>>>>>>>> >>>>>>>> </wsp:All>> >>>>>>>> </wsp:ExactlyOne>> >>>>>>>> </wsp:Policy>> >>>>>>>>> >>>>>>>>> >>>>>>>> </service>> >>>>>>>>> >>>>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>>>> <?xml version='1.0' encoding='UTF-8'?>> >>>>>>>> <!--> >>>>>>>> !> >>>>>>>> ! Copyright 2006 The Apache Software Foundation.> >>>>>>>> !> >>>>>>>> ! Licensed under the Apache License, Version 2.0 (the> >>>>>>>> > >> 'License');> >> > >>>>>>>> ! you may not use this file except in compliance with the> >>>>>>>> > >> License.> >> > >>>>>>>> ! You may obtain a copy of the License at> >>>>>>>> !> >>>>>>>> ! http://www.apache.org/licenses/LICENSE-2.0> >>>>>>>> !> >>>>>>>> ! Unless required by applicable law or agreed to in writing,> >>>>>>>> > >>>> software> >>>> > >>>>>>>> ! distributed under the License is distributed on an 'AS IS'> >>>>>>>> > >>>> BASIS,> >>>> > >>>>>>>> ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either> >>>>>>>> > >> express or> >> > >>>>>> implied.> >>>>>> > >>>>>>>> ! See the License for the specific language governing> >>>>>>>> > >>>> permissions and> >>>> > >>>>>>>> ! limitations under the License.> >>>>>>>> !-->> >>>>>>>>> >>>>>>>> <wsp:Policy wsu:Id='SigEncr'> >>>>>>>> > >> xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'> >>> >> > >>>>>> xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>> >>>>>> > >>>>>>>> <wsp:ExactlyOne>> >>>>>>>> <wsp:All>> >>>>>>>> <sp:AsymmetricBinding> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:InitiatorToken>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:X509Token> >>>>>>>> > >> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>> >> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:WssX509V3Token10/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:X509Token>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:InitiatorToken>> >>>>>>>> <sp:RecipientToken>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:X509Token> >>>>>>>> > >> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never'>> >> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:WssX509V3Token10/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:X509Token>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:RecipientToken>> >>>>>>>> <sp:AlgorithmSuite>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:TripleDesRsa15/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:AlgorithmSuite>> >>>>>>>> <sp:Layout>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:Strict/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:Layout>> >>>>>>>> <sp:IncludeTimestamp/>> >>>>>>>> <sp:OnlySignEntireHeadersAndBody/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:AsymmetricBinding>> >>>>>>>> <sp:Wss10> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:MustSupportRefKeyIdentifier/>> >>>>>>>> <sp:MustSupportRefIssuerSerial/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:Wss10>> >>>>>>>> <sp:SignedParts> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <sp:Body/>> >>>>>>>> </sp:SignedParts>> >>>>>>>> <sp:EncryptedParts> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <sp:Body/>> >>>>>>>> </sp:EncryptedParts>> >>>>>>>>> >>>>>>>> <ramp:RampartConfig> >>>>>>>> > >>>> xmlns:ramp='http://ws.apache.org/rampart/policy'>> >>>> > >>>>>>>> <ramp:user>client</ramp:user>> >>>>>>>> <ramp:encryptionUser>service</ramp:encryptionUser>> >>>>>>>>> >>>>>>>> > >> <ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass>> >> > >>>>>>>> <ramp:signatureCrypto>> >>>>>>>> <ramp:crypto> >>>>>>>> > >>>>>> provider='org.apache.ws.security.components.crypto.Merlin'>> >>>>>> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.file'>client.jks</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property>> >> > >>>>>>>> </ramp:crypto>> >>>>>>>> </ramp:signatureCrypto>> >>>>>>>> <ramp:encryptionCypto>> >>>>>>>> <ramp:crypto> >>>>>>>> > >>>>>> provider='org.apache.ws.security.components.crypto.Merlin'>> >>>>>> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.file'>client.jks</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property>> >> > >>>>>>>> </ramp:crypto>> >>>>>>>> </ramp:encryptionCypto>> >>>>>>>> </ramp:RampartConfig>> >>>>>>>>> >>>>>>>> </wsp:All>> >>>>>>>> </wsp:ExactlyOne>> >>>>>>>> </wsp:Policy>> >>>>>>>>> >>>>>>>>> >>>>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>>>> _______________________________________________> >>>>>>>> Wsf-php-user mailing list> >>>>>>>> Wsf-php-user@wso2.org> >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user> >>>>>>>>> >>>>>>>> > >>>>>>> --> >>>>>>> http://kaushalye.blogspot.com/> >>>>>>> http://wso2.org/> >>>>>>>> >>>>>>> > >>>>>>> >>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>> Get free emoticon packs and customisation from Windows Live. Pimp My> >>>>>> Live! <http://www.pimpmylive.co.uk>> >>>>>>> >>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>> _______________________________________________> >>>>>> Wsf-php-user mailing list> >>>>>> Wsf-php-user@wso2.org> >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user> >>>>>>> >>>>>> > >>>>> --> >>>>> http://kaushalye.blogspot.com/> >>>>> http://wso2.org/> >>>>>> >>>>>> >>>>> _______________________________________________> >>>>> Wsf-php-user mailing list> >>>>> Wsf-php-user@wso2.org> >>>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user> >>>>> > >>>> ------------------------------------------------------------------------> >>>> Are you the Quizmaster? Play BrainBattle with a friend now!> >>>> <http://specials.uk.msn.com/brainbattle>> >>>> ------------------------------------------------------------------------> >>>>> >>>> _______________________________________________> >>>> Wsf-php-user mailing list> >>>> Wsf-php-user@wso2.org> >>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user> >>>>> >>>> > >>> --> >>> http://kaushalye.blogspot.com/> >>> http://wso2.org/> >>>> >>> > >> ------------------------------------------------------------------------> >> Play Movie Mash-up and win BIG prizes! <https://www.moviemashup.co.uk>> >>> >> > >> >> > > > > -- > http://kaushalye.blogspot.com/> http://wso2.org/> 

Play Movie Mash-up and win BIG prizes! 

Do you know a place like the back of your hand? Share local knowledge with BackOfMyHand.com 
_________________________________________________________________
100’s of Music vouchers to be won with MSN Music
https://www.musicmashup.co.uk

RE: [wsf-php-user ] signature and encryption [Service Side Keystore]

[shams jawaid <sh...@hotmail.com>]

Hi kaushale and ruchith, 
 
i was reading the book Pro OpenSSH - CHAPTER 6 - page 121 
 
Quote:
 
"The public key file looks very similar to the private file. Please note the main string of the
public key file is all one line inside of a UNIX editor such as vi or emacs. If you try to copy and
paste a key file from an editor that inserts return carriages, such as notepad.exe, the key will
not be valid. Listing 6-6 shows a public key file."
 
i just thought id add that i have been using notepad to copy and paste private keys/certificates! i think this might be the cause of the error im getting ( details of the error was in the last email i sent which included 'server side keystore' in the subject). Have you got any ideas as to why i got that error : 
 
General security error (Unexpected number of X509Data: for decryption (KeyId))
 
error? anyways, if i could use your sample keystore file used in the service side for rampart in the interoperability example, that would be great.
 
thanks again!
 
 


From: shams4d@hotmail.comTo: wsf-php-user@wso2.org; rampart-dev@ws.apache.org; kaushalye@wso2.comSubject: RE: [wsf-php-user ] signature and encryption [Service Side Keystore]Date: Mon, 24 Sep 2007 17:39:32 +0000


Hi kaushale and ruchith,  i have corrected my services.xml file, to this: <service name='Math' scope='application'><description>MathService</description> <messageReceivers><messageReceivermep='http://www.w3.org/2004/08/wsdl/in-out'class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/><messageReceivermep='http://www.w3.org/2004/08/wsdl/in-out'class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/><messageReceivermep='http://www.w3.org/2004/08/wsdl/in-out'class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/><messageReceivermep='http://www.w3.org/2004/08/wsdl/in-out'class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/></messageReceivers> <parameter name='ServiceClass'>math.Math</parameter><module ref='rampart' /> <module ref='addressing' /> <wsp:Policy wsu:Id='SigEncr'xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Tokensp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'><wsp:Policy><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Tokensp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never'><wsp:Policy><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout><sp:IncludeTimestamp/><sp:EncryptSignature/><sp:OnlySignEntireHeadersAndBody/></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><wsp:Policy><sp:MustSupportRefKeyIdentifier/><sp:MustSupportRefIssuerSerial/></wsp:Policy></sp:Wss10><sp:SignedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><sp:Body/></sp:SignedParts><sp:EncryptedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><sp:Body/></sp:EncryptedParts><ramp:RampartConfig xmlns:ramp='http://ws.apache.org/rampart/policy'> <ramp:user>service</ramp:user><ramp:encryptionUser>client</ramp:encryptionUser><ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass><ramp:signatureCrypto><ramp:crypto provider='org.apache.ws.security.components.crypto.Merlin'><ramp:property name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property><ramp:property name='org.apache.ws.security.crypto.merlin.file'>service.jks</ramp:property><ramp:property name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property></ramp:crypto></ramp:signatureCrypto><ramp:encryptionCypto><ramp:crypto provider='org.apache.ws.security.components.crypto.Merlin'><ramp:property name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property><ramp:property name='org.apache.ws.security.crypto.merlin.file'>service.jks</ramp:property><ramp:property name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property></ramp:crypto></ramp:encryptionCypto></ramp:RampartConfig></wsp:All></wsp:ExactlyOne></wsp:Policy></service> and i am ALREADY using the wsf keys provided by the wsf php extension for the client side like this in my client like this: <?php$reqPayloadString = <<<XML<ns1:add xmlns:ns1='http://math'><ns1:Param0>1</ns1:Param0><ns1:Param1>1</ns1:Param1></ns1:add>XML;try {$my_cert = ws_get_cert_from_file('alice_cert.cert'); // client side certificate( public key) $my_key = ws_get_key_from_file('alice_key.pem'); // client side key $rec_cert = ws_get_cert_from_file('bob_cert.cert'); // server side certificate (public key ) $reqMessage = new WSMessage($reqPayloadString,array('to'=>'http://localhost:8181/axis2/services/Math','action' => 'urn:add'));$sec_token = new WSSecurityToken(array('privateKey' => $my_key,                                               'certificate' => $my_cert,                                               'receiverCertificate' => $rec_cert,                                              'ttl'=> 60));$policy_xml = file_get_contents('policy.xml');$policy = new WSPolicy($policy_xml); $client = new WSClient(array('useWSA' => TRUE,'useSOAP' =>'1.1','policy' => $policy,'securityToken' => $sec_token));$resMessage = $client->request($reqMessage);printf('Response = %s \n', $resMessage->str);} catch (Exception $e) {if ($e instanceof WSFault) {printf('Soap Fault: %s\n', $e->Reason);} else {printf('Message = %s\n',$e->getMessage());}}?> and i am using this policy.xml file, which you have given: <wsp:Policy wsu:Id='SigEncr'xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Tokensp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'><wsp:Policy><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Tokensp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never'><wsp:Policy><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout><sp:IncludeTimestamp/><sp:EncryptSignature/><sp:OnlySignEntireHeadersAndBody/></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><wsp:Policy><sp:MustSupportRefKeyIdentifier/><sp:MustSupportRefIssuerSerial/></wsp:Policy></sp:Wss10><sp:SignedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><sp:Body/></sp:SignedParts><sp:EncryptedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'><sp:Body/></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy> but i get this output in tcpmon: HTTP/1.1 500 Internal Server ErrorServer: Apache-Coyote/1.1Content-Type: text/xml;charset=UTF-8Transfer-Encoding: chunkedDate: Mon, 24 Sep 2007 18:20:09 GMTConnection: close236<?xml version='1.0' encoding='UTF-8'?>   <soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsa='http://www.w3.org/2005/08/addressing'>      <soapenv:Header>         <wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action>         <wsa:RelatesTo>331a4ded-927c-45b2-925f-1bb214263066</wsa:RelatesTo>      </soapenv:Header>      <soapenv:Body>         <soapenv:Fault>            <faultcode>soapenv:Server</faultcode>            <faultstring>General security error (Unexpected number of X509Data: for decryption (KeyId))</faultstring>            <detail />         </soapenv:Fault>      </soapenv:Body>   </soapenv:Envelope>0i have attached the full request and response messages, that i got in tcpmon and i got no output in the tomcat window.what i think i need is the keystore files, used at the SERVICE side please, that you have used with your interoperability example(the keystores that include the alice/bob certificates + keys), because in the rampart configuration in my services.xml file, it uses the .jks keystores, and i am not 100% sure that the .jks i made myslef are correct. i tried to put the alice_cert + alice_key and bob_cert + bob_key into a .jks file, so that rampart can use them. i think that can be the only error left. i have attached my client.jks and service.jks that i made, if you can have a look at them that would be great, but could you please also send me the .jks files you have used in your internoperability example at the service side for rampart. i think i am nearly there, please help :) thanks alot!> Date: Mon, 24 Sep 2007 14:04:54 +0530> From: kaushalye@wso2.com> To: rampart-dev@ws.apache.org; wsf-php-user@wso2.org> Subject: Re: RE: [wsf-php-user] signature and encryption> > Hi,> Please use the attached PHP client and keys.> -Kaushalye> PS: CCing to wsf-php list as well> > Ruchith Fernando wrote:> > Hi,> >> > You are getting this NPE because you have not added the RampartConfig> > assertion in the policy of services.xml> >> > Please see here for a sample :> > https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample03/services.xml> >> > Please add the configured 'RampartConfig' assertion and then try again.> >> > We rested php-java interop with a WSO2 WSAS instance (which uses Axis2> > and Rampart), if you are interested I can host that WSAS instance for> > you to download.> >> > Thanks,> > Ruchith> >> > shams jawaid wrote:> > > >> Hi kaushalye,> >> > >> sorry about that!! ill stick to this wsf/rampart/java service problem> >> first and provide details :). its good to hear the interoperablity> >> worked fine with a php client and java web service! is it possible that> >> i can see your interop example including the java service, and the> >> service configuration you used? because i checked my client against> >> yours and used your policy.xml file, but i got a :> >> nullpointer error in tcp mon and something about x509 in the tomcat> >> output, i attached those errors(tcpmon output, and a tomcat window> >> output - ) and my services.xml file. Can you see any differences..> >>> >>> >> > >>> Date: Fri, 21 Sep 2007 11:40:15 +0530> >>> From: kaushalye@wso2.com> >>> To: wsf-php-user@wso2.org; rampart-dev@ws.apache.org> >>> Subject: Re:RE: [wsf-php-user] signature and encryption> >>>> >>> Hi Shams,> >>> We did an interop between a PHP client and a Java service. It all worked> >>> fine.:)> >>> And we used the certificate/key pairs available in the PHP. Herewith> >>> I'll attach my sample code and the policy.> >>> So again that Exception can be caused by a misconfiguration in the Java> >>> service. You may try the latest version available here[1] as nightly> >>> builds.> >>> Also I'd like to pay your attention on this. When you troubleshoot,> >>> please try to use the elimination criteria, where you identify possible> >>> reasons for the problem and eliminate one by one. If you try to jump to> >>> another case in the middle of the process you will probably miss the> >>> chance of isolating the exact reason. Since there are many people> >>> willing to help you. It's much easier for us if you can stick to a> >>> certain problem and resolve it first. As in Manjula's reply you might> >>> get a correct answer but for another issue, which makes it's invalid and> >>> probably misguide you wasting your time. :)> >>> You are most welcome to post your problems and we are happy to help you> >>> to overcome those. But you have to include information. For example> >>> logs, client code, policy files and message traces. Just saying that I> >>> get more errors doesn't make any sense.> >>> Cheers,> >>> Kaushalye> >>> [1] http://dist.wso2.org/products/wsf/php/nightly-build/> >>>> >>>> >>> shams jawaid wrote:> >>> > >>>> Hi kaushalye,> >>>> thats cool! i am doing my final year project with him at city> >>>> university! :D i havent tried it with a php service, but when i try to> >>>> use differnt services.xml files or policy.xml files, the badencoding> >>>> error goes away, but i get more errors..i keep thinking i have an> >>>> error there, did my java keystore verify this time :S i havent tried> >>>> using a php service yet..> >>>> > >>>>> Date: Thu, 20 Sep 2007 22:24:02 +0530> >>>>> From: kaushalye@wso2.com> >>>>> To: wsf-php-user@wso2.org> >>>>> Subject: Re: [wsf-php-user] signature and encryption> >>>>> CC: rampart-dev@ws.apache.org> >>>>>> >>>>> Hi,> >>>>> Your client seems perfect to me. So as the generated message. Though> >>>>> I'm not an expert understanding the Java exception, I feel like> >>>>> > >>>> there is> >>>> > >>>>> a configuration error in the service end. It says badEncoding resource> >>>>> property. May be java guys have a better answer(this will be posted in> >>>>> rampart-dev as well). I need sometime to look into this issue.> >>>>> > >> Have you> >> > >>>>> tried PHP client with a PHP service? You may use the sample code I've> >>>>> sent in my previous reply.> >>>>> Cheers,> >>>>> Kaushalye> >>>>> PS: Indeed I know Dasun. He is a good friend of mine. :)> >>>>>> >>>>> shams jawaid wrote:> >>>>> > >>>>>> Hi kaushalye,> >>>>>>> >>>>>> my java web service works alright and it shows up on axis2, and> >>>>>> > >> i can> >> > >>>>>> see the wsse security headers as well. i also converted the sample> >>>>>> keys you get with the wsf samples into a keystore so that they> >>>>>> > >> can be> >> > >>>>>> used in rampart. i only get the message signed and encrypted, but at> >>>>>> the recieving end i get :> >>>>>>> >>>>>> HTTP/1.1 500 Internal Server Error> >>>>>> Server: Apache-Coyote/1.1> >>>>>> Content-Type: application/soap+xml;> >>>>>>> >>>>>> > >>>> action='http://www.w3.org/2005/08/addressing/soap/fault';charset=UTF-8> >>>> > >>>>>> <http://www.w3.org/2005/08/addressing/soap/fault>> >>>>>> Transfer-Encoding: chunked> >>>>>> Date: Thu, 20 Sep 2007 17:01:36 GMT> >>>>>> Connection: close> >>>>>> 28E> >>>>>> <?xml version='1.0' encoding='UTF-8'?>> >>>>>> <soapenv:Envelope> >>>>>> xmlns:soapenv='http://www.w3.org/2003/05/soap-envelope'> >>>>>> xmlns:wsa='http://www.w3.org/2005/08/addressing'>> >>>>>> <soapenv:Header>> >>>>>>> >>>>>>> >>>>>> > >>>> <wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action>> >>>> > >>>>>> <wsa:RelatesTo>9a11d849-d295-42c1-ae0b-0697b8280fc8</wsa:RelatesTo>> >>>>>> </soapenv:Header>> >>>>>> <soapenv:Body>> >>>>>> <soapenv:Fault>> >>>>>> <soapenv:Code>> >>>>>> <soapenv:Value>soapenv:Receiver</soapenv:Value>> >>>>>> </soapenv:Code>> >>>>>> <soapenv:Reason>> >>>>>> <soapenv:Text> >>>>>> xml:lang='en-US'>java.lang.RuntimeException: Undefined 'badEncoding'> >>>>>> resource property</soapenv:Text>> >>>>>> </soapenv:Reason>> >>>>>> <soapenv:Detail />> >>>>>> </soapenv:Fault>> >>>>>> </soapenv:Body>> >>>>>> </soapenv:Envelope>> >>>>>> 0> >>>>>>> >>>>>> ill attach the files here, and if you can, please have a look, i> >>>>>> > >> dont> >> > >>>>>> know what else to do really :S> >>>>>> thanks for your help! and by the way, do you know dasun weerasinghe?> >>>>>> my project supervisor says he knows you!> >>>>>>> >>>>>>> >>>>>> > >>>>>>> Date: Thu, 20 Sep 2007 20:50:40 +0530> >>>>>>> From: kaushalye@wso2.com> >>>>>>> To: wsf-php-user@wso2.org> >>>>>>> CC: rampart-dev@ws.apache.org> >>>>>>> Subject: Re: [wsf-php-user] signature and encryption> >>>>>>>> >>>>>>> Hi Shams,> >>>>>>> Have you resolved the issue setting up your Java service?> >>>>>>> > >> Otherwise> >> > >>>>>>> there is no point of trying sending client requests.> >>>>>>> Can you see the <wsse:Security> header is in the request? Please> >>>>>>> > >>>> attach> >>>> > >>>>>>> log and trace of SOAP messages when you post a problem (as there> >>>>>>> > >>>> is no> >>>> > >>>>>>> other way we can find the reason). :)> >>>>>>> Please find a complete PHP sample here[1].> >>>>>>> Cheers,> >>>>>>> Kaushalye> >>>>>>>> >>>>>>> > >>>> [1]http://wso2.org/repos/wso2/trunk/wsf/php/samples/security/complete/> >>>> > >>>>>>> shams jawaid wrote:> >>>>>>> > >>>>>>>> Hi, i am trying to implement sample 03 of rampart 1.3 policy> >>>>>>>> > >>>> samples> >>>> > >>>>>>>> using wsf php extension and axis2/java 1.3 + rampart 1.3,> >>>>>>>> > >>>> however i> >>>> > >>>>>>>> get the error:> >>>>>>>>> >>>>>>>> policy creation failedSoap Fault: Missing wsse:Security> >>>>>>>> > >> header in> >> > >>>>>> request> >>>>>> > >>>>>>>> i have just referenced the sample policy file from my php> >>>>>>>> > >>>> client, and> >>>> > >>>>>>>> used the sample services.xml file as well, and i havent changed> >>>>>>>> anything apart from the reference to the PWCBHanlder class.> >>>>>>>>> >>>>>>>> here is my php client :> >>>>>>>>> >>>>>>>> <?php> >>>>>>>> $reqPayloadString = <<<XML> >>>>>>>> <ns1:add> >>>>>>>>> >>>>>>>> > >> xmlns:ns1='http://math'><ns1:Param0>1</ns1:Param0><ns1:Param1>1</ns1:Param1>> >> > >>>>>>>> </ns1:add>> >>>>>>>> XML;> >>>>>>>> try {> >>>>>>>> $my_cert = ws_get_cert_from_file('alice_cert.cert'); // client> >>>>>>>> > >>>> side> >>>> > >>>>>>>> certificate( public key)> >>>>>>>> $my_key = ws_get_key_from_file('alice_key.pem'); // client> >>>>>>>> > >>>> side key> >>>> > >>>>>>>> $rec_cert = ws_get_cert_from_file('bob_cert.cert'); //> >>>>>>>> > >> server side> >> > >>>>>>>> certificate (public key )> >>>>>>>>> >>>>>>>> $reqMessage = new WSMessage($reqPayloadString,> >>>>>>>>> >>>>>>>> > >>>> array('to'=>'http://localhost:8181/axis2/services/Math','action' =>> >>>> > >>>>>>>> 'urn:add'));> >>>>>>>>> >>>>>>>>> >>>>>>>> $sec_token = new WSSecurityToken(array('privateKey' => $my_key,> >>>>>>>> 'certificate' => $my_cert,> >>>>>>>> 'receiverCertificate' => $rec_cert,> >>>>>>>> 'ttl'=> 60));> >>>>>>>> $policy_xml = file_get_contents('policy.xml');> >>>>>>>> $policy = new WSPolicy($policy_xml);> >>>>>>>>> >>>>>>>>> >>>>>>>> $client = new WSClient(array('useWSA' => TRUE,> >>>>>>>> 'policy' => $policy,> >>>>>>>> 'securityToken' => $sec_token));> >>>>>>>>> >>>>>>>> $resMessage = $client->request($reqMessage);> >>>>>>>>> >>>>>>>> printf('Response = %s \n', $resMessage->str);> >>>>>>>> } catch (Exception $e) {> >>>>>>>> if ($e instanceof WSFault) {> >>>>>>>> printf('Soap Fault: %s\n', $e->Reason);> >>>>>>>> } else {> >>>>>>>> printf('Message = %s\n',$e->getMessage());> >>>>>>>> }> >>>>>>>> }> >>>>>>>> ?>> >>>>>>>>> >>>>>>>> i have been trying non-stop just to get encryption and signature> >>>>>>>> working :(, but i keep getting errors, if anyone has a working> >>>>>>>> > >>>> sample> >>>> > >>>>>>>> please can i see it? or if anyone knows the reason for this> >>>>>>>> > >> error> >> > >>>>>>>> please let me know. thanks> >>>>>>>>> >>>>>>>>> >>>>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>>>> Do you know a place like the back of your hand? Share local> >>>>>>>> > >>>> knowledge> >>>> > >>>>>>>> with BackOfMyHand.com <http://www.backofmyhand.com>> >>>>>>>>> >>>>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>>>> <service name='Math' scope='application'>> >>>>>>>> <description>> >>>>>>>> MathService> >>>>>>>> </description>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> <messageReceivers>> >>>>>>>>> >>>>>>>> <messageReceiver> >>>>>>>> mep='http://www.w3.org/2004/08/wsdl/in-out'> >>>>>>>> class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/>> >>>>>>>>> >>>>>>>> <messageReceiver> >>>>>>>> mep='http://www.w3.org/2004/08/wsdl/in-out'> >>>>>>>> class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/>> >>>>>>>>> >>>>>>>> <messageReceiver> >>>>>>>> mep='http://www.w3.org/2004/08/wsdl/in-out'> >>>>>>>> class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/>> >>>>>>>>> >>>>>>>> <messageReceiver> >>>>>>>> mep='http://www.w3.org/2004/08/wsdl/in-out'> >>>>>>>> class='org.apache.axis2.rpc.receivers.RPCMessageReceiver'/>> >>>>>>>> </messageReceivers>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> <parameter name='ServiceClass'>> >>>>>>>> math.Math> >>>>>>>> </parameter>> >>>>>>>>> >>>>>>>> <module ref='rampart' />> >>>>>>>> <module ref='addressing' />> >>>>>>>>> >>>>>>>> <wsp:Policy wsu:Id='SigEncr'> >>>>>>>> > >> xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'> >>> >> > >>>>>> xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>> >>>>>> > >>>>>>>> <wsp:ExactlyOne>> >>>>>>>> <wsp:All>> >>>>>>>> <sp:AsymmetricBinding> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:InitiatorToken>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:X509Token> >>>>>>>> > >> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>> >> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:WssX509V3Token10/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:X509Token>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:InitiatorToken>> >>>>>>>> <sp:RecipientToken>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:X509Token> >>>>>>>> > >> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never'>> >> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:WssX509V3Token10/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:X509Token>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:RecipientToken>> >>>>>>>> <sp:AlgorithmSuite>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:TripleDesRsa15/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:AlgorithmSuite>> >>>>>>>> <sp:Layout>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:Strict/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:Layout>> >>>>>>>> <sp:IncludeTimestamp/>> >>>>>>>> <sp:OnlySignEntireHeadersAndBody/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:AsymmetricBinding>> >>>>>>>> <sp:Wss10> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:MustSupportRefKeyIdentifier/>> >>>>>>>> <sp:MustSupportRefIssuerSerial/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:Wss10>> >>>>>>>> <sp:SignedParts> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <sp:Body/>> >>>>>>>> </sp:SignedParts>> >>>>>>>> <sp:EncryptedParts> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <sp:Body/>> >>>>>>>> </sp:EncryptedParts>> >>>>>>>>> >>>>>>>> <ramp:RampartConfig> >>>>>>>> > >>>> xmlns:ramp='http://ws.apache.org/rampart/policy'>> >>>> > >>>>>>>> <ramp:user>service</ramp:user>> >>>>>>>> <ramp:encryptionUser>client</ramp:encryptionUser>> >>>>>>>>> >>>>>>>> > >> <ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass>> >> > >>>>>>>> <ramp:signatureCrypto>> >>>>>>>> <ramp:crypto> >>>>>>>> > >>>>>> provider='org.apache.ws.security.components.crypto.Merlin'>> >>>>>> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.file'>service.jks</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property>> >> > >>>>>>>> </ramp:crypto>> >>>>>>>> </ramp:signatureCrypto>> >>>>>>>> <ramp:encryptionCypto>> >>>>>>>> <ramp:crypto> >>>>>>>> > >>>>>> provider='org.apache.ws.security.components.crypto.Merlin'>> >>>>>> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.file'>service.jks</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property>> >> > >>>>>>>> </ramp:crypto>> >>>>>>>> </ramp:encryptionCypto>> >>>>>>>> </ramp:RampartConfig>> >>>>>>>>> >>>>>>>> </wsp:All>> >>>>>>>> </wsp:ExactlyOne>> >>>>>>>> </wsp:Policy>> >>>>>>>>> >>>>>>>>> >>>>>>>> </service>> >>>>>>>>> >>>>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>>>> <?xml version='1.0' encoding='UTF-8'?>> >>>>>>>> <!--> >>>>>>>> !> >>>>>>>> ! Copyright 2006 The Apache Software Foundation.> >>>>>>>> !> >>>>>>>> ! Licensed under the Apache License, Version 2.0 (the> >>>>>>>> > >> 'License');> >> > >>>>>>>> ! you may not use this file except in compliance with the> >>>>>>>> > >> License.> >> > >>>>>>>> ! You may obtain a copy of the License at> >>>>>>>> !> >>>>>>>> ! http://www.apache.org/licenses/LICENSE-2.0> >>>>>>>> !> >>>>>>>> ! Unless required by applicable law or agreed to in writing,> >>>>>>>> > >>>> software> >>>> > >>>>>>>> ! distributed under the License is distributed on an 'AS IS'> >>>>>>>> > >>>> BASIS,> >>>> > >>>>>>>> ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either> >>>>>>>> > >> express or> >> > >>>>>> implied.> >>>>>> > >>>>>>>> ! See the License for the specific language governing> >>>>>>>> > >>>> permissions and> >>>> > >>>>>>>> ! limitations under the License.> >>>>>>>> !-->> >>>>>>>>> >>>>>>>> <wsp:Policy wsu:Id='SigEncr'> >>>>>>>> > >> xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'> >>> >> > >>>>>> xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>> >>>>>> > >>>>>>>> <wsp:ExactlyOne>> >>>>>>>> <wsp:All>> >>>>>>>> <sp:AsymmetricBinding> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:InitiatorToken>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:X509Token> >>>>>>>> > >> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>> >> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:WssX509V3Token10/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:X509Token>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:InitiatorToken>> >>>>>>>> <sp:RecipientToken>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:X509Token> >>>>>>>> > >> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never'>> >> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:WssX509V3Token10/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:X509Token>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:RecipientToken>> >>>>>>>> <sp:AlgorithmSuite>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:TripleDesRsa15/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:AlgorithmSuite>> >>>>>>>> <sp:Layout>> >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:Strict/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:Layout>> >>>>>>>> <sp:IncludeTimestamp/>> >>>>>>>> <sp:OnlySignEntireHeadersAndBody/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:AsymmetricBinding>> >>>>>>>> <sp:Wss10> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <wsp:Policy>> >>>>>>>> <sp:MustSupportRefKeyIdentifier/>> >>>>>>>> <sp:MustSupportRefIssuerSerial/>> >>>>>>>> </wsp:Policy>> >>>>>>>> </sp:Wss10>> >>>>>>>> <sp:SignedParts> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <sp:Body/>> >>>>>>>> </sp:SignedParts>> >>>>>>>> <sp:EncryptedParts> >>>>>>>> > >>>>>> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>> >>>>>> > >>>>>>>> <sp:Body/>> >>>>>>>> </sp:EncryptedParts>> >>>>>>>>> >>>>>>>> <ramp:RampartConfig> >>>>>>>> > >>>> xmlns:ramp='http://ws.apache.org/rampart/policy'>> >>>> > >>>>>>>> <ramp:user>client</ramp:user>> >>>>>>>> <ramp:encryptionUser>service</ramp:encryptionUser>> >>>>>>>>> >>>>>>>> > >> <ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass>> >> > >>>>>>>> <ramp:signatureCrypto>> >>>>>>>> <ramp:crypto> >>>>>>>> > >>>>>> provider='org.apache.ws.security.components.crypto.Merlin'>> >>>>>> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.file'>client.jks</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property>> >> > >>>>>>>> </ramp:crypto>> >>>>>>>> </ramp:signatureCrypto>> >>>>>>>> <ramp:encryptionCypto>> >>>>>>>> <ramp:crypto> >>>>>>>> > >>>>>> provider='org.apache.ws.security.components.crypto.Merlin'>> >>>>>> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.type'>JKS</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.file'>client.jks</ramp:property>> >> > >>>>>>>> <ramp:property> >>>>>>>> > >> name='org.apache.ws.security.crypto.merlin.keystore.password'>apache</ramp:property>> >> > >>>>>>>> </ramp:crypto>> >>>>>>>> </ramp:encryptionCypto>> >>>>>>>> </ramp:RampartConfig>> >>>>>>>>> >>>>>>>> </wsp:All>> >>>>>>>> </wsp:ExactlyOne>> >>>>>>>> </wsp:Policy>> >>>>>>>>> >>>>>>>>> >>>>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>>>> _______________________________________________> >>>>>>>> Wsf-php-user mailing list> >>>>>>>> Wsf-php-user@wso2.org> >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user> >>>>>>>>> >>>>>>>> > >>>>>>> --> >>>>>>> http://kaushalye.blogspot.com/> >>>>>>> http://wso2.org/> >>>>>>>> >>>>>>> > >>>>>>> >>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>> Get free emoticon packs and customisation from Windows Live. Pimp My> >>>>>> Live! <http://www.pimpmylive.co.uk>> >>>>>>> >>>>>> > >>>> ------------------------------------------------------------------------> >>>> > >>>>>> _______________________________________________> >>>>>> Wsf-php-user mailing list> >>>>>> Wsf-php-user@wso2.org> >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user> >>>>>>> >>>>>> > >>>>> --> >>>>> http://kaushalye.blogspot.com/> >>>>> http://wso2.org/> >>>>>> >>>>>> >>>>> _______________________________________________> >>>>> Wsf-php-user mailing list> >>>>> Wsf-php-user@wso2.org> >>>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user> >>>>> > >>>> ------------------------------------------------------------------------> >>>> Are you the Quizmaster? Play BrainBattle with a friend now!> >>>> <http://specials.uk.msn.com/brainbattle>> >>>> ------------------------------------------------------------------------> >>>>> >>>> _______________________________________________> >>>> Wsf-php-user mailing list> >>>> Wsf-php-user@wso2.org> >>>> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user> >>>>> >>>> > >>> --> >>> http://kaushalye.blogspot.com/> >>> http://wso2.org/> >>>> >>> > >> ------------------------------------------------------------------------> >> Play Movie Mash-up and win BIG prizes! <https://www.moviemashup.co.uk>> >>> >> > >> >> > > > > -- > http://kaushalye.blogspot.com/> http://wso2.org/> 

Play Movie Mash-up and win BIG prizes! 
_________________________________________________________________
Feel like a local wherever you go.
http://www.backofmyhand.com