You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Quiroz, Daniel (Mission Systems)" <Da...@ngc.com> on 2009/01/11 01:08:29 UTC
Hard to track down error Implementing message-level protection on messages coming in from WCF
Has anyone got any ideas on this? I've googled it and cannot find any
answers on why this would be failing.
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
REQUEST
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur
ity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur
ity-secext-1.0.xsd">
<o:BinarySecurityToken u:Id="<!--Snip! -->"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-
token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-so
ap-message-security-1.0#Base64Binary"><!--Snip!
--></o:BinarySecurityToken>
<e:EncryptedKey Id="_0"
xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName><!--Snip! --></X509IssuerName>
<X509SerialNumber><!--Snip! --></X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue><!--Snip! --></e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"/>
</e:ReferenceList>
</e:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_1">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue><!--Snip! --></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue><!--Snip! --></SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-
token-profile-1.0#X509v3" URI="#<!--Snip! -->"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_1">
<e:EncryptedData Id="_2"
Type="http://www.w3.org/2001/04/xmlenc#Content"
xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<e:CipherData>
<e:CipherValue><!-- Snip! --></e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
ERROR
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
HTTP/1.1 100 Continue
HTTP/1.1 500 Internal Server Error
X-Powered-By: Servlet/2.5
Content-Type: text/xml;charset=utf-8
Transfer-Encoding: chunked
Date: Sat, 10 Jan 2009 03:09:51 GMT
Server: Sun Java System Application Server Platform Edition 9.0_01
Connection: close
27f
<?xml version="1.0" encoding="utf-8"?><soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><soa
penv:Fault><faultcode>soapenv:Server.generalException</faultcode><faults
tring>WSDoAllReceiver: security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: General security error
(Unsupported key identification)</faultstring><detail><ns1:hostname
xmlns:ns1="http://xml.apache.org/axis/">dmaz178056818</ns1:hostname></de
tail></soapenv:Fault></soapenv:Body></soapenv:Envelope>
0
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
WSDD
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
<deployment
xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<handler name="Receiver"
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="action" value="Signature Encrypt"/>
<parameter name="signaturePropFile"
value="service-provider.properties"/>
<parameter name="decryptionPropFile"
value="service-provider.properties"/>
<parameter name="passwordCallbackClass"
value="test.ws.PasswordProvider"/>
<parameter name="signatureKeyIdentifier"
value="X509KeyIdentifier"/>
<parameter name="encryptionKeyIdentifier"
value="X509KeyIdentifier"/>
<parameter name="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<!--<parameter name="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<parameter name="encryptionKeyIdentifier"
value="X509KeyIdentifier"/>
<parameter name="encryptionUser" value="myUser"/>-->
</handler>
<!-- Services from TestService WSDL service -->
<service name="TestService" provider="java:RPC" style="wrapped"
use="literal">
<parameter name="wsdlTargetNamespace"
value="http://my.webservice.com"/>
<parameter name="wsdlServiceElement" value="MyService"/>
<parameter name="schemaQualified"
value="http://my.webservice.com/>
<parameter name="wsdlServicePort" value="MyServiceSoap"/>
<parameter name="className" value="test.ws.MyServiceImpl"/>
<parameter name="wsdlPortType" value="MyServiceSoap"/>
<parameter name="typeMappingVersion" value="1.2"/>
<operation name="submitData" qname="operNS:SubmitData"
xmlns:operNS="http://my.webservice.com" returnQName="retNS:SubmitResult"
xmlns:retNS="http://my.webservice.com" returnType="rtns:string"
xmlns:rtns="http://www.w3.org/2001/XMLSchema"
soapAction="http://my.webservice.com/Submit" >
<parameter qname="pns:SystemType"
xmlns:pns="http://my.webservice.com" type="tns:string"
xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
<parameter qname="pns:Metadata"
xmlns:pns="http://my.webservice.com" type="tns:string"
xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
<parameter qname="pns:Data" xmlns:pns="http://my.webservice.com"
type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
</operation>
<operation name="retrieveData" qname="operNS:RetrieveData"
xmlns:operNS="http://my.webservice.com"
returnQName="retNS:retrieveResponse"
xmlns:retNS="http://my.webservice.com" returnType="rtns:string"
xmlns:rtns="http://www.w3.org/2001/XMLSchema"
soapAction="http://my.webservice.com/RetrieveData" >
<parameter qname="pns:systemType"
xmlns:pns="http://my.webservice.com" type="tns:string"
xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
<parameter qname="pns:requestXml"
xmlns:pns="http://my.webservice.com" type="tns:string"
xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
</operation>
<operation name="queryData" qname="operNS:QueryData"
xmlns:operNS="http://my.webservice.com"
returnQName="retNS:queryResponse" xmlns:retNS="http://my.webservice.com"
returnType="rtns:string" xmlns:rtns="http://www.w3.org/2001/XMLSchema"
soapAction="http://my.webservice.com/QueryData" >
<parameter qname="pns:systemType"
xmlns:pns="http://my.webservice.com" type="tns:string"
xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
<parameter qname="pns:queryXml"
xmlns:pns="http://my.webservice.com" type="tns:string"
xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
</operation>
<parameter name="allowedMethods" value="queryData submitData
retrievedata"/>
<requestFlow>
<handler type="Receiver"/>
</requestFlow>
</service>
</deployment>
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
service-provider.properties
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
org.apache.ws.security.crypto.provider=org.apache.ws.security.components
.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.file=C:/TestService.ks
org.apache.ws.security.crypto.merlin.keystore.password=[password-deleted
]
RE: Hard to track down error Implementing message-level protection on messages coming in from WCF
Posted by Colm O hEigeartaigh <co...@progress.com>.
You don't need any of these in your inbound config:
<parameter name="signatureKeyIdentifier"
value="X509KeyIdentifier"/>
<parameter name="encryptionKeyIdentifier"
value="X509KeyIdentifier"/>
<parameter name="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<!--<parameter name="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<parameter name="encryptionKeyIdentifier"
value="X509KeyIdentifier"/>
Remove these and try again?
Colm.
________________________________
From: Quiroz, Daniel (Mission Systems) [mailto:Daniel.Quiroz@ngc.com]
Sent: 11 January 2009 00:08
To: wss4j-dev@ws.apache.org
Subject: Hard to track down error Implementing message-level protection
on messages coming in from WCF
Has anyone got any ideas on this? I've googled it and cannot find any
answers on why this would be failing.
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
REQUEST
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur
ity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur
ity-secext-1.0.xsd">
<o:BinarySecurityToken u:Id="<!--Snip! -->"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-
token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-so
ap-message-security-1.0#Base64Binary"><!--Snip!
--></o:BinarySecurityToken>
<e:EncryptedKey Id="_0"
xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName><!--Snip! --></X509IssuerName>
<X509SerialNumber><!--Snip! --></X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue><!--Snip! --></e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"/>
</e:ReferenceList>
</e:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_1">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue><!--Snip! --></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue><!--Snip! --></SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-
token-profile-1.0#X509v3" URI="#<!--Snip! -->"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_1">
<e:EncryptedData Id="_2"
Type="http://www.w3.org/2001/04/xmlenc#Content"
xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<e:CipherData>
<e:CipherValue><!-- Snip! --></e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
ERROR
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
HTTP/1.1 100 Continue
HTTP/1.1 500 Internal Server Error
X-Powered-By: Servlet/2.5
Content-Type: text/xml;charset=utf-8
Transfer-Encoding: chunked
Date: Sat, 10 Jan 2009 03:09:51 GMT
Server: Sun Java System Application Server Platform Edition 9.0_01
Connection: close
27f
<?xml version="1.0" encoding="utf-8"?><soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><soa
penv:Fault><faultcode>soapenv:Server.generalException</faultcode><faults
tring>WSDoAllReceiver: security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: General security error
(Unsupported key identification)</faultstring><detail><ns1:hostname
xmlns:ns1="http://xml.apache.org/axis/">dmaz178056818</ns1:hostname></de
tail></soapenv:Fault></soapenv:Body></soapenv:Envelope>
0
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
WSDD
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
<deployment
xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<handler name="Receiver"
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="action" value="Signature Encrypt"/>
<parameter name="signaturePropFile"
value="service-provider.properties"/>
<parameter name="decryptionPropFile"
value="service-provider.properties"/>
<parameter name="passwordCallbackClass"
value="test.ws.PasswordProvider"/>
<parameter name="signatureKeyIdentifier"
value="X509KeyIdentifier"/>
<parameter name="encryptionKeyIdentifier"
value="X509KeyIdentifier"/>
<parameter name="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<!--<parameter name="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<parameter name="encryptionKeyIdentifier"
value="X509KeyIdentifier"/>
<parameter name="encryptionUser" value="myUser"/>-->
</handler>
<!-- Services from TestService WSDL service -->
<service name="TestService" provider="java:RPC" style="wrapped"
use="literal">
<parameter name="wsdlTargetNamespace"
value="http://my.webservice.com"/>
<parameter name="wsdlServiceElement" value="MyService"/>
<parameter name="schemaQualified"
value="http://my.webservice.com/>
<parameter name="wsdlServicePort" value="MyServiceSoap"/>
<parameter name="className" value="test.ws.MyServiceImpl"/>
<parameter name="wsdlPortType" value="MyServiceSoap"/>
<parameter name="typeMappingVersion" value="1.2"/>
<operation name="submitData" qname="operNS:SubmitData"
xmlns:operNS="http://my.webservice.com" returnQName="retNS:SubmitResult"
xmlns:retNS="http://my.webservice.com" returnType="rtns:string"
xmlns:rtns="http://www.w3.org/2001/XMLSchema"
soapAction="http://my.webservice.com/Submit" >
<parameter qname="pns:SystemType"
xmlns:pns="http://my.webservice.com" type="tns:string"
xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
<parameter qname="pns:Metadata"
xmlns:pns="http://my.webservice.com" type="tns:string"
xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
<parameter qname="pns:Data" xmlns:pns="http://my.webservice.com"
type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
</operation>
<operation name="retrieveData" qname="operNS:RetrieveData"
xmlns:operNS="http://my.webservice.com"
returnQName="retNS:retrieveResponse"
xmlns:retNS="http://my.webservice.com" returnType="rtns:string"
xmlns:rtns="http://www.w3.org/2001/XMLSchema"
soapAction="http://my.webservice.com/RetrieveData" >
<parameter qname="pns:systemType"
xmlns:pns="http://my.webservice.com" type="tns:string"
xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
<parameter qname="pns:requestXml"
xmlns:pns="http://my.webservice.com" type="tns:string"
xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
</operation>
<operation name="queryData" qname="operNS:QueryData"
xmlns:operNS="http://my.webservice.com"
returnQName="retNS:queryResponse" xmlns:retNS="http://my.webservice.com"
returnType="rtns:string" xmlns:rtns="http://www.w3.org/2001/XMLSchema"
soapAction="http://my.webservice.com/QueryData" >
<parameter qname="pns:systemType"
xmlns:pns="http://my.webservice.com" type="tns:string"
xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
<parameter qname="pns:queryXml"
xmlns:pns="http://my.webservice.com" type="tns:string"
xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
</operation>
<parameter name="allowedMethods" value="queryData submitData
retrievedata"/>
<requestFlow>
<handler type="Receiver"/>
</requestFlow>
</service>
</deployment>
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
service-provider.properties
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------
org.apache.ws.security.crypto.provider=org.apache.ws.security.components
.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.file=C:/TestService.ks
org.apache.ws.security.crypto.merlin.keystore.password=[password-deleted
]