You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by shams jawaid <sh...@hotmail.com> on 2007/09/20 14:22:04 UTC
signature and encryption
Hi, i am trying to implement sample 03 of rampart 1.3 policy samples using wsf php extension and axis2/java 1.3 + rampart 1.3, however i get the error: policy creation failedSoap Fault: Missing wsse:Security header in request i have just referenced the sample policy file from my php client, and used the sample services.xml file as well, and i havent changed anything apart from the reference to the PWCBHanlder class. here is my php client : <?php$reqPayloadString = <<<XML<ns1:add xmlns:ns1='http://math'><ns1:Param0>1</ns1:Param0><ns1:Param1>1</ns1:Param1></ns1:add>XML;try {$my_cert = ws_get_cert_from_file('alice_cert.cert'); // client side certificate( public key) $my_key = ws_get_key_from_file('alice_key.pem'); // client side key $rec_cert = ws_get_cert_from_file('bob_cert.cert'); // server side certificate (public key ) $reqMessage = new WSMessage($reqPayloadString,array('to'=>'http://localhost:8181/axis2/services/Math','action' => 'urn:add'));$sec_token = new WSSecurityToken(array('privateKey' => $my_key, 'certificate' => $my_cert, 'receiverCertificate' => $rec_cert,'ttl'=> 60));$policy_xml = file_get_contents('policy.xml');$policy = new WSPolicy($policy_xml); $client = new WSClient(array('useWSA' => TRUE,'policy' => $policy,'securityToken' => $sec_token));$resMessage = $client->request($reqMessage);printf('Response = %s \n', $resMessage->str);} catch (Exception $e) {if ($e instanceof WSFault) {printf('Soap Fault: %s\n', $e->Reason);} else {printf('Message = %s\n',$e->getMessage());}}?> i have been trying non-stop just to get encryption and signature working :(, but i keep getting errors, if anyone has a working sample please can i see it? or if anyone knows the reason for this error please let me know. thanks
_________________________________________________________________
Feel like a local wherever you go.
http://www.backofmyhand.com
Re: [wsf-php-user] signature and encryption
Posted by Manjula Peiris <ma...@wso2.com>.
BTW, This is reguarding your try to WSF/PHP and sample 03 in Rampart.
Not reguarding the discussion on connecting to Axis2 Math service.
-Manjula.
On Fri, 2007-09-21 at 09:36 +0530, Manjula Peiris wrote:
> Hi Shams,
>
> The policy file you are using at the client side with WSF/PHP is wrong.
> This is the reason for getting policy creation failed error. Because the
> <ramp:RampartConfig> part is a Rampart/Java based configuration, Please
> remove <ramp:RampartConfig> element and its children elements from the
> policy file. Since you are giving these options through WSSecurityToken
> you don't need to specify them in the policy file.
>
> I think you can get an idea about this from the policy files and scripts
> we send you before.
>
> Thanks,
> -Manjula.
>
>
> On Thu, 2007-09-20 at 12:22 +0000, shams jawaid wrote:
> > Hi, i am trying to implement sample 03 of rampart 1.3 policy samples
> > using wsf php extension and axis2/java 1.3 + rampart 1.3, however i
> > get the error:
> >
> > policy creation failedSoap Fault: Missing wsse:Security header in
> > request
> >
> > i have just referenced the sample policy file from my php client, and
> > used the sample services.xml file as well, and i havent changed
> > anything apart from the reference to the PWCBHanlder class.
> >
> > here is my php client :
> >
> > <?php
> > $reqPayloadString = <<<XML
> > <ns1:add
> > xmlns:ns1='http://math'><ns1:Param0>1</ns1:Param0><ns1:Param1>1</ns1:Param1>
> > </ns1:add>
> > XML;
> > try {
> > $my_cert = ws_get_cert_from_file('alice_cert.cert'); // client side
> > certificate( public key)
> > $my_key = ws_get_key_from_file('alice_key.pem'); // client side key
> > $rec_cert = ws_get_cert_from_file('bob_cert.cert'); // server side
> > certificate (public key )
> >
> > $reqMessage = new WSMessage($reqPayloadString,
> > array('to'=>'http://localhost:8181/axis2/services/Math','action' =>
> > 'urn:add'));
> >
> >
> > $sec_token = new WSSecurityToken(array('privateKey' => $my_key,
> > 'certificate' => $my_cert,
> > 'receiverCertificate' => $rec_cert,
> > 'ttl'=> 60));
> > $policy_xml = file_get_contents('policy.xml');
> > $policy = new WSPolicy($policy_xml);
> >
> >
> > $client = new WSClient(array('useWSA' => TRUE,
> > 'policy' => $policy,
> > 'securityToken' => $sec_token));
> >
> > $resMessage = $client->request($reqMessage);
> >
> > printf('Response = %s \n', $resMessage->str);
> > } catch (Exception $e) {
> > if ($e instanceof WSFault) {
> > printf('Soap Fault: %s\n', $e->Reason);
> > } else {
> > printf('Message = %s\n',$e->getMessage());
> > }
> > }
> > ?>
> >
> > i have been trying non-stop just to get encryption and signature
> > working :(, but i keep getting errors, if anyone has a working sample
> > please can i see it? or if anyone knows the reason for this error
> > please let me know. thanks
> >
> >
> > ______________________________________________________________________
> > Do you know a place like the back of your hand? Share local knowledge
> > with BackOfMyHand.com
> > _______________________________________________
> > Wsf-php-user mailing list
> > Wsf-php-user@wso2.org
> > http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
>
>
> _______________________________________________
> Wsf-php-user mailing list
> Wsf-php-user@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
Re: [wsf-php-user] signature and encryption
Posted by Manjula Peiris <ma...@wso2.com>.
Hi Shams,
The policy file you are using at the client side with WSF/PHP is wrong.
This is the reason for getting policy creation failed error. Because the
<ramp:RampartConfig> part is a Rampart/Java based configuration, Please
remove <ramp:RampartConfig> element and its children elements from the
policy file. Since you are giving these options through WSSecurityToken
you don't need to specify them in the policy file.
I think you can get an idea about this from the policy files and scripts
we send you before.
Thanks,
-Manjula.
On Thu, 2007-09-20 at 12:22 +0000, shams jawaid wrote:
> Hi, i am trying to implement sample 03 of rampart 1.3 policy samples
> using wsf php extension and axis2/java 1.3 + rampart 1.3, however i
> get the error:
>
> policy creation failedSoap Fault: Missing wsse:Security header in
> request
>
> i have just referenced the sample policy file from my php client, and
> used the sample services.xml file as well, and i havent changed
> anything apart from the reference to the PWCBHanlder class.
>
> here is my php client :
>
> <?php
> $reqPayloadString = <<<XML
> <ns1:add
> xmlns:ns1='http://math'><ns1:Param0>1</ns1:Param0><ns1:Param1>1</ns1:Param1>
> </ns1:add>
> XML;
> try {
> $my_cert = ws_get_cert_from_file('alice_cert.cert'); // client side
> certificate( public key)
> $my_key = ws_get_key_from_file('alice_key.pem'); // client side key
> $rec_cert = ws_get_cert_from_file('bob_cert.cert'); // server side
> certificate (public key )
>
> $reqMessage = new WSMessage($reqPayloadString,
> array('to'=>'http://localhost:8181/axis2/services/Math','action' =>
> 'urn:add'));
>
>
> $sec_token = new WSSecurityToken(array('privateKey' => $my_key,
> 'certificate' => $my_cert,
> 'receiverCertificate' => $rec_cert,
> 'ttl'=> 60));
> $policy_xml = file_get_contents('policy.xml');
> $policy = new WSPolicy($policy_xml);
>
>
> $client = new WSClient(array('useWSA' => TRUE,
> 'policy' => $policy,
> 'securityToken' => $sec_token));
>
> $resMessage = $client->request($reqMessage);
>
> printf('Response = %s \n', $resMessage->str);
> } catch (Exception $e) {
> if ($e instanceof WSFault) {
> printf('Soap Fault: %s\n', $e->Reason);
> } else {
> printf('Message = %s\n',$e->getMessage());
> }
> }
> ?>
>
> i have been trying non-stop just to get encryption and signature
> working :(, but i keep getting errors, if anyone has a working sample
> please can i see it? or if anyone knows the reason for this error
> please let me know. thanks
>
>
> ______________________________________________________________________
> Do you know a place like the back of your hand? Share local knowledge
> with BackOfMyHand.com
> _______________________________________________
> Wsf-php-user mailing list
> Wsf-php-user@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
Re: [wsf-php-user] signature and encryption
Posted by Kaushalye Kapuruge <ka...@wso2.com>.
Hi Shams,
Have you resolved the issue setting up your Java service? Otherwise
there is no point of trying sending client requests.
Can you see the <wsse:Security> header is in the request? Please attach
log and trace of SOAP messages when you post a problem (as there is no
other way we can find the reason). :)
Please find a complete PHP sample here[1].
Cheers,
Kaushalye
[1]http://wso2.org/repos/wso2/trunk/wsf/php/samples/security/complete/
shams jawaid wrote:
> Hi, i am trying to implement sample 03 of rampart 1.3 policy samples
> using wsf php extension and axis2/java 1.3 + rampart 1.3, however i
> get the error:
>
> policy creation failedSoap Fault: Missing wsse:Security header in request
>
> i have just referenced the sample policy file from my php client, and
> used the sample services.xml file as well, and i havent changed
> anything apart from the reference to the PWCBHanlder class.
>
> here is my php client :
>
> <?php
> $reqPayloadString = <<<XML
> <ns1:add
> xmlns:ns1='http://math'><ns1:Param0>1</ns1:Param0><ns1:Param1>1</ns1:Param1>
> </ns1:add>
> XML;
> try {
> $my_cert = ws_get_cert_from_file('alice_cert.cert'); // client side
> certificate( public key)
> $my_key = ws_get_key_from_file('alice_key.pem'); // client side key
> $rec_cert = ws_get_cert_from_file('bob_cert.cert'); // server side
> certificate (public key )
>
> $reqMessage = new WSMessage($reqPayloadString,
> array('to'=>'http://localhost:8181/axis2/services/Math','action' =>
> 'urn:add'));
>
>
> $sec_token = new WSSecurityToken(array('privateKey' => $my_key,
> 'certificate' => $my_cert,
> 'receiverCertificate' => $rec_cert,
> 'ttl'=> 60));
> $policy_xml = file_get_contents('policy.xml');
> $policy = new WSPolicy($policy_xml);
>
>
> $client = new WSClient(array('useWSA' => TRUE,
> 'policy' => $policy,
> 'securityToken' => $sec_token));
>
> $resMessage = $client->request($reqMessage);
>
> printf('Response = %s \n', $resMessage->str);
> } catch (Exception $e) {
> if ($e instanceof WSFault) {
> printf('Soap Fault: %s\n', $e->Reason);
> } else {
> printf('Message = %s\n',$e->getMessage());
> }
> }
> ?>
>
> i have been trying non-stop just to get encryption and signature
> working :(, but i keep getting errors, if anyone has a working sample
> please can i see it? or if anyone knows the reason for this error
> please let me know. thanks
>
> ------------------------------------------------------------------------
> Do you know a place like the back of your hand? Share local knowledge
> with BackOfMyHand.com <http://www.backofmyhand.com>
> ------------------------------------------------------------------------
>
> <service name="Math" scope="application">
> <description>
> MathService
> </description>
>
>
>
> <messageReceivers>
>
> <messageReceiver
> mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>
> <messageReceiver
> mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>
> <messageReceiver
> mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>
> <messageReceiver
> mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
> </messageReceivers>
>
>
>
> <parameter name="ServiceClass">
> math.Math
> </parameter>
>
> <module ref="rampart" />
> <module ref="addressing" />
>
> <wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefIssuerSerial/>
> </wsp:Policy>
> </sp:Wss10>
> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:SignedParts>
> <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:EncryptedParts>
>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>service</ramp:user>
> <ramp:encryptionUser>client</ramp:encryptionUser>
> <ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass>
>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
>
> </service>
> ------------------------------------------------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> !
> ! Copyright 2006 The Apache Software Foundation.
> !
> ! Licensed under the Apache License, Version 2.0 (the "License");
> ! you may not use this file except in compliance with the License.
> ! You may obtain a copy of the License at
> !
> ! http://www.apache.org/licenses/LICENSE-2.0
> !
> ! Unless required by applicable law or agreed to in writing, software
> ! distributed under the License is distributed on an "AS IS" BASIS,
> ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> ! See the License for the specific language governing permissions and
> ! limitations under the License.
> !-->
>
> <wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefIssuerSerial/>
> </wsp:Policy>
> </sp:Wss10>
> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:SignedParts>
> <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:EncryptedParts>
>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>client</ramp:user>
> <ramp:encryptionUser>service</ramp:encryptionUser>
> <ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass>
>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Wsf-php-user mailing list
> Wsf-php-user@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
>
--
http://kaushalye.blogspot.com/
http://wso2.org/