You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Dittmann Werner <we...@siemens.com> on 2004/09/24 16:23:11 UTC
AW: RE: Problem with Signatures: Unexpected number of X509Data: f
or Signature
Jake,
to get the functionality and interoperability you shall
make sure that the server knows your certifictae that you
use to sign the messages.
your assumptions are rigth: the user parameters are used to
get the certificate from the keystore (the alias). The
WSDoAllSender uses the password callback class functions to
get the password to extract the private key to sign the message.
BTW, WSS4J should be able to work with .Net, we did some interop
tests some time ago also with .Net implementations (I do not
know which version of .Net).
Regards,
Werner
> -----Ursprüngliche Nachricht-----
> Von: Jake Wu [mailto:Jake.Wu@newcastle.ac.uk]
> Gesendet: Freitag, 24. September 2004 01:32
> An: Giuseppe Milicia; werner.dittmann@siemens.com
> Cc: fx-dev@ws.apache.org
> Betreff: RE: RE: Problem with Signatures: Unexpected number
> of X509Data: for Signature
>
>
> Thanks Giuseppe and Werner for the help and advices. I tried something
> today, but I got some similar problems. Please see inline for my
> configurations and problems..
>
>
> >What I'm trying to do is to secure down a web service
> >interaction from the point of view of the application
> >deployer. Using WSS4J I should be able to sign/encrypt the
> >communication from/to an endpoint without writing a since
> line of code.
>
> Agree with this, no single line of code should be needed.
>
>
>
> >As a test I'm using the Stock web service which comes in the
> >sample directory of Axis.
> >
> >I then modified the deploy.wsdd file to include the
> >appropriate WSS4J handler in the request flow, as I outlined
> >in my previous post:
> >
> > [snip]
> >
> >The I use the Axis admin to deploy the web service:
> >
> >java org.apache.axis.client.AdminClient deploy.wsdd
>
> As I explained before, all I was given is a WSDL file of an
> existing Web
> service(written in .NET), and I am writing a Java client
> application to
> interact with the service. So I have no control on server side stuff,
> and I am not adding anything for server side configurations. But the
> server is supposed to be able to verify my signature.
>
>
> >In my case I have the client sign the request, and so I have
> >the following deployclient.wsdd
> >
> > [snip]
> >
> ></deployment>
> >From which Axis generates a client-config.wsdd using the command:
> >
> >java org.apache.axis.utils.Admin client
> >deployclient.wsdd
>
>
> I didn't write a deployclient.wsdd and use Axis tool Admin to generate
> client-config.wsdd. Instead, I modified the
> client-config.wsdd file in
> the axis.jar. (I opened the axis.jar at
> \wsfxSept20\ws-fx\wss4j\lib, and
> modified the file at
> org.apache.axis.client.client-config.wsdd) I am not
> sure if I am allowed to modify in this way(??) Now I modified the file
> as follows,
>
> <?xml version="1.0" encoding="UTF-8"?>
> <deployment name="defaultClientConfig"
> xmlns="http://xml.apache.org/axis/wsdd/"
>
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <globalConfiguration>
> <parameter name="disablePrettyXML" value="true"/>
> </globalConfiguration>
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <transport name="local"
> pivot="java:org.apache.axis.transport.local.LocalSender"/>
> <transport name="java"
> pivot="java:org.apache.axis.transport.java.JavaSender"/>
>
> <!--use the WSDoAllSender security handler in request flow -->
>
> <service name="ResourceRegistryServiceSoap">
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="user"
> value="1ca35e4d11ccbf197e04f066003f5d83_ab8d3b33-9291-43a4-ac9
> b-45cb9d6c
> fd10"/>
> <parameter name="passwordCallbackClass"
> value="org.apache.ws.axis.oasis.PWCallback" />
>
> <parameter name="action" value="Signature"/>
> <parameter name="signaturePropFile" value="crypto.properties"/>
>
> </handler>
> </requestFlow>
> </service>
>
> </deployment>
>
>
> The extra lines more than Giuseppe's file, are the "user"
> parameter and
> "passwordCallbackClass" parameter. I don't know what to put for the
> value for "user", but I assume it is the so-called alias for the
> keystore after reading in the
> org\apache\ws\axis\security\package.html.
> So I used a test program given by Ruchith Fernando on Aug 29 in this
> mailing list, and got the alias, which I put as the value as shown
> above.
>
>
> Then for the crypto.properties file, I modified as this,
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.
> components
> .crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> org.apache.ws.security.crypto.merlin.keystore.password=mypw
> org.apache.ws.security.crypto.merlin.keystore.alias=
> org.apache.ws.security.crypto.merlin.alias.password=
> org.apache.ws.security.crypto.merlin.file=C:/wsfxSept20/ws-fx/
> wss4j/keys
> /jakenew.p12
>
>
> My keystore type is pkcs12 (for p12 format), and "mypw" is
> the password
> of the keystore I had. I left the alias and its password in blank, as
> suggested by Werner that they are not used anymore because of security
> reasons. Location of the keystore is specified.
>
> Just to make clear, my client configuration is Axis 1.2 (as
> in the wss4j
> library), WSS4J from snapshot site on Sept 20th, java 1.4.2_05, on
> Windows XP.
>
> Then, after all I ran my client programme, I am getting the following,
> the later part is almost the same as Giuseppe got.. (See Below). I am
> still working on this to see what I could fix. (too late
> today, carry on
> tomorrow :-) Please let me know if you guys have any further advices,
> and if there is anything I did wrong or anything I should correct in
> order to get this working... Many thanks!
>
>
>
>
> - Unable to find required classes (javax.activation.DataHandler and
> javax.mail.internet.MimeMultipart). Attachment support is disabled.
> - Unable to patch xalan function table.
> java.lang.NoSuchFieldException: m_functions
> at java.lang.Class.getField(Unknown Source)
> at org.apache.xml.security.Init.init(Init.java:149)
> at
> org.apache.ws.security.WSSecurityEngine.<clinit>(WSSecurityEng
> ine.java:1
> 33)
> at
> org.apache.ws.axis.security.WSDoAllSender.<clinit>(WSDoAllSend
> er.java:69
> )
> at java.lang.Class.forName0(Native Method)
> at java.lang.Class.forName(Unknown Source)
> at org.apache.axis.utils.ClassUtils$2.run(ClassUtils.java:176)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.axis.utils.ClassUtils.loadClass(ClassUtils.java:160)
> at org.apache.axis.utils.ClassUtils.forName(ClassUtils.java:100)
> at
> org.apache.axis.deployment.wsdd.WSDDDeployableItem.getJavaClas
> s(WSDDDepl
> oyableItem.java:349)
> at
> org.apache.axis.deployment.wsdd.WSDDDeployableItem.makeNewInst
> ance(WSDDD
> eployableItem.java:291)
> at
> org.apache.axis.deployment.wsdd.WSDDDeployableItem.getNewInsta
> nce(WSDDDe
> ployableItem.java:270)
> at
> org.apache.axis.deployment.wsdd.WSDDDeployableItem.getInstance
> (WSDDDeplo
> yableItem.java:256)
> at
> org.apache.axis.deployment.wsdd.WSDDChain.makeNewInstance(WSDD
> Chain.java
> :125)
> at
> org.apache.axis.deployment.wsdd.WSDDDeployableItem.getNewInsta
> nce(WSDDDe
> ployableItem.java:270)
> at
> org.apache.axis.deployment.wsdd.WSDDDeployableItem.getInstance
> (WSDDDeplo
> yableItem.java:256)
> at
> org.apache.axis.deployment.wsdd.WSDDService.makeNewInstance(WS
> DDService.
> java:417)
> at
> org.apache.axis.deployment.wsdd.WSDDDeployableItem.getNewInsta
> nce(WSDDDe
> ployableItem.java:270)
> at
> org.apache.axis.deployment.wsdd.WSDDDeployableItem.getInstance
> (WSDDDeplo
> yableItem.java:256)
> at
> org.apache.axis.deployment.wsdd.WSDDDeployment.getService(WSDD
> Deployment
> .java:448)
> at
> org.apache.axis.configuration.FileProvider.getService(FileProv
> ider.java:
> 226)
> at org.apache.axis.AxisEngine.getService(AxisEngine.java:290)
> at
> org.apache.axis.MessageContext.setTargetService(MessageContext
> .java:755)
> at org.apache.axis.client.Call.invoke(Call.java:2641)
> at org.apache.axis.client.Call.invoke(Call.java:2394)
> at org.apache.axis.client.Call.invoke(Call.java:2317)
> at org.apache.axis.client.Call.invoke(Call.java:1774)
> at
> uk.ac.neresc.wsgaf.registry.ResourceRegistryServiceSoapStub.ad
> dToRegistr
> y(ResourceRegistryServiceSoapStub.java:294)
> at
> uk.ac.neresc.wsgaf.registry.browser.WsgafClient.main(WsgafClie
> nt.java:80
> )
> - Using Crypto Engine
> [org.apache.ws.security.components.crypto.Merlin]
> AxisFault
> faultCode:
> {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
> faultSubcode:
> faultString: WSDoAllSender: Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException:
> Signature creation
> failed; nested exception is:
> java.security.UnrecoverableKeyException: Could not perform
> unpadding: invalid pad byte.
> faultActor:
> faultNode:
> faultDetail:
> {http://xml.apache.org/axis/}stackTrace:WSDoAllSender:
> Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException:
> Signature creation
> failed; nested exception is:
> java.security.UnrecoverableKeyException: Could not perform
> unpadding: invalid pad byte.
> at
> org.apache.ws.axis.security.WSDoAllSender.performSIGNAction(WS
> DoAllSende
> r.java:364)
> at
> org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender
> .java:281)
> at
> org.apache.axis.strategies.InvocationStrategy.visit(Invocation
> Strategy.j
> ava:32)
> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:128)
> at org.apache.axis.client.Call.invokeEngine(Call.java:2735)
> at org.apache.axis.client.Call.invoke(Call.java:2718)
> at org.apache.axis.client.Call.invoke(Call.java:2394)
> at org.apache.axis.client.Call.invoke(Call.java:2317)
> at org.apache.axis.client.Call.invoke(Call.java:1774)
> at
> uk.ac.neresc.wsgaf.registry.ResourceRegistryServiceSoapStub.ad
> dToRegistr
> y(ResourceRegistryServiceSoapStub.java:294)
> at
> uk.ac.neresc.wsgaf.registry.browser.WsgafClient.main(WsgafClie
> nt.java:80
> )
>
{http://xml.apache.org/axis/}hostname:glendue
WSDoAllSender: Signature: error during message
procesingorg.apache.ws.security.WSSecurityException: Signature creation
failed; nested exception is:
java.security.UnrecoverableKeyException: Could not perform
unpadding: invalid pad byte.
at
org.apache.ws.axis.security.WSDoAllSender.performSIGNAction(WSDoAllSende
r.java:364)
at
org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:281)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.j
ava:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:128)
at org.apache.axis.client.Call.invokeEngine(Call.java:2735)
at org.apache.axis.client.Call.invoke(Call.java:2718)
at org.apache.axis.client.Call.invoke(Call.java:2394)
at org.apache.axis.client.Call.invoke(Call.java:2317)
at org.apache.axis.client.Call.invoke(Call.java:1774)
at
uk.ac.neresc.wsgaf.registry.ResourceRegistryServiceSoapStub.addToRegistr
y(ResourceRegistryServiceSoapStub.java:294)
at
uk.ac.neresc.wsgaf.registry.browser.WsgafClient.main(WsgafClient.java:80
)
Jake