You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by Anupam Nandan <an...@gmail.com> on 2014/09/21 13:08:25 UTC
Web sphere 8.5 and WSS4J1. 6. 9 signing issue.
Hi All,
I am trying to write a java client program (servlet), which will generate
and sign the SOAP request with the keys provided by thrid party
(keystore.jks). When I deploy the Servlet on tomcat it just works fine. But
on web sphere 8.5 I am getting "*RSA signature is not verified*" . I tried
debugging the issue but not sure what is going wrong.
I tried finding answer online and added IS_BSP_COMPLIANT as false but didnt
help.
Most likely the issue is with signature. Let me know how I can trouble this
issue. Any suggestion would be very helpful.
Thank you for your time and looking forward for some guidance.
Code
--------------------------------------------------------------------------------------------------------------------------------
attstmt.getAttributes().add(attr);
assertion.getAttributeStatements().add(attstmt);
AssertionWrapper assertionWrper = new AssertionWrapper(assertion);
WSSecSAMLToken samlToken = new WSSecSAMLToken();
samlToken.build(soapDocument, assertionWrper, header);
SoapMessageWithoutHeader = nodeToString(soapDocument);
System.out.println("Anupam SOAP Message with SAML 2.0 Assertion :
"+SoapMessageWithoutHeader);
// Inserting the wsu:Timestamp
WSSecTimestamp timestamp = new WSSecTimestamp();
timestamp.setTimeToLive(TIMESTAMP_VALIDATE_PERIOD);
WSSecHeader timestampHeader = new WSSecHeader();
timestampHeader.insertSecurityHeader(soapDocument);
timestamp.build(soapDocument, timestampHeader);
SoapMessageWithoutHeader = nodeToString(soapDocument);
System.out.println("Anupam SOAP Message with time stamp :
"+SoapMessageWithoutHeader);
System.out.println("Anupam path to key store "+pathtoKeyStore);
WSSecSignature builder = new WSSecSignature();
builder.setUserInfo(keyAlias, pwdValue);
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
java.util.Properties prop = new java.util.Properties();
*prop.setProperty("org.apache.ws.security.crypto.provider",
"org.apache.ws.security.components.crypto.Merlin");*
* prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.type",
"jks");*
*
prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.base64.encoded",
"false");*
*
prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.password",
pwdValue);*
* prop.setProperty("org.apache.ws.security.crypto.merlin.file",
pathtoKeyStore);*
* prop.setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, "false");*
*
//prop.setProperty(WSHandlerConstants.ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES,
"true");*
* Crypto crypto = CryptoFactory.getInstance(prop);*
* builder.prepare(soapDocument, crypto, header);*
Vector parts = new Vector();
parts.add(new WSEncryptionPart(TIMESTAMP_LOCALNAME, TIMESTAMP_QNAME,
CONTENT));
parts.add(new WSEncryptionPart(builder.getBSTTokenId()));
parts.add(new WSEncryptionPart(ASSERTION_LOCALNAME, ASSERTION_QNAME
,ELEMENT));
parts.add(new WSEncryptionPart(SOAPBODY_LOCALNAME,SOAPBODY_QNAME,CONTENT ));
builder.setParts(parts);
builder.prependBSTElementToHeader(header);
builder.computeSignature(builder.addReferencesToSign(parts,header));
Proxy proxy = new Proxy(Proxy.Type.HTTP, new
InetSocketAddress("63.66.64.232",8080));
String jNetURL1= "https://XXX/";
URL endpoint = new URL(jNetURL1);
HttpURLConnection con = (HttpURLConnection) endpoint.openConnection(proxy);
con.setRequestMethod("POST");
con.setRequestProperty("Content-type", "text/xml; charset=utf-8");
con.setRequestProperty("SOAPAction", "http://jnet.XXX/XX");
con.setDoInput(true);
con.setDoOutput(true);
OutputStream reqStream = con.getOutputStream();
if(con ==null){
System.out.println("Connection to Jnet is null");
}
String SoapMessageWithSign = nodeToString(soapDocument);
System.out.println("Anupam SOAP Message with after signature :
"+SoapMessageWithSign);
reqStream.write(SoapMessageWithSign.getBytes());
String jNetresponse=null;
try {
BufferedReader httpReader = new BufferedReader(new InputStreamReader(
con.getInputStream()));
String inputLine = null;
StringBuffer buff = new StringBuffer();
System.out.println("value of httpreader "+httpReader.ready());
System.out.println("httpReader value "+httpReader.toString());
while ((inputLine = httpReader.readLine()) != null) {
buff.append(inputLine);
System.out.println("input line "+inputLine);
}
jNetresponse = buff.toString();
//System.out.println("Anupam Post response:"+response);
}catch(SOAPFaultException sfe){
System.out.println(sfe.getMessage());
}
Best regards,
Anupam Nandan
RE: Web sphere 8.5 and WSS4J1. 6. 9 signing issue.
Posted by Martin Gainty <mg...@hotmail.com>.
Date: Wed, 24 Sep 2014 13:08:15 -0400
Subject: Re: Web sphere 8.5 and WSS4J1. 6. 9 signing issue.
From: anupam.nandan@gmail.com
To: dev@ws.apache.org; coheigea@apache.org
Hi Colm
Thank you for your reply. I already tried with WSS4J 1.16.15 earlier. But same error. I was almost losing hope on this before your reply.
I will re try with 1.6.16 as soon as I get the setup again and let you know.
Thank you for your time .
MG>if after changing libraries you are calling no joy ..more than likely your private key is bad
MG>can we see the ASN.1 output of private key.... if for no other reason than to verify attributes are non-negative?
MG>Thanks and Regards,
On Wednesday, September 24, 2014, Colm O hEigeartaigh <co...@apache.org> wrote:
Could you try with a more recent version of WSS4J (1.6.16)?
Colm.
On Tue, Sep 23, 2014 at 6:18 PM, Anupam Nandan <an...@gmail.com> wrote:
Hello
Can some one please help me on this ?
Thank you!
On Sunday, September 21, 2014, Anupam Nandan <an...@gmail.com> wrote:
Hi All, I am trying to write a java client program (servlet), which will generate and sign the SOAP request with the keys provided by thrid party (keystore.jks). When I deploy the Servlet on tomcat it just works fine. But on web sphere 8.5 I am getting "RSA signature is not verified" . I tried debugging the issue but not sure what is going wrong.I tried finding answer online and added IS_BSP_COMPLIANT as false but didnt help.Most likely the issue is with signature. Let me know how I can trouble this issue. Any suggestion would be very helpful.
Thank you for your time and looking forward for some guidance. Code -------------------------------------------------------------------------------------------------------------------------------- attstmt.getAttributes().add(attr); assertion.getAttributeStatements().add(attstmt); AssertionWrapper assertionWrper = new AssertionWrapper(assertion); WSSecSAMLToken samlToken = new WSSecSAMLToken(); samlToken.build(soapDocument, assertionWrper, header); SoapMessageWithoutHeader = nodeToString(soapDocument); System.out.println("Anupam SOAP Message with SAML 2.0 Assertion : "+SoapMessageWithoutHeader); // Inserting the wsu:Timestamp
WSSecTimestamp timestamp = new WSSecTimestamp(); timestamp.setTimeToLive(TIMESTAMP_VALIDATE_PERIOD);
WSSecHeader timestampHeader = new WSSecHeader(); timestampHeader.insertSecurityHeader(soapDocument); timestamp.build(soapDocument, timestampHeader); SoapMessageWithoutHeader = nodeToString(soapDocument); System.out.println("Anupam SOAP Message with time stamp : "+SoapMessageWithoutHeader); System.out.println("Anupam path to key store "+pathtoKeyStore); WSSecSignature builder = new WSSecSignature(); builder.setUserInfo(keyAlias, pwdValue); builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); java.util.Properties prop = new java.util.Properties();
prop.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"); prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks"); prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.base64.encoded", "false"); prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", pwdValue); prop.setProperty("org.apache.ws.security.crypto.merlin.file", pathtoKeyStore); prop.setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, "false"); //prop.setProperty(WSHandlerConstants.ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES, "true"); Crypto crypto = CryptoFactory.getInstance(prop); builder.prepare(soapDocument, crypto, header);
Vector parts = new Vector();
parts.add(new WSEncryptionPart(TIMESTAMP_LOCALNAME, TIMESTAMP_QNAME, CONTENT)); parts.add(new WSEncryptionPart(builder.getBSTTokenId())); parts.add(new WSEncryptionPart(ASSERTION_LOCALNAME, ASSERTION_QNAME ,ELEMENT)); parts.add(new WSEncryptionPart(SOAPBODY_LOCALNAME,SOAPBODY_QNAME,CONTENT )); builder.setParts(parts); builder.prependBSTElementToHeader(header); builder.computeSignature(builder.addReferencesToSign(parts,header)); Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("63.66.64.232",8080)); String jNetURL1= "https://XXX/"; URL endpoint = new URL(jNetURL1); HttpURLConnection con = (HttpURLConnection) endpoint.openConnection(proxy); con.setRequestMethod("POST"); con.setRequestProperty("Content-type", "text/xml; charset=utf-8"); con.setRequestProperty("SOAPAction", "http://jnet.XXX/XX");
con.setDoInput(true); con.setDoOutput(true); OutputStream reqStream = con.getOutputStream(); if(con ==null){ System.out.println("Connection to Jnet is null"); } String SoapMessageWithSign = nodeToString(soapDocument); System.out.println("Anupam SOAP Message with after signature : "+SoapMessageWithSign); reqStream.write(SoapMessageWithSign.getBytes());
String jNetresponse=null; try { BufferedReader httpReader = new BufferedReader(new InputStreamReader( con.getInputStream())); String inputLine = null; StringBuffer buff = new StringBuffer(); System.out.println("value of httpreader "+httpReader.ready()); System.out.println("httpReader value "+httpReader.toString()); while ((inputLine = httpReader.readLine()) != null) { buff.append(inputLine); System.out.println("input line "+inputLine); }
jNetresponse = buff.toString();
//System.out.println("Anupam Post response:"+response);
}catch(SOAPFaultException sfe){ System.out.println(sfe.getMessage()); }
Best regards,
Anupam Nandan
--
Best regards,
Anupam Nandan201.920.0722
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
--
Best regards,
Anupam Nandan201.920.0722
Re: Web sphere 8.5 and WSS4J1. 6. 9 signing issue.
Posted by Anupam Nandan <an...@gmail.com>.
Hi Colm
Thank you for your reply. I already tried with WSS4J 1.16.15 earlier. But
same error. I was almost losing hope on this before your reply.
I will re try with 1.6.16 as soon as I get the setup again and let you
know.
Thank you for your time .
On Wednesday, September 24, 2014, Colm O hEigeartaigh <co...@apache.org>
wrote:
>
> Could you try with a more recent version of WSS4J (1.6.16)?
>
> Colm.
>
> On Tue, Sep 23, 2014 at 6:18 PM, Anupam Nandan <anupam.nandan@gmail.com
> <javascript:_e(%7B%7D,'cvml','anupam.nandan@gmail.com');>> wrote:
>
>> Hello
>>
>> Can some one please help me on this ?
>>
>> Thank you!
>>
>> On Sunday, September 21, 2014, Anupam Nandan <anupam.nandan@gmail.com
>> <javascript:_e(%7B%7D,'cvml','anupam.nandan@gmail.com');>> wrote:
>>
>>> Hi All,
>>>
>>> I am trying to write a java client program (servlet), which will
>>> generate and sign the SOAP request with the keys provided by thrid party
>>> (keystore.jks). When I deploy the Servlet on tomcat it just works fine. But
>>> on web sphere 8.5 I am getting "*RSA signature is not verified*" . I
>>> tried debugging the issue but not sure what is going wrong.
>>>
>>> I tried finding answer online and added IS_BSP_COMPLIANT as false but
>>> didnt help.
>>>
>>> Most likely the issue is with signature. Let me know how I can trouble
>>> this issue. Any suggestion would be very helpful.
>>>
>>>
>>> Thank you for your time and looking forward for some guidance.
>>>
>>> Code
>>>
>>>
>>> --------------------------------------------------------------------------------------------------------------------------------
>>>
>>> attstmt.getAttributes().add(attr);
>>>
>>> assertion.getAttributeStatements().add(attstmt);
>>>
>>> AssertionWrapper assertionWrper = new AssertionWrapper(assertion);
>>>
>>> WSSecSAMLToken samlToken = new WSSecSAMLToken();
>>>
>>> samlToken.build(soapDocument, assertionWrper, header);
>>>
>>> SoapMessageWithoutHeader = nodeToString(soapDocument);
>>>
>>> System.out.println("Anupam SOAP Message with SAML 2.0 Assertion :
>>> "+SoapMessageWithoutHeader);
>>>
>>> // Inserting the wsu:Timestamp
>>>
>>>
>>> WSSecTimestamp timestamp = new WSSecTimestamp();
>>>
>>> timestamp.setTimeToLive(TIMESTAMP_VALIDATE_PERIOD);
>>>
>>>
>>> WSSecHeader timestampHeader = new WSSecHeader();
>>>
>>> timestampHeader.insertSecurityHeader(soapDocument);
>>>
>>> timestamp.build(soapDocument, timestampHeader);
>>>
>>> SoapMessageWithoutHeader = nodeToString(soapDocument);
>>>
>>> System.out.println("Anupam SOAP Message with time stamp :
>>> "+SoapMessageWithoutHeader);
>>>
>>> System.out.println("Anupam path to key store "+pathtoKeyStore);
>>>
>>> WSSecSignature builder = new WSSecSignature();
>>>
>>> builder.setUserInfo(keyAlias, pwdValue);
>>>
>>> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
>>>
>>> java.util.Properties prop = new java.util.Properties();
>>>
>>>
>>> *prop.setProperty("org.apache.ws.security.crypto.provider",
>>> "org.apache.ws.security.components.crypto.Merlin");*
>>>
>>> * prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.type",
>>> "jks");*
>>>
>>> *
>>> prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.base64.encoded",
>>> "false");*
>>>
>>> *
>>> prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.password",
>>> pwdValue);*
>>>
>>> * prop.setProperty("org.apache.ws.security.crypto.merlin.file",
>>> pathtoKeyStore);*
>>>
>>> * prop.setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, "false");*
>>>
>>> *
>>> //prop.setProperty(WSHandlerConstants.ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES,
>>> "true");*
>>>
>>> * Crypto crypto = CryptoFactory.getInstance(prop);*
>>>
>>> * builder.prepare(soapDocument, crypto, header);*
>>>
>>>
>>> Vector parts = new Vector();
>>>
>>>
>>>
>>>
>>> parts.add(new WSEncryptionPart(TIMESTAMP_LOCALNAME, TIMESTAMP_QNAME,
>>> CONTENT));
>>>
>>> parts.add(new WSEncryptionPart(builder.getBSTTokenId()));
>>>
>>> parts.add(new WSEncryptionPart(ASSERTION_LOCALNAME, ASSERTION_QNAME
>>> ,ELEMENT));
>>>
>>> parts.add(new WSEncryptionPart(SOAPBODY_LOCALNAME,SOAPBODY_QNAME,CONTENT
>>> ));
>>>
>>> builder.setParts(parts);
>>>
>>> builder.prependBSTElementToHeader(header);
>>>
>>> builder.computeSignature(builder.addReferencesToSign(parts,header));
>>>
>>> Proxy proxy = new Proxy(Proxy.Type.HTTP, new
>>> InetSocketAddress("63.66.64.232",8080));
>>>
>>> String jNetURL1= "https://XXX/";
>>>
>>> URL endpoint = new URL(jNetURL1);
>>>
>>> HttpURLConnection con = (HttpURLConnection)
>>> endpoint.openConnection(proxy);
>>>
>>> con.setRequestMethod("POST");
>>>
>>> con.setRequestProperty("Content-type", "text/xml; charset=utf-8");
>>>
>>> con.setRequestProperty("SOAPAction", "http://jnet.XXX/XX");
>>>
>>>
>>> con.setDoInput(true);
>>>
>>> con.setDoOutput(true);
>>>
>>> OutputStream reqStream = con.getOutputStream();
>>>
>>> if(con ==null){
>>>
>>> System.out.println("Connection to Jnet is null");
>>>
>>> }
>>>
>>> String SoapMessageWithSign = nodeToString(soapDocument);
>>>
>>> System.out.println("Anupam SOAP Message with after signature :
>>> "+SoapMessageWithSign);
>>>
>>> reqStream.write(SoapMessageWithSign.getBytes());
>>>
>>>
>>> String jNetresponse=null;
>>>
>>> try {
>>>
>>> BufferedReader httpReader = new BufferedReader(new InputStreamReader(
>>>
>>> con.getInputStream()));
>>>
>>> String inputLine = null;
>>>
>>> StringBuffer buff = new StringBuffer();
>>>
>>> System.out.println("value of httpreader "+httpReader.ready());
>>>
>>> System.out.println("httpReader value "+httpReader.toString());
>>>
>>> while ((inputLine = httpReader.readLine()) != null) {
>>>
>>> buff.append(inputLine);
>>>
>>> System.out.println("input line "+inputLine);
>>>
>>> }
>>>
>>>
>>> jNetresponse = buff.toString();
>>>
>>>
>>> //System.out.println("Anupam Post response:"+response);
>>>
>>>
>>> }catch(SOAPFaultException sfe){
>>>
>>> System.out.println(sfe.getMessage());
>>>
>>> }
>>>
>>>
>>> Best regards,
>>> Anupam Nandan
>>>
>>
>>
>> --
>> Best regards,
>> Anupam Nandan
>> 201.920.0722
>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
--
Best regards,
Anupam Nandan
201.920.0722
Re: Web sphere 8.5 and WSS4J1. 6. 9 signing issue.
Posted by Colm O hEigeartaigh <co...@apache.org>.
Could you try with a more recent version of WSS4J (1.6.16)?
Colm.
On Tue, Sep 23, 2014 at 6:18 PM, Anupam Nandan <an...@gmail.com>
wrote:
> Hello
>
> Can some one please help me on this ?
>
> Thank you!
>
> On Sunday, September 21, 2014, Anupam Nandan <an...@gmail.com>
> wrote:
>
>> Hi All,
>>
>> I am trying to write a java client program (servlet), which will generate
>> and sign the SOAP request with the keys provided by thrid party
>> (keystore.jks). When I deploy the Servlet on tomcat it just works fine. But
>> on web sphere 8.5 I am getting "*RSA signature is not verified*" . I
>> tried debugging the issue but not sure what is going wrong.
>>
>> I tried finding answer online and added IS_BSP_COMPLIANT as false but
>> didnt help.
>>
>> Most likely the issue is with signature. Let me know how I can trouble
>> this issue. Any suggestion would be very helpful.
>>
>>
>> Thank you for your time and looking forward for some guidance.
>>
>> Code
>>
>>
>> --------------------------------------------------------------------------------------------------------------------------------
>>
>> attstmt.getAttributes().add(attr);
>>
>> assertion.getAttributeStatements().add(attstmt);
>>
>> AssertionWrapper assertionWrper = new AssertionWrapper(assertion);
>>
>> WSSecSAMLToken samlToken = new WSSecSAMLToken();
>>
>> samlToken.build(soapDocument, assertionWrper, header);
>>
>> SoapMessageWithoutHeader = nodeToString(soapDocument);
>>
>> System.out.println("Anupam SOAP Message with SAML 2.0 Assertion :
>> "+SoapMessageWithoutHeader);
>>
>> // Inserting the wsu:Timestamp
>>
>>
>> WSSecTimestamp timestamp = new WSSecTimestamp();
>>
>> timestamp.setTimeToLive(TIMESTAMP_VALIDATE_PERIOD);
>>
>>
>> WSSecHeader timestampHeader = new WSSecHeader();
>>
>> timestampHeader.insertSecurityHeader(soapDocument);
>>
>> timestamp.build(soapDocument, timestampHeader);
>>
>> SoapMessageWithoutHeader = nodeToString(soapDocument);
>>
>> System.out.println("Anupam SOAP Message with time stamp :
>> "+SoapMessageWithoutHeader);
>>
>> System.out.println("Anupam path to key store "+pathtoKeyStore);
>>
>> WSSecSignature builder = new WSSecSignature();
>>
>> builder.setUserInfo(keyAlias, pwdValue);
>>
>> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
>>
>> java.util.Properties prop = new java.util.Properties();
>>
>>
>> *prop.setProperty("org.apache.ws.security.crypto.provider",
>> "org.apache.ws.security.components.crypto.Merlin");*
>>
>> * prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.type",
>> "jks");*
>>
>> *
>> prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.base64.encoded",
>> "false");*
>>
>> *
>> prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.password",
>> pwdValue);*
>>
>> * prop.setProperty("org.apache.ws.security.crypto.merlin.file",
>> pathtoKeyStore);*
>>
>> * prop.setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, "false");*
>>
>> *
>> //prop.setProperty(WSHandlerConstants.ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES,
>> "true");*
>>
>> * Crypto crypto = CryptoFactory.getInstance(prop);*
>>
>> * builder.prepare(soapDocument, crypto, header);*
>>
>>
>> Vector parts = new Vector();
>>
>>
>>
>>
>> parts.add(new WSEncryptionPart(TIMESTAMP_LOCALNAME, TIMESTAMP_QNAME,
>> CONTENT));
>>
>> parts.add(new WSEncryptionPart(builder.getBSTTokenId()));
>>
>> parts.add(new WSEncryptionPart(ASSERTION_LOCALNAME, ASSERTION_QNAME
>> ,ELEMENT));
>>
>> parts.add(new WSEncryptionPart(SOAPBODY_LOCALNAME,SOAPBODY_QNAME,CONTENT
>> ));
>>
>> builder.setParts(parts);
>>
>> builder.prependBSTElementToHeader(header);
>>
>> builder.computeSignature(builder.addReferencesToSign(parts,header));
>>
>> Proxy proxy = new Proxy(Proxy.Type.HTTP, new
>> InetSocketAddress("63.66.64.232",8080));
>>
>> String jNetURL1= "https://XXX/";
>>
>> URL endpoint = new URL(jNetURL1);
>>
>> HttpURLConnection con = (HttpURLConnection)
>> endpoint.openConnection(proxy);
>>
>> con.setRequestMethod("POST");
>>
>> con.setRequestProperty("Content-type", "text/xml; charset=utf-8");
>>
>> con.setRequestProperty("SOAPAction", "http://jnet.XXX/XX");
>>
>>
>> con.setDoInput(true);
>>
>> con.setDoOutput(true);
>>
>> OutputStream reqStream = con.getOutputStream();
>>
>> if(con ==null){
>>
>> System.out.println("Connection to Jnet is null");
>>
>> }
>>
>> String SoapMessageWithSign = nodeToString(soapDocument);
>>
>> System.out.println("Anupam SOAP Message with after signature :
>> "+SoapMessageWithSign);
>>
>> reqStream.write(SoapMessageWithSign.getBytes());
>>
>>
>> String jNetresponse=null;
>>
>> try {
>>
>> BufferedReader httpReader = new BufferedReader(new InputStreamReader(
>>
>> con.getInputStream()));
>>
>> String inputLine = null;
>>
>> StringBuffer buff = new StringBuffer();
>>
>> System.out.println("value of httpreader "+httpReader.ready());
>>
>> System.out.println("httpReader value "+httpReader.toString());
>>
>> while ((inputLine = httpReader.readLine()) != null) {
>>
>> buff.append(inputLine);
>>
>> System.out.println("input line "+inputLine);
>>
>> }
>>
>>
>> jNetresponse = buff.toString();
>>
>>
>> //System.out.println("Anupam Post response:"+response);
>>
>>
>> }catch(SOAPFaultException sfe){
>>
>> System.out.println(sfe.getMessage());
>>
>> }
>>
>>
>> Best regards,
>> Anupam Nandan
>>
>
>
> --
> Best regards,
> Anupam Nandan
> 201.920.0722
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Web sphere 8.5 and WSS4J1. 6. 9 signing issue.
Posted by Anupam Nandan <an...@gmail.com>.
FYI
On Tuesday, September 23, 2014, Anupam Nandan <an...@gmail.com>
wrote:
> Hello
>
> Can some one please help me on this ?
>
> Thank you!
>
> On Sunday, September 21, 2014, Anupam Nandan <anupam.nandan@gmail.com
> <javascript:_e(%7B%7D,'cvml','anupam.nandan@gmail.com');>> wrote:
>
>> Hi All,
>>
>> I am trying to write a java client program (servlet), which will generate
>> and sign the SOAP request with the keys provided by thrid party
>> (keystore.jks). When I deploy the Servlet on tomcat it just works fine. But
>> on web sphere 8.5 I am getting "*RSA signature is not verified*" . I
>> tried debugging the issue but not sure what is going wrong.
>>
>> I tried finding answer online and added IS_BSP_COMPLIANT as false but
>> didnt help.
>>
>> Most likely the issue is with signature. Let me know how I can trouble
>> this issue. Any suggestion would be very helpful.
>>
>>
>> Thank you for your time and looking forward for some guidance.
>>
>> Code
>>
>>
>> --------------------------------------------------------------------------------------------------------------------------------
>>
>> attstmt.getAttributes().add(attr);
>>
>> assertion.getAttributeStatements().add(attstmt);
>>
>> AssertionWrapper assertionWrper = new AssertionWrapper(assertion);
>>
>> WSSecSAMLToken samlToken = new WSSecSAMLToken();
>>
>> samlToken.build(soapDocument, assertionWrper, header);
>>
>> SoapMessageWithoutHeader = nodeToString(soapDocument);
>>
>> System.out.println("Anupam SOAP Message with SAML 2.0 Assertion :
>> "+SoapMessageWithoutHeader);
>>
>> // Inserting the wsu:Timestamp
>>
>>
>> WSSecTimestamp timestamp = new WSSecTimestamp();
>>
>> timestamp.setTimeToLive(TIMESTAMP_VALIDATE_PERIOD);
>>
>>
>> WSSecHeader timestampHeader = new WSSecHeader();
>>
>> timestampHeader.insertSecurityHeader(soapDocument);
>>
>> timestamp.build(soapDocument, timestampHeader);
>>
>> SoapMessageWithoutHeader = nodeToString(soapDocument);
>>
>> System.out.println("Anupam SOAP Message with time stamp :
>> "+SoapMessageWithoutHeader);
>>
>> System.out.println("Anupam path to key store "+pathtoKeyStore);
>>
>> WSSecSignature builder = new WSSecSignature();
>>
>> builder.setUserInfo(keyAlias, pwdValue);
>>
>> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
>>
>> java.util.Properties prop = new java.util.Properties();
>>
>>
>> *prop.setProperty("org.apache.ws.security.crypto.provider",
>> "org.apache.ws.security.components.crypto.Merlin");*
>>
>> * prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.type",
>> "jks");*
>>
>> *
>> prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.base64.encoded",
>> "false");*
>>
>> *
>> prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.password",
>> pwdValue);*
>>
>> * prop.setProperty("org.apache.ws.security.crypto.merlin.file",
>> pathtoKeyStore);*
>>
>> * prop.setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, "false");*
>>
>> *
>> //prop.setProperty(WSHandlerConstants.ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES,
>> "true");*
>>
>> * Crypto crypto = CryptoFactory.getInstance(prop);*
>>
>> * builder.prepare(soapDocument, crypto, header);*
>>
>>
>> Vector parts = new Vector();
>>
>>
>>
>>
>> parts.add(new WSEncryptionPart(TIMESTAMP_LOCALNAME, TIMESTAMP_QNAME,
>> CONTENT));
>>
>> parts.add(new WSEncryptionPart(builder.getBSTTokenId()));
>>
>> parts.add(new WSEncryptionPart(ASSERTION_LOCALNAME, ASSERTION_QNAME
>> ,ELEMENT));
>>
>> parts.add(new WSEncryptionPart(SOAPBODY_LOCALNAME,SOAPBODY_QNAME,CONTENT
>> ));
>>
>> builder.setParts(parts);
>>
>> builder.prependBSTElementToHeader(header);
>>
>> builder.computeSignature(builder.addReferencesToSign(parts,header));
>>
>> Proxy proxy = new Proxy(Proxy.Type.HTTP, new
>> InetSocketAddress("63.66.64.232",8080));
>>
>> String jNetURL1= "https://XXX/";
>>
>> URL endpoint = new URL(jNetURL1);
>>
>> HttpURLConnection con = (HttpURLConnection)
>> endpoint.openConnection(proxy);
>>
>> con.setRequestMethod("POST");
>>
>> con.setRequestProperty("Content-type", "text/xml; charset=utf-8");
>>
>> con.setRequestProperty("SOAPAction", "http://jnet.XXX/XX");
>>
>>
>> con.setDoInput(true);
>>
>> con.setDoOutput(true);
>>
>> OutputStream reqStream = con.getOutputStream();
>>
>> if(con ==null){
>>
>> System.out.println("Connection to Jnet is null");
>>
>> }
>>
>> String SoapMessageWithSign = nodeToString(soapDocument);
>>
>> System.out.println("Anupam SOAP Message with after signature :
>> "+SoapMessageWithSign);
>>
>> reqStream.write(SoapMessageWithSign.getBytes());
>>
>>
>> String jNetresponse=null;
>>
>> try {
>>
>> BufferedReader httpReader = new BufferedReader(new InputStreamReader(
>>
>> con.getInputStream()));
>>
>> String inputLine = null;
>>
>> StringBuffer buff = new StringBuffer();
>>
>> System.out.println("value of httpreader "+httpReader.ready());
>>
>> System.out.println("httpReader value "+httpReader.toString());
>>
>> while ((inputLine = httpReader.readLine()) != null) {
>>
>> buff.append(inputLine);
>>
>> System.out.println("input line "+inputLine);
>>
>> }
>>
>>
>> jNetresponse = buff.toString();
>>
>>
>> //System.out.println("Anupam Post response:"+response);
>>
>>
>> }catch(SOAPFaultException sfe){
>>
>> System.out.println(sfe.getMessage());
>>
>> }
>>
>>
>> Best regards,
>> Anupam Nandan
>>
>
>
> --
> Best regards,
> Anupam Nandan
> 201.920.0722
>
>
--
Best regards,
Anupam Nandan
201.920.0722
Re: Web sphere 8.5 and WSS4J1. 6. 9 signing issue.
Posted by Anupam Nandan <an...@gmail.com>.
Hello
Can some one please help me on this ?
Thank you!
On Sunday, September 21, 2014, Anupam Nandan <an...@gmail.com>
wrote:
> Hi All,
>
> I am trying to write a java client program (servlet), which will generate
> and sign the SOAP request with the keys provided by thrid party
> (keystore.jks). When I deploy the Servlet on tomcat it just works fine. But
> on web sphere 8.5 I am getting "*RSA signature is not verified*" . I
> tried debugging the issue but not sure what is going wrong.
>
> I tried finding answer online and added IS_BSP_COMPLIANT as false but
> didnt help.
>
> Most likely the issue is with signature. Let me know how I can trouble
> this issue. Any suggestion would be very helpful.
>
>
> Thank you for your time and looking forward for some guidance.
>
> Code
>
>
> --------------------------------------------------------------------------------------------------------------------------------
>
> attstmt.getAttributes().add(attr);
>
> assertion.getAttributeStatements().add(attstmt);
>
> AssertionWrapper assertionWrper = new AssertionWrapper(assertion);
>
> WSSecSAMLToken samlToken = new WSSecSAMLToken();
>
> samlToken.build(soapDocument, assertionWrper, header);
>
> SoapMessageWithoutHeader = nodeToString(soapDocument);
>
> System.out.println("Anupam SOAP Message with SAML 2.0 Assertion :
> "+SoapMessageWithoutHeader);
>
> // Inserting the wsu:Timestamp
>
>
> WSSecTimestamp timestamp = new WSSecTimestamp();
>
> timestamp.setTimeToLive(TIMESTAMP_VALIDATE_PERIOD);
>
>
> WSSecHeader timestampHeader = new WSSecHeader();
>
> timestampHeader.insertSecurityHeader(soapDocument);
>
> timestamp.build(soapDocument, timestampHeader);
>
> SoapMessageWithoutHeader = nodeToString(soapDocument);
>
> System.out.println("Anupam SOAP Message with time stamp :
> "+SoapMessageWithoutHeader);
>
> System.out.println("Anupam path to key store "+pathtoKeyStore);
>
> WSSecSignature builder = new WSSecSignature();
>
> builder.setUserInfo(keyAlias, pwdValue);
>
> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
>
> java.util.Properties prop = new java.util.Properties();
>
>
> *prop.setProperty("org.apache.ws.security.crypto.provider",
> "org.apache.ws.security.components.crypto.Merlin");*
>
> * prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.type",
> "jks");*
>
> *
> prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.base64.encoded",
> "false");*
>
> *
> prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.password",
> pwdValue);*
>
> * prop.setProperty("org.apache.ws.security.crypto.merlin.file",
> pathtoKeyStore);*
>
> * prop.setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, "false");*
>
> *
> //prop.setProperty(WSHandlerConstants.ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES,
> "true");*
>
> * Crypto crypto = CryptoFactory.getInstance(prop);*
>
> * builder.prepare(soapDocument, crypto, header);*
>
>
> Vector parts = new Vector();
>
>
>
>
> parts.add(new WSEncryptionPart(TIMESTAMP_LOCALNAME, TIMESTAMP_QNAME,
> CONTENT));
>
> parts.add(new WSEncryptionPart(builder.getBSTTokenId()));
>
> parts.add(new WSEncryptionPart(ASSERTION_LOCALNAME, ASSERTION_QNAME
> ,ELEMENT));
>
> parts.add(new WSEncryptionPart(SOAPBODY_LOCALNAME,SOAPBODY_QNAME,CONTENT
> ));
>
> builder.setParts(parts);
>
> builder.prependBSTElementToHeader(header);
>
> builder.computeSignature(builder.addReferencesToSign(parts,header));
>
> Proxy proxy = new Proxy(Proxy.Type.HTTP, new
> InetSocketAddress("63.66.64.232",8080));
>
> String jNetURL1= "https://XXX/";
>
> URL endpoint = new URL(jNetURL1);
>
> HttpURLConnection con = (HttpURLConnection) endpoint.openConnection(proxy);
>
> con.setRequestMethod("POST");
>
> con.setRequestProperty("Content-type", "text/xml; charset=utf-8");
>
> con.setRequestProperty("SOAPAction", "http://jnet.XXX/XX");
>
>
> con.setDoInput(true);
>
> con.setDoOutput(true);
>
> OutputStream reqStream = con.getOutputStream();
>
> if(con ==null){
>
> System.out.println("Connection to Jnet is null");
>
> }
>
> String SoapMessageWithSign = nodeToString(soapDocument);
>
> System.out.println("Anupam SOAP Message with after signature :
> "+SoapMessageWithSign);
>
> reqStream.write(SoapMessageWithSign.getBytes());
>
>
> String jNetresponse=null;
>
> try {
>
> BufferedReader httpReader = new BufferedReader(new InputStreamReader(
>
> con.getInputStream()));
>
> String inputLine = null;
>
> StringBuffer buff = new StringBuffer();
>
> System.out.println("value of httpreader "+httpReader.ready());
>
> System.out.println("httpReader value "+httpReader.toString());
>
> while ((inputLine = httpReader.readLine()) != null) {
>
> buff.append(inputLine);
>
> System.out.println("input line "+inputLine);
>
> }
>
>
> jNetresponse = buff.toString();
>
>
> //System.out.println("Anupam Post response:"+response);
>
>
> }catch(SOAPFaultException sfe){
>
> System.out.println(sfe.getMessage());
>
> }
>
>
> Best regards,
> Anupam Nandan
>
--
Best regards,
Anupam Nandan
201.920.0722