You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by br...@sweetxml.org on 2004/10/26 10:45:20 UTC
signing with DerivedKey based on UsernameToken
Werner,
I've just tried it out, but something seems wrong, I never get anything sent, because of this exception:
Catch RemoteException
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: WSDoAllSender: Error during Signatur with UsernameToken secretorg.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://schemas.xmlsoap.org/ws/2004/03/addressing, MessageID)
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:WSDoAllSender: Error during Signatur with UsernameToken secretorg.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://schemas.xmlsoap.org/ws/2004/03/addressing, MessageID)
at org.apache.ws.axis.security.WSDoAllSender.performUT_SIGNAction(WSDoAllSender.java:476)
at org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:308)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:134)
at org.apache.axis.client.Call.invokeEngine(Call.java:2737)
..
..
..
..
That was with this client-config.wsdd
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<globalConfiguration>
<parameter name="adminPassword" value="admin"/>
<parameter name="disablePrettyXML" value="true"/>
<parameter name="attachments.implementation" value="org.apache.axis.attachments.AttachmentsImpl"/>
<parameter name="sendXsiTypes" value="true"/>
<parameter name="sendMultiRefs" value="true"/>
<parameter name="sendXMLDeclaration" value="true"/>
<requestFlow>
<handler type="java:dk.oio.xml.referenceImplementation.wss.StandardOutXmlLogHandler" />
<handler name="addr" type="java:org.apache.axis.message.addressing.handler.AddressingHandler">
<parameter name="referencePropertyNames" value="
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}FaultTo"/>
</handler>
<handler type="java:dk.oio.xml.referenceImplementation.wss.StandardOutXmlLogHandler" />
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="UsernameTokenSignature Encrypt Timestamp"/>
<parameter name="user" value="OIO\BrianNielsen"/>
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="signatureParts" value="
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;
{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing} FaultTo"/>
<parameter name="encryptionUser" value="isb"/>
<parameter name="encryptionParts" value="{content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"/>
<parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier"/>
<parameter name="encryptionPropFile" value="isb-server-publickey.properties"/>
</handler>
<handler type="java:dk.oio.xml.referenceImplementation.wss.StandardOutXmlLogHandler" />
</requestFlow>
</globalConfiguration>
<transport name="java" pivot="java:org.apache.axis.transport.java.JavaSender"/>
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<transport name="local" pivot="java:org.apache.axis.transport.local.LocalSender"/>
</deployment>
If I remove the signature parts the run gives this:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2004-10-26T07:26:12Z</wsu:Created>
<wsu:Expires>2004-10-26T07:31:12Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">ioljQeB/9MiiU0LyF6+e5Dzdego=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>Ug6Fi9VB5nIxM4gqpxvydDOUDzPjhDVkOgP7OaVZJAgPPiJ+Vpa2YexarqVX2hzHb+WL8pluCjiD
6+bAemYWNZS/sDr1IevYCGinQGv64umqLTnnt7d295Se6ejJoJbmOPry0R2wq8RQnDZfS+tFe6tk
uGbDWSvnWM5XQjSoqJk=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-18135083"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedData Id="EncDataId-18135083" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<xenc:CipherData>
<xenc:CipherValue>DT+T9eDC0a4IiL61JLUYzEDERidf7VNx2U9MiPsVsco14pR14+TwgoM5XwwMgJQZ0UY3HDJYfbx2
3tnurHfJMlyFndd97XZJIBz67FMIzZNmLRNGxBGLF9waO4BGyXaPkazRlauTOunvYwMboN/e3LKF
kOm+fhooQgyoWeKa9cFqfvovnWTuIBTP4I0f2W9p+jLf7RTo/uY6HofNKyvNvH89oMUzdmDScXVQ
GMv/7VVA9hUDeLNOIo1BGvVpjHWr88DNiKeeRh4pTN6s6hgqp1/jcQNlpobStzqaRxqB2iQHpBd/
3ZLYt29onArc2EUTdgh8HoAywTpNit0bFHw2t/TVWGf1pHqzPiD/2o5Rne17ia5jPnUWPyqRMt9C
DOruThqjKZcExAiskNnIXZNPfuLRVeaqrGhVfeBlXhE59+pA6XS9VYDvgnsxIxjmyQuY845m1eNY
9uKhxc9r+E3LMguccw+7q7XaUIdSa0MEPezsbQ+r+qbjkMRE3sFMDfKx2gq/RMGklQugm1jswjMB
tw4vNxHuXosIyrgXqODENmNDPJ9JTRXosbfeAsCN03aT7khxt5zz0UhJyT1yPk/PZt1Jh/9eKtNM
MknKgPEJ7LM4Ujx+uckLNKr7fLzy8/cYekAXZs0QtnYMJxNaOOuLP3/UvVh/HRih8Q4EuPG+1uX7
tTGKb5cJa8bThxGmV4fYJTDb8TA3B2DFdy8iMjZZgCw1DEQOdOikzH9InePHd1S29wAxe/hSSMLu
QJJbPqgvX2kwKRKL7GUOgfayknqlyyblOB0eKsme7NRUgLOEbP0yDbwiUGm/GS98LDa87Cwvrqfj
m5qvKiQQ5YQ7RamsdT6ggAFSIsUUpUdt90G3bHrXMLaCvhHLYK4S7ge4pA4gDsVgMV4KlDnAhhiu
QRd2loJCvU3rfD5AXZAe4wHg64JNNDyIe2mmF/QGbDxcwK3djFE//dDksyFGH7ylxfc1aJzNdeXu
aN+d2ZKo26l0yYHzilSztUsA4pEz0PPfH2TDk2xNH/0Wcwhg/RlBanvszX7OlbdXNh+MAakFkNW+
DwuZ6tLyUFVRwJJXVAdoPYVpcvJIT5TkVTc=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<ds:Reference URI="#id-10769718">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>FIKht43RGdNhq4VypyCJi8+wHxo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>QgvJEl5X9KIrLCy2J9UTdX2eAoA=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-6011238">
<wsse:SecurityTokenReference
wsu:Id="STRId-24864323" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Reference
URI="#usernameTokenId-15926420" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:MessageID soapenv:mustUnderstand="0">uuid:4FA7BD10-2720-11D9-AE64-F8CE60B03F55</wsa:MessageID>
<wsa:To soapenv:mustUnderstand="0">http://isb.oio.dk/oioservice/service/public/2/namespacemanager.asmx</wsa:To>
<wsa:Action soapenv:mustUnderstand="0">http://isb.oio.dk/oioservice/service/public/2/GetNamespaceInfo</wsa:Action>
<wsa:From soapenv:mustUnderstand="0">
<Address xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</Address>
</wsa:From>
<wsa:FaultTo soapenv:mustUnderstand="0">
<Address xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://www.apache.org</Address>
</wsa:FaultTo>
</soapenv:Header>
<soapenv:Body wsu:Id="id-10769718" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<NamespaceToGet xmlns="http://isb.oio.dk/oioservice/service/NamespaceManager/">http://rep.oio.dk/hr-xml/</NamespaceToGet>
</soapenv:Body>
</soapenv:Envelope>
Catch RemoteException
AxisFault
faultCode: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}FailedCheck
faultSubcode:
faultString: Microsoft.Web.Services2.Security.SecurityFault: The signature or decryption was invalid
at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope envelope)
at Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage message)
faultActor: http://isb.oio.dk/oioservice/service/public/2/namespacemanager.asmx
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:Microsoft.Web.Services2.Security.SecurityFault: The signature or decryption was invalid
at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope envelope)
at Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage message)
at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128)
..
..
..
..
that is the same error as in the first try. The client-config.wsdd is:
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<globalConfiguration>
<parameter name="adminPassword" value="admin"/>
<parameter name="disablePrettyXML" value="true"/>
<parameter name="attachments.implementation" value="org.apache.axis.attachments.AttachmentsImpl"/>
<parameter name="sendXsiTypes" value="true"/>
<parameter name="sendMultiRefs" value="true"/>
<parameter name="sendXMLDeclaration" value="true"/>
<requestFlow>
<handler type="java:dk.oio.xml.referenceImplementation.wss.StandardOutXmlLogHandler" />
<handler name="addr" type="java:org.apache.axis.message.addressing.handler.AddressingHandler">
<parameter name="referencePropertyNames" value="
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}FaultTo"/>
</handler>
<handler type="java:dk.oio.xml.referenceImplementation.wss.StandardOutXmlLogHandler" />
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="UsernameTokenSignature Encrypt Timestamp"/>
<parameter name="user" value="OIO\BrianNielsen"/>
<parameter name="passwordCallbackClass" value="PWCallback"/>
<!--
<parameter name="signatureParts" value="
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;
{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing} FaultTo"/>
-->
<parameter name="encryptionUser" value="isb"/>
<parameter name="encryptionParts" value="{content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"/>
<parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier"/>
<parameter name="encryptionPropFile" value="isb-server-publickey.properties"/>
</handler>
<handler type="java:dk.oio.xml.referenceImplementation.wss.StandardOutXmlLogHandler" />
</requestFlow>
</globalConfiguration>
<transport name="java" pivot="java:org.apache.axis.transport.java.JavaSender"/>
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<transport name="local" pivot="java:org.apache.axis.transport.local.LocalSender"/>
</deployment>
Any ideas on how we can ensure that we use the same algorithm as the one used
in .NET WSE?
Brgds Brian