You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Tim Munro (myDIALS)" <ti...@mydials.com> on 2007/06/21 03:35:39 UTC
Rampart X509 Signature Rejected by .NET Web Service
Hi Guys,
Not sure if I am sending this to the right place, any assistance would be
greatly appreciated. We have developed a .NET based web service that
requires API calls to be signed using an x509 cert (& transmitted over
https). We have developed an Axis2 (1.2) client using Rampart (1.2) to add a
signature to the Web Service Call. We can successfully call the web service
using a .NET client, and also from the Java client if we disable Rampart
signature (and turn off the message signing requirements in our .NET app
server). However when we engage Rampart to sign the message the Java client
web service call fails with the error:
Exception in thread "main" org.apache.axis2.AxisFault: An error occurred
when verifying security for the message.
at
org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:434
)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperatio
n.java:373)
at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOpera
tion.java:294)
at com.mydials.DataSubmissionApiStub.About(DataSubmissionApiStub.java:173)
at com.mydials.test.TestMain.main(TestMain.java:41)
So, the .NET based web service rejects the Java client call to the web
service. When debugging (on the Windows server) the xml document sent by the
.NET client (working) looks to be very similar to that sent by the Java
client (fails). Below are the two documents - there must be a difference!
Any ideas what I am doing wrong? Or how to faultfind further?
A) .NET Client WS Call (Works)
==============================
<MessageLogTraceRecord>
<HttpRequest
xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageT
race">
<Method>POST</Method>
<QueryString></QueryString>
<WebHeaders>
<Connection>Keep-Alive</Connection>
<Content-Length>3103</Content-Length>
<Content-Type>text/xml; charset=utf-8</Content-Type>
<Expect>100-continue</Expect>
<Host>secure.mywaynesworld.com</Host>
<SOAPAction>"http://mydials.com/DataSubmissionApiContract/About"</SOAPAction
>
</WebHeaders>
</HttpRequest>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2007-06-21T00:48:58.093Z</u:Created>
<u:Expires>2007-06-21T00:53:58.093Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken
u:Id="uuid-f4024fe9-57ad-4924-9a8c-87b107e2de8d-1"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m
essage-security-1.0#Base64Binary">MIID9jCCA1+gAwIBAgIKGn50yQAAAAAACjANBgkqhk
iG9w0BAQUFADAjMSEwHwYDVQQDExhzZWN1cmUubXl3YXluZXN3b3JsZC5jb20wHhcNMDcwNTMxMD
M0MzIyWhcNMDgwNTMxMDM1MzIyWjBDMRswGQYDVQQDExJteWRpYWxzLnRlbmFudC5tcngxJDAiBg
kqhkiG9w0BCQEWFXRpbS5tdW5yb0BteWRhaWxzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgY
kCgYEAw7RliiCROuOT6V31jypwP6OTjb40agX58G/EfC4UdbbJq8IJnJvjwwINL5pqO6MnbWb5Yu
8UqVZfq1Cp0RKD990pI+kU2uF3hZRRO3/vpOblC8Dc7JiiXMGtWEnWUNXJEeqM3eh1PWgOLNUL5B
HnFoFeNWDkP51lDT85lO7U9k0CAwEAAaOCAg8wggILMA4GA1UdDwEB/wQEAwIE8DBEBgkqhkiG9w
0BCQ8ENzA1MA4GCCqGSIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwBwYFKw4DAgcwCgYIKoZIhv
cNAwcwHQYDVR0OBBYEFGG7t9ZjyT6NkjuPg71bZF92LoOWMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB
8GA1UdIwQYMBaAFA8eG25fvBNb0QHxAlI06P/AuA4QMIGUBgNVHR8EgYwwgYkwgYaggYOggYCGPW
h0dHA6Ly9zdGFnaW5nLXNlcnZlci9DZXJ0RW5yb2xsL3NlY3VyZS5teXdheW5lc3dvcmxkLmNvbS
5jcmyGP2ZpbGU6Ly9cXHN0YWdpbmctc2VydmVyXENlcnRFbnJvbGxcc2VjdXJlLm15d2F5bmVzd2
9ybGQuY29tLmNybDCBxgYIKwYBBQUHAQEEgbkwgbYwWAYIKwYBBQUHMAKGTGh0dHA6Ly9zdGFnaW
5nLXNlcnZlci9DZXJ0RW5yb2xsL3N0YWdpbmctc2VydmVyX3NlY3VyZS5teXdheW5lc3dvcmxkLm
NvbS5jcnQwWgYIKwYBBQUHMAKGTmZpbGU6Ly9cXHN0YWdpbmctc2VydmVyXENlcnRFbnJvbGxcc3
RhZ2luZy1zZXJ2ZXJfc2VjdXJlLm15d2F5bmVzd29ybGQuY29tLmNydDANBgkqhkiG9w0BAQUFAA
OBgQAlOlNwFXFA8oFMANGRo7RLNEZnO69LrRrxsR7Z9O3NXGs94HPqWZ5Vm/USnNqX0255q+3AN6
lgjLHz3WCN4aW/2akDK1GqRAEZufd0oq9IK+bGKB6BJVw3DrLycJMzOOf+E7e4CoRKL/LLdzEcPk
WOVNIiq7/WMpUbvAht3Ymj1g==</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod
>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
<Reference URI="#_0">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>RIVXyYAZZMquQfh0uHF/N3apDrA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Yq2P24hcneNvKAXmpqD1vScLgeqZqflt9ruJUU/Ff2KEmJqKIPZoTESyLa7t
3df2tkNHZ02kv0z5IWF9HI5Ci+ZtVXtYf8iUlLRFV4CFKV0rad/O0muCT9oi9YtEJo0i7/u3wHn5
zqRodRKFWaftFE/dKOuG15BhhPQBqLCWFXk=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"
URI="#uuid-f4024fe9-57ad-4924-9a8c-87b107e2de8d-1"></o:Reference>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
<To s:mustUnderstand="1"
xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">https://stag
ing-server/Services/DataSubmissionService.svc</To>
<Action s:mustUnderstand="1"
xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://mydia
ls.com/DataSubmissionApiContract/About</Action>
</s:Header>
<s:Body>
<About xmlns="http://mydials.com/"></About>
</s:Body>
</s:Envelope>
</MessageLogTraceRecord>
B) Axis2/Rampart Client WS Call (Fails)
=======================================
<MessageLogTraceRecord>
<HttpRequest
xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageT
race">
<Method>POST</Method>
<QueryString></QueryString>
<WebHeaders>
<Content-Length>3556</Content-Length>
<Content-Type>text/xml; charset=UTF-8</Content-Type>
<Host>secure.mywaynesworld.com</Host>
<User-Agent>Axis2</User-Agent>
<SOAPAction>"http://mydials.com/DataSubmissionApiContract/About"</SOAPAction
>
</WebHeaders>
</HttpRequest>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:BinarySecurityToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m
essage-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"
wsu:Id="CertId-19300432">MIID9jCCA1+gAwIBAgIKGn50yQAAAAAACjANBgkqhkiG9w0BAQU
FADAjMSEwHwYDVQQDExhzZWN1cmUubXl3YXluZXN3b3JsZC5jb20wHhcNMDcwNTMxMDM0MzIyWhc
NMDgwNTMxMDM1MzIyWjBDMRswGQYDVQQDExJteWRpYWxzLnRlbmFudC5tcngxJDAiBgkqhkiG9w0
BCQEWFXRpbS5tdW5yb0BteWRhaWxzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw7R
liiCROuOT6V31jypwP6OTjb40agX58G/EfC4UdbbJq8IJnJvjwwINL5pqO6MnbWb5Yu8UqVZfq1C
p0RKD990pI+kU2uF3hZRRO3/vpOblC8Dc7JiiXMGtWEnWUNXJEeqM3eh1PWgOLNUL5BHnFoFeNWD
kP51lDT85lO7U9k0CAwEAAaOCAg8wggILMA4GA1UdDwEB/wQEAwIE8DBEBgkqhkiG9w0BCQ8ENzA
1MA4GCCqGSIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwBwYFKw4DAgcwCgYIKoZIhvcNAwcwHQY
DVR0OBBYEFGG7t9ZjyT6NkjuPg71bZF92LoOWMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB8GA1UdIwQ
YMBaAFA8eG25fvBNb0QHxAlI06P/AuA4QMIGUBgNVHR8EgYwwgYkwgYaggYOggYCGPWh0dHA6Ly9
zdGFnaW5nLXNlcnZlci9DZXJ0RW5yb2xsL3NlY3VyZS5teXdheW5lc3dvcmxkLmNvbS5jcmyGP2Z
pbGU6Ly9cXHN0YWdpbmctc2VydmVyXENlcnRFbnJvbGxcc2VjdXJlLm15d2F5bmVzd29ybGQuY29
tLmNybDCBxgYIKwYBBQUHAQEEgbkwgbYwWAYIKwYBBQUHMAKGTGh0dHA6Ly9zdGFnaW5nLXNlcnZ
lci9DZXJ0RW5yb2xsL3N0YWdpbmctc2VydmVyX3NlY3VyZS5teXdheW5lc3dvcmxkLmNvbS5jcnQ
wWgYIKwYBBQUHMAKGTmZpbGU6Ly9cXHN0YWdpbmctc2VydmVyXENlcnRFbnJvbGxcc3RhZ2luZy1
zZXJ2ZXJfc2VjdXJlLm15d2F5bmVzd29ybGQuY29tLmNydDANBgkqhkiG9w0BAQUFAAOBgQAlOlN
wFXFA8oFMANGRo7RLNEZnO69LrRrxsR7Z9O3NXGs94HPqWZ5Vm/USnNqX0255q+3AN6lgjLHz3WC
N4aW/2akDK1GqRAEZufd0oq9IK+bGKB6BJVw3DrLycJMzOOf+E7e4CoRKL/LLdzEcPkWOVNIiq7/
WMpUbvAht3Ymj1g==</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="Signature-5699121">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
hod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#Timestamp-20632381">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>GwFUrF3rPn8LNX469gyemUFiZ0A=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
kPOyYNJekpNOMU9fXVYhyD5ekgd/qFXiH6PVWhN/m3AD/qUbB/IIFGjZk56roYsa3FCheL22ovog
JKEjhrrbi7UH0WJ2+DDpBcGyNQx4aORgzWbWcTQIoSLsh4cn059Rz3d7UZNlsmTNwRZet10IYMvL
RQ+Haz7RJ2sMYrE0pkc=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-4677928">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" wsu:Id="STRId-20290587">
<wsse:Reference URI="#CertId-19300432"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"></wsse:Reference>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" wsu:Id="Timestamp-20632381">
<wsu:Created>2007-06-21T00:46:52.187Z</wsu:Created>
<wsu:Expires>2007-06-21T00:51:52.187Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<To soapenv:mustUnderstand="1"
xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">https://stag
ing-server/Services/DataSubmissionService.svc</To>
<Action soapenv:mustUnderstand="1"
xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://mydia
ls.com/DataSubmissionApiContract/About</Action>
</soapenv:Header>
<soapenv:Body>
<ns3:About xmlns:ns3="http://mydials.com/"></ns3:About>
</soapenv:Body>
</soapenv:Envelope>
</MessageLogTraceRecord>