Correct Frank, Why don't you get the right certificate you need that is issued and signed by the correct third party?
Un saludo. José On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo <[EMAIL PROTECTED]> wrote: > Good news!!! After changing the keystore for "interop2.jks", and using > "alice" as alias the exception changed :). Now it looks like this: > > WSDoAllReceiver: The certificate used for the signature is not trusted > > I'm trying the webservice client against a public webservice, that's why I > think this exception is pretty normal, cause this certificate is > self-signed, and the public webservice maybe needs a trusted certificate. Am > I right? > > Thank you very much > > Tomás Tormo escribió: > > Sorry, my mistake, the client_deploy.wsdd file I'm using is the following > one: > > <deployment > xmlns="http://xml.apache.org/axis/wsdd/";<http://xml.apache.org/axis/wsdd/>xmlns:java= > "http://xml.apache.org/axis/wsdd/providers/java";<http://xml.apache.org/axis/wsdd/providers/java> > > > <transport name="http" > pivot="java:org.apache.axis.transport.http.HTTPSender"/> > <globalConfiguration > > <requestFlow> > <handler name="DoSecuritySender" > type="java:org.apache.ws.axis.security.WSDoAllSender" > > <parameter name="passwordCallbackClass" > value="pruebawebserviceregistraduria.PWCallback"/> > <parameter name="user" value="sample"/> > <parameter name="action" value="Signature"/> > <parameter name="signaturePropFile" value="crypto.properties" /> > <parameter name="signatureKeyIdentifier" value="DirectReference" /> > </handler> > </requestFlow> > <responseFlow> > <handler name="DoSecurityReceiver" > type="java:org.apache.ws.axis.security.WSDoAllReceiver"> > <parameter name="passwordCallbackClass" > value="pruebawebserviceregistraduria.PWCallback"/> > <parameter name="action" value="Signature"/> > <parameter name="signaturePropFile" value="crypto.properties" /> > </handler> > </responseFlow> > </globalConfiguration > > </deployment> > > Thank you > > Tomás Tormo escribió: > > Ok, sorry i didn't see the link... > > Anyway i would like to ask you why you don't use "DirectReference" as > "signatureKeyIdentifier" instead of "X509KeyIdentifier".Is the server able > to verify the sign just with that? > > The client_deploy.wsdd file I was using was the following one (now it's a > mix of several xD): > > <?xml version="1.0" encoding="UTF-8"?> > <deployment > xmlns="http://xml.apache.org/axis/wsdd/";<http://xml.apache.org/axis/wsdd/>xmlns:java= > "http://xml.apache.org/axis/wsdd/providers/java";<http://xml.apache.org/axis/wsdd/providers/java> > > > <transport name="java" > pivot="java:org.apache.axis.transport.java.JavaSender"/> > <transport name="http" > pivot="java:org.apache.axis.transport.http.HTTPSender"/> > <transport name="local" > pivot="java:org.apache.axis.transport.local.LocalSender"/> > <globalConfiguration > > <parameter name="disablePrettyXML" value="true"/> > <parameter name="enableNamespacePrefixOptimization" value="true"/> > <requestFlow> > <handler type="java:org.apache.ws.axis.security.WSDoAllSender" > > <parameter name="action" value="Signature"/> > <parameter name="passwordCallbackClass" value="PWCallback"/> > <parameter name="user" value="sample"/> > <parameter name="signaturePropFile" value="crypto.properties" /> > <parameter name="signatureKeyIdentifier" value="DirectReference" /> > <parameter name="encryptionSymAlgorithm" value= > "http://www.w3.org/2001/04/xmlenc#aes128-cbc";<http://www.w3.org/2001/04/xmlenc#aes128-cbc>/> > <parameter name="encryptionKeyTransportAlgorithm" value= > "http://www.w3.org/2001/04/xmlenc#rsa-1_5";<http://www.w3.org/2001/04/xmlenc#rsa-1_5>/> > </handler> > </requestFlow> > <responseFlow> > <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> > <parameter name="passwordCallbackClass" value="PWCallback"/> > <parameter name="action" value="Signature"/> > <parameter name="signaturePropFile" value="crypto.properties" /> > </handler> > </responseFlow> > </globalConfiguration > > > > > > > Martin Gainty escribió: > > Tomas<BR> > > the provided example works with WSS4J ..specifically<BR> > > *WSS4J configuration*<BR> > Below is the important parts from the deployment .wsdd-file for the web > service. The test.PWCallback <BR> > class is a simple class returning the password of the private key in the > keystore. I used the same <BR> > crypto.properties as the one supplied as wsstest.properties in the > interop-folder. As you can see I have <BR> > specified which algorithms to use for the session key and ecrypted session > key (RSA15 and AES128). > <BR> > Did you try?<BR> > Saludos<BR> > Martin <BR> > ______________________________________________ > Disclaimer and confidentiality note > Everything in this e-mail and any attachments relates to the official > business of Sender. This transmission is of a confidential nature and Sender > does not endorse distribution to any party other than intended recipient. > Sender does not necessarily endorse content contained within this > transmission. > > > ------------------------------ > Date: Wed, 3 Sep 2008 16:10:30 +0200 > From: [EMAIL PROTECTED] > To: [email protected] > Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j > > Thank you very much for your answer, but i forgot to specify that i'm > writing a client in java using wss4j and not WSE, and i don't have access to > the server (anyway, i'm new in this field, so maybe i haven't understood it > well...) > > Do you know how to do the same for wss4j in the client? > > Thank you. > > Martin Gainty escribió: > > <policies > xmlns="http://schemas.microsoft.com/wse/2005/06/policy";<http://schemas.microsoft.com/wse/2005/06/policy> > ><BR> > <policy name="x509"><BR> > assume the specified policy includes the directive > messageProtectionOrder="SignBeforeEncrypt" > <BR> > > http://erlend.oftedal.no/blog/?blogid=12 > <BR> > Saludos<BR> > Martin <BR> > ______________________________________________ > Disclaimer and confidentiality note > Everything in this e-mail and any attachments relates to the official > business of Sender. This transmission is of a confidential nature and Sender > does not endorse distribution to any party other than intended recipient. > Sender does not necessarily endorse content contained within this > transmission. > > > > Date: Wed, 3 Sep 2008 14:30:40 +0200 > > From: [EMAIL PROTECTED] > > To: [email protected] > > Subject: Problem verifying the signature with wss4j > > > > Greetings > > > > I'm trying to write an webservice client wich uses signed SOAP > > messages in order to communicate. For this, i'm using wss4j 1.5.3 with > > axis 1.4. I've succesfully wrote the client code wich signs the message > > and sends it to the server, but i'm getting the following error: > > > > WSDoAllReceiver: security processing failed; nested exception is: > > org.apache.ws.security.WSSecurityException: The signature > > verification failed (The provided certificate is invalid) > > > > As far as i know (by reading posts in the internet) this is caused > > because the XML is modified after it is signed. I've tried to set the > > disablePrettyXML to true and the enableNamespacePrefixOptimization to > > false, but it didn't work... > > > > I've read in other posts that this could be caused by the default blank > > namespaces added by Axis (when I checked the XML thanks to TCPMonitor, > > i could see that the attributes of the sent objects had no namespace, > > but the object itself had). > > > > Does anybody have any solution for this problem? Could be possible to > > disable the default namespace in axis? > > > > Thank you very much > > > > -- > > Un saludo, > > > > Tomás Tormo Franco > > > > Indenova, S.L. > > Tels.: +34 963 81 99 47 ext.519 > > http://www.indenova.com > > mailto:[EMAIL PROTECTED] <[EMAIL PROTECTED]> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > ------------------------------ > Get more out of the Web. Learn 10 hidden secrets of Windows Live. Learn > Now<http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns%21550F681DAD532637%215295.entry?ocid=TXT_TAGLM_WL_getmore_092008> > > > -- > Un saludo, > > Tomás Tormo Franco > > Indenova, S.L. > Tels.: +34 963 81 99 47 ext.519http://www.indenova.commailto:[EMAIL > PROTECTED] <[EMAIL PROTECTED]> > > > ------------------------------ > See how Windows Mobile brings your life together—at home, work, or on the > go. See Now <http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/> > > > -- > Un saludo, > > Tomás Tormo Franco > > Indenova, S.L. > Tels.: +34 963 81 99 47 ext.519http://www.indenova.commailto:[EMAIL > PROTECTED] <[EMAIL PROTECTED]> > > > -- > Un saludo, > > Tomás Tormo Franco > > Indenova, S.L. > Tels.: +34 963 81 99 47 ext.519http://www.indenova.commailto:[EMAIL > PROTECTED] <[EMAIL PROTECTED]> > > > -- > Un saludo, > > Tomás Tormo Franco > > Indenova, S.L. > Tels.: +34 963 81 99 47 ext.519http://www.indenova.commailto:[EMAIL > PROTECTED] <[EMAIL PROTECTED]> > >
