Because I had no time enough to make the entire development with the
right certificate, I'm still waiting for it and this should be finnished
on friday... That's why I wanted to have some code(altough I was not
gonna work), and then had something prepared for the right certificate.
Then, in this case and if everything is all right, it "should" work (at
least partially) with the correct certificate... Could this be a client
error? (It looks as sever error...as I told you, i'm new in axis...)
This is the complete exception:
AxisFault
faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: WSDoAllReceiver: The certificate used for the signature is
not trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}hostname:cifweb02.asoatario.com
WSDoAllReceiver: The certificate used for the signature is not trusted
at
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
at
org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
at
org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at
org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
at
org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at
org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
Thank you very much / Muchas gracias por tu ayuda
José Ferreiro escribió:
Correct Frank,
Why don't you get the right certificate you need that is issued and
signed by the correct third party?
Un saludo.
José
On Wed, Sep 3, 2008 at 7:09 PM, Tomás Tormo <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Good news!!! After changing the keystore for "interop2.jks", and
using "alice" as alias the exception changed :). Now it looks like
this:
WSDoAllReceiver: The certificate used for the signature is not
trusted
I'm trying the webservice client against a public webservice,
that's why I think this exception is pretty normal, cause this
certificate is self-signed, and the public webservice maybe needs
a trusted certificate. Am I right?
Thank you very much
Tomás Tormo escribió:
Sorry, my mistake, the client_deploy.wsdd file I'm using is the
following one:
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
<http://xml.apache.org/axis/wsdd/>
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";
<http://xml.apache.org/axis/wsdd/providers/java>>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
<requestFlow>
<handler name="DoSecuritySender"
type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="passwordCallbackClass"
value="pruebawebserviceregistraduria.PWCallback"/>
<parameter name="user" value="sample"/>
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="signatureKeyIdentifier"
value="DirectReference" />
</handler>
</requestFlow>
<responseFlow>
<handler name="DoSecurityReceiver"
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="pruebawebserviceregistraduria.PWCallback"/>
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile" value="crypto.properties" />
</handler>
</responseFlow>
</globalConfiguration >
</deployment>
Thank you
Tomás Tormo escribió:
Ok, sorry i didn't see the link...
Anyway i would like to ask you why you don't use
"DirectReference" as "signatureKeyIdentifier" instead of
"X509KeyIdentifier".Is the server able to verify the sign just
with that?
The client_deploy.wsdd file I was using was the following one
(now it's a mix of several xD):
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
<http://xml.apache.org/axis/wsdd/>
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";
<http://xml.apache.org/axis/wsdd/providers/java>>
<transport name="java"
pivot="java:org.apache.axis.transport.java.JavaSender"/>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<transport name="local"
pivot="java:org.apache.axis.transport.local.LocalSender"/>
<globalConfiguration >
<parameter name="disablePrettyXML" value="true"/>
<parameter name="enableNamespacePrefixOptimization"
value="true"/>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature"/>
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="user" value="sample"/>
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="signatureKeyIdentifier"
value="DirectReference" />
<parameter name="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#aes128-cbc";
<http://www.w3.org/2001/04/xmlenc#aes128-cbc> />
<parameter name="encryptionKeyTransportAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#rsa-1_5";
<http://www.w3.org/2001/04/xmlenc#rsa-1_5> />
</handler>
</requestFlow>
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile" value="crypto.properties" />
</handler>
</responseFlow>
</globalConfiguration >
Martin Gainty escribió:
Tomas<BR>
the provided example works with WSS4J ..specifically<BR>
*WSS4J configuration*<BR>
Below is the important parts from the deployment .wsdd-file for
the web service. The test.PWCallback <BR>
class is a simple class returning the password of the private
key in the keystore. I used the same <BR>
crypto.properties as the one supplied as wsstest.properties in
the interop-folder. As you can see I have <BR>
specified which algorithms to use for the session key and
ecrypted session key (RSA15 and AES128).
<BR>
Did you try?<BR>
Saludos<BR>
Martin <BR>
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the
official business of Sender. This transmission is of a
confidential nature and Sender does not endorse distribution to
any party other than intended recipient. Sender does not
necessarily endorse content contained within this transmission.
------------------------------------------------------------------------
Date: Wed, 3 Sep 2008 16:10:30 +0200
From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
To: [email protected] <mailto:[email protected]>
Subject: Re: *SPAM* RE: Problem verifying the signature with wss4j
Thank you very much for your answer, but i forgot to specify
that i'm writing a client in java using wss4j and not WSE, and
i don't have access to the server (anyway, i'm new in this
field, so maybe i haven't understood it well...)
Do you know how to do the same for wss4j in the client?
Thank you.
Martin Gainty escribió:
<policies
xmlns="http://schemas.microsoft.com/wse/2005/06/policy";
<http://schemas.microsoft.com/wse/2005/06/policy>><BR>
<policy name="x509"><BR>
assume the specified policy includes the directive
messageProtectionOrder="SignBeforeEncrypt"
<BR>
http://erlend.oftedal.no/blog/?blogid=12
<BR>
Saludos<BR>
Martin <BR>
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to
the official business of Sender. This transmission is of a
confidential nature and Sender does not endorse
distribution to any party other than intended recipient.
Sender does not necessarily endorse content contained
within this transmission.
> Date: Wed, 3 Sep 2008 14:30:40 +0200
> From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> To: [email protected] <mailto:[email protected]>
> Subject: Problem verifying the signature with wss4j
>
> Greetings
>
> I'm trying to write an webservice client wich uses signed
SOAP
> messages in order to communicate. For this, i'm using
wss4j 1.5.3 with
> axis 1.4. I've succesfully wrote the client code wich
signs the message
> and sends it to the server, but i'm getting the following
error:
>
> WSDoAllReceiver: security processing failed; nested
exception is:
> org.apache.ws.security.WSSecurityException: The signature
> verification failed (The provided certificate is invalid)
>
> As far as i know (by reading posts in the internet) this
is caused
> because the XML is modified after it is signed. I've
tried to set the
> disablePrettyXML to true and the
enableNamespacePrefixOptimization to
> false, but it didn't work...
>
> I've read in other posts that this could be caused by the
default blank
> namespaces added by Axis (when I checked the XML thanks
to TCPMonitor,
> i could see that the attributes of the sent objects had
no namespace,
> but the object itself had).
>
> Does anybody have any solution for this problem? Could be
possible to
> disable the default namespace in axis?
>
> Thank you very much
>
> --
> Un saludo,
>
> Tomás Tormo Franco
>
> Indenova, S.L.
> Tels.: +34 963 81 99 47 ext.519
> http://www.indenova.com
> mailto:[EMAIL PROTECTED]
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
>
------------------------------------------------------------------------
Get more out of the Web. Learn 10 hidden secrets of Windows
Live. Learn Now
<http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns%21550F681DAD532637%215295.entry?ocid=TXT_TAGLM_WL_getmore_092008>
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
------------------------------------------------------------------------
See how Windows Mobile brings your life together—at home, work,
or on the go. See Now
<http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/>
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
