Hello,
Anyone succeed to make work a .Net WebService client WSE
with WSS4J (I always get the error message 'Signature Verification
failed') ?
On the server my WSDD config is:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="htt p://xml.apache.org/axis/wsdd/providers/java">
<globalConfigur ation>
<parameter name="enableNam espacePrefixOpt imization" value="false" />
<parameter name="disablePr ettyXML" value="true"/>
<requestFlow>
<handler type="java:org. apache.ws.axis. security.WSDoAl lReceiver">
<parameter name="passwordC allbackClass"
value="com.hp.o v.temip.ws.hand ler.PWCallback"/>
<parameter name="action" value="Username TokenSignature UsernameToken Encrypt
Timestamp"/>
<parameter name="decryptio nPropFile" value="security .properties" />
</handler>
</requestFlow>
</globalConfigura tion>
</deployment>
On client's side, I developped with WSE 3.0 Policy framework
The following SecureMessage overriden function:
public override void SecureMessage(S oapEnvelope envelope, Security security)
{
//Must Understand Headers
security.MustUn derstand = true;
security.Timest amp.TtlInSecond s = 60;
//User Name Token
UsernameToken userToken = new UsernameToken(m _strUsername, m_strPassword,
PasswordOption. SendPlainText);
security.Tokens .Add(userToken) ;
X509SecurityTok en token = null;
try
{
token = GetSecurityToke n("CN=10.67.212 .35");
}
catch (Exception ex)
{
throw new Exception("Cert ificate not found : " + ex.Message);
}
//Define a custom X509 token
ISecurityTokenM anager stm =
SecurityTokenMa nager.GetSecuri tyTokenManagerB yTokenType(WSTr ust.TokenTypes. X509v3);
X509SecurityTok enManager x509tm = stm as X509SecurityTok enManager;
x509tm.DefaultK eyAlgorithm = "RSA15";
x509tm.DefaultS essionKeyAlgori thm = "TripleDES" ;
//security.Elemen ts.Add(new EncryptedData(t oken)); //De-comment this line
will encrypt the Body
// Add the token to the SOAP header.
security.Tokens .Add(token); //Insert the token being used into header
//Add Message Signature
MessageSignatur e sig = new MessageSignatur e(userToken);
sig.SignatureOp tions = SignatureOption s.IncludeSoapBo dy;
security.Elemen ts.Add(sig);
//Insert the encrypted UsernameToken
security.Elemen ts.Add(new EncryptedData(t oken, "#" + userToken.Id));
}
Into TOMCAT logs, I can notice that WSS4J is able to:
- retrieve my certificate with its public key
- Decrypt the UserNameToken
But the signature verification fails, some say that it could be due
to a pretty-print component that alters the SOAP message after
the signature, if so, how to deactivate such pretty-printer ?
_______________ ___
Benjamin BALET
http://bbalet.free.fr/