Hello,
Anyone succeed to make work a .Net WebService client WSE
with WSS4J (I always get the error message 'Signature Verification
failed') ?
On the server my WSDD config is:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<globalConfiguration>
<parameter name="enableNamespacePrefixOptimization" value="false" />
<parameter name="disablePrettyXML" value="true"/>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllRece iver">
<parameter name="passwordCallbackClass"
value="com.hp.ov.temip.ws.handler.PWCallback"/>
<parameter name="action" value="UsernameTokenSignature UsernameToken Encrypt
Timestamp"/>
<parameter name="decryptionPropFile" value="security.properties" />
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
On client's side, I developped with WSE 3.0 Policy framework
The following SecureMessage overriden function:
public override void SecureMessage(SoapEnvelope envelope, Security security)
{
//Must Understand Headers
security.MustUnderstand = true;
security.Timestamp.TtlInSeconds = 60;
//User Name Token
UsernameToken userToken = new UsernameToken(m_strUsername, m_strPassword,
PasswordOption.SendPlainText);
security.Tokens.Add(userToken);
X509SecurityToken token = null;
try
{
token = GetSecurityToken("CN=10.67.212.35");
}
catch (Exception ex)
{
throw new Exception("Certificate not found : " + ex.Message);
}
//Define a custom X509 token
ISecurityTokenManager stm =
SecurityTokenManager.GetSecurityTokenManagerByToke nType(WSTrust.TokenTypes.X509v3);
X509SecurityTokenManager x509tm = stm as X509SecurityTokenManager;
x509tm.DefaultKeyAlgorithm = "RSA15";
x509tm.DefaultSessionKeyAlgorithm = "TripleDES";
//security.Elements.Add(new EncryptedData(token)); //De-comment this line
will encrypt the Body
// Add the token to the SOAP header.
security.Tokens.Add(token); //Insert the token being used into header
//Add Message Signature
MessageSignature sig = new MessageSignature(userToken);
sig.SignatureOptions = SignatureOptions.IncludeSoapBody;
security.Elements.Add(sig);
//Insert the encrypted UsernameToken
security.Elements.Add(new EncryptedData(token, "#" + userToken.Id));
}
Into TOMCAT logs, I can notice that WSS4J is able to:
- retrieve my certificate with its public key
- Decrypt the UserNameToken
But the signature verification fails, some say that it could be due
to a pretty-print component that alters the SOAP message after
the signature, if so, how to deactivate such pretty-printer ?
__________________
Benjamin BALET
http://bbalet.free.fr/