Apologies for the delay in responding to this,
anonymous wrote : That should also work, but using this you won't be able to send
secured messages outbound.
At the moment I am only concerned with securing the client to server messages.
anonymous wrote : What encryption options did you use with the sun stack?
I am using the example from the JBossWS documentation. X.509 certificates.
anonymous wrote : Also, can you post a copy of the message the client is sending?
I am going to include the message without any security, then the message with signature,
which works, and finally the message with encryption, which does not work.
Original message without any security
| <env:Envelope
xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
| <env:Header/>
| <env:Body>
| <ns1:hello xmlns:ns1='http://iwise.nuigalway.ie/hello'>
| <String_1>john</String_1>
| </ns1:hello>
| </env:Body>
| </env:Envelope>
|
Message when signature is used
| <env:Envelope
xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
| <env:Header>
| <wsse:Security env:mustUnderstand='1'
xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w...
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws...
| <wsu:Timestamp wsu:Id='timestamp'>
| <wsu:Created>2006-11-04T12:34:51.546Z</wsu:Created>
| </wsu:Timestamp>
| <wsse:BinarySecurityToken
EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss...
ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x5...
wsu:Id='token-2-1162643691953-5313146'>
| MIIEQTCCA6qgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgT
| Cldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFzczETMBEGA1UEChMKSkJvc3MgSW5j
| LjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpib3NzLmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5A
| amJvc3MuY29tMB4XDTA1MDkxNTAwMDk0MVoXDTE1MDkxMzAwMDk0MVowgYsxCzAJBgNVBAYTAlVT
| MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQKEwpKQm9zcyBJbmMuMRQwEgYDVQQLEwtEZXZl
| bG9wbWVudDEVMBMGA1UEAxMMSmFzb24gR3JlZW5lMSUwIwYJKoZIhvcNAQkBFhZqYXNvbi5ncmVl
| bmVAamJvc3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzj+VomXdEuHTg4g
| N9mN865eulLiAPITiZMLfz2ODuzF0pj39iTKhHM8IS6YQYbkPGRXMTmnCy0NFfMsVKTXs/9rZBMP
| 1ko3kZopaN+XrUT8yxIiydL76QYcRpDGgxG9G4kc+mHdt0rZtARWVwoVPhO4Irx09AONpSYqdSq0
| 8jMXscA+yXwvhDHGV+J4CCSmQgYVa95OdDaAMnWp5csAfg4eL/GTLI36Up4tjsFnMq5NFKsCnZ1q
| qxA1OO3CbhsK/IlEZw13alGJPJ1FgvaTZTZNh+h2YIKl//P5iQOtfURrzWsVwGcEa6S+lC72BJHj
| JBOw4byI/FTi1HCe6wd3iQIDAQABo4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
| T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFKzdWmBd7MDzEemEN6HMXIeq
| St86MIHHBgNVHSMEgb8wgbyAFEuV2BcIYuw61dmN9JIrAvNK+hZ+oYGYpIGVMIGSMQswCQYDVQQG
| EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEYMBYGA1UEBxMPU25vcXVhbG1pZSBQYXNzMRMwEQYD
| VQQKEwpKQm9zcyBJbmMuMQswCQYDVQQLEwJRQTESMBAGA1UEAxMJamJvc3MuY29tMR4wHAYJKoZI
| hvcNAQkBFg9hZG1pbkBqYm9zcy5jb22CCQCr9VL/ZBpN7zANBgkqhkiG9w0BAQUFAAOBgQDEU/Bs
| M2Pqcr8j8/NdYlgSYXX1R7u2wjYkRnW6jeHlxNm5XeuY0t4nr8fq5S05YOAlU4LTJuGNMB8kZUit
| hAU2QxkMLmKKsb+B1zIdzP756xC6x+5g0dXLIt0ItVjPv5GQIw1SRmQKBkfliwV5jOrkCzJ5/v04
| Hb1iUP9iqcdN2w==
| </wsse:BinarySecurityToken>
| <ds:Signature
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <ds:SignedInfo
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <ds:CanonicalizationMethod
Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
| <ds:SignatureMethod
Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
| <ds:Reference URI='#element-1-1162643691578-16749745'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <ds:Transforms
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <ds:Transform
Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
| </ds:Transforms>
| <ds:DigestMethod
Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
| <ds:DigestValue
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>x4eijpcBjBPlOeFy...
| </ds:Reference>
| <ds:Reference URI='#timestamp'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <ds:Transforms
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <ds:Transform
Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
| </ds:Transforms>
| <ds:DigestMethod
Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
| <ds:DigestValue
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>A4XlynInTQ1C6gnc...
| </ds:Reference>
| </ds:SignedInfo>
| <ds:SignatureValue
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| S6K1pB4uNST52cUDEVucTYSC2534m5YgWp/E/lB4KdzYzlx9xa98V7wp+lAZlG1fN+mJn1UUkCiH
| NNwkfxYbJmiwE+a3kUiBZayuregcq2uGugVSyUJnFTga+QoVn6Zl50kccJpqmrU1jb4WN7VrOVgw
| Q2z/LB2KpvZx6vOKwEUsLoYHg7AS9LZsTQTdK7b3AJmvH+GAhb3iOQz4jRRjDD38N9CCTvRgXcwQ
| zMPujTaLk7INMHIrds+rDGO7p7sjk7dteRQX9PXMo0z7c+OAAywCfg7HWZWMnfAiusGti5Oess42
| BtUVRnx8mD99rf98O5y5wgZfJZb1nldKT5xVVA==
| </ds:SignatureValue>
| <ds:KeyInfo
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <wsse:SecurityTokenReference
wsu:Id='reference-3-1162643691953-9708927'>
| <wsse:Reference
URI='#token-2-1162643691953-5313146'
ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x5...
| </wsse:SecurityTokenReference>
| </ds:KeyInfo>
| </ds:Signature>
| </wsse:Security>
| </env:Header>
| <env:Body
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws...
wsu:Id='element-1-1162643691578-16749745'>
| <ns1:hello xmlns:ns1='http://iwise.nuigalway.ie/hello'>
| <String_1>john</String_1>
| </ns1:hello>
| </env:Body>
| </env:Envelope>
|
Message when encryption is used
| <env:Envelope
xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
| <env:Header>
| <wsse:Security env:mustUnderstand='1'
xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w...
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws...
| <wsu:Timestamp wsu:Id='timestamp'>
| <wsu:Created>2006-11-04T12:32:07.500Z</wsu:Created>
| </wsu:Timestamp>
| <wsse:BinarySecurityToken
EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss...
ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x5...
wsu:Id='token-2-1162643527953-19658898'>
| MIIEQTCCA6qgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgT
| Cldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFzczETMBEGA1UEChMKSkJvc3MgSW5j
| LjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpib3NzLmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5A
| amJvc3MuY29tMB4XDTA1MDkxNTAwMDk0MVoXDTE1MDkxMzAwMDk0MVowgYsxCzAJBgNVBAYTAlVT
| MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQKEwpKQm9zcyBJbmMuMRQwEgYDVQQLEwtEZXZl
| bG9wbWVudDEVMBMGA1UEAxMMSmFzb24gR3JlZW5lMSUwIwYJKoZIhvcNAQkBFhZqYXNvbi5ncmVl
| bmVAamJvc3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzj+VomXdEuHTg4g
| N9mN865eulLiAPITiZMLfz2ODuzF0pj39iTKhHM8IS6YQYbkPGRXMTmnCy0NFfMsVKTXs/9rZBMP
| 1ko3kZopaN+XrUT8yxIiydL76QYcRpDGgxG9G4kc+mHdt0rZtARWVwoVPhO4Irx09AONpSYqdSq0
| 8jMXscA+yXwvhDHGV+J4CCSmQgYVa95OdDaAMnWp5csAfg4eL/GTLI36Up4tjsFnMq5NFKsCnZ1q
| qxA1OO3CbhsK/IlEZw13alGJPJ1FgvaTZTZNh+h2YIKl//P5iQOtfURrzWsVwGcEa6S+lC72BJHj
| JBOw4byI/FTi1HCe6wd3iQIDAQABo4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
| T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFKzdWmBd7MDzEemEN6HMXIeq
| St86MIHHBgNVHSMEgb8wgbyAFEuV2BcIYuw61dmN9JIrAvNK+hZ+oYGYpIGVMIGSMQswCQYDVQQG
| EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEYMBYGA1UEBxMPU25vcXVhbG1pZSBQYXNzMRMwEQYD
| VQQKEwpKQm9zcyBJbmMuMQswCQYDVQQLEwJRQTESMBAGA1UEAxMJamJvc3MuY29tMR4wHAYJKoZI
| hvcNAQkBFg9hZG1pbkBqYm9zcy5jb22CCQCr9VL/ZBpN7zANBgkqhkiG9w0BAQUFAAOBgQDEU/Bs
| M2Pqcr8j8/NdYlgSYXX1R7u2wjYkRnW6jeHlxNm5XeuY0t4nr8fq5S05YOAlU4LTJuGNMB8kZUit
| hAU2QxkMLmKKsb+B1zIdzP756xC6x+5g0dXLIt0ItVjPv5GQIw1SRmQKBkfliwV5jOrkCzJ5/v04
| Hb1iUP9iqcdN2w==
| </wsse:BinarySecurityToken>
| <xenc:EncryptedKey
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
| <xenc:EncryptionMethod
Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-1_5'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/>
| <ds:KeyInfo
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <wsse:SecurityTokenReference
wsu:Id='reference-6-1162643528796-29247351'>
| <wsse:Reference URI='#token-2-1162643527953-19658898'
ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x5...
| </wsse:SecurityTokenReference>
| </ds:KeyInfo>
| <xenc:CipherData
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
| <xenc:CipherValue
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
| K8nIvL9BkXrik4+lOwNrueanacrp8cC/WwV3PW8ch4T3ilvEP4GGoMgrzddZvwgOW8AiUHD6BVOd
| Mui723FZYSatEim0/hpTdRBd2rKtSiEy1bbXZEJeGDo1MMyJaY73zaJcDVCNLn34x2MvTDCdgOw1
| +oN2XxjCa49/7jmqMWPZcgIBofr+JKxtcob25TDxHr+NARNl24Khap3yEp3CxC48fZXwtN/fNWaG
| jE1pgAz4UD5/0oe8lsUgeDPolQ/3JvZYmT0kVDf1ldK3B6oAzoOIy+8AnEc9D4Ohp6XlFZA+MPwV
| QktRYaABzTdq8r5Nk7a7lnOgDEOYaC8Z5WJz2g==
| </xenc:CipherValue>
| </xenc:CipherData>
| <xenc:ReferenceList
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
| <xenc:DataReference URI='#encrypted-5-1162643528328-14137305'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/>
| </xenc:ReferenceList>
| </xenc:EncryptedKey>
| <ds:Signature
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <ds:SignedInfo
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <ds:CanonicalizationMethod
Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
| <ds:SignatureMethod
Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
| <ds:Reference URI='#element-1-1162643527531-8703610'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <ds:Transforms
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <ds:Transform
Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
| </ds:Transforms>
| <ds:DigestMethod
Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
| <ds:DigestValue
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>f3PVDTNNDozFWI59...
| </ds:Reference>
| <ds:Reference URI='#timestamp'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <ds:Transforms
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <ds:Transform
Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
| </ds:Transforms>
| <ds:DigestMethod
Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
| <ds:DigestValue
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>ueejBXsOigMMxCc4...
| </ds:Reference>
| </ds:SignedInfo>
| <ds:SignatureValue
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| r27Gy2CfU86hwFL+P9tNZ+gzj5cmJ0zdIcV/jqAx9FVloJZRoFcwXLI3+JlbsdXaDOoR04gBrbyc
| WJI9Enx2zlMuo1mnIUvFJ6wQ5x4ak6uFsj5C56+uQUB7nEXEDDPejKhbOwiDHooz6KCdh+gTGKkU
| StvXiR3ZDsc9SqaQ3uj3xdmlhNCe4KxSAX2DOGcZfT1CWIVYyq4Rt+oMnmhN6kJMQLQbTwOrxhXc
| qMzLN750UgKoN27Dd/KtUpnKkagl3zzqHmvGqIiLjQ/ED4PC7aS+2Ymp8DdBx/Ya9zlIpEjN03mA
| 5PXxoyVNxYtydWYU0Rq0cE7AqM61HNUGjN69Wg==
| </ds:SignatureValue>
| <ds:KeyInfo
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
| <wsse:SecurityTokenReference
wsu:Id='reference-3-1162643527953-30167145'>
| <wsse:Reference URI='#token-2-1162643527953-19658898'
ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x5...
| </wsse:SecurityTokenReference>
| </ds:KeyInfo>
| </ds:Signature>
| </wsse:Security>
| </env:Header>
| <env:Body
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws...
wsu:Id='element-1-1162643527531-8703610'>
| <ns1:hello xmlns:ns1='http://iwise.nuigalway.ie/hello'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws...
wsu:Id='element-4-1162643528328-17689439'>
| <xenc:EncryptedData Id='encrypted-5-1162643528328-14137305'
Type='http://www.w3.org/2001/04/xmlenc#Content'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
| <xenc:EncryptionMethod
Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/>
| <xenc:CipherData
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
| <xenc:CipherValue
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
| l0waYKIwD4YR5UcXV0QpS3O4NTYaI5fYQBYDWao7GnlwAs4oddUc3/y+qIk0k1yo1ukRIhtIfStH
| bfs5XXP/ABpRu7L2pV2FgT28gBcRyDLiCbUcIQwkrQMXpXwS9SoTCh7uCTFlYdNmB681YgrzNqv9
| pTOluti2/ZimKAdcR7sCNTVRDvNKFOpFgddjrwzg4lqYXst1ITTjEl8oH7IDsKkU/gWT4urLJeNg
| 5tStMTHQXkvHTCREQITFJN0+W4Wp/1BJm3kGrYabpwEBTXOhvWijJdGQMlIEeXbjtiXarGoXTFbM
| KaBg1br02RadiR6s
| </xenc:CipherValue>
| </xenc:CipherData>
| </xenc:EncryptedData>
| </ns1:hello>
| </env:Body>
| </env:Envelope>
|
Apologies for how verbose the messages are. The error i am getting in return to the last
message is
| [java] Contacting webservice at
http://whitehaven:8088/hello-ejb/HelloBean?wsdl
| [java] hello.hello(john)
| [java] - Call invocation failed with SOAPFaultException
| [java] javax.xml.rpc.soap.SOAPFaultException: javax.xml.rpc.JAXRPCException: Cannot
find child element: String_1
| [java] at
org.jboss.ws.jaxrpc.SOAPFaultExceptionHelper.getSOAPFaultException(SOAPFaultExceptionHelper.java:100)
| [java] at
org.jboss.ws.binding.soap.SOAPBindingProvider.unbindResponseMessage(SOAPBindingProvider.java:486)
| [java] at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:702)
| [java] Exception in thread "main" java.rmi.RemoteException: Call invocation
failed with code [Client] because of: javax.xml.rpc.JAXRPCException:Cannot find child
element: String_1; nested exception is:
| [java] javax.xml.rpc.soap.SOAPFaultException: javax.xml.rpc.JAXRPCException:
Cannot find child element: String_1
| [java] at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:713)
| [java] at org.jboss.ws.jaxrpc.CallImpl.invoke(CallImpl.java:404)
| [java] at helloClient.Client.main(Client.java:50)
| [java] Caused by: javax.xml.rpc.soap.SOAPFaultException:
javax.xml.rpc.JAXRPCException: Cannot find child element: String_1
| [java] at
org.jboss.ws.jaxrpc.SOAPFaultExceptionHelper.getSOAPFaultException(SOAPFaultExceptionHelper.java:100)
| [java] at org.jboss.ws.jaxrpc.CallImpl.invoke(CallImpl.java:404)
| [java] at helloClient.Client.main(Client.java:50)
| [java] at
org.jboss.ws.binding.soap.SOAPBindingProvider.unbindResponseMessage(SOAPBindingProvider.java:486)
| [java] at org.jboss.ws.jaxrpc.CallImpl.invokeInternal(CallImpl.java:702)
|
Any ideas? Doesn't make any sense that signatures work and encryption wont.
Thanks,
Brian.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983211#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...