Announcement Announcement Module
Collapse
No announcement yet.
SWS (XWSS 3.0) interop with WSE 2.0 problem Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SWS (XWSS 3.0) interop with WSE 2.0 problem

    Hello, all.

    I'm trying to consume a WSE 2.0 web service.
    The service policy enforces its clients to "encrypt and sign" messages.

    I've received a certificates and keys and also implementing a "signing" part (some methods uses only signing).

    However, i'm deeply stuck with "encryption" part.

    A XWSSProcessor configured with the following:

    Code:
    <xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
        <xwss:Encrypt>
            <xwss:X509Token certificateAlias="dev-server" />
            <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
            <xwss:DataEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
            <xwss:EncryptionTarget type="qname" value="SOAP-BODY" />
        </xwss:Encrypt>
        <xwss:Timestamp />
        <xwss:Sign includeTimestamp="false">
            <xwss:X509Token certificateAlias="invito" />
            <xwss:CanonicalizationMethod algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" disableInclusivePrefix="true" />
            <xwss:SignatureTarget type="qname" value="{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action">
                <xwss:DigestMethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" disableInclusivePrefix="true" />
            </xwss:SignatureTarget>
            <xwss:SignatureTarget type="qname" value="{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID">
                <xwss:DigestMethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" disableInclusivePrefix="true" />
            </xwss:SignatureTarget>
            <xwss:SignatureTarget type="qname" value="{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo">
                <xwss:DigestMethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" disableInclusivePrefix="true" />
            </xwss:SignatureTarget>
            <xwss:SignatureTarget type="qname" value="{http://schemas.xmlsoap.org/ws/2004/08/addressing}To">
                <xwss:DigestMethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" disableInclusivePrefix="true" />
            </xwss:SignatureTarget>
            <xwss:SignatureTarget type="qname" value="SOAP-BODY">
                <xwss:DigestMethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" disableInclusivePrefix="true" />
            </xwss:SignatureTarget>
            <xwss:SignatureTarget type="qname" value="{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp">
                <xwss:DigestMethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" disableInclusivePrefix="true" />
            </xwss:SignatureTarget>
        </xwss:Sign>
        <xwss:RequireSignature requireTimestamp="true">
            <xwss:X509Token certificateAlias="dev-server" />
            <xwss:SignatureMethod algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <xwss:SignatureTarget type="qname" value="{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action" />
            <xwss:SignatureTarget type="qname" value="{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID" />
            <xwss:SignatureTarget type="qname" value="{http://schemas.xmlsoap.org/ws/2004/08/addressing}RelatesTo" />
            <xwss:SignatureTarget type="qname" value="{http://schemas.xmlsoap.org/ws/2004/08/addressing}To" />
            <xwss:SignatureTarget type="qname" value="{http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd}SignatureConfirmation" />
            <xwss:SignatureTarget type="qname" value="{http://schemas.xmlsoap.org/soap/envelope/}Body" />
        </xwss:RequireSignature>
        <xwss:RequireEncryption />
    </xwss:SecurityConfiguration>
    sends message with 2 binary security tokens in it, when server expects only one.
    This is a fault i'm receiving from WSE.

    The developers of server says - "you must encrypt with server cert(dev-server) and sign with self (invito). you must send only your public cert to validate signature".

    alias "invito" is my private key which is in keystore. ''dev-server" - a server's public certificate.


    Please, could anyone provide any help on this??

  • #2
    I would suggest asking this on the XWSS mailing list, since it seems pretty advanced. See https://xwss.dev.java.net/servlets/P...ailingListList

    Comment


    • #3
      Thanx, Arjen. I've already done it. Still researching..

      Comment


      • #4
        Have solved it, at last! With a help of xwss mailing list.

        Implemented an SWS-1.0.2-SNAPSHOT client working with WSE 2.0 service, requiring ws-addressing, ws-security-1.0.

        Policy: sign (headers, body, timestamp) and encrypt (body).

        The discussion and full xwss configuration is available at [email protected] mailing list: https://xwss.dev.java.net/servlets/B...ad&from=943112

        Comment

        Working...
        X