<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass" value="test.PWCallback"/>
<parameter name="action" value="Signature Encrypt Timestamp"/>
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="decryptionPropFile" value="crypto.properties" />
<parameter name="encryptionPropFile" value="crypto.properties" />
<parameter name="decryptionUser" value="alice" />
<parameter name="encryptionUser" value="alice" />
<parameter name="user" value="bob"/>
<parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" />
<parameter name="decryptionKeyIdentifier" value="X509KeyIdentifier" />
<parameter name="signatureKeyIdentifier" value="X509KeyIdentifier" />
<parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</handler>
</requestFlow>
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature Timestamp Encrypt"/>
<parameter name="passwordCallbackClass" value="test.PWCallback"/>
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="encryptionPropFile" value="crypto.properties" />
<parameter name="encryptionPropFile" value="crypto.properties" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="encryptionKeyIdentifier" value="DirectReference" />
<parameter name="decryptionKeyIdentifier" value="DirectReference" />
<parameter name="encryptionUser" value="alice" />
<parameter name="decryptionUser" value="alice" />
<parameter name="user" value="bob"/>
<parameter name="signatureUser" value="alice" />
<parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<parameter name="encryptionKeyTransportAlgorithm" value="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
</handler>
</responseFlow>
<tokenIssuer>
<statefulSecurityContextToken enabled="false" />
</tokenIssuer>
<security>
<binarySecurityTokenManager>
<add valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
<sessionKeyAlgorithm name="AES128" />
<keyAlgorithm name="RSA15" />
</add>
</binarySecurityTokenManager>
<x509 skiMode="ThumbprintSHA1" verifyTrust="false" />
<securityTokenManager>
<add localName="EncryptedKey" type="Microsoft.Web.Services3.Security.Tokens.EncryptedKeyTokenManager, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" namespace="http://www.w3.org/2001/04/xmlenc#">
<keyAlgorithm name="AES128"/>
</add>
<add localName="DerivedKeyToken" type="Microsoft.Web.Services3.Security.Tokens.DerivedKeyTokenManager, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" namespace="http://schemas.xmlsoap.org/ws/2005/02/sc">
<keyAlgorithm name="AES128"/>
</add>
<add localName="SecurityContextToken" type="Microsoft.Web.Services3.Security.Tokens.SecurityContextTokenManager, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" namespace="http://schemas.xmlsoap.org/ws/2005/02/sc">
<keyAlgorithm name="AES128"/>
</add>
</securityTokenManager>
</security>
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
<extensions>
<extension name="mutualCertificate10Security" type="Microsoft.Web.Services3.Design.MutualCertificate10Assertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader" type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="x509">
<mutualCertificate10Security establishSecurityContext="false" renewExpiredSecurityContext="false" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="false" ttlInSeconds="300">
<clientToken>
<x509 storeLocation="LocalMachine" storeName="My" findValue="CN=Alice, OU=OASIS Interop Test Cert, O=OASIS" findType="FindBySubjectDistinguishedName" />
</clientToken>
<serviceToken>
<x509 storeLocation="LocalMachine" storeName="My" findValue="CN=Bob, OU=OASIS Interop Test Cert, O=OASIS" findType="FindBySubjectDistinguishedName" />
</serviceToken>
<protection>
<request signatureOptions="IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="" encryptBody="false" />
</protection>
</mutualCertificate10Security>
<requireActionHeader />
</policy>
</policies>
winhttpcertcfg -g -c LOCAL_MACHINE\My -s Alice -a MP\Michael
<serviceToken> <x509 storeLocation="LocalMachine" storeName="My" findValue="CN=Bob, OU=OASIS Interop Test Cert, O=OASIS" findType="FindBySubjectDistinguishedName" /> </serviceToken>
Current User / Personal
.
<serviceToken> <x509 storeLocation="CurrentUser" storeName="My" findValue="CN=TIR Secretariat" findType="FindBySubjectDistinguishedName" /> </serviceToken>
<ns2:stackTrace xmlns:ns2=\"http://xml.apache.org/axis/\">Server Error at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:474) at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281) at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595)</ns2:stackTrace>
<faultcode>soapenv:MustUnderstand</faultcode>
provider="java:RPC" style="wrapped" use="literal"
:-(
deploy.wsdd
?provider="java:RPC" style="wrapped" use="literal"
"%JAVA_HOME%\bin\keytool" -import -alias server -file WSE2QuickStartServer.cer -keystore "D:\Program Files\Apache Software Foundation\wss4j\keys\wss4j.keystore" -storepass security
"%JAVA_HOME%\bin\keytool" -import -alias client -file WSE2QuickStartClient.cer -keystore "D:\Program Files\Apache Software Foundation\wss4j\keys\wss4j.keystore" -storepass security
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass" value="TEST.Test"/>
<parameter name="action" value="Signature Encrypt Timestamp"/>
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="decryptionPropFile" value="crypto.properties" />
<parameter name="encryptionPropFile" value="crypto.properties" />
<parameter name="decryptionUser" value="server" />
<parameter name="encryptionUser" value="client" />
<parameter name="user" value="server"/>
<parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" />
<parameter name="decryptionKeyIdentifier" value="X509KeyIdentifier" />
<parameter name="signatureKeyIdentifier" value="X509KeyIdentifier" />
<parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</handler>
</requestFlow>
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature Timestamp Encrypt"/>
<parameter name="passwordCallbackClass" value="TEST.Test"/>
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="encryptionPropFile" value="crypto.properties" />
<parameter name="encryptionPropFile" value="crypto.properties" />
<parameter name="signatureKeyIdentifier" value="SKIKeyIdentifier" />
<parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />
<parameter name="decryptionKeyIdentifier" value="SKIKeyIdentifier" />
<parameter name="encryptionUser" value="server" />
<parameter name="decryptionUser" value="client" />
<parameter name="user" value="server"/>
<parameter name="signatureUser" value="client" />
<parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<parameter name="encryptionKeyTransportAlgorithm" value="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
</handler>
</responseFlow>
</globalConfiguration >
</deployment>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.file=D:\\Program Files\\Apache Software Foundation\\wss4j\\keys\\wss4j.keystore
public class Test implements CallbackHandler {
public static void main(String[] args) {
try
{
EngineConfiguration configuration = new FileProvider("deployment.wsdd");
SecureInvoiceServiceLocator locator = new SecureInvoiceServiceLocator(configuration);
org.example.invoices.SecureInvoiceServiceSoap soap = locator.getSecureInvoiceServiceSoap();
MessageElement[] results = soap.viewInvoices().get_any(); // Exception always thrown on call to viewInvoices().
for (int i = 0; i < results.length; i++) {
System.out.println(results[i].getElementName());
}
}
catch (Exception e)
{
System.err.println(e.toString());
e.printStackTrace();
}
}
public void handle (Callback[] callbacks) throws UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
pc.setPassword("security");
} else {
throw new UnsupportedCallbackException(
callbacks[i],
"Unrecognized Callback");
}
}
}
}
<microsoft.web.services3>
<diagnostics>
<trace enabled="true" input="InputTrace.webinfo" output="OutputTrace.webinfo" />
</diagnostics>
<tokenIssuer>
<statefulSecurityContextToken enabled="false" />
</tokenIssuer>
<policy fileName="wse3policyCache.config" />
<security>
<binarySecurityTokenManager>
<add valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
<sessionKeyAlgorithm name="AES128" />
<keyAlgorithm name="RSA15" />
</add>
</binarySecurityTokenManager>
<x509 skiMode="ThumbprintSHA1" verifyTrust="false" />
<securityTokenManager>
<add localName="EncryptedKey" type="Microsoft.Web.Services3.Security.Tokens.EncryptedKeyTokenManager, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" namespace="http://www.w3.org/2001/04/xmlenc#">
<keyAlgorithm name="AES128"/>
</add>
<add localName="DerivedKeyToken" type="Microsoft.Web.Services3.Security.Tokens.DerivedKeyTokenManager, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" namespace="http://schemas.xmlsoap.org/ws/2005/02/sc">
<keyAlgorithm name="AES128"/>
</add>
<add localName="SecurityContextToken" type="Microsoft.Web.Services3.Security.Tokens.SecurityContextTokenManager, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" namespace="http://schemas.xmlsoap.org/ws/2005/02/sc">
<keyAlgorithm name="AES128"/>
</add>
</securityTokenManager>
</security>
</microsoft.web.services3>
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
<extensions>
<extension name="usernameForCertificateSecurity" type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader" type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="mutualCertificate11Security" type="Microsoft.Web.Services3.Design.MutualCertificate11Assertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="CertPolicy">
<mutualCertificate11Security establishSecurityContext="true" renewExpiredSecurityContext="true" requireSignatureConfirmation="true" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" ttlInSeconds="300">
<serviceToken>
<x509 storeLocation="LocalMachine" storeName="My" findValue="CN=WSE2QuickStartServer" findType="FindBySubjectDistinguishedName" />
</serviceToken>
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
</protection>
</mutualCertificate11Security>
<requireActionHeader />
</policy>
</policies>
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="passwordCallbackClass" value="TEST.Test"/>
<parameter name="action" value="Signature Encrypt Timestamp"/>
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="decryptionPropFile" value="crypto.properties" />
<parameter name="encryptionPropFile" value="crypto.properties" />
<parameter name="encryptionUser" value="0219023d-ae5a-407a-bac9-7338371dd996" />
<parameter name="user" value="0219023d-ae5a-407a-bac9-7338371dd996"/>
<parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" />
<parameter name="decryptionKeyIdentifier" value="X509KeyIdentifier" />
<parameter name="signatureKeyIdentifier" value="X509KeyIdentifier" />
<parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</handler>
</requestFlow>
</globalConfiguration >
</deployment>
HTTP/1.1 100 Continue
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/xml;charset=utf-8
Transfer-Encoding: chunked
Date: Thu, 04 Oct 2007 08:56:34 GMT
Connection: close
267
<?xml version=\"1.0\" encoding=\"utf-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server.generalException</faultcode><faultstring>WSDoAllReceiver: security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: The signature verification failed</faultstring><detail><ns1:hostname xmlns:ns1=\"http://xml.apache.org/axis/\">HIMENO_FUMI</ns1:hostname></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>
0
[XmlException: \'\', hexadecimal value 0x14, is an invalid character. Line 1, position 385.]
System.Xml.XmlTextReaderImpl.Throw(Exception e) +87
System.Xml.XmlTextReaderImpl.Throw(String res, String[] args) +77
System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Int32 pos, Char invChar) +185
System.Xml.XmlTextReaderImpl.ParseText(Int32& startPos, Int32& endPos, Int32& outOrChars) +1900537
System.Xml.XmlTextReaderImpl.ParseText() +130
System.Xml.XmlTextReaderImpl.ParseElementContent() +511
System.Xml.XmlTextReaderImpl.Read() +26
System.Xml.XmlLoader.LoadNode(Boolean skipOverWhitespace) +435
System.Xml.XmlLoader.ParsePartialContent(XmlNode parentNode, String innerxmltext, XmlNodeType nt) +200
System.Xml.XmlElement.set_InnerXml(String value) +37
Microsoft.Web.Services3.Security.EncryptedData.Decrypt(XmlElement encryptedElement) +549
Microsoft.Web.Services3.Security.EncryptedData.Decrypt() +122
Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element) +1277
Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope envelope, String localActor, String serviceActor) +666
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope) +300
Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope) +1928
Microsoft.Web.Services3.Xml.SoapEnvelopeReaderWrapper..ctor(SoapClientMessage message, String messageContentType) +2231
[ResponseProcessingException: WSE910: An error happened during the processing of a response message, and you can find the error in the inner exception. You can also find the response message in the Response property.]
Microsoft.Web.Services3.Xml.SoapEnvelopeReaderWrapper..ctor(SoapClientMessage message, String messageContentType) +2336
Microsoft.Web.Services3.WebServicesClientProtocol.GetReaderForMessage(SoapClientMessage message, Int32 bufferSize) +49
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) +446
System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) +204
ThaiLocalTestService.ThaiLocalTestServiceWse.thaiGreeting() +31
_Default.Button1_Click(Object sender, EventArgs e) +15
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +107
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5102