Hey all,
I’ve a problem to communicate from a java client with a
secured .Net ASMX service “signature and encryption using user name token”
.NET example is in the follow link
http://www.codeproject.com/Articles/12189/Custom-WSE-3-0-Policy-Assertions-for-Signing-and-E
the return is like this
Caused by: org.apache.cxf.binding.soap.SoapFault: The signature or
decryption was invalid ---> WSE523: The CipherData contents are invalid.
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:84)
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:51)
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:40)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
at
org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:140)
at
org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:71)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at
org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:800)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1592)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1490)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1309)
at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:622)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at
org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
... 3 more
Java Result: 1
The java message Handler that sends request to the web service is like this
private void handleOUTBOUNDMessage(SOAPMessageContext messageContext) {
try {
System.out.println("Handle Message handleOUTBOUNDMessage...");
SOAPPart soapPart =
messageContext.getMessage().getSOAPPart();//.addMimeHeader(null, null);
SOAPEnvelope soapEnvelope =
messageContext.getMessage().getSOAPPart().getEnvelope();
soapEnvelope.addNamespaceDeclaration("wsse",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";);
soapEnvelope.addNamespaceDeclaration("wsu",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";);
soapEnvelope.addNamespaceDeclaration("wsa",
"http://schemas.xmlsoap.org/ws/2004/08/addressing";);
WSAddressingFeature ws = new WSAddressingFeature();
ws.setUsingAddressingAdvisory(true);
ws.setAddressingRequired(true);
WSSecHeader secHeader = new WSSecHeader();
Document doc =
messageContext.getMessage().getSOAPHeader().getOwnerDocument();
secHeader.insertSecurityHeader(doc);
WSSecUsernameToken builder = new WSSecUsernameToken();
String password = convertBase64("admin");
builder.setUserInfo("admin", "admin");
builder.addCreated();
builder.addNonce();
builder.prepare(doc);
builder.build(doc, secHeader);
WSSecurityUtil.setNamespace(builder.getUsernameTokenElement(),
WSConstants.WSU_NS,
WSConstants.WSU_PREFIX);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
WSSecSignature sign = new WSSecSignature();
sign.setCustomTokenValueType(WSConstants.USERNAMETOKEN_NS +
"#UsernameToken");
sign.setCustomTokenId(builder.getId());
sign.setSecretKey(builder.getSecretKey());
sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
sign.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
WSAddressingFeature wsws = new WSAddressingFeature();
WSEncryptionPart wsen = new WSEncryptionPart(builder.getId());
sign.prepare(doc, null, secHeader);
Document signedDoc = sign.build(doc, null, secHeader);
WSSecTimestamp secTimestamp = new WSSecTimestamp();
secTimestamp.prepare(doc);
secTimestamp.build(doc, secHeader);
Reference ref = new Reference(doc);
ref.setURI("#" + builder.getId());
ref.setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";);
SecurityTokenReference secRef = new SecurityTokenReference(doc);
secRef.setReference(ref);
WSSecurityUtil.setNamespace(secRef.getElement(),
WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
WSSecEncrypt secEncrypt = new WSSecEncrypt();
secEncrypt.setKeyIdentifierType(WSConstants.EMBED_SECURITY_TOKEN_REF);
secEncrypt.setSecurityTokenReference(secRef);
byte[] b = new byte[256];
ByteBuffer by = ByteBuffer.wrap(builder.getSecretKey());
by.put(builder.getSecretKey());
secEncrypt.setKey(by.array());
byte[] keyBytes = new byte[16];
byte[] parameterKeyBytes = password.getBytes("utf-8");
System.arraycopy(parameterKeyBytes, 0, keyBytes, 0,
Math.min(parameterKeyBytes.length, keyBytes.length));
SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes,
"AES");
secEncrypt.setSymmetricKey(secretKeySpec);
secEncrypt.setKey(keyBytes);
secEncrypt.setKeyEnc(new String(keyBytes));
secEncrypt.setKeyEncAlgo(WSConstants.AES_256);
secEncrypt.setSymmetricEncAlgorithm(WSConstants.AES_256);
// secEncrypt.setCustomEKTokenId(builder.getId());
secEncrypt.setDocument(doc);
secEncrypt.build(doc, null, secHeader);
/**
* to remove password tag*
*/
boolean passwordRemoved = false;
NodeList nodeList =
builder.getUsernameTokenElement().getChildNodes();
Node node = null;
for (int i = 0; i < nodeList.getLength(); i++) {
node =
builder.getUsernameTokenElement().getChildNodes().item(i);
if (node.getLocalName().equalsIgnoreCase("Password")) {
builder.getUsernameTokenElement().removeChild(node);
passwordRemoved = true;
}
}
if (!passwordRemoved) {
throw new Exception("Error removing UsernameToken
password");
}
WSSecurityUtil.prependChildElement(
secHeader.getSecurityHeader(),
builder.getUsernameTokenElement());
outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
System.out.println("handleOUTBOUNDMessage outputstring: " +
outputString);
} catch (Exception ex) {
ex.printStackTrace();
}
}
--
View this message in context:
http://cxf.547215.n5.nabble.com/consuming-secured-net-asmx-web-service-tp5734806.html
Sent from the cxf-dev mailing list archive at Nabble.com.
