Details
-
Question
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
1.5.1
-
None
-
None
-
ubuntu 10.04, Tomcat 6.0, Axis2
Description
All where fine except for the body that isn't encrypted, also no error messages, so i can't figure out where the issue is!
Rampart shouldn't encrypt the body of the Soap message by default with the Encrypt tag? Am i wrong? Thanks
from axis2.xml:
- <module ref="rampart"></module>
- <parameter name="OutflowSecurity">
- <action>
- <items>UsernameToken Encrypt Timestamp Signature</items>
- <user>service</user>
- <passwordCallbackClass>it.unipr.aotlab.PWCBHandler</passwordCallbackClass>
- <encryptionUser>client</encryptionUser>
- <encryptionPropFile>service.properties</encryptionPropFile>
- <signaturePropFile>service.properties</signaturePropFile>
- <signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
- </action>
- </parameter>
- <parameter name="InflowSecurity">
- <action>
- <items>UsernameToken Encrypt Timestamp Signature</items>
- <passwordCallbackClass>it.unipr.aotlab.PWCBHandler</passwordCallbackClass>
- <decryptionPropFile>service.properties</decryptionPropFile>
- <signaturePropFile>service.properties</signaturePropFile>
- <signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
- </action>
- </parameter>
from service.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=servicestorekey
org.apache.ws.security.crypto.merlin.file=service.jks
this is the Soap request catched by SOAPMonitor:
- <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-64">
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
- <ds:Reference URI="#id-65">
- <ds:Transforms>
- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
- </ds:Transforms>
- <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
- <ds:DigestValue>CDFLN83TOs5+SlNOrZNpIQn2Pq0=</ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
- <ds:SignatureValue>
- W+KlXPZhJrurB8I2gxrI9f98ivLYTh/0B1A8p5lCe+Bhv2uLN8ZOQJObysOgVHyDxKrYqa3MscB8
- d1IcVUnXgnquG7ensMi6dtc+8njqk1IRmhB3WYuPW85kopYfSK/0F4ryWPZmgmNQrucTbMsY4I9b
- UJ7OKWkSQXINYm4KuUg=
- </ds:SignatureValue>
- <ds:KeyInfo Id="KeyId-5356F8146A2D7E4B97132404649292164">
- <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-5356F8146A2D7E4B97132404649292165"><ds:X509Data>
- <ds:X509IssuerSerial>
- <ds:X509IssuerName>CN=Enrico Viappiani,OU=casa,O=casa,L=reggio emilia,ST=RE,C=IT</ds:X509IssuerName>
- <ds:X509SerialNumber>1323271624</ds:X509SerialNumber>
- </ds:X509IssuerSerial>
- </ds:X509Data></wsse:SecurityTokenReference>
- </ds:KeyInfo>
- </ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-63"><wsu:Created>2011-12-16T14:41:32.920Z</wsu:Created><wsu:Expires>2011-12-16T14:46:32.920Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedKey Id="EncKeyId-5356F8146A2D7E4B97132404649291962"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <wsse:SecurityTokenReference><ds:X509Data>
- <ds:X509IssuerSerial>
- <ds:X509IssuerName>CN=Enrico Viappiani,OU=casa,O=casa,L=reggio emilia,ST=RE,C=IT</ds:X509IssuerName>
- <ds:X509SerialNumber>1323271546</ds:X509SerialNumber>
- </ds:X509IssuerSerial>
- </ds:X509Data></wsse:SecurityTokenReference>
- </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>ZI5mjekZBXYfQeHBu1xKj4DTUwFV2cWpD8P8g9f8v3qJRGSjYhTuWcOMX11D3TRv9kcBgy7ung2DO6/sw244VSrCiI02pLZHyY9T2vuC+PBffnitFL+jgeNtA74DKw9vC4KEVCVbkXrKUqpWZ1ATNxumR1FN2ViJlviYHOwLVD8=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#EncDataId-62" /></xenc:ReferenceList></xenc:EncryptedKey><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-61"><wsse:Username>client</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">ndQ8vXUsELCdgTcADoSuI+N4eKU=</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">fXRZlMmfiujFfHDZjNJUGA==</wsse:Nonce><wsu:Created>2011-12-16T14:41:32.918Z</wsu:Created></wsse:UsernameToken></wsse:Security><wsa:To>http://localhost:8080/HospitalWS/services/HospitalService</wsa:To><wsa:MessageID>urn:uuid:8CE6524CD8C698CF7E1324046493019</wsa:MessageID><wsa:Action>urn:RequestList</wsa:Action></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-65"><ns1:RequestList xmlns:ns1="http://aotlab.unipr.it"><ns1:user><User>
- <CF>vppnrc84l16h223l</CF>
- <password>viappio</password>
- </User></ns1:user></ns1:RequestList></soapenv:Body></soapenv:Envelope>