Forum Discussion

Saruman's avatar
Saruman
Visitor
9 years ago

Problem axis2 rampart decrypt message

Hi,

Service is implemented with axis2 rampart to encrypt/decrypt message.

Request is sent and operative works correctly, but when it comes to decrypt message in SOAPUi, returns the following error:

ERROR:org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
...............
org.apache.ws.security.WSSecurityException: General security error (The private key for the supplied does not exist in the keystore alias)

When the Operation run in JAVA, the message is decrypted correctly.

Please, can you help me?

 

File configuration.docx has configuration soap encrypt/decrypt.


Best regards.

 

WspPoliciy file:

 

<wsp:Policy wsu:Id="XXXXXXXXXXX"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<wsap:UsingAddressing />
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>

<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>

<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:SignedParts>

<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:EncryptedParts>

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>XXXXXXX</ramp:user>
<ramp:encryptionUser>XXXXXXX</ramp:encryptionUser>
<ramp:passwordCallbackClass>XXXXXXXXX</ramp:passwordCallbackClass>
<ramp:ReplayDetection>10</ramp:ReplayDetection>

<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">XXXXXXXX</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">XXXXXXXXX</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>

<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">XXXXXXX</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">XXXXXXXXX</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>

</ramp:RampartConfig>

</wsp:All>

</wsp:ExactlyOne>
</wsp:Policy>


Response:

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-150">
<wsu:Created>2015-07-30T09:09:05.800Z</wsu:Created>
<wsu:Expires>2015-07-30T09:14:05.800Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey Id="EK-BB4A3834139B69E49114382473458364" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">mcTxCcDoNjcop3WA1bir6ZdqEPs=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>eCIbbUmpr3NwFrR6bPRXUbPW/4plqChy8GSzDMK7fEKC9ja+p+xMBcq2BRXVL5hMJedvJQyAfGLFcSRUPAMNVNW4LU6aWRGilEj1/MFb2WZ9zI9TYYcZh92SM4alX+8f1sxYjR47rKjN7xT8mBhSQDVy/pK/MFv9Q5eNsTROVkLu0MHdHRMjMxOpAcjIOViHyRrRiQcpRioN+rgHG8fB7icSWXOVAcfsOgbPNXbyq2q7Q1QCH8WDUk24YTnpIAeVycSeEw22ec6NzAoZyEdB++i1DTTqdXzQ+ii+Da7jWnA6oIdH6NqcVYFs/yrk+cBoZjANJE4LmbsqrVa6tBH2hw==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-152"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<ds:Signature Id="SIG-151" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="wsa soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Id-1812818957">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>SqybhI+v6zq8GSgHxj5c1Bej8NQ=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#TS-150">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="wsse wsa soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>+zfSzCe3DP9LvwDUNNeM/zgCgBo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Nfm/w329tyS7Xu4Hs9iP0Rjr5yHEnVa0E4gnT1119ao/EOXKXeYcMcTlJDSamsdOKwZAIpA8hklE9aJns0YTzTAl/uik9SOQAOB7E1KMyfWcgO9WHZw54LXpbOnb10qTULE5vKQiJQqd/c+zuOt9O7XG21lJThAXplWvrBzFrWLLWUhipb8DVtL9mU7BSpLA7s0T3aSxQ9EOXM+H9HiJOoJ1KZEwZSq8hpcPiTSHYtw3Kvwbvce3/AYiK1tInyV4crtp39MUuYi+9boq+u1QY9rPhhiW28KmqvN5CnR65vtMOWEPw3lDvtMcpuUWQZR1HhNP/vC567S097K5tvKkTg==</ds:SignatureValue>
<ds:KeyInfo Id="KI-BB4A3834139B69E49114382473458062">
<wsse:SecurityTokenReference wsu:Id="STR-BB4A3834139B69E49114382473458073">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">jsm3tV2KEGeN2uCuu7pw/goCquA=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action>XXXXXXXXXXXXXXXXXXXXXXXX</wsa:Action>
<wsa:RelatesTo>uuid:f17f257a-550d-4a3a-85b7-8727e32436bd</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body wsu:Id="Id-1812818957" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedData Id="ED-152" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<wsse:Reference URI="#EK-BB4A3834139B69E49114382473458364"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>szz0hvKBjhKj0guTjdI7WgFOfLmaQDIlTvaHKyguZVFaVl+rwdFT/ejI8qp+NQg9jdDP2TVH8aMFpAZW2xkAKVUeClpd8nXOYB2GVtYPCODkofOaOHJm1Xmew+Ut++mKCyJuXG8ug7fAFl6GOzg9/M5ABxUbH7wblMQPEbUjlE+LqVD/pKym5xIo9ZJ1thKme3CPuHjvLldvSfabyPahhZxg3mCplUyvRNe8DGen7yjXdSjzUNLHUIU3D9oKoCNT66Rs34TX1zh/J7v+uDBoQU7B3ZVJqN9+rxZDh+odE2TcjkzkT2gU4SdefYrgWayIU0ulR3c5PTCdzn1eMaXh/3yLlL7ZkWTqobiYWHXyqIJ32t37E7IIGMxscKI4MAmgCQs5iHDIN6d3K7qoZJTxfGx8KDjPYCtJVLockkNfuD+1Hj45Eev/FBgpbkMp4QlNlbsiJwyyjuHFaAnhU8IvmYobw9p1/DcU8iQtryohm7MhML2h2ToLvz6RNEOqwQ7C+KsDeMaYDL2qgqXxGPYpEk7Mddv89YELJoTWNubrZOomyLOzJIuT9TFKbU26kX25LyKWZklWPKmUFfn2u/uIi6qzRXVTklUR1QzwZoPPkF4C9H2uOsd492eXtDmih1AzTUujOhlEUruF3J6BOXQoBGPJwMRUJSNzooU0tWDWUCtE+bYMRFAkpGirM7W/CrLHhW2zkDPl0wKZaQWZG3U6zyQvA/Xtorl8Paty28JbRaO7DfEpVMGwUz6E1PrI7uvzYuLobUvhPUik+x25eIBxPaFgerwCP7LXrBPECoQtgOHHtSeAwehNAYVKK0xNOX+KD8HnLeAIq3rtepfsr5a9YIeOLijsZceDZy+/SiD3IArVOR0dY6ysLsjBk6pXwIMmK0T7eX2ZtugCRmNw/8tSJxIwtBam2twTNenpDVze6ICDVEk21P8iwj2z/hGeDULriBoriV5DWFQnmdfegDOxsaheWse18yNUKtYx1h14m6aSQ47UYQ4esuarS5VIP6sWkKUJ2TjEF7RKPJtJR3+4b5g2eMSinyg7P+/K4jrKZcblOsCLrR/fvOoziNRgNwJzkCofnytQFcNEQVmekSQ2PzqGc+MugQLPymNFYE/QWiS/LK3i24+ccuM10PIS+nQJACbro2l/JdZdegkDT3x3F/SD+2Ee9gEDMfkj7jTax7OptOcegoQdSpEas779OIy8tVJZkAuTy3lODd5CD32nU6tFgEAWwJFokkhg2yXwV6SK+n8vFzoWzJyhE8Wc1OwI6IcXXoqfxEI4wpyTesmfyDe7jqcikElIF/7920Sdezp+Oj4na4EXceeCk0wDNeNzwxrULVuPopw1+Vx45o/kibO7uWq+2LgQKiGTX3vqSl8NyJ9W2oseCd64D46CgSHaiXEsVrxVcHYrDiac0KSqmh8q+PAyZrIj3A21Tlx08ipOpwIUoriOgK4MQiCKxBCKBDgjI2WcKQvL03m7ThnHiDu2HBJdPcSy1mdfqFOB++/1XOebvj0OEIJCy9Q3kQLuxKLsJd7QToTd75SXb0uxGp0ZzksgsQrCjp+Pek0Mdw5R0sQxQ1Hf2nYw2WdnB9yo7vwtTHWuNZYooWRFLb+/6TeFkfElgWXJOWOkMua8sS22SHwHgAbK6SQq0EKqXhQ4MP/mbRuQH0+7oTKwfF8in6ea1t4C2/AL5FsiIIvznATELSXl6giXav29a7KxvYJZJcmDUGNqZ+mbMJmlunr2rHjBCQ4ACmvDMCK3TUvaLmwcZr0fGJPwYtCsfwcHJvwQjm+xE/Kh8mSVWV1fkCgbGnzPWqWq5ntASGW53UqHfUa7kU/HDiGV3Xm8zEmwEf6LbGNRlAcnDrtaWc+ZFLPD4xsfuWn45R07V/r3dMAsVAtGSbgYX8zeuGE/7K0gNKWDc3OnvdvshaEYqubRQH2nyC+NYuqnTRFNzRPRJQlduU2CsTmWVMtVqESAMhUAsXiTVlwvIvJprZ+2zAgKWDjayxZemHE7+Ks+GuwN5w5TDfB6ZJvMYsTboPONEfFv5lhhTWpuxM0Z1ItI8Oq7N02eLoHASlef3iQ6e4Mf0su1FDN3Qv615XtoT3YN4+tZQdcRDhM0cx40SmnAH9YPi6bwDUtNDr4emA2/dRzXm3Uv1u+O984RSxD+iLadWFbuGr8pGgkBJbt2BTuC3zLCWSgjXna1fzEX0CIlG6T9bIhCZFNbU4dlPyNnaC3ea6W5o9OMGsiE7j+0P8+GSGRrWf/ezxzXsfQ37f2XvL24Yr5R71ZFLiHSEoXm8ZuexX9SOgK/onb3BrgUMTxgAQdlOpTjYC9Fsm65yN27qRLwjVpmBWS95jau5k2ueQvIIauXCHgTwnS6xUS1WC66qyWk1QuyxZkW6TjWEDvGDKvUVQyjiy9+c80v+OqpF7ZfdvNqplgeKz+uJATV4E3v3HEfIYv2gor0ybmv7LyvKXYv3OQhXrxo/HNEuKsAcy6hjq2depez8jiUvim/T3a4ZFzipZw7BvOggzMKjlvIzdAG0acLN2KopRFLisEe9eMynE3oWrxNF57F1NvqSqRHzGclRDl+Ls/7wlMWfESLH8DCE2LXeDxz4gIIRynA0DqL95gIkovRSNJGv025VaRcYm+QYxjMHCYnPiwFFVaBsoma5w/eQqHIpQAzWBevHv4PYrmefCGyimBOfjwK7O1U8QFjCZR0r2Pd07BGDMgM6uAmYQA7XySiG9QES6T/lrFtSI5Kd4s3AiJ3ETDIfO8sXImcMouYz1i5f+Mcp87A2gF6HCJk5ijusWieOqYs+wfldRh4MbiwIPevb3BvGCgiWIx8Z4aiPU8wwuPCtYSUZpoav7WWZBcQC1ueCGh5WIS6uEFQ5g5Babnqd2PxTji87iunrwPoWh4jpoPghm20RnFSv0KHgV6P6ccWli2ueBKn1jYEyk08MswvQzA9rPxiQIRrU+zW/zuhYCDF47mLHPlUOROBd2UgYYyvCAc5yY7aJxXOvqkljSMWhy/PzpYF91z6idwDYZFarVF1Yrmm+rRjfwwDlda3wG/HxTPI2ovM8q22Mo1DaetWmsV/VrLhYK9y6CDzxv3+3dTDFGFzTuV1K0vlVWRS7ZDtZCVXELWRGWAK7s8DLNl3BXntkf9ZIwkIjP+6r3ZdanN5vYGmdaYhxDW43yp/XhS2HtzCaScP3MyZFvY0V4nCL8K5RsuRfAu6Ix1+9g6J/oVH3Y7/GmatxKCqZLXqWROkqVQLr5zVJa/LUQG7r+SL8UZ0xUNpTAowrVxxNcVUnmorGzJJN9VDVElCffmqSn/8EIhHJCzO6zJpZQJcdjsMICLmMRVmF8Cnyq1UizJjc7UK4CSZe3scjQnVyAk3TS/lKNWtnlGRq+PyaMOV8EKZeyFEu2HJzNHlIQ2KFBNBanqrC7Orot67Ywj3J+v50qvJOiDlmaFfDXnIL7za3pom3o1FyMjtgXSnqXyWP+XS8f5sSeJ6t/MNrdHwSgB1YKjAhggp1HJ19Wm/Kr+Q+wzBVdrtacYqdiRkg+NqwCzA2fIvKZtr7hdAGA9f2hM=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>

 

 

  

No RepliesBe the first to reply