1 Reply Latest reply on Nov 30, 2010 8:31 AM by fedejofa

    Problems with jbossws-native 3.1.2GA in jbossAS5.1: WS-Security signature and SoapUI 3.6.1

    fedejofa

      HI, i got a problem using X509 Certificate Token trying to use any Token references to sign the request (not encrypt).

      I have tried other version of jbossws-native (3.2.2) but the problem remains.

      I got a message that tell me that the certificate is not found.

      Have any of you tested this?

      Is a problem of SoapUI or is something i had done wrong?

      Im asking this cause i have this working with a patched version in jboss4.2.2 (jbossws-native-2.0.1.SP2)

      Greetings.

       

      --

      (23-nov-2010)

      Adding info:

      Also tested in last jbossws-native (3.3.1GA)

      And, in 3.3.1GA, Wsrunclient is only working when i choose tokenReference = directReference.

      In other case the program does not matches the certificates.

       

      No reply? nobody use jbossws native with certificates?

       

      If u feel that i got to post most info and this is not a "smart question", please tell me, and how to get this question better explained.

       

      El mensaje fue editado por: Federico Jorge (23-nov)

        • 1. Re: Problems with jbossws-native 3.1.2GA in jbossAS5.1: WS-Security signature and SoapUI 3.6.1
          fedejofa

          Im not sure if is correct or incorrect, maybe is that i have not understand well the keystore truststore thing...

          Checking the sourcecode, adding "loggin debug lines", and compiling it, i have seen that the problem is that using as

          tokenReference:

          x509IssuerSerial

          or

          keyIdentifier

          it goes process it in

          org.jboss.ws.extensions.security.SecurityStore

          and there it looks inside keystore, not truststore, for the certificates to check the signature.

          Maybe is a problem that come with the encryption thing. (im only using signature)

          (post about it: http://community.jboss.org/index.html?module=bb&op=viewtopic&t=94406)

           

          I am no expert in this so i am welcome to any explanation.

          Looking forward for any feedback.

          Salutes all jboss stuff and other guys that collaborate doing this great project.

           

          -----

          Anyway..Till i can 't use soapui in a simple way using X509IssuerSerial cause it ommits spaces in the issuername, this worked before, i haven't look in early source code ..why it worked..but..i add it here...

          Im not saying this is fault of JBossWS.

          Looking the standard, although is not explained, the examples used are with space included.

          ---

          Example:

          CN=Entidad Cert. TEST de Sistema de Transporte Metropolitano,OU=STM,O=IMM,C=UY

          CN=Entidad Cert. TEST de Sistema de Transporte Metropolitano, OU=STM, O=IMM, C=UY