Skip to main content

Certificate Validator issue

2 replies [Last post]
michael_watson
Offline
Joined: 2006-08-10

Hi everyone,

I have a certificate validator that I wrote for use with XWSS 2.0 and so I have added that certificate validator to the WSIT configuration via the Netbeans module. But I have left the key and cert store details blank as I'm not using a Java key store.

The wsit.xml file now includes details about the certificate validator:

...

300000
com.sun.xml.ws.trust.impl.IssueSamlTokenContractImpl

...

However the validator code is not called and a certificate is not valid exception is returned by WSIT.

Have I done something wrong?

Any assistance would be much appreciated.

- Michael

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
kumarjayanti
Offline
Joined: 2003-12-10

Hi Michael,

Good to see you using WSIT.....

I am pretty sure configuring certvalidator works. I just now tested one.

What i see in my Server log :
----------------------------
Came to my CertValidator .....

Here is my validator class :
-----------------------------
package plugfest;

import com.sun.xml.wss.impl.callback.*;
import java.security.cert.X509Certificate;

public class X509CertificateValidatorImpl implements CertificateValidationCallback.CertificateValidator {

public boolean validate(X509Certificate certificate)
throws CertificateValidationCallback.CertificateValidationException {
System.out.println("Came to my CertValidator .....");
return true;
}
}

Note: the validator should be packaged in WEB-INF/classes

Here is my Validator Configuration:
-----------------------------------




Please make sure you have the same namespace for prefix "sc" in your wsit.xml.

As a check, Just make sure that the validator configuration appears in the WSDL when you browse the WSDL of the service via http://?wsdl

I also tried configuring your validator and got the following error message (since the class was not packaged in the WAR)

WSSERVLET11: failed to parse runtime descriptor: java.lang.RuntimeException: java.lang.RuntimeException: com.sun.xml.wss.XWSSecurityException: Could not find User Class au.gov.abs.crypto.ABSCertificateValidator
at

NOTE: The proprietary assertions are not supposed to appear in the browsed WSDL, but for now they do appear due to a bug in WSIT.

michael_watson
Offline
Joined: 2006-08-10

Hi Kumar,

Thanks for the reply. It is probably some mistake that I have made, thanks for trying to work through it with me :-)

Here is the relevant portion from my wsit.xml (located in the WEB-INF folder:



However I have noticed that in my wsit.xml the sc prefix is associated with this namespace: xmlns:sc="http://schemas.sun.com/2006/03/wss/client" Whereas yours is the server version.

Likewise, in the generated WSDL I get the following:


Now it would appear that I have indeed misconfigured something as it is trying to use the validator for the service as though it were a client, however all I have done is used the Netbeans module, right clicked on my Web service, selected Edit Web Service Attributes and filled in the Certificate Validator box in the Keystore Configuration section. So at this stage I'm not sure what I have done wrong...

In the tomcat logs I am getting the following:
11/10/2006 17:35:21 com.sun.xml.ws.transport.http.DeploymentDescriptorParser parseAdapters
WARNING: WSSERVLET17: duplicate endpoint name
11/10/2006 17:35:21 com.sun.xml.ws.transport.http.servlet.WSServletDelegate registerEndpointUrlPattern
WARNING: WSSERVLET26: duplicate URL pattern in endpoint: CalculatorWS
11/10/2006 17:35:21 com.sun.xml.ws.transport.http.servlet.WSServletDelegate
INFO: WSSERVLET14: JAX-WS servlet initializing

However again I'm not sure why as I simply followed the WSIT tutorial in order to create the Web service.

Any ideas?

- Michael