ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Question on RSA 1.5
Date Mon, 08 Jul 2013 10:21:03 GMT
You are not calling the "init" method of WSSConfig. Instead of using the
default constructor, just use the following instead:

WSSConfig conf = WSSConfig.getNewInstance();

Colm.


On Thu, Jul 4, 2013 at 6:26 PM, Massimiliano Masi <
massimiliano.masi@gmail.com> wrote:

> I am turning off BSP compliance as follows:
>
>
>   WSSConfig conf = new WSSConfig();
>
>   /*
>
>  * I want to validate the SAML tokens on my own
>
>  */
>
> conf.setValidator(new QName(WSConstants.SAML2_NS, "Assertion"), newNilSAMLAssertionValidator());
>
> conf.setProcessor(new QName(WSConstants.SAML2_NS, "Assertion"),
> LocalSAMLTokenProcessor.class);
>
> conf.setProcessor(WSSecurityEngine.SAML_TOKEN, LocalSAMLTokenProcessor.
> class);
>
>  /*
>
>  * I also want to validate the Signature on my own
>
>  */
>
> conf.setValidator(new QName(WSConstants.SIG_NS, "Signature"), newNilSignatureValidator());
>
> /*
>
>  * Let me check if I have to turn on BSP compliance.
>
>  * This is mainly for the HISP, thus I need to have it in
>
>  * remotehisp.properties
>
>  */
>
>
>  File hisp_properties = new File("remotehisp.properties");
>
> if ( hisp_properties.exists() )
>
> {
>
> Properties prop = new Properties();
>
> try {
>
> prop.load(new FileInputStream(hisp_properties));
>
> } catch (FileNotFoundException e) {
>
> throw new IllegalStateException(e);
>
> } catch (IOException e) {
>
> throw new IllegalStateException(e);
>
> }
>
> String property = prop.getProperty("direct.turn.off.bsp");
>
> System.out.println("Turning off BSP compliance: " + property);
>
> conf.setWsiBSPCompliant(!Boolean.valueOf(property));
>
>
>  }
>
>
> What I saw is that while turning off BSP compliance, in WSSecBase, in this
> method,
>
>  public WSSConfig getWsConfig() {
>
>         if (wssConfig == null) {
>
>             wssConfig = WSSConfig.getNewInstance();
>
>         }
>
>         return wssConfig;
>
>     }
>
>
> wssConfig is not null, but it is not initialized.
>
>
> On Thu, Jul 4, 2013 at 1:56 PM, Colm O hEigeartaigh <coheigea@apache.org>wrote:
>
>>
>> How are you turning off BSP compliance? Could you try to figure out why
>> WSSConfig.init() is not getting called in your scenario?
>>
>> Colm.
>>
>>
>> On Thu, Jul 4, 2013 at 12:47 PM, Massimiliano Masi <
>> massimiliano.masi@gmail.com> wrote:
>>
>>> I saw the following behavior. In version 1.6.10, while turning off BSP
>>> compliance, these two methods are not called.
>>>
>>> JCEMapper.registerDefaultAlgorithms();
>>>
>>> org.apache.xml.security.Init.init();
>>>
>>> Calling them directly before calling processSecurityHeader() works.
>>>
>>>
>>>
>>> On Thu, Jul 4, 2013 at 11:18 AM, Colm O hEigeartaigh <
>>> coheigea@apache.org> wrote:
>>>
>>>>
>>>> RSA v1.5 works fine with WSS4J. For example, see the tests here:
>>>>
>>>>
>>>> http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/EncryptionAlgorithmSuiteTest.java?view=markup
>>>>
>>>> Is the wrapping library excluding RSA v1.5 explicitly?
>>>>
>>>> Colm.
>>>>
>>>>
>>>> On Mon, Jul 1, 2013 at 5:13 PM, Massimiliano Masi <
>>>> massimiliano.masi@gmail.com> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> I have the following XML excerpt, with a NON-BSP security header.
>>>>> Java is with unlimited strength policy files. I receive this
>>>>> exception.
>>>>>
>>>>> it seems that the JCE Mapper is unable to resolve rsa-1_5.
>>>>>
>>>>> Is there a FAQ for that?
>>>>>
>>>>> Thanks a lot,
>>>>>
>>>>>
>>>>>      Massi
>>>>>
>>>>> Caused by: com.spirit.security.soap.SoapSecurityException:
>>>>> org.apache.ws.security.WSSecurityException: An unsupported signature
>>>>> or encryption algorithm was used (unsupported key transport encryption
>>>>> algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5
>>>>> )
>>>>>
>>>>> at com.spirit.security.soap.SoapSecurity.verifySecurityHeader(
>>>>> SoapSecurity.java:258)
>>>>>
>>>>> at com.spirit.direct.soap.DirectXDRSecurity.processIncoming(
>>>>> DirectXDRSecurity.java:238)
>>>>>
>>>>> ... 25 more
>>>>>
>>>>> Caused by: org.apache.ws.security.WSSecurityException: An unsupported
>>>>> signature or encryption algorithm was used (unsupported key transport
>>>>> encryption algorithm: No such algorithm:
>>>>> http://www.w3.org/2001/04/xmlenc#rsa-1_5)
>>>>>
>>>>> at org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(
>>>>> WSSecurityUtil.java:865)
>>>>>
>>>>> at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(
>>>>> EncryptedKeyProcessor.java:96)
>>>>>
>>>>> at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(
>>>>> EncryptedKeyProcessor.java:65)
>>>>>
>>>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
>>>>> WSSecurityEngine.java:396)
>>>>>
>>>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
>>>>> WSSecurityEngine.java:303)
>>>>>
>>>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
>>>>> WSSecurityEngine.java:248)
>>>>>
>>>>> at com.spirit.security.soap.SoapSecurity.verifySecurityHeader(
>>>>> SoapSecurity.java:183)
>>>>>
>>>>> ... 26 more
>>>>>
>>>>> Caused by: java.security.NoSuchAlgorithmException: No transformation
>>>>> given
>>>>>
>>>>> at javax.crypto.Cipher.tokenizeTransformation(Cipher.java:288)
>>>>>
>>>>> at javax.crypto.Cipher.getTransforms(Cipher.java:412)
>>>>>
>>>>> at javax.crypto.Cipher.getInstance(Cipher.java:486)
>>>>>
>>>>> at org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(
>>>>> WSSecurityUtil.java:846)
>>>>>
>>>>> ... 32 more
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>   <wsse:Security
>>>>>             xmlns:wsse="
>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>>>>> "
>>>>>             xmlns:wsu="
>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>>>> "
>>>>>             env:mustUnderstand="true">
>>>>>             <xenc:EncryptedKey xmlns:xenc="
>>>>> http://www.w3.org/2001/04/xmlenc#"
>>>>>                 Id="EK-1BA2E95532537EDE35137106980235720">
>>>>>                 <xenc:EncryptionMethod Algorithm="
>>>>> http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
>>>>>                 <ds:KeyInfo xmlns:ds="
>>>>> http://www.w3.org/2000/09/xmldsig#">
>>>>>                     <wsse:SecurityTokenReference>
>>>>>                         <wsse:KeyIdentifier
>>>>>                             EncodingType="
>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>>>>> "
>>>>>                             ValueType="
>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>>>>> "
>>>>>                             >
>>>>> MIIFEzCCA/ugAwIBAgIQdsrAAPW+inZUyNZDwobyjTANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEmMCQGA1UEChMdQ29tbW9ud2VhbHRoIG9mIE1hc3NhY2h1c2V0dHMxHTAbBgNVBAMTFE1hc3NIaVdheSBJc3N1aW5nIENBMB4XDTEzMDMyODAwMDAwMFoXDTE0MDMyODIzNTk1OVoweTEqMCgGA1UEAwwhZGlyZWN0LmhvbHlva2UubWFzc2hpd2F5c3RhZ2UuY29tMRAwDgYDVQQKDAdIb2x5b2tlMSwwKgYDVQQLDCMyLjE2Ljg0MC4xLjExMzg4My4zLjg5LjEwNS4yMDAuMS4xNTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg92AAmQbA02He0SbeiPwToxYhXAm1VMM3WEVI/M8cXIBQy/KjZwLnM2ihiUNgJpy9P0pYPMKBMm9HIvB+Wb/Ii7JaQHBV7XIDKyX9pE0j8LcTuxS1MWcR1O+iL1qdfOtjSfiuYc1xfQMscunHJxkvWFGlEMTX9Pa3XfLNJkkk63r1Nxrmtgt4QS5FCa3I3su50HjOcr2xLlixZdxpBjBtxrd3h6cO527QgCuROITWhVhfW6IPeyS5dwzXtV3t1bovp0aX47PDMyKmiuROGKXAYSnLPLX6wzWVB01Z36qQv1PbIPaN6Chg2GEDRUhIQV/RubDT/KbuvvzptWxjPmHPAgMBAAGjggG6MIIBtjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsGAQUFBwMEMB0GA1UdDgQWBBRhUPF7apEE+57JFRsYFGAw4Ck6ETAsBgNVHREEJTAjgiFkaXJlY3QuaG9seW9rZS5tYXNzaGl3YXlzdGFnZS5jb20wHwYDVR0jBBgwFoAU7fH0HJRRpyZgbKXKjZarDCNvvtIwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8vcGtpLW9jc3Auc3ltYXV0aC5jb20wXQYDVR0fBFYwVDBSoFCgToZMaHR0cDovL3BraS1jcmwuc3ltYXV0aC5jb20vY2FfZWNmNDE1ZjhjNjk3MWY5NmQ1ZjcyNGU5OTg0N2RiNGQvTGF0ZXN0Q1JMLmNybDAsBgpghkgBhvhFARADBB4wHAYSYIZIAYb4RQEQAQQHAQGEwqMPFgYxNDYxMTIwOQYKYIZIAYb4RQEQBQQrMCkCAQAWJGFIUjBjSE02THk5d2Eya3RjbUV1YzNsdFlYVjBhQzVqYjIwPTANBgkqhkiG9w0BAQsFAAOCAQEAU52qNDIFl5vWnN1LkWxBOSaMXHUfXt+MQDmZ8M/YfmXOkcwvBE739w3JTUEqXSKFqb5MUZSuGXM4kcqFjYjrkTszssKxccoRtosfM6RRDeCbqvNlbRj/dGKaj4/uH3xCaeZZLeN0WoxFsKU9nbVaCUQJAqP5vIdG6/MdldLaQr8AbSOtG4NmJReQwj0/XN81IZ9jGP6VMFir970VCyqCd4+8d0nZ98ab+oare6kv6D4+4hK8qKaSFhIQeI8I4/zoo8RYdPZqokId4aR5E2mC9QLtgWyFk/Yf3G+TSthUi0T9QrxWnheMiUNS1gtaeSbJLZmwkXPmN/v+kY9Sp6GDdA==
>>>>> </wsse:KeyIdentifier>
>>>>>                     </wsse:SecurityTokenReference>
>>>>>                 </ds:KeyInfo>
>>>>>                 <xenc:CipherData>
>>>>>                     <xenc:CipherValue>
>>>>> sPAWtKXEr9I97nMGDNMb4oYxDe2G1XZV5UNfEPB57m71u9hY/JDW61T7VOj0hYUA4jSRX6dwWgjN7FeZ3ejU0Y1qUVGYMKHQP6wOcdaXiRKQ+H7FCuFrUXl2DKUav3M4Ll74g4o42UVnFhOEHW5KVso8zvaOlJgJTyrDHYuLDdmoaxTiS6AbgXqhUrrwVN4qPagGRdLw92ndvUJ8GUd7azLk5BjS/6GIKp2Og3Q4q1Wl0FEwo+Vgr/dR75B0XQJGlGkHyQJcshE762JMzMK/r0NzQoEWsu71ea8iZgwwPueG3tZ+TzAUpTy1JfLstvE1ykCoZm8CP0lZDxpmWe9z8g==
>>>>> </xenc:CipherValue>
>>>>>                 </xenc:CipherData>
>>>>>                 <xenc:ReferenceList>
>>>>>                     <xenc:DataReference URI="#ED-15"/>
>>>>>                 </xenc:ReferenceList>
>>>>>             </xenc:EncryptedKey>
>>>>>             <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#
>>>>> " Id="SIG-14">
>>>>>                 <ds:SignedInfo>
>>>>>                     <ds:CanonicalizationMethod Algorithm="
>>>>> http://www.w3.org/2001/10/xml-exc-c14n#">
>>>>>                         <ec:InclusiveNamespaces xmlns:ec="
>>>>> http://www.w3.org/2001/10/xml-exc-c14n#"
>>>>>                             PrefixList="env"/>
>>>>>                     </ds:CanonicalizationMethod>
>>>>>                     <ds:SignatureMethod Algorithm="
>>>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>>>>>                     <ds:Reference URI="#id-13">
>>>>>                         <ds:Transforms>
>>>>>                             <ds:Transform Algorithm="
>>>>> http://www.w3.org/2001/10/xml-exc-c14n#">
>>>>>                                 <ec:InclusiveNamespaces
>>>>>                                     xmlns:ec="
>>>>> http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""
>>>>>                                 />
>>>>>                             </ds:Transform>
>>>>>                         </ds:Transforms>
>>>>>                         <ds:DigestMethod Algorithm="
>>>>> http://www.w3.org/2000/09/xmldsig#sha1"/>
>>>>>                         <ds:DigestValue>QqgS6lIMTvFJKUj5afXvXnQ1W4M=
>>>>> </ds:DigestValue>
>>>>>                     </ds:Reference>
>>>>>                 </ds:SignedInfo>
>>>>>                 <ds:SignatureValue>
>>>>> SB+7/+s4ofbxI0WNoTowg8lDFs0ZLA3tRX7sagn2ljocZBUgMnDTw9+pyppuSnGyZKtFSESgPtLn/uPX8Oj7UhM0v1nsr3mMF3IvK1p1SJzTZMzfOZc7l4L9HMQxZD8xx08wpDWCFbTRD1aJ9wPDYcyADrM9cKyTIwg1fkcC9Om7ryOfjjScPkZa88OdIRY/baITl3nAJt2RXioP4cA4Oxa+u/9r7hu4tzAA3Ow+KO1ngYFxYeJsZWd8j8jqwpIA0JpJyXi98g+pb++GXjtVYy9X/Ri+QY6HUa+fvfua8KW2VRp4uaXVFS3S4J6Rdb3L87oJR2+5bVe9FvqPoNm1mQ==
>>>>> </ds:SignatureValue>
>>>>>                 <ds:KeyInfo Id="KI-1BA2E95532537EDE35137106980231418">
>>>>>                     <wsse:SecurityTokenReference wsu:Id=
>>>>> "STR-1BA2E95532537EDE35137106980231419">
>>>>>                         <wsse:KeyIdentifier
>>>>>                             EncodingType="
>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>>>>> "
>>>>>                             ValueType="
>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>>>>> "
>>>>>                             >
>>>>> MIIFKTCCBBGgAwIBAgIQW2vyszzvr/QDmIonMMTvizANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEmMCQGA1UEChMdQ29tbW9ud2VhbHRoIG9mIE1hc3NhY2h1c2V0dHMxHTAbBgNVBAMTFE1hc3NIaVdheSBJc3N1aW5nIENBMB4XDTEyMTIyMzAwMDAwMFoXDTEzMTIyMzIzNTk1OVowgYkxLzAtBgNVBAMMJmRpcmVjdC5tYWluc3RyZWV0ZXIubWFzc2hpd2F5c3RhZ2UuY29tMRowGAYDVQQLDBFDVVNUT00tTUFTUy1ISUUtMTEWMBQGA1UECwwNTVVMVEktQUxMT1dFRDELMAkGA1UEBhMCVXMxFTATBgNVBAoMDG1haW5zdHJlZXRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALeIw1Ct9T/ptgq9VPErpfGtE6AdiHQHh8JnsDnUla0EsZNEXwK5sGSM911fVaykO6Asf1ltPYUZh/JnipcP2aogUQXMHdle2IjZ4bOC0e9jyCHeOmoFLYkk662qL6tTsvCug90EdIsh55HjZ1WJD1dvZw8Pm5c+OSVXouLFlvtUL1q9qDNms20rnX5VpK55qkwWMwvu4TRDPbXqn7lOroiABUi032iIE5TjGKwQom1KPMRHtQa3XMDn4T+FDx0UFn41v4OjQcTl/hxIci/TeTsSod4ewohTO+Yoh5qIEhSvvjcEMUXYmRE//0Buj8IkstYlUbLeMVW71EOLy5ggB0cCAwEAAaOCAb8wggG7MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwQwHQYDVR0OBBYEFPHGf6vRVdoRHpFgTKCd97lMYA3bMDEGA1UdEQQqMCiCJmRpcmVjdC5tYWluc3RyZWV0ZXIubWFzc2hpd2F5c3RhZ2UuY29tMB8GA1UdIwQYMBaAFO3x9ByUUacmYGylyo2Wqwwjb77SMDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAYYbaHR0cDovL3BraS1vY3NwLnN5bWF1dGguY29tMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9wa2ktY3JsLnN5bWF1dGguY29tL2NhX2VjZjQxNWY4YzY5NzFmOTZkNWY3MjRlOTk4NDdkYjRkL0xhdGVzdENSTC5jcmwwLAYKYIZIAYb4RQEQAwQeMBwGEmCGSAGG+EUBEAEEBwEBhMKjDxYGMTQ2MTEyMDkGCmCGSAGG+EUBEAUEKzApAgEAFiRhSFIwY0hNNkx5OXdhMmt0Y21FdWMzbHRZWFYwYUM1amIyMD0wDQYJKoZIhvcNAQELBQADggEBADYSiYoMmvZT27aIA0+0vCLmEDuaYBqIE8Fhpju07MkBn28IakARzDlHN9zwPqEiHQJUFQXi0uwj8P29HyvWr2ZrsSLR7YCQbkw7zPypPf64M1F9jWDSay7srKsPkcoRsh2KZ+5N4sbklRDlybG+871ul53YotAaoTVOq5Lvukm0HmhEJUwXM+GfaE4V7j9pv4Dc+eAKaUANSlSKgSqpEIb7Ouw1yuUUv8kF3loMA6OePuUYa8biUpUJBWKbhZxoxzWO+43QqX7gOozATsqKXa84QPItJTbjKdtngfaKngm3WO/LJ9PPkWEci/Y2bmX3ypOcnjFpDBuvpA69vrN2oAM=
>>>>> </wsse:KeyIdentifier>
>>>>>                     </wsse:SecurityTokenReference>
>>>>>                 </ds:KeyInfo>
>>>>>             </ds:Signature>
>>>>>         </wsse:Security>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Massimiliano Masi
>>>>>
>>>>> http://www.mascanc.net/~max
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Colm O hEigeartaigh
>>>>
>>>> Talend Community Coder
>>>> http://coders.talend.com
>>>>
>>>
>>>
>>>
>>> --
>>> Massimiliano Masi
>>>
>>> http://www.mascanc.net/~max
>>>
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
>
> --
> Massimiliano Masi
>
> http://www.mascanc.net/~max
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message