ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Question on RSA 1.5
Date Thu, 04 Jul 2013 11:56:04 GMT
How are you turning off BSP compliance? Could you try to figure out why
WSSConfig.init() is not getting called in your scenario?

Colm.


On Thu, Jul 4, 2013 at 12:47 PM, Massimiliano Masi <
massimiliano.masi@gmail.com> wrote:

> I saw the following behavior. In version 1.6.10, while turning off BSP
> compliance, these two methods are not called.
>
> JCEMapper.registerDefaultAlgorithms();
>
> org.apache.xml.security.Init.init();
>
> Calling them directly before calling processSecurityHeader() works.
>
>
>
> On Thu, Jul 4, 2013 at 11:18 AM, Colm O hEigeartaigh <coheigea@apache.org>wrote:
>
>>
>> RSA v1.5 works fine with WSS4J. For example, see the tests here:
>>
>>
>> http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/EncryptionAlgorithmSuiteTest.java?view=markup
>>
>> Is the wrapping library excluding RSA v1.5 explicitly?
>>
>> Colm.
>>
>>
>> On Mon, Jul 1, 2013 at 5:13 PM, Massimiliano Masi <
>> massimiliano.masi@gmail.com> wrote:
>>
>>> Hi All,
>>>
>>> I have the following XML excerpt, with a NON-BSP security header.
>>> Java is with unlimited strength policy files. I receive this exception.
>>>
>>> it seems that the JCE Mapper is unable to resolve rsa-1_5.
>>>
>>> Is there a FAQ for that?
>>>
>>> Thanks a lot,
>>>
>>>
>>>      Massi
>>>
>>> Caused by: com.spirit.security.soap.SoapSecurityException:
>>> org.apache.ws.security.WSSecurityException: An unsupported signature or
>>> encryption algorithm was used (unsupported key transport encryption
>>> algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5)
>>>
>>> at com.spirit.security.soap.SoapSecurity.verifySecurityHeader(
>>> SoapSecurity.java:258)
>>>
>>> at com.spirit.direct.soap.DirectXDRSecurity.processIncoming(
>>> DirectXDRSecurity.java:238)
>>>
>>> ... 25 more
>>>
>>> Caused by: org.apache.ws.security.WSSecurityException: An unsupported
>>> signature or encryption algorithm was used (unsupported key transport
>>> encryption algorithm: No such algorithm:
>>> http://www.w3.org/2001/04/xmlenc#rsa-1_5)
>>>
>>> at org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(
>>> WSSecurityUtil.java:865)
>>>
>>> at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(
>>> EncryptedKeyProcessor.java:96)
>>>
>>> at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(
>>> EncryptedKeyProcessor.java:65)
>>>
>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
>>> WSSecurityEngine.java:396)
>>>
>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
>>> WSSecurityEngine.java:303)
>>>
>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
>>> WSSecurityEngine.java:248)
>>>
>>> at com.spirit.security.soap.SoapSecurity.verifySecurityHeader(
>>> SoapSecurity.java:183)
>>>
>>> ... 26 more
>>>
>>> Caused by: java.security.NoSuchAlgorithmException: No transformation
>>> given
>>>
>>> at javax.crypto.Cipher.tokenizeTransformation(Cipher.java:288)
>>>
>>> at javax.crypto.Cipher.getTransforms(Cipher.java:412)
>>>
>>> at javax.crypto.Cipher.getInstance(Cipher.java:486)
>>>
>>> at org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(
>>> WSSecurityUtil.java:846)
>>>
>>> ... 32 more
>>>
>>>
>>>
>>>
>>>
>>>
>>>   <wsse:Security
>>>             xmlns:wsse="
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>>> "
>>>             xmlns:wsu="
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>> "
>>>             env:mustUnderstand="true">
>>>             <xenc:EncryptedKey xmlns:xenc="
>>> http://www.w3.org/2001/04/xmlenc#"
>>>                 Id="EK-1BA2E95532537EDE35137106980235720">
>>>                 <xenc:EncryptionMethod Algorithm="
>>> http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
>>>                 <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#
>>> ">
>>>                     <wsse:SecurityTokenReference>
>>>                         <wsse:KeyIdentifier
>>>                             EncodingType="
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>>> "
>>>                             ValueType="
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>>> "
>>>                             >
>>> MIIFEzCCA/ugAwIBAgIQdsrAAPW+inZUyNZDwobyjTANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEmMCQGA1UEChMdQ29tbW9ud2VhbHRoIG9mIE1hc3NhY2h1c2V0dHMxHTAbBgNVBAMTFE1hc3NIaVdheSBJc3N1aW5nIENBMB4XDTEzMDMyODAwMDAwMFoXDTE0MDMyODIzNTk1OVoweTEqMCgGA1UEAwwhZGlyZWN0LmhvbHlva2UubWFzc2hpd2F5c3RhZ2UuY29tMRAwDgYDVQQKDAdIb2x5b2tlMSwwKgYDVQQLDCMyLjE2Ljg0MC4xLjExMzg4My4zLjg5LjEwNS4yMDAuMS4xNTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg92AAmQbA02He0SbeiPwToxYhXAm1VMM3WEVI/M8cXIBQy/KjZwLnM2ihiUNgJpy9P0pYPMKBMm9HIvB+Wb/Ii7JaQHBV7XIDKyX9pE0j8LcTuxS1MWcR1O+iL1qdfOtjSfiuYc1xfQMscunHJxkvWFGlEMTX9Pa3XfLNJkkk63r1Nxrmtgt4QS5FCa3I3su50HjOcr2xLlixZdxpBjBtxrd3h6cO527QgCuROITWhVhfW6IPeyS5dwzXtV3t1bovp0aX47PDMyKmiuROGKXAYSnLPLX6wzWVB01Z36qQv1PbIPaN6Chg2GEDRUhIQV/RubDT/KbuvvzptWxjPmHPAgMBAAGjggG6MIIBtjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsGAQUFBwMEMB0GA1UdDgQWBBRhUPF7apEE+57JFRsYFGAw4Ck6ETAsBgNVHREEJTAjgiFkaXJlY3QuaG9seW9rZS5tYXNzaGl3YXlzdGFnZS5jb20wHwYDVR0jBBgwFoAU7fH0HJRRpyZgbKXKjZarDCNvvtIwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8vcGtpLW9jc3Auc3ltYXV0aC5jb20wXQYDVR0fBFYwVDBSoFCgToZMaHR0cDovL3BraS1jcmwuc3ltYXV0aC5jb20vY2FfZWNmNDE1ZjhjNjk3MWY5NmQ1ZjcyNGU5OTg0N2RiNGQvTGF0ZXN0Q1JMLmNybDAsBgpghkgBhvhFARADBB4wHAYSYIZIAYb4RQEQAQQHAQGEwqMPFgYxNDYxMTIwOQYKYIZIAYb4RQEQBQQrMCkCAQAWJGFIUjBjSE02THk5d2Eya3RjbUV1YzNsdFlYVjBhQzVqYjIwPTANBgkqhkiG9w0BAQsFAAOCAQEAU52qNDIFl5vWnN1LkWxBOSaMXHUfXt+MQDmZ8M/YfmXOkcwvBE739w3JTUEqXSKFqb5MUZSuGXM4kcqFjYjrkTszssKxccoRtosfM6RRDeCbqvNlbRj/dGKaj4/uH3xCaeZZLeN0WoxFsKU9nbVaCUQJAqP5vIdG6/MdldLaQr8AbSOtG4NmJReQwj0/XN81IZ9jGP6VMFir970VCyqCd4+8d0nZ98ab+oare6kv6D4+4hK8qKaSFhIQeI8I4/zoo8RYdPZqokId4aR5E2mC9QLtgWyFk/Yf3G+TSthUi0T9QrxWnheMiUNS1gtaeSbJLZmwkXPmN/v+kY9Sp6GDdA==
>>> </wsse:KeyIdentifier>
>>>                     </wsse:SecurityTokenReference>
>>>                 </ds:KeyInfo>
>>>                 <xenc:CipherData>
>>>                     <xenc:CipherValue>
>>> sPAWtKXEr9I97nMGDNMb4oYxDe2G1XZV5UNfEPB57m71u9hY/JDW61T7VOj0hYUA4jSRX6dwWgjN7FeZ3ejU0Y1qUVGYMKHQP6wOcdaXiRKQ+H7FCuFrUXl2DKUav3M4Ll74g4o42UVnFhOEHW5KVso8zvaOlJgJTyrDHYuLDdmoaxTiS6AbgXqhUrrwVN4qPagGRdLw92ndvUJ8GUd7azLk5BjS/6GIKp2Og3Q4q1Wl0FEwo+Vgr/dR75B0XQJGlGkHyQJcshE762JMzMK/r0NzQoEWsu71ea8iZgwwPueG3tZ+TzAUpTy1JfLstvE1ykCoZm8CP0lZDxpmWe9z8g==
>>> </xenc:CipherValue>
>>>                 </xenc:CipherData>
>>>                 <xenc:ReferenceList>
>>>                     <xenc:DataReference URI="#ED-15"/>
>>>                 </xenc:ReferenceList>
>>>             </xenc:EncryptedKey>
>>>             <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"Id
>>> ="SIG-14">
>>>                 <ds:SignedInfo>
>>>                     <ds:CanonicalizationMethod Algorithm="
>>> http://www.w3.org/2001/10/xml-exc-c14n#">
>>>                         <ec:InclusiveNamespaces xmlns:ec="
>>> http://www.w3.org/2001/10/xml-exc-c14n#"
>>>                             PrefixList="env"/>
>>>                     </ds:CanonicalizationMethod>
>>>                     <ds:SignatureMethod Algorithm="
>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>>>                     <ds:Reference URI="#id-13">
>>>                         <ds:Transforms>
>>>                             <ds:Transform Algorithm="
>>> http://www.w3.org/2001/10/xml-exc-c14n#">
>>>                                 <ec:InclusiveNamespaces
>>>                                     xmlns:ec="
>>> http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""
>>>                                 />
>>>                             </ds:Transform>
>>>                         </ds:Transforms>
>>>                         <ds:DigestMethod Algorithm="
>>> http://www.w3.org/2000/09/xmldsig#sha1"/>
>>>                         <ds:DigestValue>QqgS6lIMTvFJKUj5afXvXnQ1W4M=
>>> </ds:DigestValue>
>>>                     </ds:Reference>
>>>                 </ds:SignedInfo>
>>>                 <ds:SignatureValue>
>>> SB+7/+s4ofbxI0WNoTowg8lDFs0ZLA3tRX7sagn2ljocZBUgMnDTw9+pyppuSnGyZKtFSESgPtLn/uPX8Oj7UhM0v1nsr3mMF3IvK1p1SJzTZMzfOZc7l4L9HMQxZD8xx08wpDWCFbTRD1aJ9wPDYcyADrM9cKyTIwg1fkcC9Om7ryOfjjScPkZa88OdIRY/baITl3nAJt2RXioP4cA4Oxa+u/9r7hu4tzAA3Ow+KO1ngYFxYeJsZWd8j8jqwpIA0JpJyXi98g+pb++GXjtVYy9X/Ri+QY6HUa+fvfua8KW2VRp4uaXVFS3S4J6Rdb3L87oJR2+5bVe9FvqPoNm1mQ==
>>> </ds:SignatureValue>
>>>                 <ds:KeyInfo Id="KI-1BA2E95532537EDE35137106980231418">
>>>                     <wsse:SecurityTokenReference wsu:Id=
>>> "STR-1BA2E95532537EDE35137106980231419">
>>>                         <wsse:KeyIdentifier
>>>                             EncodingType="
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>>> "
>>>                             ValueType="
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>>> "
>>>                             >
>>> MIIFKTCCBBGgAwIBAgIQW2vyszzvr/QDmIonMMTvizANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEmMCQGA1UEChMdQ29tbW9ud2VhbHRoIG9mIE1hc3NhY2h1c2V0dHMxHTAbBgNVBAMTFE1hc3NIaVdheSBJc3N1aW5nIENBMB4XDTEyMTIyMzAwMDAwMFoXDTEzMTIyMzIzNTk1OVowgYkxLzAtBgNVBAMMJmRpcmVjdC5tYWluc3RyZWV0ZXIubWFzc2hpd2F5c3RhZ2UuY29tMRowGAYDVQQLDBFDVVNUT00tTUFTUy1ISUUtMTEWMBQGA1UECwwNTVVMVEktQUxMT1dFRDELMAkGA1UEBhMCVXMxFTATBgNVBAoMDG1haW5zdHJlZXRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALeIw1Ct9T/ptgq9VPErpfGtE6AdiHQHh8JnsDnUla0EsZNEXwK5sGSM911fVaykO6Asf1ltPYUZh/JnipcP2aogUQXMHdle2IjZ4bOC0e9jyCHeOmoFLYkk662qL6tTsvCug90EdIsh55HjZ1WJD1dvZw8Pm5c+OSVXouLFlvtUL1q9qDNms20rnX5VpK55qkwWMwvu4TRDPbXqn7lOroiABUi032iIE5TjGKwQom1KPMRHtQa3XMDn4T+FDx0UFn41v4OjQcTl/hxIci/TeTsSod4ewohTO+Yoh5qIEhSvvjcEMUXYmRE//0Buj8IkstYlUbLeMVW71EOLy5ggB0cCAwEAAaOCAb8wggG7MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwQwHQYDVR0OBBYEFPHGf6vRVdoRHpFgTKCd97lMYA3bMDEGA1UdEQQqMCiCJmRpcmVjdC5tYWluc3RyZWV0ZXIubWFzc2hpd2F5c3RhZ2UuY29tMB8GA1UdIwQYMBaAFO3x9ByUUacmYGylyo2Wqwwjb77SMDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAYYbaHR0cDovL3BraS1vY3NwLnN5bWF1dGguY29tMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9wa2ktY3JsLnN5bWF1dGguY29tL2NhX2VjZjQxNWY4YzY5NzFmOTZkNWY3MjRlOTk4NDdkYjRkL0xhdGVzdENSTC5jcmwwLAYKYIZIAYb4RQEQAwQeMBwGEmCGSAGG+EUBEAEEBwEBhMKjDxYGMTQ2MTEyMDkGCmCGSAGG+EUBEAUEKzApAgEAFiRhSFIwY0hNNkx5OXdhMmt0Y21FdWMzbHRZWFYwYUM1amIyMD0wDQYJKoZIhvcNAQELBQADggEBADYSiYoMmvZT27aIA0+0vCLmEDuaYBqIE8Fhpju07MkBn28IakARzDlHN9zwPqEiHQJUFQXi0uwj8P29HyvWr2ZrsSLR7YCQbkw7zPypPf64M1F9jWDSay7srKsPkcoRsh2KZ+5N4sbklRDlybG+871ul53YotAaoTVOq5Lvukm0HmhEJUwXM+GfaE4V7j9pv4Dc+eAKaUANSlSKgSqpEIb7Ouw1yuUUv8kF3loMA6OePuUYa8biUpUJBWKbhZxoxzWO+43QqX7gOozATsqKXa84QPItJTbjKdtngfaKngm3WO/LJ9PPkWEci/Y2bmX3ypOcnjFpDBuvpA69vrN2oAM=
>>> </wsse:KeyIdentifier>
>>>                     </wsse:SecurityTokenReference>
>>>                 </ds:KeyInfo>
>>>             </ds:Signature>
>>>         </wsse:Security>
>>>
>>>
>>>
>>> --
>>> Massimiliano Masi
>>>
>>> http://www.mascanc.net/~max
>>>
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
>
> --
> Massimiliano Masi
>
> http://www.mascanc.net/~max
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message