ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Using Bouncy Castle instead of Merlin in WSS4J 1.6.13
Date Fri, 14 Mar 2014 09:51:44 GMT
Yes, Merlin supports SHA-256. Do you have the unlimited security policies
installed in the JDK?

Colm.



On Fri, Mar 14, 2014 at 3:08 AM, Giriraj Bhojak <giriraj2k@gmail.com> wrote:

> Hello Colm,
>
> I created the keystore using standard java keytool command. I am not sure
> how to create a BKS keystore.
> When I tried using sha256 signature algorithm (by configuring
> signatureAlgorithm in the interceptor via CXF)with Merlin, I ran into
> algorithm not supported exception. sha1 signature algorithm worked properly.
> Doesn't merlin support sha256 signature  algorithm?
> Do I need to use bouncy castle in this case?
> Could you please help me out with it?
>
> Thanks,
> Giriraj.
> On Feb 24, 2014 5:37 AM, "Colm O hEigeartaigh" <coheigea@apache.org>
> wrote:
>
>>
>> With BouncyCastle, the Keystore type must be "BKS", so:
>>
>> org.apache.ws.security.crypto.merlin.keystore.type=BKS
>>
>> Note that the keystore itself must be compatible with BouncyCastle JKS
>> implementation.
>>
>> Colm.
>>
>>
>> On Fri, Feb 21, 2014 at 10:44 PM, Giriraj Bhojak <giriraj2k@gmail.com>wrote:
>>
>>> Hello Colm,
>>>
>>> I didn't have any success using above properties.
>>> I got following:
>>>     ... 2 more
>>> Caused by: org.apache.ws.security.components.crypto.CredentialException:
>>> Failed to load credentials.
>>>     at
>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:376)
>>>     at
>>> org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190)
>>>     at
>>> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
>>>     at
>>> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
>>>     ... 17 more
>>> Caused by: java.security.KeyStoreException: KeyStore jks implementation
>>> not found
>>>     at java.security.KeyStore.getInstance(KeyStore.java:122)
>>>     at
>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:362)
>>>     ... 20 more
>>> Caused by: java.security.KeyStoreException: KeyStore jks implementation
>>> not found
>>>     at java.security.KeyStore.getInstance(KeyStore.java:150)
>>>     at java.security.KeyStore.getInstance(KeyStore.java:120)
>>>     ... 21 more
>>>
>>> It was working with Merlin earlier. Here is my properties file:
>>> org.apache.ws.security.crypto.merlin.keystore.file=sample.jks
>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias1
>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>
>>> I have bcprov-jdk12-130.jar on the classpath.
>>>
>>> Could you please help me find out what I am doing wrong here?
>>>
>>> Thanks,
>>> Giriraj.
>>>
>>>
>>> On Tue, Feb 18, 2014 at 8:39 AM, Colm O hEigeartaigh <
>>> coheigea@apache.org> wrote:
>>>
>>>> You can use BouncyCastle with the Merlin Crypto implementation. Simply
>>>> add the property:
>>>>
>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>>
>>>> Colm.
>>>>
>>>>
>>>> On Tue, Feb 18, 2014 at 1:27 PM, Giriraj Bhojak <giriraj2k@gmail.com>wrote:
>>>>
>>>>> We have a specific requirement to use Bouncy Castle in the project.
>>>>> Does this mean we can't use Bouncy Castle at all in the latest version
>>>>> of wss4j?
>>>>>
>>>>> Thanks,
>>>>> Giriraj.
>>>>> On Feb 18, 2014 4:51 AM, "Colm O hEigeartaigh" <coheigea@apache.org>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>> From what I recall, there was essentially little difference between
>>>>>> the Merlin and BouncyCastle Crypto implementations, hence the latter
was
>>>>>> removed in WSS4J 1.6.x. Why do you need to use the BouncyCastle
>>>>>> implementation, i.e. what is the Merlin implementation not doing
for you?
>>>>>>
>>>>>> Colm.
>>>>>>
>>>>>>
>>>>>> On Mon, Feb 17, 2014 at 7:56 PM, Giriraj Bhojak <giriraj2k@gmail.com>wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I need to use Bouncy Castle provider with WSS4J 1.6.13.
>>>>>>> Merlin is used by default since 1.6.x.
>>>>>>> Could anyone explain why this was done?
>>>>>>> I mean was there something with Bouncy Castle that prompted this
>>>>>>> change?
>>>>>>>
>>>>>>> And is following set of keys the right way to use Bouncy Castle
with
>>>>>>> WSS4J (found this from
>>>>>>> https://community.oracle.com/thread/1529571?tstart=1872)?
>>>>>>>
>>>>>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.BouncyCastle
>>>>>>> org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
>>>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias
>>>>>>> org.apache.ws.security.crypto.merlin.alias.password=password
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Giriraj.
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Colm O hEigeartaigh
>>>>>>
>>>>>> Talend Community Coder
>>>>>> http://coders.talend.com
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Colm O hEigeartaigh
>>>>
>>>> Talend Community Coder
>>>> http://coders.talend.com
>>>>
>>>> --
>>>> Colm O hEigeartaigh
>>>>
>>>> Talend Community Coder
>>>> <http://coders.talend.com>http://coders.talend.com
>>>>
>>>>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message