ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giriraj Bhojak <girira...@gmail.com>
Subject Re: Using Bouncy Castle instead of Merlin in WSS4J 1.6.13
Date Fri, 14 Mar 2014 16:18:36 GMT
I tried this through a junit after changing the algorithm. And here is what
I got:

SEVERE: java.security.NoSuchAlgorithmException: unsupported algorithm
Mar 14, 2014 12:14:22 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for ....... has thrown exception, unwinding now
Throwable occurred: org.apache.cxf.binding.soap.SoapFault: Security
processing failed.
    at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:280)
    at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:141)
    at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
    at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)

Caused by: org.apache.ws.security.WSSecurityException: Error during
Signature:
    at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:122)
    at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232)
    at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
    at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265)


Here is the signature entry defined in the 'out' interceptor:
*<entry key="signatureAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#sha256
<http://www.w3.org/2001/04/xmlenc#sha256>" />*

I am not sure how to check for unlimited security policies. But since we
would be running this on WebSphere, I don't think I have the liberty to
have the unlimited security policies.


Thanks,
Giriraj.


On Fri, Mar 14, 2014 at 5:51 AM, Colm O hEigeartaigh <coheigea@apache.org>wrote:

>
> Yes, Merlin supports SHA-256. Do you have the unlimited security policies
> installed in the JDK?
>
> Colm.
>
>
>
> On Fri, Mar 14, 2014 at 3:08 AM, Giriraj Bhojak <giriraj2k@gmail.com>wrote:
>
>> Hello Colm,
>>
>> I created the keystore using standard java keytool command. I am not sure
>> how to create a BKS keystore.
>> When I tried using sha256 signature algorithm (by configuring
>> signatureAlgorithm in the interceptor via CXF)with Merlin, I ran into
>> algorithm not supported exception. sha1 signature algorithm worked properly.
>> Doesn't merlin support sha256 signature  algorithm?
>> Do I need to use bouncy castle in this case?
>> Could you please help me out with it?
>>
>> Thanks,
>> Giriraj.
>> On Feb 24, 2014 5:37 AM, "Colm O hEigeartaigh" <coheigea@apache.org>
>> wrote:
>>
>>>
>>> With BouncyCastle, the Keystore type must be "BKS", so:
>>>
>>> org.apache.ws.security.crypto.merlin.keystore.type=BKS
>>>
>>> Note that the keystore itself must be compatible with BouncyCastle JKS
>>> implementation.
>>>
>>> Colm.
>>>
>>>
>>> On Fri, Feb 21, 2014 at 10:44 PM, Giriraj Bhojak <giriraj2k@gmail.com>wrote:
>>>
>>>> Hello Colm,
>>>>
>>>> I didn't have any success using above properties.
>>>> I got following:
>>>>     ... 2 more
>>>> Caused by:
>>>> org.apache.ws.security.components.crypto.CredentialException: Failed to
>>>> load credentials.
>>>>     at
>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:376)
>>>>     at
>>>> org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190)
>>>>     at
>>>> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
>>>>     at
>>>> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
>>>>     ... 17 more
>>>> Caused by: java.security.KeyStoreException: KeyStore jks implementation
>>>> not found
>>>>     at java.security.KeyStore.getInstance(KeyStore.java:122)
>>>>     at
>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:362)
>>>>     ... 20 more
>>>> Caused by: java.security.KeyStoreException: KeyStore jks implementation
>>>> not found
>>>>     at java.security.KeyStore.getInstance(KeyStore.java:150)
>>>>     at java.security.KeyStore.getInstance(KeyStore.java:120)
>>>>     ... 21 more
>>>>
>>>> It was working with Merlin earlier. Here is my properties file:
>>>> org.apache.ws.security.crypto.merlin.keystore.file=sample.jks
>>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias1
>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>>
>>>> I have bcprov-jdk12-130.jar on the classpath.
>>>>
>>>> Could you please help me find out what I am doing wrong here?
>>>>
>>>> Thanks,
>>>> Giriraj.
>>>>
>>>>
>>>> On Tue, Feb 18, 2014 at 8:39 AM, Colm O hEigeartaigh <
>>>> coheigea@apache.org> wrote:
>>>>
>>>>> You can use BouncyCastle with the Merlin Crypto implementation. Simply
>>>>> add the property:
>>>>>
>>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>>>
>>>>> Colm.
>>>>>
>>>>>
>>>>> On Tue, Feb 18, 2014 at 1:27 PM, Giriraj Bhojak <giriraj2k@gmail.com>wrote:
>>>>>
>>>>>> We have a specific requirement to use Bouncy Castle in the project.
>>>>>> Does this mean we can't use Bouncy Castle at all in the latest
>>>>>> version of wss4j?
>>>>>>
>>>>>> Thanks,
>>>>>> Giriraj.
>>>>>> On Feb 18, 2014 4:51 AM, "Colm O hEigeartaigh" <coheigea@apache.org>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>> From what I recall, there was essentially little difference between
>>>>>>> the Merlin and BouncyCastle Crypto implementations, hence the
latter was
>>>>>>> removed in WSS4J 1.6.x. Why do you need to use the BouncyCastle
>>>>>>> implementation, i.e. what is the Merlin implementation not doing
for you?
>>>>>>>
>>>>>>> Colm.
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Feb 17, 2014 at 7:56 PM, Giriraj Bhojak <giriraj2k@gmail.com
>>>>>>> > wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I need to use Bouncy Castle provider with WSS4J 1.6.13.
>>>>>>>> Merlin is used by default since 1.6.x.
>>>>>>>> Could anyone explain why this was done?
>>>>>>>> I mean was there something with Bouncy Castle that prompted
this
>>>>>>>> change?
>>>>>>>>
>>>>>>>> And is following set of keys the right way to use Bouncy
Castle
>>>>>>>> with WSS4J (found this from
>>>>>>>> https://community.oracle.com/thread/1529571?tstart=1872)?
>>>>>>>>
>>>>>>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.BouncyCastle
>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias
>>>>>>>> org.apache.ws.security.crypto.merlin.alias.password=password
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Giriraj.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Colm O hEigeartaigh
>>>>>>>
>>>>>>> Talend Community Coder
>>>>>>> http://coders.talend.com
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Colm O hEigeartaigh
>>>>>
>>>>> Talend Community Coder
>>>>> http://coders.talend.com
>>>>>
>>>>> --
>>>>> Colm O hEigeartaigh
>>>>>
>>>>> Talend Community Coder
>>>>> <http://coders.talend.com>http://coders.talend.com
>>>>>
>>>>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Mime
View raw message