ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giriraj Bhojak <girira...@gmail.com>
Subject Re: Using Bouncy Castle instead of Merlin in WSS4J 1.6.13
Date Fri, 14 Mar 2014 16:34:14 GMT
That's bad on so many levels for me.
Really sorry to bother you with it Colm.
I was going through
org.apache.ws.security.handler.WSHandlerConstants.SIG_ALGO and I copied the
property for SIG_DIGEST_ALGO instead of the one above it.

Apologies again to bother you with it.

Thanks,
Giriraj.



On Fri, Mar 14, 2014 at 12:21 PM, Colm O hEigeartaigh
<coheigea@apache.org>wrote:

>
> >
>
> *<entry key="signatureAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#sha256
> <http://www.w3.org/2001/04/xmlenc#sha256>" />*
> That is not a valid value for "signatureAlgorithm" as it is a digest
> algorithm.
>
> Colm.
>
>
> On Fri, Mar 14, 2014 at 4:18 PM, Giriraj Bhojak <giriraj2k@gmail.com>wrote:
>
>> I tried this through a junit after changing the algorithm. And here is
>> what I got:
>>
>> SEVERE: java.security.NoSuchAlgorithmException: unsupported algorithm
>> Mar 14, 2014 12:14:22 PM org.apache.cxf.phase.PhaseInterceptorChain
>> doDefaultLogging
>> WARNING: Interceptor for ....... has thrown exception, unwinding now
>> Throwable occurred: org.apache.cxf.binding.soap.SoapFault: Security
>> processing failed.
>>     at
>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:280)
>>     at
>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:141)
>>     at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>>     at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
>>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>>     at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>>     at
>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
>>
>> Caused by: org.apache.ws.security.WSSecurityException: Error during
>> Signature:
>>     at
>> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:122)
>>     at
>> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232)
>>     at
>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
>>     at
>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265)
>>
>>
>> Here is the signature entry defined in the 'out' interceptor:
>> *<entry key="signatureAlgorithm"
>> value="http://www.w3.org/2001/04/xmlenc#sha256
>> <http://www.w3.org/2001/04/xmlenc#sha256>" />*
>>
>> I am not sure how to check for unlimited security policies. But since we
>> would be running this on WebSphere, I don't think I have the liberty to
>> have the unlimited security policies.
>>
>>
>> Thanks,
>> Giriraj.
>>
>>
>> On Fri, Mar 14, 2014 at 5:51 AM, Colm O hEigeartaigh <coheigea@apache.org
>> > wrote:
>>
>>>
>>> Yes, Merlin supports SHA-256. Do you have the unlimited security
>>> policies installed in the JDK?
>>>
>>> Colm.
>>>
>>>
>>>
>>> On Fri, Mar 14, 2014 at 3:08 AM, Giriraj Bhojak <giriraj2k@gmail.com>wrote:
>>>
>>>> Hello Colm,
>>>>
>>>> I created the keystore using standard java keytool command. I am not
>>>> sure how to create a BKS keystore.
>>>> When I tried using sha256 signature algorithm (by configuring
>>>> signatureAlgorithm in the interceptor via CXF)with Merlin, I ran into
>>>> algorithm not supported exception. sha1 signature algorithm worked properly.
>>>> Doesn't merlin support sha256 signature  algorithm?
>>>> Do I need to use bouncy castle in this case?
>>>> Could you please help me out with it?
>>>>
>>>> Thanks,
>>>> Giriraj.
>>>> On Feb 24, 2014 5:37 AM, "Colm O hEigeartaigh" <coheigea@apache.org>
>>>> wrote:
>>>>
>>>>>
>>>>> With BouncyCastle, the Keystore type must be "BKS", so:
>>>>>
>>>>> org.apache.ws.security.crypto.merlin.keystore.type=BKS
>>>>>
>>>>> Note that the keystore itself must be compatible with BouncyCastle JKS
>>>>> implementation.
>>>>>
>>>>> Colm.
>>>>>
>>>>>
>>>>> On Fri, Feb 21, 2014 at 10:44 PM, Giriraj Bhojak <giriraj2k@gmail.com>wrote:
>>>>>
>>>>>> Hello Colm,
>>>>>>
>>>>>> I didn't have any success using above properties.
>>>>>> I got following:
>>>>>>     ... 2 more
>>>>>> Caused by:
>>>>>> org.apache.ws.security.components.crypto.CredentialException: Failed
to
>>>>>> load credentials.
>>>>>>     at
>>>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:376)
>>>>>>     at
>>>>>> org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190)
>>>>>>     at
>>>>>> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
>>>>>>     at
>>>>>> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
>>>>>>     ... 17 more
>>>>>> Caused by: java.security.KeyStoreException: KeyStore jks
>>>>>> implementation not found
>>>>>>     at java.security.KeyStore.getInstance(KeyStore.java:122)
>>>>>>     at
>>>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:362)
>>>>>>     ... 20 more
>>>>>> Caused by: java.security.KeyStoreException: KeyStore jks
>>>>>> implementation not found
>>>>>>     at java.security.KeyStore.getInstance(KeyStore.java:150)
>>>>>>     at java.security.KeyStore.getInstance(KeyStore.java:120)
>>>>>>     ... 21 more
>>>>>>
>>>>>> It was working with Merlin earlier. Here is my properties file:
>>>>>> org.apache.ws.security.crypto.merlin.keystore.file=sample.jks
>>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>>>>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias1
>>>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>>>>
>>>>>> I have bcprov-jdk12-130.jar on the classpath.
>>>>>>
>>>>>> Could you please help me find out what I am doing wrong here?
>>>>>>
>>>>>> Thanks,
>>>>>> Giriraj.
>>>>>>
>>>>>>
>>>>>> On Tue, Feb 18, 2014 at 8:39 AM, Colm O hEigeartaigh <
>>>>>> coheigea@apache.org> wrote:
>>>>>>
>>>>>>> You can use BouncyCastle with the Merlin Crypto implementation.
>>>>>>> Simply add the property:
>>>>>>>
>>>>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>>>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>>>>>
>>>>>>> Colm.
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Feb 18, 2014 at 1:27 PM, Giriraj Bhojak <giriraj2k@gmail.com
>>>>>>> > wrote:
>>>>>>>
>>>>>>>> We have a specific requirement to use Bouncy Castle in the
project.
>>>>>>>> Does this mean we can't use Bouncy Castle at all in the latest
>>>>>>>> version of wss4j?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Giriraj.
>>>>>>>> On Feb 18, 2014 4:51 AM, "Colm O hEigeartaigh" <coheigea@apache.org>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> From what I recall, there was essentially little difference
>>>>>>>>> between the Merlin and BouncyCastle Crypto implementations,
hence the
>>>>>>>>> latter was removed in WSS4J 1.6.x. Why do you need to
use the BouncyCastle
>>>>>>>>> implementation, i.e. what is the Merlin implementation
not doing for you?
>>>>>>>>>
>>>>>>>>> Colm.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Feb 17, 2014 at 7:56 PM, Giriraj Bhojak <
>>>>>>>>> giriraj2k@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> I need to use Bouncy Castle provider with WSS4J 1.6.13.
>>>>>>>>>> Merlin is used by default since 1.6.x.
>>>>>>>>>> Could anyone explain why this was done?
>>>>>>>>>> I mean was there something with Bouncy Castle that
prompted this
>>>>>>>>>> change?
>>>>>>>>>>
>>>>>>>>>> And is following set of keys the right way to use
Bouncy Castle
>>>>>>>>>> with WSS4J (found this from
>>>>>>>>>> https://community.oracle.com/thread/1529571?tstart=1872)?
>>>>>>>>>>
>>>>>>>>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.BouncyCastle
>>>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
>>>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias
>>>>>>>>>> org.apache.ws.security.crypto.merlin.alias.password=password
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>> Giriraj.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Colm O hEigeartaigh
>>>>>>>>>
>>>>>>>>> Talend Community Coder
>>>>>>>>> http://coders.talend.com
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Colm O hEigeartaigh
>>>>>>>
>>>>>>> Talend Community Coder
>>>>>>> http://coders.talend.com
>>>>>>>
>>>>>>> --
>>>>>>> Colm O hEigeartaigh
>>>>>>>
>>>>>>> Talend Community Coder
>>>>>>> <http://coders.talend.com>http://coders.talend.com
>>>>>>>
>>>>>>>
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Mime
View raw message