> builder.setKeyEnc(WSConstants.TRIPLE_DES);
> builder.setEncryptSymmKey(false);
This is not valid. Triple Des is a symmetric encryption algorithm, and not
a key transport algorithm. Also, you want to encrypt the symmetric key here
(using the X.509 Certificate). So just comment out the
"setEncryptSymmKey(false)" call + change "setKeyEnc" to
"setSymmetricEncAlgorithm" and it should work.
> Should the WSSecSignature.setX509Certificate method take care of that?
No, because you need to specify a username + password as well to access the
private key required to sign the request.
Colm.
On Wed, Aug 6, 2014 at 4:57 PM, Adrian Williamson <aw@octavo2.demon.co.uk>
wrote:
> Hi,
>
>
>
> I believe that I am using WSS4J 2.0.2, if you have a specific process for
> understanding the version please don’t be shy – I’ll use it then we both
> know that I will have given the correct info.
>
>
>
> By core do you mean the JDK? If so then :
>
>
>
> java version "1.7.0_55"
>
> Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
>
> Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)
>
>
>
> That error in particular I have avoided by using BST_DIRECT_REFERENCE, I’m
> afraid I was doing that two-year-old learning technique of pressing all the
> buttons at once, so I might have been the cause of the error – not knowing
> my apples from pears:
>
>
>
> //This gives Error when calling DDOperation: An invalid security token
> was provided (Bad ValueType "
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> ")
>
>
>
>
>
> java.security.cert.X509Certificate recipientCert = (X509Certificate)
> keysRSA.getks().getCertificate("wsstestservice");
>
> Document doc = soapEnvelope.getOwnerDocument();
>
> org.apache.wss4j.dom.message.WSSecHeader secHeader = new WSSecHeader();
>
>
>
> builder.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
>
> builder.setKeyEnc(WSConstants.TRIPLE_DES);
>
> builder.setEncryptSymmKey(false);
>
> builder.setUseThisCert(recipientCert);
>
>
>
> try
>
> {
>
> secHeader.insertSecurityHeader(doc);
>
> builder.build(doc, crypto, secHeader);
>
> }
>
> catch (WSSecurityException e)
>
>
>
> So I am not too worried about that as I have moved on.
>
>
>
> I did find another issue with the WSSecSignature, when using the
> WSSecSignature.setX509Certificate and then calling WSSecSignature.build it
> throw a null identifier (merlin.java:744) for the GetPrivateKey() as the
> calling context WSecSigniture.java:530 had this.user set to null, I worked
> out that if I used WSSecSignature.setUserInfo and passed in the alias and
> the JKS password then it stopped moaning and got on with it.
>
>
>
> Should the WSSecSignature.setX509Certificate method take care of that?
>
>
>
> My work in progress/prototype is below, I’m trying to mimic the SOAPUI WSS
> specification:
>
>
>
>
>
> I’ll go and look at those examples.
>
>
>
> Cheers,
>
>
>
> Adrian
>
> PS Bonus points for identifying Cargo Cult sections….
>
>
>
>
>
>
>
> private SOAPMessage encriptBody(SOAPMessage soapMessage) throws Exception
> {
>
> SOAPPart soapPart = soapMessage.getSOAPPart();
>
> SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
>
>
>
> WSSecEncrypt builder = new WSSecEncrypt();
>
> WSSecTimestamp builderTS = new WSSecTimestamp();
>
> WSSecSignature builderSig = new WSSecSignature();
>
>
>
>
>
> Crypto crypto = null;
>
> //Class constructor candidates
>
> try {
>
> //Where will I put the properties file?
>
> crypto = CryptoFactory.getInstance("Ball.properties");
>
> }
>
> catch (WSSecurityException e)
>
> {
>
> System.err.println("Crypto crypto =
> CryptoFactory.getInstance(\"Ball.properties\"): " + e.getMessage());
>
> }
>
> java.security.cert.X509Certificate recipientCert = (X509Certificate)
> keysRSA.getks().getCertificate("wsstestservice");
>
> java.security.cert.X509Certificate ourCert = (X509Certificate)
> keysRSA.getks().getCertificate("wsclientcert");
>
>
>
> builder.setUseThisCert(recipientCert);
>
> builderSig.setX509Certificate(ourCert);
>
>
>
> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
>
> builderTS.setTimeToLive(5000);
>
> builderSig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
>
> builderSig.setUserInfo("wsclientcert", "password1");
>
> //End Class constructor candidates
>
>
>
>
>
> Document doc = soapEnvelope.getOwnerDocument();
>
> org.apache.wss4j.dom.message.WSSecHeader secHeader = new WSSecHeader();
>
>
>
> try
>
> {
>
> secHeader.insertSecurityHeader(doc);
>
> builderTS.build(doc, secHeader);
>
> builderSig.build(doc, crypto, secHeader);
>
> builder.build(doc, crypto, secHeader);
>
> }
>
> catch (WSSecurityException e)
>
> {
>
> System.err.println("Failed in builder block: " + e.getMessage());
>
> e.printStackTrace();
>
> System.exit(1);
>
> }
>
>
>
> return soapMessage;
>
> }
>
>
>
>
>
>
>
> *From:* Colm O hEigeartaigh [mailto:coheigea@apache.org]
> *Sent:* 06 August 2014 15:48
> *To:* users@ws.apache.org
> *Subject:* Re: Does anyone have an example of using
> WSSecEncrypt.setUseThisCert()
>
>
>
>
>
> Here are some:
>
>
> http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revision=1503186&view=co
>
> What version of WSS4J? What does the request look like that is generating
> that error + what core are you using to generate it?
>
> Colm.
>
>
>
> On Wed, Aug 6, 2014 at 9:35 AM, Adrian Williamson <aw@octavo2.demon.co.uk>
> wrote:
>
> Hi,
>
> Has anyone got an example of how this method can be used?
>
> I've trying different values for the WSSecEncrypt.setKeyIdentifierType()
> but
> I keep getting application specific error messages back from the private
> service I'm calling.
>
> One of the error messages made me stop and ponder the extent of my
> ignorance;
>
> WSConstants.X509_KEY_IDENTIFIER it returned:
>
> An invalid security token was provided (Bad ValueType
> "
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-
> 1.0#X509v3
> <http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-%0d%0a1.0#X509v3>
> ")
>
> So I thought if someone had a nice little test case that used an X509
> certificate to encrypt it might help me along.
>
> So I can see how it is supposed to be done.
>
> Thanks
>
> Adrian
>
>
>
>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
|