G�rkan, AFAIK TestWSSecurity10 was used for some tests in conjunction with the secure conversation implementation, not for the WSS profiles. The securce conversation sepcs define other (albeit similar) ways to encrypt and secure message.
IMHO this is therefore not usable for WSS profiles. Anybody of the secure conversation team available to shed some light to this? Regards, Werner > -----Urspr�ngliche Nachricht----- > Von: G�rkan Vural [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 13. Mai 2005 07:50 > An: [email protected] > Betreff: Re: AW: WSS4J TestWSSecurity10.java > > > noone to help? > > -- > gurkan > > G�rkan Vural wrote: > > >wss4j/test/wssec/TestWSSecurity10.java also construct such > an element. > >We are trying to encrypt data with UsernameToken with aes128-cbc > >algorithm. I think the problem here is not referencing > username token. > >since in WSSecurityEngine.java function getSharedKey doesn't try to > >resolve SecurityTokenReference. It directly searchs for > KeyName element > >and throws exception. is this the correct behaviour? > >Also someone commented the processSecurityHeader call in > >wss4j/test/wssec/TestWSSecurity10.java because of this problem. > > > >-- > >gurkan > > > >Dittmann Werner wrote: > > > > > > > >>HI, > >> > >>as an addition: KeyInfo may be followed by a SecurityTokenReference > >>as well. In this case the Reference can not point to a > >>UsernameToken - UT is not designed to hold a key and there > >>is no specification how to use a UsernameToken to get a key. > >>You should use KeyName if you like to use a named key instead > >>of a KeyIdentifier or binary key. > >> > >>Regards, > >>Werner > >> > >> > >> > >> > >> > >>>-----Urspr�ngliche Nachricht----- > >>>Von: G�rkan Vural [mailto:[EMAIL PROTECTED] > >>>Gesendet: Mittwoch, 11. Mai 2005 09:10 > >>>An: [email protected] > >>>Betreff: Re: WSS4J TestWSSecurity10.java > >>> > >>> > >>>While processing security headers below, wss4j reads > DataReference to > >>>decrypt EncryptedData. But when it tries to identify KeyInfo to get > >>>SharedKey, it doesn't understand that key is a > SecurityTokenReference > >>>and tries to find KeyName and throws exception. Do you have > >>>any ideas to > >>>correct this behaviour? > >>> > >>><soapenv:Header> > >>> <wsse:Security > >>>xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 > >>>1-wss-wssecurity-secext-1.0.xsd"> > >>> <xenc:ReferenceList><xenc:DataReference > >>>URI="#EncDataId-1234"/></xenc:ReferenceList> > >>> <wsse:UsernameToken Id="TokenId-1234"> > >>> <wsse:Username>username</wsse:Username> > >>> <wsse:Password > >>>Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > >>>username-token-profile-1.0#PasswordText">password</wsse:Password> > >>> </wsse:UsernameToken> > >>> </wsse:Security> > >>></soapenv:Header> > >>><soapenv:Body> > >>> <xenc:EncryptedData Id="EncDataId-1234" > >>>Type="http://www.w3.org/2001/04/xmlenc#Content";> > >>> <xenc:EncryptionMethod > >>>Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> > >>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > >>> <wsse:SecurityTokenReference > >>>xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 > >>>1-wss-wssecurity-secext-1.0. > >>>xsd"> > >>> <wsse:Reference URI="#TokenId-1234" > >>>ValueType="UsernameToken"/> > >>> </wsse:SecurityTokenReference> > >>> </ds:KeyInfo> > >>> <xenc:CipherData> > >>> <xenc:CipherValue>...</xenc:CipherValue> > >>> </xenc:CipherData> > >>> </xenc:EncryptedData> > >>></soapenv:Body> > >>> > >>> > >>>-- > >>>gurkan > >>> > >>> > >>>G�rkan Vural wrote: > >>> > >>> > >>> > >>> > >>> > >>>>Why the verification code of username token encryption > commented in > >>>>TestWSSecurity10.java? When I try to uncomment the call of > >>>>verifyEMBED_SECURITY_TOKEN_REF (line 211), it throws an exception > >>>>ds:KeyName does not contain a key name. Is it really required? > >>>> > >>>>-- > >>>>G�rkan Vural > >>>> > >>>> > >>>> > >>>> > >>>> > > > ==========================================================- > Bu e-posta sadece yukarida isimleri belirtilen kisiler > arasinda �zel haberlesme amacini tasimaktadir. Size > yanlislikla ulasmissa l�tfen g�nderen kisiyi bilgilendiriniz > ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez > Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir > hukuksal sorumlulugu kabul etmez. > > This e-mail communication is intended for the private use of > the people named above. If you received this message in > error, please immediately notify the sender and delete it > from your system. The Central Bank of The Republic of Turkey > does not accept legal responsibility for the contents of this message. >
