I also tried configuring the bouncy castle to start at runtime and also listed it as a security provider with the java jre with no luck.
I can’t exactly see if that code is being called in intellij. It is giving some message where the byte code is different from the source code and the downloaded sources don’t match exactly. The test case would be calling CXF from WCF and dictating a signed and encrypted data element configured with certificates that are issued by signing authority that has the E instead of EMAILADDRESS in the subject. I will see if I can build a sample that does not have the business logic in it to reproduce this. But let me know if anything else rings a bell. Thanks again! From: Colm O hEigeartaigh [mailto:[email protected]] Sent: Friday, November 10, 2017 11:20 AM To: [email protected] Cc: [email protected] Subject: Re: .Net and CXF Incompatibility No, I would have thought that should be enough. Do you have access to a debugger? If so can you see if the BouncyCastle parsing code is being called in Merlin? Failing that if you have a test-case I can take a look. Colm. On Fri, Nov 10, 2017 at 3:10 PM, <[email protected] <mailto:[email protected]> > wrote: I saw that comment in the source code but didn't get the full picture. I tried this version of bouncy. <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on --> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> <version>1.58</version> </dependency> With this CXF but it didn't seem to pick it up. Is there any other config that I missed? Thank you! This would be a big lifesaver if it is working. <apache.cxf.version>3.2.0</apache.cxf.version> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-spring-boot-starter-jaxws</artifactId> <version>${apache.cxf.version}</version> </dependency> <!-- https://mvnrepository.com/artifact/org.apache.cxf/cxf-rt-ws-security --> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-ws-security</artifactId> <version>${apache.cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-frontend-jaxws</artifactId> <version>${apache.cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-transports-http</artifactId> <version>${apache.cxf.version}</version> </dependency> -----Original Message----- From: Colm O hEigeartaigh [mailto:[email protected] <mailto:[email protected]> ] Sent: Friday, November 10, 2017 4:51 AM To: [email protected] <mailto:[email protected]> Subject: Re: .Net and CXF Incompatibility Apache WSS4J has special support to use BouncyCastle to parse the IssuerName, if BouncyCastle is available. See the comment here: https://github.com/apache/wss4j/blob/b8d4f1b29e98c53edeb0ffdf1dc4a90382e9fd9e/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java#L943 So if BouncyCastle is added to your classpath it should hopefully work. Colm. On Thu, Nov 9, 2017 at 5:23 PM, <[email protected] <mailto:[email protected]> > wrote: > Hi, > > > > I am integrating WCF client with CXF web service using JAX-WS. > > > > A certificate with issuer that includes an email option > "[email protected] <mailto:[email protected]> <mailto:E <mailto:E> > [email protected] <mailto:[email protected]> > " is sent from the > client to the server with the issue name as part of the security > header in the message. > > > > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig# > <http://www.w3.org/2000/09/xmldsig> "> > > <o:SecurityTokenReference> > > <X509Data> > > <X509IssuerSerial> > > <X509IssuerName>[email protected] <mailto:[email protected]> > <mailto:E <mailto:E> [email protected] <mailto:[email protected]> > > .. > </X509IssuerName> > > > > But X500Princpal.Java currently does not accept E as a valid type so > the request fails throwing an exception in X500Principal.java > > > > java.io.IOException: Invalid keyword "E" > > > > ..NET WCF does not replace the issuer name in the header with an RDN - > 1.2.840.113549.1.9.1 if it did that it should work. > > > > But I am looking for a work around here. Has anyone ran into this issue? > > > > Mark > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
