From: Laurence Brockman [mailto:[EMAIL PROTECTED]
Sent: Thu 11/17/2005 8:14 AM
To: Dittmann, Werner; Granqvist, Hans; [EMAIL PROTECTED]; [email protected]
Subject: RE: WSS4J and Kerberos signatures
I put it in the lib/ext director previously when I received the
error so it doesn't seem to make a difference if it is in the CLASSPATH or in
the lib/ext directory.
Thanks,
Laurence
-----Original
Message-----
From: Dittmann, Werner [mailto:[EMAIL PROTECTED]]
Sent:
November 17, 2005 4:50 AM
To: Granqvist, Hans; Laurence Brockman;
[EMAIL PROTECTED]; [email protected]
Subject: AW: WSS4J and Kerberos
signatures
Hans,
haven't checked this. Do you think this makes
a
difference? The BC jar is a signed jar, and we
never had problems using
it via CLASSPATH ...
Regards,
Werner
> -----Ursprüngliche
Nachricht-----
> Von: Granqvist, Hans [mailto:[EMAIL PROTECTED]]
>
Gesendet: Mittwoch, 16. November 2005 18:08
> An: Dittmann, Werner;
Laurence Brockman; [EMAIL PROTECTED];
> [email protected]
>
Betreff: RE: WSS4J and Kerberos signatures
>
> Do you get the same
errors if the jar is in lib/ext as if
> it is on the
classpath?
>
> -Hans
>
> > -----Original
Message-----
> > From: Dittmann, Werner [mailto:[EMAIL PROTECTED]]
>
> Sent: Tuesday, November 15, 2005 11:02 PM
> > To: Laurence
Brockman; [EMAIL PROTECTED]; [email protected]
> > Subject: AW:
WSS4J and Kerberos signatures
> >
> > Laurence,
>
>
> > I've the same problem here with jdk1.5, runing on a XP
box,
> > no problems with jdk1.4 . I'm starting to investigate
the
> > problem, but it seems to be burried somewhere in the
crypto
> > code ... I'm not really sure what is wrong.
>
>
> > Regards,
> > Werner
> >
> > >
-----Ursprüngliche Nachricht-----
> > > Von: Laurence Brockman [mailto:[EMAIL PROTECTED]]
>
> > Gesendet: Dienstag, 15. November 2005 22:18
> > > An:
[EMAIL PROTECTED]; [email protected]
> > > Betreff: RE: WSS4J
and Kerberos signatures
> > >
> > > Ok, I've done all
that and it is processing more tests
> then before,
> > >
however, it is still failing with the following (Again, I am using
> >
> jdk1.5 and have added the provider to java.security as well as
> >
> downloading the unlimited strength crypto stuff from sun).
> >
>
> > > Any ideas would be awesome!
> > >
>
> > org.apache.ws.security.WSSecurityException: Cannot
>
encrypt/decrypt
> > > data; nested exception is:
> > >
> >
org.apache.xml.security.encryption.XMLEncryptionException:
> pad
block
> > > corrupted Original Exception was
> >
javax.crypto.BadPaddingException: pad
> > > block corrupted
>
> > at
> > >
org.apache.ws.security.processor.EncryptedKeyProcessor.decrypt
> > >
DataRef(En
> > > cryptedKeyProcessor.java:388)
> > >
at
> > >
org.apache.ws.security.processor.EncryptedKeyProcessor.handleE
> > >
ncryptedKe
> > > y(EncryptedKeyProcessor.java:313)
> > >
at
> > >
org.apache.ws.security.processor.EncryptedKeyProcessor.handleE
> > >
ncryptedKe
> > > y(EncryptedKeyProcessor.java:81)
> > >
at
> > >
org.apache.ws.security.processor.EncryptedKeyProcessor.handleT
> > >
oken(Encry
> > > ptedKeyProcessor.java:75)
> > >
at
> > >
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> > >
WSSecurity
> > > Engine.java:252)
> > >
at
> > >
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> > >
WSSecurity
> > > Engine.java:179)
> > >
at
> > >
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> > >
WSSecurity
> > > Engine.java:132)
> > > at
wssec.TestWSSecurity2.verify(TestWSSecurity2.java:234)
> > >
at
> > >
wssec.TestWSSecurity2.testEncryptionDecryptionRSA15(TestWSSecu
> > >
rity2.java
> > > :162)
> > > at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > >
at
> > >
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess
> > >
orImpl.jav
> > > a:39)
> > > at
> > >
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth
> > >
odAccessor
> > > Impl.java:25)
> > > at
java.lang.reflect.Method.invoke(Method.java:585)
> > > at
junit.framework.TestCase.runTest(TestCase.java:154)
> > > at
junit.framework.TestCase.runBare(TestCase.java:127)
> > > at
junit.framework.TestResult$1.protect(TestResult.java:106)
> > >
at junit.framework.TestResult.runProtected(TestResult.java:124)
>
> > at junit.framework.TestResult.run(TestResult.java:109)
>
> > at junit.framework.TestCase.run(TestCase.java:118)
> >
> at junit.framework.TestSuite.runTest(TestSuite.java:208)
>
> > at junit.framework.TestSuite.run(TestSuite.java:203)
>
> > at
junit.framework.TestSuite.runTest(TestSuite.java:208)
> > >
at junit.framework.TestSuite.run(TestSuite.java:203)
> > >
at
> > >
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTest
> > >
s(RemoteTe
> > > stRunner.java:478)
> > >
at
> > >
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(Rem
> > >
oteTestRun
> > > ner.java:344)
> > > at
>
> > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(Re
>
> > moteTestRu
> > > nner.java:196)
> > > Caused
by:
> >
org.apache.xml.security.encryption.XMLEncryptionException:
> > > pad
block corrupted
> > > Original Exception was
javax.crypto.BadPaddingException:
> pad block
> > >
corrupted
> > > at
> > >
org.apache.xml.security.encryption.XMLCipher.decryptToByteArra
> > >
y(Unknown
> > > Source)
> > > at
> >
>
>
org.apache.xml.security.encryption.XMLCipher.decryptElement(Unknown
> >
> Source)
> > > at
> > >
org.apache.xml.security.encryption.XMLCipher.decryptElementCon
> > >
tent(Unkno
> > > wn Source)
> > > at
org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown
> > >
Source)
> > > at
> > >
org.apache.ws.security.processor.EncryptedKeyProcessor.decrypt
> > >
DataRef(En
> > > cryptedKeyProcessor.java:386)
> > >
... 25 more
> > >
> > >
> > >
-----Original Message-----
> > > From: Davanum Srinivas [mailto:[EMAIL PROTECTED]]
> > >
Sent: November 15, 2005 1:47 PM
> > > To: Laurence Brockman;
[email protected]
> > > Subject: Re: WSS4J and Kerberos
signatures
> > >
> > > http://www.bouncycastle.org/documentation.html
>
> > http://www.bouncycastle.org/specifications.html#install
>
> >
> > > scroll down a bit on the second link and look for
java.security
> > >
> > > -- dims
> >
>
> > > PS: Please post directly to the list. So that others
may
> answer as
> > > well
> > > :)
> >
>
> > > On 11/15/05, Laurence Brockman
<[EMAIL PROTECTED]> wrote:
> > > > Thanks for such
a quick reply! I think the problem is that
> > > I am using
>
> > > jdk1.5... Does the bouncycastle.org site have information
about
> > > > installing the bouncycastle provider or is there
any other
> > > sites I can
> > > > get documentation
about this?
> > > >
> > > > Thanks again!
>
> > > Laurence
> > > >
> > > >
-----Original Message-----
> > > > From: Davanum Srinivas [mailto:[EMAIL PROTECTED]]
> > >
> Sent: November 15, 2005 1:40 PM
> > > > To: Laurence
Brockman; [email protected]
> > > > Subject: Re: WSS4J and
Kerberos signatures
> > > >
> > > > All the code
needed is in the svn itself. you should
> not need any
> > >
> additional jars. just get the stuff from SVN. make sure
> > you
have the
> > > > strong crypto stuff installed in your JDK (check
the
> > > download site for
> > > > the jdk and it is
available as a separate download) and
> > > then run "ant
>
> > > test". Are u using JDK1.4? (better to use that version,
>
there is
> > > > additional steps for jdk1.5 - namely installing
the boucnycastle
> > > > provider)
> > > >
>
> > > NOTE: don't use the maven build :)
> > > >
>
> > > thanks,
> > > > dims
> > >
>
> > > > On 11/15/05, Laurence Brockman
>
<[EMAIL PROTECTED]> wrote:
> > > > > Sounds
good.
> > > > >
> > > > > Quick question...
I've checked out the latest source
> > from SVN and
> > >
I'm
> > > > > trying to run the Ant JUnit tests and they keep
failing.
> > > When I run
> > > > the
> >
> > > JUnit tests through eclipse directly they are throwing a
>
> > connection
> > > > > denied exception. I have
installed Axis 1.2.1 here but
> > I have not
> > > >
> deployed any test web services so even if I start that up
> > >
they still
> > > > > fail with service not found exceptions.
Is there a
> way to easily
> > > > either
> > >
> > test this stuff without deploying the test web services
> >
> or to bypass
> > > > > these tests? I've also installed
maven and tried to
> compile that
> > > way,
> > >
> > but it is failing as well.
> > > > >
> >
> > > I also noticed in the project.xml file that you have
> >
excluded the
> > > > > wssec/PackageTests.java and the
>
> interop/PackageTests.java. Is that
> > > > > because of
the above mentioned errors?
> > > > >
> > > >
> After looking through the source code, I believe what I
> > would
want
> > > to
> > > > do
> > > > >
would be to create Kerberos token processor and action
> > classes
and
> > > add
> > > > a
> > > > >
case into both getAction and getProcessor to point to
> these new
>
> > > classes.
> > > > >
> > > > >
Sorry for the barrage of questions.
> > > > >
> >
> > > Thanks,
> > > > > Laurence
> > >
> >
> > > > > -----Original Message-----
> >
> > > From: Davanum Srinivas [mailto:[EMAIL PROTECTED]]
> > >
> > Sent: November 14, 2005 3:02 PM
> > > > > To:
Laurence Brockman
> > > > > Cc:
[email protected]
> > > > > Subject: Re: WSS4J and
Kerberos signatures
> > > > >
> > > > >
Please see what is being done for SAML and use that as
> > a
template
> > > for
> > > > > Kerberos.
>
> > > >
> > > > > thanks,
> > > >
> dims
> > > > >
> > > > > On 11/14/05,
Laurence Brockman
> > <[EMAIL PROTECTED]> wrote:
>
> > > > > Correct me if I'm wrong here, but this is what I'm
thinking:
> > > > > >
> > > > > >
After grabbing the source from SVN and looking at the
> > >
documentation,
> > > > I
> > > > > > believe
the right place for me to start would be to
> > extend the
> >
> > > > org.apache.ws.axis.security class to handle the
Kerberos
> > > > requirements
> > > > > >
specified in the OASIS document.
> > > > > >
> >
> > > > Forgive me for so many questions, but I'm new to
>
> > Axis/WSS4J and I
> > > > want
> > > >
> > to make sure that I'm heading down the right path.
> > >
> > >
> > > > > > Specifically, what we are
looking to implement is just the
> > > > > > authentication
portion of Kerberos and not the
> > > encryption portion
>
> > > (We
> > > > > > want to authenticate
incoming SOAP requests against a
> > KDC). Down
> > >
the
> > > > > > road we will likely look at the encryption
portion, but
> > > that won't
> > > > > >
likely be for a few months at least.
> > > > > >
>
> > > > > Thanks again!!
> > > > > >
Laurence
> > > > > >
> > > > > >
-----Original Message-----
> > > > > > From: Davanum
Srinivas [mailto:[EMAIL PROTECTED]]
> > >
> > > Sent: November 11, 2005 8:18 PM
> > > > > >
To: Laurence Brockman
> > > > > > Cc:
[email protected]
> > > > > > Subject: Re: WSS4J and
Kerberos signatures
> > > > > >
> > > > >
> Laurence,
> > > > > >
> > > > > >
I believe you start with taking a look at the Kerberos Token
> > >
Profile
> > > > > > at the OASIS WSS TC web site:
>
> > > > >
> > > > > >
> http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
>
> > > > >
> > > > > > There's lots of
refactoring in the latest SVN, which
> > > makes it easy
>
> > > to
> > > > > > plugin a new token profile.
So please get the latest
> > > SVN code and
> > > >
> > start asking more questions :)
> > > > >
>
> > > > > > thanks,
> > > > > >
dims
> > > > > >
> > > > > > On
11/10/05, Laurence Brockman
> > > <[EMAIL PROTECTED]>
wrote:
> > > > > > >
> > > > > >
>
> > > > > > >
> > > > > > >
Hello,
> > > > > > >
> > > > > >
>
> > > > > > >
> > > > > > >
Sorry if this is a FAQ but I have been looking for
> > answers
to
> > > this
> > > > > > high and
> >
> > > > > low and have not seen this on the list.
> >
> > > > >
> > > > > > >
> > >
> > > >
> > > > > > > We are going to try
and use Kerberos to
> > authenticate users on
> > >
our
> > > > > SOAP
> > > > > > >
server. What we envision is having the client send
> > > down the
SOAP
> > > > > > request
> > > > > >
> with a service ticket from a KDC. The server (Axis
> > using
WSS4J
> > > on
> > > > > > Tomcat)
> >
> > > > > would then authenticate this user against said KDC.
After
> > > briefly
> > > > > > looking
at
> > > > > > > the documentation within the WSS4J code
I think
> > what we would
> > > want
> > > >
> to
> > > > > > do is
> > > > > >
> extend the WSDoAllHandler class (From the
> > > > > >
> org.apache.axis.security.handler package). Is this
> > the
right
> > > > > > > direction to be going in? Has
anybody looked at
> > > this? I'm
> > > > > >
relatively
> > > > > > > new to Axis/WSS4J and some
guidance would be awesome!
> > > > > > >
> >
> > > > >
> > > > > > >
> > >
> > > > Thanks,
> > > > > > >
> >
> > > > > Laurence
> > > > > > >
>
> > > > > >
> > > > > > >
> >
> > > > > Laurence Brockman
> > > > > >
> Server Specialist, Shaw Operations Centre Shaw
> >
> > > > > Communications Inc.
> > > > > >
> Phone : (403) 303-4805
> > > > > > >
E-mail : [EMAIL PROTECTED]
> > > > > > >
>
> > > > > >
> > > > > > >
> >
> > > > > ACCOUNTABLE BALANCE
CUSTOMER FOCUSED INTEGRITY
> > > LOYALTY
>
> > > > > > POSITIVE, CAN DO ATTITUDE TEAM
PLAYER
> > > > > > >
> > > > > >
>
> > > > > >
> > > > > >
>
> > > > > --
> > > > > > Davanum Srinivas :
http://wso2.com/blogs/
> > >
> > >
> > > > > >
> > > >
>
> >
> >
>
---------------------------------------------------------------------
>
> > > > > To unsubscribe, e-mail:
[EMAIL PROTECTED]
> > > > > > For
additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> > > >
> > > > > >
> > > >
>
> > > > >
> > > > > --
> >
> > > Davanum Srinivas : http://wso2.com/blogs/
> > > >
>
> > > >
> > > >
> > > >
--
> > > > Davanum Srinivas : http://wso2.com/blogs/
> > >
>
> > >
> > >
> > > --
> > >
Davanum Srinivas : http://wso2.com/blogs/
> >
>
> > >
> >
>
---------------------------------------------------------------------
>
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>
> > For additional commands, e-mail: [EMAIL PROTECTED]
>
> >
> > >
> >
> >
>
---------------------------------------------------------------------
>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >
For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> >
> >
>
