Pls be aware that WSS4J 1.1 does _not_ support any WSS 1.1 features. WSS4J 1.1 was released way before WSS 1.1 became stable. The WSS 1.1 features are being implemented ate the current WSS4J SVN head.
Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Sidhu Kiran IT312 > Gesendet: Montag, 6. März 2006 20:46 > An: Werner Dittmann > Cc: Kosuru, Giri; [email protected]; [EMAIL PROTECTED] > Betreff: RE: WSS4J interoperability > > Yes, i have BouncyCastle installed and is in my classpath. I > am using wss4j 1.1 > > I read on one of .NET forums, that WSE 3.0 by default uses > OAEP algo (if your Client is running on anything _other_ than > Win 2000) , My .NET client is running on XP which is why I am > probably getting this error. > > -----Original Message----- > From: Werner Dittmann [mailto:[EMAIL PROTECTED] > Sent: Monday, March 06, 2006 2:17 PM > To: Sidhu Kiran IT312 > Cc: Kosuru, Giri; [email protected]; [EMAIL PROTECTED] > Subject: Re: WSS4J interoperability > > > Hmmm, > > this message looks very strange. For example the is a digest tag > embedded in an encrypted method tag. Also I can see a very long > SignatureValue (for SHA1 it should be not longer then 28 base64 > characters, 20bytes encoded). > > Which WSS4J version do you use? To me it seems that you use some > features from WSS Specification 1.1 - WSS4J does not yet support > WSS 1.1 fully. > > AES245-cbc should not be a problem if you have BouncyCastle > installed and in you classpath. > > Regards, > Werner > > Sidhu Kiran IT312 wrote: > > Werner, > > Here is the request message from tcpmon : > > > > <?xml version="1.0" encoding="utf-8"?><soap:Envelope > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 > 1-wss-wssecurity-secext-1.0.xsd" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd" > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:H > eader><wsa:Action > wsu:Id="Id-573c8cf1-45fd-4cf1-83cb-abcbd25c8491">http://schema > s.xmlsoap.org/ws/2005/02/trust/RST/SCT</wsa:Action><wsa:Messag > eID > wsu:Id="Id-d6833c13-13bc-45ab-936d-9798d75123e6">urn:uuid:8e69 > b12b-220f-4a71-b728-0214cd29df2c</wsa:MessageID><wsa:ReplyTo > wsu:Id="Id-8e79a687-50f4-42dd-8bb0-9cc2183246b1"><wsa:Address> > http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymou > s</wsa:Address></wsa:ReplyTo><wsa:To > wsu:Id="Id-4f5a6ee6-7aa5-4842-b290-90f451357b30">http://localh > ost:8081/ws-time/axis/TimeSheetService</wsa:To><wsse:Security > soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="Timestamp-17d9e44e-3f > 60-4533-9372-3f81ebded6e7"><wsu:Created>2006-03-06T17:57:15Z</ > wsu:Created><wsu:Expires>2006-03-06T18:02:15Z</wsu:Expires></w > su:Timestamp><wsse:BinarySecurityToken > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3" > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 > 401-wss-soap-message-security-1.0#Base64Binary" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd" > wsu:Id="SecurityToken-6a6765f5-6a50-4ee1-81f6-6f92d5a0550a">MI IDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgVComTANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4> MDMxOTIzNTk1OVowQjEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIE > ludGVyb3AgVGVzdCBDZXJ0MQ4wDAYDVQQDDAVBbGljZTCBnzANBgkqhkiG9w0B > AQEFAAOBjQAwgYkCgYEAoqi99By1VYo0aHrkKCNT4DkIgPL/SgahbeKdGhrbu3 > K2XG7arfD9tqIBIKMfrX4Gp90NJa85AV1yiNsEyvq+mUnMpNcKnLXLOjkTmMCq > DYbbkehJlXPnaWLzve+mW0pJdPxtf3rbD4PS/cBQIvtpjmrDAU8VsZKT8DN5 > Kyz+EZsCAwEAAaOBkzCBkDAJBgNVHRMEAjAAMDMGA1UdHwQsMCowKKImhiRodH > RwOi8vaW50ZXJvcC5iYnRlc3QubmV0L2NybC9jYS5jcmwwDgYDVR0PAQH/BAQD > AgSwMB0GA1UdDgQWBBQK4l0TUHZ1QV3V2QtlLNDm+PoxiDAfBgNVHSMEGDAWgB > TAnSj8wes1oR3WqqqgHBpNwkkPDzANBgkqhkiG9w0BAQUFAAOCAQEABTqpOpvW > +6yrLXyUlP2xJbEkohXHI5OWwKWleOb9hlkhWntUalfcFOJAgUyH30TTpHldzx > 1+vK2LPzhoUFKYHE1IyQvokBN2JjFO64BQukCKnZhldLRPxGhfkTdxQgdf5rCK > /wh3xVsZCNTfuMNmlAM6lOAg8QduDah3WFZpEA0s2nwQaCNQTNMjJC8tav1CBr > 6+E5FAmwPXP7pJxn9Fw9OXRyqbRA4v2y7YpbGkG2GI9UvOHw6SGvf4FRSthMMO 35YbpikGsLix3vAsXWWi4rwfVOYzQK0OFPNi9RMCUdSH06m9uLWckiCxjos0FQODZE9l4ATGy9s9hNVwryOJTw==</wsse:BinarySecurityToken><xenc:EncryptedKey > Id="SecurityToken-8833da7d-03b8-44c7-bf20-f9b5835d3e45" > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:Encryptio > nMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";><d > s:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /></xenc:EncryptionMethod><KeyInfo xmlns="http://www.w3.org/ > 2000/09/xmldsig#"><wsse:SecurityTokenReference><wsse:KeyIdenti > fier > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 > 401-wss-soap-message-security-1.0#Base64Binary">Xeg55vRyK3ZhAE > hEf+YT0z986L0=</wsse:KeyIdentifier></wsse:SecurityTokenReferen > ce></KeyInfo><xenc:CipherData><xenc:CipherValue>miRJ8HeTchMW/I AUtNlhAFP9vRQQbc2Dg4242w6D6j0QVatdYn327NCtaUL4dxSrj0E/ITeUpdGcbscb2zfsUdraRgxmnOD+sId0rHcEu1ZniWkzz3ig1BKuoW7Pt0S2zu+> 3wFZdkwmeamK579RAzIOxJB56zRa9HnpBrtCiwQo=</xenc:CipherValue></ > xenc:CipherData><xenc:ReferenceList><xenc:DataReference > URI="#Enc-276d2c6c-d002-48ff-b8de-1a0157e02bf3" > /></xenc:ReferenceList></xenc:EncryptedKey><Signature > Id="Sig-dfdf17e1-2f0b-4c68-bdfb-0768b14af4a4" > xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><ds:Can > onicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsi > g#" /><SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; > /><Reference > URI="#Id-573c8cf1-45fd-4cf1-83cb-abcbd25c8491"><Transforms><Tr > ansform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>He5gnu4lm7eFVXlS12OEb6whW4s=</DigestValue></Ref > erence><Reference > URI="#Id-d6833c13-13bc-45ab-936d-9798d75123e6"><Transforms><Tr > ansform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>pgWZzb5AlyeWZjcKQylrYKwMmeU=</DigestValue></Ref > erence><Reference > URI="#Id-8e79a687-50f4-42dd-8bb0-9cc2183246b1"><Transforms><Tr > ansform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>UJebKSurE5cD5A35Tw2BNpTunVc=</DigestValue></Ref > erence><Reference URI="#Id-4f5a6ee6-7aa5-4842-b290-90f451357b30"><Tran > sforms><Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>rDYbxbJiUiGOQVQZfhIoh3yw3EE=</DigestValue></Ref > erence><Reference > URI="#Timestamp-17d9e44e-3f60-4533-9372-3f81ebded6e7"><Transfo > rms><Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>4TZ08S95wR/NkfoxCR5Ahpj11Kg=</DigestValue></Ref > erence><Reference > URI="#Id-84ce6832-61bc-49d1-9a34-3904178c34ea"><Transforms><Tr > ansform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>N2w11rXFf1U10EAx5eYkfE4ajh0=</DigestValue></Ref > erence></SignedInfo><SignatureValue>yyISShmfokh8gUYM2w7amwwe4w > A=</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse > :Reference > URI="#SecurityToken-8833da7d-03b8-44c7-bf20-f9b5835d3e45" > ValueType="htt > p://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1. > 1#EncryptedKey" > /></wsse:SecurityTokenReference></KeyInfo></Signature><Signatu > re > xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><ds:Can > onicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > /><SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; > /><Reference > URI="#Sig-dfdf17e1-2f0b-4c68-bdfb-0768b14af4a4"><Transforms><T > ransform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > /></Transforms><DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /><DigestValue>37FKLF+uTsQ40AWrzUDQ79iRFh0=</DigestValue></Ref > erence></SignedInfo><SignatureValue>Fxgo37ZkpbmazouMn46PESDK6h JRc9GhtQRvZaRRIzArXvfsaZiM6d1pTxh6G6FI6JbKSTDImN6J5mDFF3ff+b6pKpZIfxytZf9Hq/38AeLuyrQnzRjwI/tlKJ3BXt/kt2efF8UVErutBsRv27brfEnJieJfzBFZ04qsF/tO9NU=</Signat> ureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference > URI="#SecurityToken-6a6765f5-6a50-4e > e1-81f6-6f92d5a0550a" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3" > /></wsse:SecurityTokenReference></KeyInfo></Signature></wsse:S > ecurity></soap:Header><soap:Body > wsu:Id="Id-84ce6832-61bc-49d1-9a34-3904178c34ea"><xenc:Encrypt > edData Id="Enc-276d2c6c-d002-48ff-b8de-1a0157e02bf3" > Type="http://www.w3.org/2001/04/xmlenc#Content"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:Encryptio > nMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"; /><xenc:CipherData><xenc:CipherValue>4NH12HQyhgoYuIsHJHC9FHhPTofzcCHRq7NCl7/FInXfqOJPcn/PsrlUUEJ+aUbHDxNPYlEp6dGEf7awvyL8qvVbeIbmMU1pEPXmyzc+dU1aeR60s/AO9> xh13Z9wP+YaKdpDrUn/dvE1Kf/2wvNVU8A+DXIabgSS2Rjrlqn4PQqFnq+r/sZ > DYPMPVhdEfj60OZT0P0UxI4dPPqnj873N0qSsx6B49L6T03KIVRSPFjk51ZRjH > QCug/RM+AH5hL+WzPckWchnML+WJ/rENcgQHP1w8uvrleO6rexE/IpkXAE7RP1 > snMw5kW85LgR8akzfUroPU+qCCMtw2sVNtbria7gTIcIm1YDBXU7Hx/GUPUB3u > yNEX6D6i6SUgrcFCBGmLRwhIT7c4/e9AphrV6pxH73ZhzxyR4u62Wj+E8Dqn48 > 7xUaOe+SrBx4qwWFUSYyXE > 8hBl39aFVnVpmiu1X2sp/4nBzSq8Bq0hhaeD4btbgxubU3PmzjkLlHGKY3MOgB > ieweKkEzhWNbDu3iJdWhJAmarptpbIJeQwRbJNk6dSbupfxCpwm7p0FPMfsqlH > zBFoyQj9vU+oRtKKBMVqZX01mRqJtAKsxKcaX30+ljcO1E0tEjs8b6JUzVZ4jD 2tzRecXYQcRgmJ9bDgl4EN6PPBGTQK4PJEKZIuxffrZj7WrSGcxcIqPWzi1H2NY4LZ1/Ta6bebb5mUtug5Lflvi7NwzIXcs9vWnQVzPm+mf8c3KxMkl9yvDl1JgM1PzYgK9q4a9vW8fFZTDVRpKkyHNPrR> 1cGa1zN1rfRf0cAp554P5k=</xenc:CipherValue></xenc:CipherData></ > xenc:EncryptedData></soap:Body></soap:Envelope> > > > > -----Original Message----- > > From: Werner Dittmann [mailto:[EMAIL PROTECTED] > > Sent: Monday, March 06, 2006 12:14 PM > > To: Sidhu Kiran IT312 > > Cc: Kosuru, Giri; [email protected]; [EMAIL PROTECTED] > > Subject: Re: WSS4J interoperability > > > > > > CAn you provide your deployment parameters? Even better if you could > > show the message (using e.g tcpmon to monitor it). > > > > Regards, > > Werner > > > > Sidhu Kiran IT312 wrote: > > > >>I am trying to test with .NET 2.0 client , WSE 3.0 and I am > running into > >>problems :( > >> > >>I am getting the following exception (I googled on this and > installed > >>local_policy.jar and Us_export_policy.jar as suggested by > some posters, > >>but it didn't help ) > >> > >> > >>org.apache.ws.security.WSSecurityException: Cannot > encrypt/decrypt data; > >>nested exception is: > >> > >>java.lang.SecurityException: Unsupported keysize or > algorithm parameters > >> > >> -----Original Message----- > >> *From:* Kosuru, Giri [mailto:[EMAIL PROTECTED] > >> *Sent:* Monday, March 06, 2006 10:55 AM > >> *To:* [email protected]; [EMAIL PROTECTED]; > >> [EMAIL PROTECTED] > >> *Subject:* WSS4J interoperability > >> > >> Hi all, > >> > >> > >> > >> We implemented WSS4J for securing one of our Web > >> Services (Uses apache Axis). As the implementation seems to be > >> simple and straight forward for basic requirements, we > are planning > >> to make it as a standard for other java/j2ee applications to > >> implement WSS4J. But we are concerned about the > interoperability of > >> WSS4J with others, particularly .NET. The WSS4J web > site says it is > >> interoperable. But did any body did integrate WSS4J with .NET > >> before? If yes, what are your experiences? Is it safe to assume > >> interoperability and go ahead and make it a standard? You > >> experiences will help me a lot on making a good > decision. Mean while > >> I will also try to test and if I find some thing I will > share with you. > >> > >> > >> > >> Thanks > >> > >> Giri Kosuru > >> > >> > >> > >> > >> > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
