Hello, I send one mail last week regarding encryption problem with WSS4J but does not get answer yet. Just try to post it again. I do not understand why wss4j append _cert0 for the alias name, I do not have any alias with _cert0.
Thanks for help. Best Regards, Hai -----Original Message----- From: Long, Hai Sent: Mittwoch, 19. Juli 2006 19:34 To: '[email protected]' Subject: Encryption problem with WSS4J Hello Folks, I am quite new in WSS4J and I think this is probably a newbie question. Short description of my scenario. I send from one web client (jsp) one SOAP request to my Webservice and on the client side I use wss4j to sign and encrypt my SOAP request message. On the receiver side I use the same key to Decrypt and Validate the Message. If I only Sign the message everything works fine, but if I encrypt the message I get always in log file - Found encrypted key element - X509 SKI alias: d044451_cert0 - cert: [0] Version: 3 ... Signature Algorithm: MD5WithRSAEncryption Signature: 4c8b08f6b6663a3e343c38106478f9416f00ad37 d5d42a4795d68303c35d0c2cb5585f84c666f2c5 068d9c2638ed02978e76057a6b3243ef99255659 6c56f2bca3869af70016f7b09918e69ee17a3e9d d08ec74b8ec8bbc2c2ec3040833f2f739cc58d63 412dfe8d97a2e2112e23892742e801d28e27cc8c e869dfc5e378fe9a Extensions: critical(false) 2.5.29.14 value = DER Octet String[20] - KeyIdentifier Alias: d044451_cert0 - Cannot find key for alias: d044451_cert0 org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data; nested exception is: java.lang.Exception: Cannot find key for alias: d044451_cert0 at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(En cryptedKeyProcessor.java:283) at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(En cryptedKeyProcessor.java:84) The key (format PKCS12)is self-signed and I use the same one on both client and server side. As far as I understand the certificate should be used for verification the signature, but somehow it works with the key, I do not specify any certificate on the server side. I use the SKIKeyIdentifier in the client.wsdd file <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" /> I do not understand how this _cert0 come from. I do not have this key alias at all. If I send this signed and encrypted SOAP message to SAP Netweaver Component XI and configure the same key for decryption and the certificate for verification the Signature, the message get decrypted and validated successfully. It seems that the encryption and signing works on the client side. If I send the request directly to WebService running on AXIS with wss4j for security. I get mentioned error. Please see also the attached configuration at the end of mail. Any Help are appreciate. Many thanks. Best regards, Hai ---- Client Configuration <deployment xmlns="http://xml.apache.org/axis/wsdd/"; xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";> <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/> <globalConfiguration > <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" > <parameter name="user" value="d044451"/> <parameter name="passwordType" value="PasswordText"/> <parameter name="signatureKeyIdentifier" value="DirectReference" /> <parameter name="passwordCallbackClass" value="com.apache.axis.sample.PWCallback"/> <parameter name="action" value="Signature Encrypt"/> <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" /> <parameter name="encryptionUser" value="d044451"/> <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; /> <parameter name="signaturePropFile" value="crypto.properties" /> <parameter name="encryptionPropFile" value="crypto.properties" /> </handler> </requestFlow> </globalConfiguration > </deployment> Server Configuration <service name="CreditServiceSOAP" provider="java:RPC" style="document" use="literal"> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> <parameter name="passwordCallbackClass" value="com.apache.axis.sample.PWCallback"/> <parameter name="action" value="Signature Encrypt"/> <parameter name="decryptionKeyIdentifier" value="SKIKeyIdentifier " /> <parameter name="signaturePropFile" value="crypto.properties" /> <parameter name="encryptionUser" value="d044451"/> <parameter name="decryptionPropFile" value="crypto.properties" /> </handler> </requestFlow> Crypto.properties org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry pto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 org.apache.ws.security.crypto.merlin.keystore.password=wss4j org.apache.ws.security.crypto.merlin.keystore.alias=d044451 org.apache.ws.security.crypto.merlin.alias.password=wss4j org.apache.ws.security.crypto.merlin.file=../keys/longh.pfx
smime.p7s
Description: S/MIME cryptographic signature
