I am trying to test the interoperability between a client using wss4j handler
and a web service deployed on weblogic, using the encryption mechanism. (I
have manged to do so with UsernameToken and signature). The wss4j side is a
client and a sayHello service on weblogic is the server. But seems I made
something wrong in the configuration. The server always throws the
following exception:
356 java.security.InvalidAlgorithmParameterException: [Security:090596]The
WebLogicCertPathProvider was passed an unsupported CertPathSelector.
357 at
weblogic.security.providers.pk.WebLogicCertPathProviderRuntimeImpl$JDKCertPathBuilder.engineBuild(WebLogicCertPathProviderRuntimeImpl.java:673
358 at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
359 at
com.bea.common.security.internal.legacy.service.CertPathBuilderImpl$CertPathBuilderProviderImpl.build(CertPathBuilderImpl.java:67)
360 at
com.bea.common.security.internal.service.CertPathBuilderServiceImpl.build(CertPathBuilderServiceImpl.java:86)
361 at
jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown
Source)
362 at
java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown
Source)
363 at
com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:61)
364 at
$Proxy31.build(Lweblogic.security.pk.CertPathSelector;[Ljava.security.cert.X509Certificate;Lweblogic.security.service.ContextHandler;)Ljava.se
365 at
weblogic.security.service.CertPathManager.build(CertPathManager.java:234)
366 at
weblogic.security.service.CertPathManager$JDKCertPathBuilder.engineBuild(CertPathManager.java:365)
367 at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
368 at weblogic.xml.crypto.utils.CertUtils.buildCertPath(CertUtils.java:131)
369 at
weblogic.xml.crypto.utils.CertUtils.lookupCertificate(CertUtils.java:101)
370 at
weblogic.xml.crypto.utils.CertUtils.lookupCertificate(CertUtils.java:97)
371 at
weblogic.xml.crypto.wss.BinarySecurityTokenHandler.getTokenByKeyId(BinarySecurityTokenHandler.java:107)
372 at
weblogic.xml.crypto.wss.BinarySecurityTokenHandler.getSecurityToken(BinarySecurityTokenHandler.java:76)
373 at
weblogic.xml.crypto.common.keyinfo.KeyResolver.select(KeyResolver.java:182)
374 at
weblogic.xml.crypto.encrypt.WLEncryptedType.getKey(WLEncryptedType.java:333)
375 at
weblogic.xml.crypto.encrypt.WLEncryptedKey.decryptBytes(WLEncryptedKey.java:151)
376 at
weblogic.xml.crypto.encrypt.WLEncryptedKey.decryptKey(WLEncryptedKey.java:142)
377 at
weblogic.xml.crypto.common.keyinfo.EncryptedKeyProvider.getKey(EncryptedKeyProvider.java:82)
378 at
weblogic.xml.crypto.common.keyinfo.KeyResolver$1.getKey(KeyResolver.java:385)
379 at
weblogic.xml.crypto.common.keyinfo.KeyResolver.getKey(KeyResolver.java:369)
380 at
weblogic.xml.crypto.common.keyinfo.KeyResolver.select(KeyResolver.java:289)
381 at
weblogic.xml.crypto.encrypt.WLEncryptedType.getKey(WLEncryptedType.java:333)
382 at
weblogic.xml.crypto.encrypt.WLEncryptedData.decrypt(WLEncryptedData.java:108)
383 at
weblogic.xml.crypto.encrypt.WLEncryptedData.decryptAndReplace(WLEncryptedData.java:141)
384 at
weblogic.xml.crypto.wss.SecurityImpl.unmarshalAndProcessEncryptedKey(SecurityImpl.java:599)
385 at weblogic.xml.crypto.wss.SecurityImpl.unmarshal(SecurityImpl.java:366)
My wss4j configuration is as follows:
config.put("deployment", "client");
config.put("flow", "request-only");
config.put("user", "alice");
config.put("action", "Encrypt");
config.put("encryptionPropFile", "wsstest.properties");
config.put("addUTElements", "Nonce Created");
config.put("encryptionKeyIdentifier", "SKIKeyIdentifier");
config.put("passwordCallbackClass", "handlers.PWCallback1");
config.put("encryptionSymAlgorithm",
"http://www.w3.org/2001/04/xmlenc#tripledes-cbc";);
And the content of wsstest.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=abc123
org.apache.ws.security.crypto.merlin.file=interop/mystore.jks
And here is the snippet from the sayHello WSDL:
<wsp:Policy s0:Id="Encrypt.xml">
- <wssp:Confidentiality
xmlns:wssp="http://www.bea.com/wls90/security/policy";>
<wssp:KeyWrappingAlgorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-1_5";
/>
- <wssp:Target>
<wssp:EncryptionAlgorithm
URI="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; />
<wssp:MessageParts
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part";>wsp:Body()</wssp:MessageParts>
</wssp:Target>
- <wssp:KeyInfo>
<wssp:SecurityToken
TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
/>
- <wssp:SecurityTokenReference>
- <wssp:Embedded>
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>MIIB6jCCAZQCEKtz6dqj+XSGlCYV17st1eYwDQYJKoZIhvcNAQEEBQAweTELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB015U3RhdGUxDzANBgNVBAcTBk15VG93bjEXMBUGA1UEChMOTXlPcmdhbml6YXRpb24xGTAXBgNVBAsTEEZPUiBURVNUSU5HIE9OTFkxEzARBgNVBAMTCkNlcnRHZW5DQUIwHhcNMDcwNzA0MTcyMjQwWhcNMjIwNzA1MTcyMjQwWjB4MQswCQYDVQQGEwJVUzEQMA4GA1UECBYHTXlTdGF0ZTEPMA0GA1UEBxYGTXlUb3duMRcwFQYDVQQKFg5NeU9yZ2FuaXphdGlvbjEZMBcGA1UECxYQRk9SIFRFU1RJTkcgT05MWTESMBAGA1UEAxYJTkotV0tTVDE4MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMN/KsSmxhNSt4jfg7GcIKJ9YISMWM/AhQESBLrM106YorNMWFMHYIsEUMFurSF47NWXTxnMw6lDGXCPXPEfSGsCAwEAATANBgkqhkiG9w0BAQQFAANBAE0mfGPq62LJliGK4ujKHonvP2f0TWZMC9RIgy6tv+XrXP2Fx4BwDWSBSgXa2bIFxNWIW/p842ZjAD2dYk7yizg=</wsse:BinarySecurityToken>
</wssp:Embedded>
</wssp:SecurityTokenReference>
</wssp:KeyInfo>
</wssp:Confidentiality>
</wsp:Policy>
Did I miss anything? or where am I possibly wrong?
--
View this message in context:
http://www.nabble.com/How-to-configure-wss4j-to-talk-to-weblogic-using-encryption-security--tf4109677.html#a11686597
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
