wss4j-dev,I am a graduate student who is working on wss4j, and I encounter some
problems.
Sorry for my ignorance, I am not quite sure what the
mailing-list used for, but I am very appreciated if you can help me.
What I want to do is using WSDoAllSender to encrypt
message,and send it to the server, here is the problem:
I know that the encrpt procedure is this:
1. client sends its certificate to server
2. server generates a dynamic session key ,and encrpt
this key using client's public key
3. server sends the encrypted key to client
4. client decrypts the message with its private key
and gets the session key
5. following, client and server will use this session
key to encrypt/decrypt message being sent between them...
So am I right?
If I am right, this is what I want to achieve, but when
I use wss4j, there seems to be some problem.
my client-deploy.wsdd file is as this:
****************************************************************
deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender" />
<globalConfiguration>
<requestFlow>
<handler
type="java:org.apache.ws.axis.security.WSDoAllSender">
<!-- this is used for Signature and Encrypt -->
<parameter name="action"
value="Encrypt" />
<parameter name="encryptionPropFile"
value="crypto.properties" />
<parameter name="encryptionUser"
value="wsj" />
<parameter
name="encryptionKeyIdentifier"
value="X509KeyIdentifier" />
<!-- this is used for Signature and Encrypt -->
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
****************************************************************
but is seems that when configured this way, client will use RSA
to encrypt the data, client will use the public key of the
user to encrypt the data, so server needs to hold the private
key of client in order to decrypt data, this isn't what we want.
following is the soap message I capture during communication:
********************************************************************************************
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<xenc:EncryptedKey Id="EncKeyId-14962806">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>
MIIDijCCAvOgAwIBAgIBAzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQDEwJjYTELMAkGA1UEBhMCY24xEDAOBgNVBAcTB2JlaWppbmcxEDAOBgNVBAgTB2JlaWppbmcxDDAKBgNVBAoTA2pzaTENMAsGA1UECxMEYnVhYTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5jb20wHhcNMDcwNjI0MTE0NjMxWhcNMDgwNjIzMTE0NjMxWjB5MQwwCgYDVQQDEwN3c2oxDDAKBgNVBAsTA2pzaTENMAsGA1UEChMEYnVhYTEQMA4GA1UEBxMHYmVpamluZzELMAkGA1UECBMCY24xCzAJBgNVBAYTAmNuMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlalaSJwnUzQWPi8Wop+j2nJhvaX33RsaBYzxCmV7ODgouP6A/uANqgGLXgkQs5hk+ZySyTiWuZO29Tty+3bZLYUXcku0hQzdux9g/tnM/TLQkYNiVAhUIeaHh3WNM4IJt+i5HXlE/fghC5e9hxcOhEICq3FdoGUXaqK/yrJuaakCAwEAAaOCARwwggEYMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO04lhQCamshTNT0vqHdpFb07b6PMIGoBgNVHSMEgaAwgZ2AFNFiB4wumxDQ8pvpJUuwlbd53Ut6oYGBpH8wfTELMAkGA1UEAxMCY2ExCzAJBgNVBAYTAmNuMRAwDgYDVQQHEwdiZWlqaW5nMRAwDgYDVQQIEwdiZWlqaW5nMQwwCgYDVQQKEwNqc2kxDTALBgNVBAsTBGJ1YWExIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUuY29tggEBMAsGA1UdDwQEAwIEsDARBglghkgBhvhCAQEEBAMCBaAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQQFAAOBgQC3h3k1pf/djfPnfzTSky+Pnok4mCmARD+ZVIeW7X2AXotqxKtd3kPWj0faPboxeB6QUJaNtsG/8a+MadwDxeM112T/Wa8Tgfnvvnr/Ss03hc/xM4wovly3FsR8JN31wBC3gSBBOJy9rANY/x7xWMvtnJBs0CgTLJYkIYEPLHziNw==
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
eYZa9u9lDZQ1+B3R8wShsbH/QYVzK63WumlrsIWq5TsDoJbmEaWVoJHAU2zBfhePYdLsGdUlu1pCpvyyRU7G+EdNeaMyrue2zZJgucmM4vKFnoJqnUpinIaGVl5tMSgeCYNCYgRrBFAO6j8E4S4aIM25h4EJJJFHKcUIqJDbi8A=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
URI="#EncDataId-5041714" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<xenc:EncryptedData Id="EncDataId-5041714"
Type="http://www.w3.org/2001/04/xmlenc#Content";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
<xenc:CipherData>
<xenc:CipherValue>
XiCyk397eYToqdHG8YpQtlb5+uj7K0vzLtSpulRl8pDUB/I62RcF3d7SSe1Ey8e6OyetluAT97bN
R3HNW33/G3o57v42iQxpmVnii3CpsbzM3UR/3MGX19x7z8Oq/RRQc/7dyGL40mxAsqaumkS72knG
Ru2TrYtMgc9mdCdi4T9NYnmrtSI3a8pBos53nTkAVXB93HRTlw1THPyVG03pLYFRgpWQtR5EX77m
r3MvsPzgNrm5lORUjnHGVOUiQmTJgIV8JiCd8Q6pJWHW8/x8csDxAikqZGI0f5EAsa+lUIiD6IGu
sqMjLN3w7qzm8d7k
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
**************************************************************************************************
But I think this is just a configure problem with
WSDoAllSender, so please tell me how can I configure the WSDoAllSender to
implements
"session-key" mode? If possible, please send me a sample
client-deploy.wsdd and server-deploy.wsdd.
best regards,
shuaijie wang
[EMAIL PROTECTED]
2008-04-03
