Hi,
a test case should be a good documentation of usage scenarios (from TDD
point of view). Unfortunately I still did not get it.
First (and maybe irrelevant) problem: The test code uses Axis1 while I need
to use Axis2 so
-
org.apache.axis.message.SOAPEnvelope
-
org.apache.axis.Message
-
org.apache.axis.MessageContext
-
org.apache.axis.client.AxisClient
- ...
are not available to me. But as far as I understand it WSS4J operates on DOM
so this shouldn't be to worse.
Second (and the real problem): I tried to following code which is the same
as in the test case:
static final WSSecurityEngine secEngine = WSSecurityEngine.getInstance();
static final Crypto crypto = CryptoFactory
.getInstance("..\\..\\cryptoSKI.properties");
public static void main(String[] args) throws ... {
org.apache.axiom.soap.SOAPEnvelope unsecureEnvelope =
createSOAPEnvelope();
WSSecEncrypt builder = new WSSecEncrypt();
builder.setUserInfo("wss4jcert");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
Document doc = (Document) Util.getDom(unsecureEnvelope);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
builder.prepare(doc, crypto); // -> WSSecurityException
//...
The call to prepare yields a WSSecurityException:
Exception in thread "main" org.apache.ws.security.WSSecurityException: An
unsupported signature or encryption algorithm was used (unsupported key
transport encryption algorithm: No such algorithm:
http://www.w3.org/2001/04/xmlenc#rsa-1_5)
I tried to change this algorithm:
builder.setKeyEnc(...);
Both of the available algorithms WSConstants.KEYTRANSPORT_RSA15 or
WSConstants.KEYTRANSPORT_RSAOEP algorithms result in the same exception
(with different URLs of course ).
I've checked out the keystore file from the svn so it uses the same keys as
the test case.
So how do I get this to work?
regards
robert
2008/6/13 Nandana Mihindukulasooriya <[EMAIL PROTECTED]>:
> Hi Robert,
>
> Well, thanks but this is not enough information to do the work.
>>
>> Crypto crypto = CryptoFactory.getInstance("crypto.properties");
>> WSEncryptionPart part = new
>> WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
>>
>> soapConstants.getEnvelopeURI(),
>> "Content");
>>
>> What content must be in the crypto.properties file? How can I specify the
>> certificate, transformation algorithms, cryptographic algorithm to use.....?
>>
>
> I think this test case 15 [1] will give you a better understanding how
> encrypt a SOAP message. If you go through all the test cases you will see
> how SOAP messages are signed/encrypted using WSS4J. Crypto properties file
> used for above test case is this [2]. I know having test cases which shows
> how to do things is not at all an excuse for not having proper documentation
> and we will surely try to improve the documentation in the site. But for the
> moment, I think these information will help you to get things done.
>
> What does "Content" mean?
>>
>
> In XML encryption, there are two methods to encrypt an XML element. You can
> either encrypt the entire XML element or only encrypt the content of the XML
> element. Read this [3] for more information. When encrypting the SOAP Body
> we only encrypt the content of the Body element so that SOAP envelope
> structure is always preserved.
>
> thanks,
> nandana
>
> [1] -
> http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew15.java?view=markup
> [2] -
> http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/cryptoSKI.properties?view=markup
> [3] - http://www.w3.org/TR/xmlenc-core/#sec-eg-Granularity
>
>
>
>>
>>
>>
>> 2008/6/13 Fred Dushin <[EMAIL PROTECTED]>:
>>
>>> You're right -- the high-level API links are broken. I'll look into what
>>> happened.
>>> For now, try using
>>>
>>> http://people.apache.org/~fadushin/stage/wss4j/1.5.4/site/api.html<http://people.apache.org/%7Efadushin/stage/wss4j/1.5.4/site/api.html>
>>>
>>> That's the version we "voted" on, and it seems to have all the right
>>> information.
>>>
>>> -Fred
>>>
>>> On Jun 13, 2008, at 6:45 AM, Robert Wierschke wrote:
>>>
>>> Hi,
>>>
>>> how can I sign/verify signature/enrypt/decrypt a SOAP message with WSS4J?
>>>
>>> I tried to find some documentation for this but there seems do me nothing
>>> useful. The few I found don't work at all. The "best" documentation I found
>>> is the javadoc http://ws.apache.org/wss4j/apidocs/index.html but it
>>> contains seldom more than the message signatures. I can't find any "how to"
>>> or useful info on the web sites. The links on
>>> http://ws.apache.org/wss4j/ does either not work or not lead do anything
>>> useful.
>>>
>>> So how to I use WSS4J for securing my SOAP? Where can I find
>>> documentation?
>>>
>>> regards
>>> robert
>>>
>>>
>>> P.S: The documentation for Axis2, Rampart, XML-Security is also non
>>> existent.
>>>
>>>
>>>
>>
>
>
> --
> Nandana Mihindukulasooriya
> WSO2 inc.
>
> http://nandana83.blogspot.com/
>
