Is the BouncyCastle Jar in your CLASSPATH? I believe the standard
JVM, without BC or other JCE providers, does not have this algorithm
installed.
-Fred
On Jun 14, 2008, at 7:57 AM, Robert Wierschke wrote:
Hi,
a test case should be a good documentation of usage scenarios (from
TDD point of view). Unfortunately I still did not get it.
First (and maybe irrelevant) problem: The test code uses Axis1 while
I need to use Axis2 so
org.apache.axis.message.SOAPEnvelope
org.apache.axis.Message
org.apache.axis.MessageContext
org.apache.axis.client.AxisClient
...
are not available to me. But as far as I understand it WSS4J
operates on DOM so this shouldn't be to worse.
Second (and the real problem): I tried to following code which is
the same as in the test case:
static final WSSecurityEngine secEngine =
WSSecurityEngine.getInstance();
static final Crypto crypto = CryptoFactory.getInstance("..\\..\
\cryptoSKI.properties");
public static void main(String[] args) throws ... {
org.apache.axiom.soap.SOAPEnvelope unsecureEnvelope =
createSOAPEnvelope();
WSSecEncrypt builder = new WSSecEncrypt();
builder.setUserInfo("wss4jcert");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
Document doc = (Document) Util.getDom(unsecureEnvelope);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
builder.prepare(doc, crypto); // -> WSSecurityException
//...
The call to prepare yields a WSSecurityException:
Exception in thread "main"
org.apache.ws.security.WSSecurityException: An unsupported signature
or encryption algorithm was used (unsupported key transport
encryption algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5)
I tried to change this algorithm:
builder.setKeyEnc(...);
Both of the available algorithms WSConstants.KEYTRANSPORT_RSA15 or
WSConstants.KEYTRANSPORT_RSAOEP algorithms result in the same
exception (with different URLs of course ).
I've checked out the keystore file from the svn so it uses the same
keys as the test case.
So how do I get this to work?
regards
robert
2008/6/13 Nandana Mihindukulasooriya <[EMAIL PROTECTED]>:
Hi Robert,
Well, thanks but this is not enough information to do the work.
Crypto crypto = CryptoFactory.getInstance("crypto.properties");
WSEncryptionPart part = new
WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
soapConstants.getEnvelopeURI(),
"Content");
What content must be in the crypto.properties file? How can I
specify the certificate, transformation algorithms, cryptographic
algorithm to use.....?
I think this test case 15 [1] will give you a better understanding
how encrypt a SOAP message. If you go through all the test cases you
will see how SOAP messages are signed/encrypted using WSS4J. Crypto
properties file used for above test case is this [2]. I know having
test cases which shows how to do things is not at all an excuse for
not having proper documentation and we will surely try to improve
the documentation in the site. But for the moment, I think these
information will help you to get things done.
What does "Content" mean?
In XML encryption, there are two methods to encrypt an XML element.
You can either encrypt the entire XML element or only encrypt the
content of the XML element. Read this [3] for more information. When
encrypting the SOAP Body we only encrypt the content of the Body
element so that SOAP envelope structure is always preserved.
thanks,
nandana
[1] -
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew15.java?view=markup
[2] -
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/cryptoSKI.properties?view=markup
[3] - http://www.w3.org/TR/xmlenc-core/#sec-eg-Granularity
2008/6/13 Fred Dushin <[EMAIL PROTECTED]>:
You're right -- the high-level API links are broken. I'll look into
what happened.
For now, try using
http://people.apache.org/~fadushin/stage/wss4j/1.5.4/site/api.html
That's the version we "voted" on, and it seems to have all the right
information.
-Fred
On Jun 13, 2008, at 6:45 AM, Robert Wierschke wrote:
Hi,
how can I sign/verify signature/enrypt/decrypt a SOAP message with
WSS4J?
I tried to find some documentation for this but there seems do me
nothing useful. The few I found don't work at all. The "best"
documentation I found is the javadoc http://ws.apache.org/wss4j/apidocs/index.html
but it contains seldom more than the message signatures. I can't
find any "how to" or useful info on the web sites. The links on http://ws.apache.org/wss4j/
does either not work or not lead do anything useful.
So how to I use WSS4J for securing my SOAP? Where can I find
documentation?
regards
robert
P.S: The documentation for Axis2, Rampart, XML-Security is also non
existent.
--
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
