Hi Anthony,
CXF is currently using artifacts built off the 1_5_x-fixes branch, not trunk: http://svn.apache.org/repos/asf/webservices/wss4j/branches/1_5_x-fixes/ Looks like I forgot to backport the fix to WSSecEncrypt to use JCEMapper...I've just commited it, so feel free to try again (on the 1_5_x-fixes branch) and let me know if it works! Colm. ________________________________ From: Anthony Bargnesi [mailto:[email protected]] Sent: 20 July 2009 12:01 To: [email protected] Subject: Encryption Algorithm causes NullPointerException in WSS4j Hello, I am trying to encrypt a cxf web-service request using the RSA-OAEP algorithm because it is required on the endpoint side (Microsoft). I provide the "encryptionSymAlgorithm" as the corresponding URI (http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p) and set the "org.apache.ws.security.crypto.provider" to org.apache.ws.security.components.crypto.Merlin. I am using the latest WSS4j, version 1.5.7. The first issue I received was a NullPointerException in WSSecEncrypt.java trying to use a KeyGenerator that was null. It seems like this was a bug that Dan Kulp triaged in the post: http://www.nabble.com/Re:-WS-Security-RSA-Excrytion-exception..-td239743 03.html I have checked out trunk which is building the latest 1.6 SNAPSHOT since I noticed that a fix to WSSecEncrypt.java, to use a JCEMapper, was applied. The problem is that once I build the trunk version of wss4j (using java 1.6), I am missing the Merlin provider so I'm not sure what to use for the "org.apache.ws.security.crypto.provider" property. How do I use the crypto provider under Java 1.6? Also, I've noticed that I would have to recompile CXF to work with the trunk version of WSS4j (Vector -> List type change). Am I going down the right path to make WSS4j work with RSA-OAEP? Thanks in advance, Tony
