Hi all
I get Illegal key size exception (on wsEncrypt.build(doc, crypto))
when trying to run the sample program detailed at:
http://www.devx.com/Java/Article/28816/0/page/4
Code, properties file and exception trace are bellow. I am running it as
stand alone with wss4j.jar files downloaded, and folder to keystore on
classpath (c:\try\keystore).
I appreciate greatly any help or pointers
Thanks
Srini
____________________
public class WSSecuritySample{
private static final String soapMsg =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
"<SOAP-ENV:Envelope" +
" xmlns:SOAP-ENV=\"http://www.w3.org/2003/05/soap-envelope\"\n";
+
" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"\n"; +
" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";>" +
" <SOAP-ENV:Body>" +
" <sayHello
xmlns=\"http://jeffhanson.com/services/helloworld\";>" +
" <value xmlns=\"\">Hello world!</value>" +
" </sayHello>" +
" </SOAP-ENV:Body>" +
"</SOAP-ENV:Envelope>";
private static final WSSecurityEngine secEngine = new
WSSecurityEngine();
private static final Crypto crypto = CryptoFactory.getInstance();
private AxisClient engine = null;
private MessageContext msgContext = null;
public static void main(String[] args){
try{
WSSecuritySample app = new WSSecuritySample();
Message axisMessage = app.getAxisMessage(soapMsg);
SOAPEnvelope unsignedEnvelope = axisMessage.getSOAPEnvelope();
System.out.println("<<<<<< Unsigned and Unencrypted >>>>>>");
XMLUtils.PrettyElementToWriter(unsignedEnvelope.getAsDOM(),
new
PrintWriter(System.out));
Message samlMsg = app.addUserTokens(unsignedEnvelope);
System.out.println("\n<<<<<< User Tokens >>>>>>");
XMLUtils.PrettyElementToWriter(samlMsg.getSOAPEnvelope().getAsDOM(),
new PrintWriter(System.out));
Message encryptedMsg =
app.encryptSOAPEnvelope(unsignedEnvelope,
axisMessage);
System.out.println("\n<<<<<< Encrypted >>>>>>");
XMLUtils.PrettyElementToWriter(encryptedMsg.getSOAPEnvelope().getAsDOM()
,
new PrintWriter(System.out));
Message signedMsg = app.signSOAPEnvelope(unsignedEnvelope);
System.out.println("\n<<<<<< Signed >>>>>>");
XMLUtils.PrettyElementToWriter(signedMsg.getSOAPEnvelope().getAsDOM(),
new PrintWriter(System.out));
}
catch (Exception e){e.printStackTrace();}
}
public WSSecuritySample(){
engine = new AxisClient(new NullProvider());
msgContext = new MessageContext(engine);
}
private Message getAxisMessage(String unsignedEnvelope){
InputStream inStream =
new ByteArrayInputStream(unsignedEnvelope.getBytes());
Message axisMessage = new Message(inStream);
axisMessage.setMessageContext(msgContext);
return axisMessage;
}
public Message signSOAPEnvelope(SOAPEnvelope unsignedEnvelope)
throws Exception
{
WSSignEnvelope signer = new WSSignEnvelope();
String alias = "16c73ab6-b892-458f-abf5-2f875f74882e";
String password = "foobar";//"security";
signer.setUserInfo(alias, password);
Document doc = unsignedEnvelope.getAsDocument();
Document signedDoc = signer.build(doc, crypto);
Message signedSOAPMsg =
(org.apache.axis.Message)toSOAPMessage(signedDoc);
return signedSOAPMsg;
}
public Message addUserTokens(SOAPEnvelope unsignedEnvelope)
throws Exception {
WSEncryptBody wsEncrypt = new WSEncryptBody();
Document doc = unsignedEnvelope.getAsDocument();
String username = "joedoe";
String password = "this is a lot of foobar ";
byte[] key = password.getBytes();
// Add the UserNameToken.
WSSAddUsernameToken builder =
new WSSAddUsernameToken("", false);
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
builder.build(doc, username, password);
// Add an Id to it.
Element usrEle =
(Element)(doc.getElementsByTagNameNS(WSConstants.WSSE_NS,
"UsernameToken").item(0));
String idValue = "7654";
usrEle.setAttribute("Id", idValue);
// Create a Reference to the UserNameToken.
Reference ref = new Reference(doc);
ref.setURI("#" + idValue);
ref.setValueType("UsernameToken");
SecurityTokenReference secRef =
new SecurityTokenReference(doc);
secRef.setReference(ref);
WSSecurityUtil.setNamespace(secRef.getElement(),
WSConstants.WSSE_NS,
WSConstants.WSSE_PREFIX);
wsEncrypt.setKeyIdentifierType(WSConstants.EMBED_SECURITY_TOKEN_REF);
wsEncrypt.setSecurityTokenReference(secRef);
wsEncrypt.setKey(key);
// LINE BELOW THROWS EXCEPTION FOR ME!
Document encDoc = wsEncrypt.build(doc, crypto);
// Convert the document into a SOAP message.
Message signedMsg = (Message)toSOAPMessage(encDoc);
return signedMsg;
}
public Message encryptSOAPEnvelope(SOAPEnvelope unsignedEnvelope,
Message axisMessage)
throws Exception {
WSEncryptBody encrypt = new WSEncryptBody();
encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
Document doc = unsignedEnvelope.getAsDocument();
Document encryptedDoc = encrypt.build(doc, crypto);
Message encryptedMsg = (Message)toSOAPMessage(encryptedDoc);
String soapPart = encryptedMsg.getSOAPPartAsString();
((SOAPPart)axisMessage.getSOAPPart()).setCurrentMessage(soapPart,
SOAPPart.FORM_STRING);
encryptedDoc = axisMessage.getSOAPEnvelope().getAsDocument();
Message encryptedSOAPMsg = (Message)toSOAPMessage(encryptedDoc);
return encryptedSOAPMsg;
}
public SOAPMessage toSOAPMessage(Document doc) throws Exception {
Canonicalizer c14n =
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);
ByteArrayInputStream in = new
ByteArrayInputStream(canonicalMessage);
MessageFactory factory = MessageFactory.newInstance();
return factory.createMessage(null, in);
}
}
________________________________________________
* Created two keystores in a folder: privkeystore and pubcertkeystore
and exported public keys of each into other so both have two entries
* Contents of crypto.properties file are below. C:\try\keystore is
folder containing privkeystore (and pubcertkeystore)
________________
org.apache.ws.security.crypto.provider=org.apache.ws.security.components
.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=foobar
org.apache.ws.security.crypto.merlin.keystore.file=C://try//keystore//pr
ivkeystore
______________________
Exception throws is:
org.apache.ws.security.WSSecurityException: Cannot encrypt data; nested
exception is:
org.apache.xml.security.encryption.XMLEncryptionException:
Illegal key size or default parameters
Original Exception was java.security.InvalidKeyException: Illegal key
size or default parameters
at
org.apache.ws.security.message.WSEncryptBody.doEncryption(WSEncryptBody.
java:536)
at
org.apache.ws.security.message.WSEncryptBody.buildEmbedded(WSEncryptBody
.java:598)
at
org.apache.ws.security.message.WSEncryptBody.build(WSEncryptBody.java:29
7)
at
com.jeffhanson.ws.security.WSSecuritySample.addUserTokens(WSSecuritySamp
le.java:238)
at
com.jeffhanson.ws.security.WSSecuritySample.main(WSSecuritySample.java:1
00)
This electronic message transmission contains information from the Company that
may be proprietary, confidential and/or privileged.
The information is intended only for the use of the individual(s) or entity
named above. If you are not the intended recipient, be
aware that any disclosure, copying or distribution or use of the contents of
this information is prohibited. If you have received
this electronic transmission in error, please notify the sender immediately by
replying to the address listed in the "From:" field.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
