Hi All, I've been using WSS4J & Axis and it's made my life a lot easier, however, I'm having a weird issue that I was hoping you could help me with. I'm pretty new to SOAP security, so I apologize that my lingo is imprecise (or wrong), but I think the issue has to do with a keystore that has both a key & a cert that matches the Key Identifier passed into the Soap Security Header. BTW, I'm connecting from a .NET client to a Java/Axis/WSS4J server.
I'm looking specifically at about lines 182-192 of EncryptedKeyProcessor. It looks like it finds a KeyIdentifier in the WSSE header and then calls crypto.getAliasForX509Cert(certs[0]). I'm using the Merlin Crypto implementation (with a pkcs12 keystore) which seems to return the first alias that the keystore finds (or cycles through all aliases). However, in my case the first matching alias is a Certificate (i.e. isCertificateEntry(alias) returns true). This causes the EncryptedKeyProcessor to get confused because it uses this alias to get a private key (around line 281). In my case, I think the crypto service shouldn't return the first alias, but instead the first key alias (i.e. the first alias that matches the cert and isKeyEntry() returns true). Maybe this should be a new method on the Crypto interface? Does this make sense? Am I missing something? Thanks for the help! Doug --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
