> *<entry key="signatureAlgorithm" value="http://www.w3.org/2001/04/xmlenc#sha256 <http://www.w3.org/2001/04/xmlenc#sha256>" />* That is not a valid value for "signatureAlgorithm" as it is a digest algorithm.
Colm. On Fri, Mar 14, 2014 at 4:18 PM, Giriraj Bhojak <girira...@gmail.com> wrote: > I tried this through a junit after changing the algorithm. And here is > what I got: > > SEVERE: java.security.NoSuchAlgorithmException: unsupported algorithm > Mar 14, 2014 12:14:22 PM org.apache.cxf.phase.PhaseInterceptorChain > doDefaultLogging > WARNING: Interceptor for ....... has thrown exception, unwinding now > Throwable occurred: org.apache.cxf.binding.soap.SoapFault: Security > processing failed. > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:280) > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:141) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330) > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135) > > Caused by: org.apache.ws.security.WSSecurityException: Error during > Signature: > at > org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:122) > at > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232) > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52) > at > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265) > > > Here is the signature entry defined in the 'out' interceptor: > *<entry key="signatureAlgorithm" > value="http://www.w3.org/2001/04/xmlenc#sha256 > <http://www.w3.org/2001/04/xmlenc#sha256>" />* > > I am not sure how to check for unlimited security policies. But since we > would be running this on WebSphere, I don't think I have the liberty to > have the unlimited security policies. > > > Thanks, > Giriraj. > > > On Fri, Mar 14, 2014 at 5:51 AM, Colm O hEigeartaigh > <cohei...@apache.org>wrote: > >> >> Yes, Merlin supports SHA-256. Do you have the unlimited security policies >> installed in the JDK? >> >> Colm. >> >> >> >> On Fri, Mar 14, 2014 at 3:08 AM, Giriraj Bhojak <girira...@gmail.com>wrote: >> >>> Hello Colm, >>> >>> I created the keystore using standard java keytool command. I am not >>> sure how to create a BKS keystore. >>> When I tried using sha256 signature algorithm (by configuring >>> signatureAlgorithm in the interceptor via CXF)with Merlin, I ran into >>> algorithm not supported exception. sha1 signature algorithm worked properly. >>> Doesn't merlin support sha256 signature algorithm? >>> Do I need to use bouncy castle in this case? >>> Could you please help me out with it? >>> >>> Thanks, >>> Giriraj. >>> On Feb 24, 2014 5:37 AM, "Colm O hEigeartaigh" <cohei...@apache.org> >>> wrote: >>> >>>> >>>> With BouncyCastle, the Keystore type must be "BKS", so: >>>> >>>> org.apache.ws.security.crypto.merlin.keystore.type=BKS >>>> >>>> Note that the keystore itself must be compatible with BouncyCastle JKS >>>> implementation. >>>> >>>> Colm. >>>> >>>> >>>> On Fri, Feb 21, 2014 at 10:44 PM, Giriraj Bhojak >>>> <girira...@gmail.com>wrote: >>>> >>>>> Hello Colm, >>>>> >>>>> I didn't have any success using above properties. >>>>> I got following: >>>>> ... 2 more >>>>> Caused by: >>>>> org.apache.ws.security.components.crypto.CredentialException: Failed to >>>>> load credentials. >>>>> at >>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:376) >>>>> at >>>>> org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190) >>>>> at >>>>> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140) >>>>> at >>>>> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117) >>>>> ... 17 more >>>>> Caused by: java.security.KeyStoreException: KeyStore jks >>>>> implementation not found >>>>> at java.security.KeyStore.getInstance(KeyStore.java:122) >>>>> at >>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:362) >>>>> ... 20 more >>>>> Caused by: java.security.KeyStoreException: KeyStore jks >>>>> implementation not found >>>>> at java.security.KeyStore.getInstance(KeyStore.java:150) >>>>> at java.security.KeyStore.getInstance(KeyStore.java:120) >>>>> ... 21 more >>>>> >>>>> It was working with Merlin earlier. Here is my properties file: >>>>> org.apache.ws.security.crypto.merlin.keystore.file=sample.jks >>>>> org.apache.ws.security.crypto.merlin.keystore.password=password >>>>> org.apache.ws.security.crypto.merlin.keystore.type=jks >>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias1 >>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC >>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC >>>>> >>>>> I have bcprov-jdk12-130.jar on the classpath. >>>>> >>>>> Could you please help me find out what I am doing wrong here? >>>>> >>>>> Thanks, >>>>> Giriraj. >>>>> >>>>> >>>>> On Tue, Feb 18, 2014 at 8:39 AM, Colm O hEigeartaigh < >>>>> cohei...@apache.org> wrote: >>>>> >>>>>> You can use BouncyCastle with the Merlin Crypto implementation. >>>>>> Simply add the property: >>>>>> >>>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC >>>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC >>>>>> >>>>>> Colm. >>>>>> >>>>>> >>>>>> On Tue, Feb 18, 2014 at 1:27 PM, Giriraj Bhojak >>>>>> <girira...@gmail.com>wrote: >>>>>> >>>>>>> We have a specific requirement to use Bouncy Castle in the project. >>>>>>> Does this mean we can't use Bouncy Castle at all in the latest >>>>>>> version of wss4j? >>>>>>> >>>>>>> Thanks, >>>>>>> Giriraj. >>>>>>> On Feb 18, 2014 4:51 AM, "Colm O hEigeartaigh" <cohei...@apache.org> >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> From what I recall, there was essentially little difference between >>>>>>>> the Merlin and BouncyCastle Crypto implementations, hence the latter >>>>>>>> was >>>>>>>> removed in WSS4J 1.6.x. Why do you need to use the BouncyCastle >>>>>>>> implementation, i.e. what is the Merlin implementation not doing for >>>>>>>> you? >>>>>>>> >>>>>>>> Colm. >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Feb 17, 2014 at 7:56 PM, Giriraj Bhojak < >>>>>>>> girira...@gmail.com> wrote: >>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> I need to use Bouncy Castle provider with WSS4J 1.6.13. >>>>>>>>> Merlin is used by default since 1.6.x. >>>>>>>>> Could anyone explain why this was done? >>>>>>>>> I mean was there something with Bouncy Castle that prompted this >>>>>>>>> change? >>>>>>>>> >>>>>>>>> And is following set of keys the right way to use Bouncy Castle >>>>>>>>> with WSS4J (found this from >>>>>>>>> https://community.oracle.com/thread/1529571?tstart=1872)? >>>>>>>>> >>>>>>>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.BouncyCastle >>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.type=PKCS12 >>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password >>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias >>>>>>>>> org.apache.ws.security.crypto.merlin.alias.password=password >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Giriraj. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Colm O hEigeartaigh >>>>>>>> >>>>>>>> Talend Community Coder >>>>>>>> http://coders.talend.com >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Colm O hEigeartaigh >>>>>> >>>>>> Talend Community Coder >>>>>> http://coders.talend.com >>>>>> >>>>>> -- >>>>>> Colm O hEigeartaigh >>>>>> >>>>>> Talend Community Coder >>>>>> <http://coders.talend.com>http://coders.talend.com >>>>>> >>>>>> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
