That's bad on so many levels for me. Really sorry to bother you with it Colm. I was going through org.apache.ws.security.handler.WSHandlerConstants.SIG_ALGO and I copied the property for SIG_DIGEST_ALGO instead of the one above it.
Apologies again to bother you with it. Thanks, Giriraj. On Fri, Mar 14, 2014 at 12:21 PM, Colm O hEigeartaigh <cohei...@apache.org>wrote: > > > > > *<entry key="signatureAlgorithm" > value="http://www.w3.org/2001/04/xmlenc#sha256 > <http://www.w3.org/2001/04/xmlenc#sha256>" />* > That is not a valid value for "signatureAlgorithm" as it is a digest > algorithm. > > Colm. > > > On Fri, Mar 14, 2014 at 4:18 PM, Giriraj Bhojak <girira...@gmail.com>wrote: > >> I tried this through a junit after changing the algorithm. And here is >> what I got: >> >> SEVERE: java.security.NoSuchAlgorithmException: unsupported algorithm >> Mar 14, 2014 12:14:22 PM org.apache.cxf.phase.PhaseInterceptorChain >> doDefaultLogging >> WARNING: Interceptor for ....... has thrown exception, unwinding now >> Throwable occurred: org.apache.cxf.binding.soap.SoapFault: Security >> processing failed. >> at >> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:280) >> at >> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:141) >> at >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565) >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474) >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377) >> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330) >> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) >> at >> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135) >> >> Caused by: org.apache.ws.security.WSSecurityException: Error during >> Signature: >> at >> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:122) >> at >> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232) >> at >> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52) >> at >> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265) >> >> >> Here is the signature entry defined in the 'out' interceptor: >> *<entry key="signatureAlgorithm" >> value="http://www.w3.org/2001/04/xmlenc#sha256 >> <http://www.w3.org/2001/04/xmlenc#sha256>" />* >> >> I am not sure how to check for unlimited security policies. But since we >> would be running this on WebSphere, I don't think I have the liberty to >> have the unlimited security policies. >> >> >> Thanks, >> Giriraj. >> >> >> On Fri, Mar 14, 2014 at 5:51 AM, Colm O hEigeartaigh <cohei...@apache.org >> > wrote: >> >>> >>> Yes, Merlin supports SHA-256. Do you have the unlimited security >>> policies installed in the JDK? >>> >>> Colm. >>> >>> >>> >>> On Fri, Mar 14, 2014 at 3:08 AM, Giriraj Bhojak <girira...@gmail.com>wrote: >>> >>>> Hello Colm, >>>> >>>> I created the keystore using standard java keytool command. I am not >>>> sure how to create a BKS keystore. >>>> When I tried using sha256 signature algorithm (by configuring >>>> signatureAlgorithm in the interceptor via CXF)with Merlin, I ran into >>>> algorithm not supported exception. sha1 signature algorithm worked >>>> properly. >>>> Doesn't merlin support sha256 signature algorithm? >>>> Do I need to use bouncy castle in this case? >>>> Could you please help me out with it? >>>> >>>> Thanks, >>>> Giriraj. >>>> On Feb 24, 2014 5:37 AM, "Colm O hEigeartaigh" <cohei...@apache.org> >>>> wrote: >>>> >>>>> >>>>> With BouncyCastle, the Keystore type must be "BKS", so: >>>>> >>>>> org.apache.ws.security.crypto.merlin.keystore.type=BKS >>>>> >>>>> Note that the keystore itself must be compatible with BouncyCastle JKS >>>>> implementation. >>>>> >>>>> Colm. >>>>> >>>>> >>>>> On Fri, Feb 21, 2014 at 10:44 PM, Giriraj Bhojak >>>>> <girira...@gmail.com>wrote: >>>>> >>>>>> Hello Colm, >>>>>> >>>>>> I didn't have any success using above properties. >>>>>> I got following: >>>>>> ... 2 more >>>>>> Caused by: >>>>>> org.apache.ws.security.components.crypto.CredentialException: Failed to >>>>>> load credentials. >>>>>> at >>>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:376) >>>>>> at >>>>>> org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190) >>>>>> at >>>>>> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140) >>>>>> at >>>>>> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117) >>>>>> ... 17 more >>>>>> Caused by: java.security.KeyStoreException: KeyStore jks >>>>>> implementation not found >>>>>> at java.security.KeyStore.getInstance(KeyStore.java:122) >>>>>> at >>>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:362) >>>>>> ... 20 more >>>>>> Caused by: java.security.KeyStoreException: KeyStore jks >>>>>> implementation not found >>>>>> at java.security.KeyStore.getInstance(KeyStore.java:150) >>>>>> at java.security.KeyStore.getInstance(KeyStore.java:120) >>>>>> ... 21 more >>>>>> >>>>>> It was working with Merlin earlier. Here is my properties file: >>>>>> org.apache.ws.security.crypto.merlin.keystore.file=sample.jks >>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password >>>>>> org.apache.ws.security.crypto.merlin.keystore.type=jks >>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias1 >>>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC >>>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC >>>>>> >>>>>> I have bcprov-jdk12-130.jar on the classpath. >>>>>> >>>>>> Could you please help me find out what I am doing wrong here? >>>>>> >>>>>> Thanks, >>>>>> Giriraj. >>>>>> >>>>>> >>>>>> On Tue, Feb 18, 2014 at 8:39 AM, Colm O hEigeartaigh < >>>>>> cohei...@apache.org> wrote: >>>>>> >>>>>>> You can use BouncyCastle with the Merlin Crypto implementation. >>>>>>> Simply add the property: >>>>>>> >>>>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC >>>>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC >>>>>>> >>>>>>> Colm. >>>>>>> >>>>>>> >>>>>>> On Tue, Feb 18, 2014 at 1:27 PM, Giriraj Bhojak <girira...@gmail.com >>>>>>> > wrote: >>>>>>> >>>>>>>> We have a specific requirement to use Bouncy Castle in the project. >>>>>>>> Does this mean we can't use Bouncy Castle at all in the latest >>>>>>>> version of wss4j? >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Giriraj. >>>>>>>> On Feb 18, 2014 4:51 AM, "Colm O hEigeartaigh" <cohei...@apache.org> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> From what I recall, there was essentially little difference >>>>>>>>> between the Merlin and BouncyCastle Crypto implementations, hence the >>>>>>>>> latter was removed in WSS4J 1.6.x. Why do you need to use the >>>>>>>>> BouncyCastle >>>>>>>>> implementation, i.e. what is the Merlin implementation not doing for >>>>>>>>> you? >>>>>>>>> >>>>>>>>> Colm. >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Feb 17, 2014 at 7:56 PM, Giriraj Bhojak < >>>>>>>>> girira...@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> I need to use Bouncy Castle provider with WSS4J 1.6.13. >>>>>>>>>> Merlin is used by default since 1.6.x. >>>>>>>>>> Could anyone explain why this was done? >>>>>>>>>> I mean was there something with Bouncy Castle that prompted this >>>>>>>>>> change? >>>>>>>>>> >>>>>>>>>> And is following set of keys the right way to use Bouncy Castle >>>>>>>>>> with WSS4J (found this from >>>>>>>>>> https://community.oracle.com/thread/1529571?tstart=1872)? >>>>>>>>>> >>>>>>>>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.BouncyCastle >>>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.type=PKCS12 >>>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password >>>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias >>>>>>>>>> org.apache.ws.security.crypto.merlin.alias.password=password >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Giriraj. >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Colm O hEigeartaigh >>>>>>>>> >>>>>>>>> Talend Community Coder >>>>>>>>> http://coders.talend.com >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Colm O hEigeartaigh >>>>>>> >>>>>>> Talend Community Coder >>>>>>> http://coders.talend.com >>>>>>> >>>>>>> -- >>>>>>> Colm O hEigeartaigh >>>>>>> >>>>>>> Talend Community Coder >>>>>>> <http://coders.talend.com>http://coders.talend.com >>>>>>> >>>>>>> >>> >>> >>> -- >>> Colm O hEigeartaigh >>> >>> Talend Community Coder >>> http://coders.talend.com >>> >> >> > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
