Hi,
I believe that I am using WSS4J 2.0.2, if you have a specific process for
understanding the version please don’t be shy – I’ll use it then we both know
that I will have given the correct info.
By core do you mean the JDK? If so then :
java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)
That error in particular I have avoided by using BST_DIRECT_REFERENCE, I’m
afraid I was doing that two-year-old learning technique of pressing all the
buttons at once, so I might have been the cause of the error – not knowing my
apples from pears:
//This gives Error when calling DDOperation: An invalid security token was
provided (Bad ValueType
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";)
java.security.cert.X509Certificate recipientCert = (X509Certificate)
keysRSA.getks().getCertificate("wsstestservice");
Document doc = soapEnvelope.getOwnerDocument();
org.apache.wss4j.dom.message.WSSecHeader secHeader = new WSSecHeader();
builder.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
builder.setKeyEnc(WSConstants.TRIPLE_DES);
builder.setEncryptSymmKey(false);
builder.setUseThisCert(recipientCert);
try
{
secHeader.insertSecurityHeader(doc);
builder.build(doc, crypto, secHeader);
}
catch (WSSecurityException e)
So I am not too worried about that as I have moved on.
I did find another issue with the WSSecSignature, when using the
WSSecSignature.setX509Certificate and then calling WSSecSignature.build it
throw a null identifier (merlin.java:744) for the GetPrivateKey() as the
calling context WSecSigniture.java:530 had this.user set to null, I worked out
that if I used WSSecSignature.setUserInfo and passed in the alias and the JKS
password then it stopped moaning and got on with it.
Should the WSSecSignature.setX509Certificate method take care of that?
My work in progress/prototype is below, I’m trying to mimic the SOAPUI WSS
specification:
I’ll go and look at those examples.
Cheers,
Adrian
PS Bonus points for identifying Cargo Cult sections….
private SOAPMessage encriptBody(SOAPMessage soapMessage) throws Exception {
SOAPPart soapPart = soapMessage.getSOAPPart();
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
WSSecEncrypt builder = new WSSecEncrypt();
WSSecTimestamp builderTS = new WSSecTimestamp();
WSSecSignature builderSig = new WSSecSignature();
Crypto crypto = null;
//Class constructor candidates
try {
//Where will I put the properties file?
crypto = CryptoFactory.getInstance("Ball.properties");
}
catch (WSSecurityException e)
{
System.err.println("Crypto crypto =
CryptoFactory.getInstance(\"Ball.properties\"): " + e.getMessage());
}
java.security.cert.X509Certificate recipientCert = (X509Certificate)
keysRSA.getks().getCertificate("wsstestservice");
java.security.cert.X509Certificate ourCert = (X509Certificate)
keysRSA.getks().getCertificate("wsclientcert");
builder.setUseThisCert(recipientCert);
builderSig.setX509Certificate(ourCert);
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builderTS.setTimeToLive(5000);
builderSig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builderSig.setUserInfo("wsclientcert", "password1");
//End Class constructor candidates
Document doc = soapEnvelope.getOwnerDocument();
org.apache.wss4j.dom.message.WSSecHeader secHeader = new WSSecHeader();
try
{
secHeader.insertSecurityHeader(doc);
builderTS.build(doc, secHeader);
builderSig.build(doc, crypto, secHeader);
builder.build(doc, crypto, secHeader);
}
catch (WSSecurityException e)
{
System.err.println("Failed in builder block: " + e.getMessage());
e.printStackTrace();
System.exit(1);
}
return soapMessage;
}
From: Colm O hEigeartaigh [mailto:[email protected]]
Sent: 06 August 2014 15:48
To: [email protected]
Subject: Re: Does anyone have an example of using WSSecEncrypt.setUseThisCert()
Here are some:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revision=1503186
<http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revision=1503186&view=co>
&view=co
What version of WSS4J? What does the request look like that is generating that
error + what core are you using to generate it?
Colm.
On Wed, Aug 6, 2014 at 9:35 AM, Adrian Williamson <[email protected]>
wrote:
Hi,
Has anyone got an example of how this method can be used?
I've trying different values for the WSSecEncrypt.setKeyIdentifierType() but
I keep getting application specific error messages back from the private
service I'm calling.
One of the error messages made me stop and ponder the extent of my
ignorance;
WSConstants.X509_KEY_IDENTIFIER it returned:
An invalid security token was provided (Bad ValueType
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-
<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-%0d%0a1.0#X509v3>
1.0#X509v3")
So I thought if someone had a nice little test case that used an X509
certificate to encrypt it might help me along.
So I can see how it is supposed to be done.
Thanks
Adrian
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
