I've installed the bouncycastle jar in <jre_home>/lib/ext and i've changed <jre_home>/lib/security/java.security to add this line:
security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
it works, and i've chaged to bi-directional encryption with adding this:
(client side .wsdd)
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="action" value="Encrypt"/>
<parameter name="decryptionPropFile" value="crypto.properties" />
</handler>
</responseFlow>
(server side .wsdd)
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Encrypt"/>
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="passwordType" value="PasswordDigest"/>
<parameter name="addUTElement" value="Nonce Created" />
<parameter name="encryptionPropFile" value="crypto.properties" />
<parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" />
<parameter name="encryptionUser" value="SmartCVWS" />
</handler>
</responseFlow>
It' works fine too, but in the password callback class i need to code the password of the keystore when the pc.getIdentifer() is "smartcvws".
I think that it is the encryptionUser of the .wsdd in lowercase but i don't undestand it so much. May be org.apache.ws.security.crypto.merlin.keystore.alias of crypto.properties?
Is there another way to solve this? in the crypto.properties is the keystore password too (under key org.apache.ws.security.crypto.merlin.keystore.password), why is necesary to code it in the callback classes (server and client)?
and ... in the client side i don't have to install "unlimited strength jce", only with the bouncy castle .jar in classpath is enouth to run well.
Thanks for all, your are doing a very good work with wss4j.
El mar, 13 de 09 de 2005 a las 20:52, Werner Dittmann escribió:
Jorge, that depends on the server you use. Usually, WEB-INF/lib should be ok. Is the WEB-INF in the correct subdirectory of the application? Or in the WAR file? Maybe you can have a look into the buidl.xml file of WSS4J - there is a traget that builds a WAR file. If that doesn't work we need to put in some debugging code into WSS4J to get the excat reason why that happens. Regards, Werner Jorge Martín Cuervo wrote: > Hello again Werner, > > I've installed "Unlimited Strength Java(TM) Cryptography Extension > Policy Files for the Java(TM) 2 SDK, Standard Edition, v 1.4.2" and use > xerces, and the error still there. > > How can i install BouncyCastle correctly? do you think > /bcprov-jdk13-128.jar is enougth?/ > > Thanks. > > El mar, 13 de 09 de 2005 a las 17:00, Jorge Martín Cuervo escribió: > >> /Hello Werner, >> >> BounceCastle (/WEB-INF/lib/bcprov-jdk13-128.jar) is in the classpath >> on server and client side, isn't it? >> >> I think my problem is "strengt encryption policy". I'll take a look at >> Sun's doc now. As soon as i solve the problem i'll send a message to >> mil list. >> >> Thanks for your quick response. >> >> El mar, 13 de 09 de 2005 a las 14:58, Werner Dittmann escribió: >> >>>Jorge, >>> >>>curretnly I see two problems: somehow the Crimson parser is used. >>>Crimson is outdated, does not not support namespaces fully. Pls >>>switch to Xerces or any other parser that fully supports namespaces. >>>I saw this on the stack trace of the client side. Pls check your >>>classpath, maybe also the endorsed option. >>> >>>Second, while looking at the stacktrace of the server I see that the >>>SUN JCE provider wasn't able to instatiate the Cipher. Two reason >>>come to my mind: >>>- do you have the full strengt encryption policy installed? By default >>> only the limited one is installed (pls refer to Sun's Java doc hoe to >>> get the full strength policyit). >>>- The Bouncycastle JAR is not in the Path of the server Web application. >>> If WSS4J does not find the Bouncycastle in the Path it is not >>> initialized and registered. >>> >>>Regards, >>>Werner >>> >>>Jorge Martín Cuervo wrote: >>>> Hello, i'm trying to make a webservice with a username/password >>>> validation and encrypted data. First of all, i used UsernameToken and it >>>> works perfect, but when i begin to code encryption it didn't work. do i >>>> need any .jar? >>>> >>>> >>>> >>>> software used: >>>> - jakarta-tomcat-4.1.31 >>>> - axis 1.2.1 >>>> - wss4j 1.1.0 (i replaced xml with this one: xmlsec-1.2.96.jar) >>>> >>>> >>>> server jars: >>>> ./WEB-INF/lib/wsdl4j-1.5.1.jar >>>> ./WEB-INF/lib/saaj.jar >>>> ./WEB-INF/lib/log4j-1.2.8.jar >>>> ./WEB-INF/lib/jaxrpc.jar >>>> ./WEB-INF/lib/commons-logging-1.0.4.jar >>>> ./WEB-INF/lib/commons-discovery-0.2.jar >>>> ./WEB-INF/lib/axis.jar >>>> ./WEB-INF/lib/axis-ant.jar >>>> ./WEB-INF/lib/exist.jar >>>> ./WEB-INF/lib/xmldb.jar >>>> ./WEB-INF/lib/xmlrpc-1.2-patched.jar >>>> ./WEB-INF/lib/wss4j.jar >>>> ./WEB-INF/lib/opensaml-1.0.1.jar >>>> ./WEB-INF/lib/xmlsec-1.2.96.jar >>>> ./WEB-INF/lib/bcprov-jdk13-128.jar >>>> >>>> client jars: >>>> ./libs/jaxrpc.jar >>>> ./libs/axis.jar >>>> ./libs/commons-logging-1.0.4.jar >>>> ./libs/commons-discovery-0.2.jar >>>> ./libs/saaj.jar >>>> ./libs/wsdl4j-1.5.1.jar >>>> ./libs/wss4j.jar >>>> ./libs/opensaml-1.0.1.jar >>>> ./libs/xmlsec-1.2.96.jar >>>> ./libs/bcprov-jdk13-128.jar >>>> >>>> <SNIP> -------------------------------------------------<SNAP> >>>> ____________________________________ >>>> Jorge Martin Cuervo >>>> Analista Programador >>>> >>>> Outsourcing Emarketplace >>>> deFacto Powered by Standards >>>> >>>> email <[EMAIL PROTECTED]> >>>> voz +34 985 129 820 >>>> voz +34 660 026 384 >>>> ____________________________________ >>>> >>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >>> >> / >> >> >> >>-- >>;-) >>____________________________________ >>Jorge Martin Cuervo >>Analista Programador >> >>Outsourcing Emarketplace >>deFacto Powered by Standards >> >>email <[EMAIL PROTECTED]> >>voz +34 985 129 820 >>voz +34 660 026 384 >>____________________________________ >> >> > -- > ;-) > ____________________________________ > Jorge Martin Cuervo > Analista Programador > > Outsourcing Emarketplace > deFacto Powered by Standards > > email <[EMAIL PROTECTED]> > voz +34 985 129 820 > voz +34 660 026 384 > ____________________________________ > > >
-- ;-) ____________________________________ Jorge Martin Cuervo Analista Programador Outsourcing Emarketplace deFacto Powered by Standards email <[EMAIL PROTECTED]> voz +34 985 129 820 voz +34 660 026 384 ____________________________________ |
