Laurence, I've the same problem here with jdk1.5, runing on a XP box, no problems with jdk1.4 . I'm starting to investigate the problem, but it seems to be burried somewhere in the crypto code ... I'm not really sure what is wrong.
Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Laurence Brockman [mailto:[EMAIL PROTECTED] > Gesendet: Dienstag, 15. November 2005 22:18 > An: [EMAIL PROTECTED]; [email protected] > Betreff: RE: WSS4J and Kerberos signatures > > Ok, I've done all that and it is processing more tests then before, > however, it is still failing with the following (Again, I am using > jdk1.5 and have added the provider to java.security as well as > downloading the unlimited strength crypto stuff from sun). > > Any ideas would be awesome! > > org.apache.ws.security.WSSecurityException: Cannot > encrypt/decrypt data; > nested exception is: > org.apache.xml.security.encryption.XMLEncryptionException: pad > block corrupted > Original Exception was javax.crypto.BadPaddingException: pad block > corrupted > at > org.apache.ws.security.processor.EncryptedKeyProcessor.decrypt > DataRef(En > cryptedKeyProcessor.java:388) > at > org.apache.ws.security.processor.EncryptedKeyProcessor.handleE > ncryptedKe > y(EncryptedKeyProcessor.java:313) > at > org.apache.ws.security.processor.EncryptedKeyProcessor.handleE > ncryptedKe > y(EncryptedKeyProcessor.java:81) > at > org.apache.ws.security.processor.EncryptedKeyProcessor.handleT > oken(Encry > ptedKeyProcessor.java:75) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader( > WSSecurity > Engine.java:252) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader( > WSSecurity > Engine.java:179) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader( > WSSecurity > Engine.java:132) > at wssec.TestWSSecurity2.verify(TestWSSecurity2.java:234) > at > wssec.TestWSSecurity2.testEncryptionDecryptionRSA15(TestWSSecu > rity2.java > :162) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess > orImpl.jav > a:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth > odAccessor > Impl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at junit.framework.TestCase.runTest(TestCase.java:154) > at junit.framework.TestCase.runBare(TestCase.java:127) > at junit.framework.TestResult$1.protect(TestResult.java:106) > at junit.framework.TestResult.runProtected(TestResult.java:124) > at junit.framework.TestResult.run(TestResult.java:109) > at junit.framework.TestCase.run(TestCase.java:118) > at junit.framework.TestSuite.runTest(TestSuite.java:208) > at junit.framework.TestSuite.run(TestSuite.java:203) > at junit.framework.TestSuite.runTest(TestSuite.java:208) > at junit.framework.TestSuite.run(TestSuite.java:203) > at > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTest > s(RemoteTe > stRunner.java:478) > at > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(Rem > oteTestRun > ner.java:344) > at > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(Re > moteTestRu > nner.java:196) > Caused by: org.apache.xml.security.encryption.XMLEncryptionException: > pad block corrupted > Original Exception was javax.crypto.BadPaddingException: pad block > corrupted > at > org.apache.xml.security.encryption.XMLCipher.decryptToByteArra > y(Unknown > Source) > at > org.apache.xml.security.encryption.XMLCipher.decryptElement(Unknown > Source) > at > org.apache.xml.security.encryption.XMLCipher.decryptElementCon > tent(Unkno > wn Source) > at org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown > Source) > at > org.apache.ws.security.processor.EncryptedKeyProcessor.decrypt > DataRef(En > cryptedKeyProcessor.java:386) > ... 25 more > > > -----Original Message----- > From: Davanum Srinivas [mailto:[EMAIL PROTECTED] > Sent: November 15, 2005 1:47 PM > To: Laurence Brockman; [email protected] > Subject: Re: WSS4J and Kerberos signatures > > http://www.bouncycastle.org/documentation.html > http://www.bouncycastle.org/specifications.html#install > > scroll down a bit on the second link and look for java.security > > -- dims > > PS: Please post directly to the list. So that others may > answer as well > :) > > On 11/15/05, Laurence Brockman <[EMAIL PROTECTED]> wrote: > > Thanks for such a quick reply! I think the problem is that > I am using > > jdk1.5... Does the bouncycastle.org site have information about > > installing the bouncycastle provider or is there any other > sites I can > > get documentation about this? > > > > Thanks again! > > Laurence > > > > -----Original Message----- > > From: Davanum Srinivas [mailto:[EMAIL PROTECTED] > > Sent: November 15, 2005 1:40 PM > > To: Laurence Brockman; [email protected] > > Subject: Re: WSS4J and Kerberos signatures > > > > All the code needed is in the svn itself. you should not need any > > additional jars. just get the stuff from SVN. make sure you have the > > strong crypto stuff installed in your JDK (check the > download site for > > the jdk and it is available as a separate download) and > then run "ant > > test". Are u using JDK1.4? (better to use that version, there is > > additional steps for jdk1.5 - namely installing the boucnycastle > > provider) > > > > NOTE: don't use the maven build :) > > > > thanks, > > dims > > > > On 11/15/05, Laurence Brockman <[EMAIL PROTECTED]> wrote: > > > Sounds good. > > > > > > Quick question... I've checked out the latest source from SVN and > I'm > > > trying to run the Ant JUnit tests and they keep failing. > When I run > > the > > > JUnit tests through eclipse directly they are throwing a > connection > > > denied exception. I have installed Axis 1.2.1 here but I have not > > > deployed any test web services so even if I start that up > they still > > > fail with service not found exceptions. Is there a way to easily > > either > > > test this stuff without deploying the test web services > or to bypass > > > these tests? I've also installed maven and tried to compile that > way, > > > but it is failing as well. > > > > > > I also noticed in the project.xml file that you have excluded the > > > wssec/PackageTests.java and the interop/PackageTests.java. Is that > > > because of the above mentioned errors? > > > > > > After looking through the source code, I believe what I would want > to > > do > > > would be to create Kerberos token processor and action classes and > add > > a > > > case into both getAction and getProcessor to point to these new > > classes. > > > > > > Sorry for the barrage of questions. > > > > > > Thanks, > > > Laurence > > > > > > -----Original Message----- > > > From: Davanum Srinivas [mailto:[EMAIL PROTECTED] > > > Sent: November 14, 2005 3:02 PM > > > To: Laurence Brockman > > > Cc: [email protected] > > > Subject: Re: WSS4J and Kerberos signatures > > > > > > Please see what is being done for SAML and use that as a template > for > > > Kerberos. > > > > > > thanks, > > > dims > > > > > > On 11/14/05, Laurence Brockman <[EMAIL PROTECTED]> wrote: > > > > Correct me if I'm wrong here, but this is what I'm thinking: > > > > > > > > After grabbing the source from SVN and looking at the > documentation, > > I > > > > believe the right place for me to start would be to extend the > > > > org.apache.ws.axis.security class to handle the Kerberos > > requirements > > > > specified in the OASIS document. > > > > > > > > Forgive me for so many questions, but I'm new to > Axis/WSS4J and I > > want > > > > to make sure that I'm heading down the right path. > > > > > > > > Specifically, what we are looking to implement is just the > > > > authentication portion of Kerberos and not the > encryption portion > > (We > > > > want to authenticate incoming SOAP requests against a KDC). Down > the > > > > road we will likely look at the encryption portion, but > that won't > > > > likely be for a few months at least. > > > > > > > > Thanks again!! > > > > Laurence > > > > > > > > -----Original Message----- > > > > From: Davanum Srinivas [mailto:[EMAIL PROTECTED] > > > > Sent: November 11, 2005 8:18 PM > > > > To: Laurence Brockman > > > > Cc: [email protected] > > > > Subject: Re: WSS4J and Kerberos signatures > > > > > > > > Laurence, > > > > > > > > I believe you start with taking a look at the Kerberos Token > Profile > > > > at the OASIS WSS TC web site: > > > > > > > > http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss > > > > > > > > There's lots of refactoring in the latest SVN, which > makes it easy > > to > > > > plugin a new token profile. So please get the latest > SVN code and > > > > start asking more questions :) > > > > > > > > thanks, > > > > dims > > > > > > > > On 11/10/05, Laurence Brockman > <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > Hello, > > > > > > > > > > > > > > > > > > > > Sorry if this is a FAQ but I have been looking for answers to > this > > > > high and > > > > > low and have not seen this on the list. > > > > > > > > > > > > > > > > > > > > We are going to try and use Kerberos to authenticate users on > our > > > SOAP > > > > > server. What we envision is having the client send > down the SOAP > > > > request > > > > > with a service ticket from a KDC. The server (Axis using WSS4J > on > > > > Tomcat) > > > > > would then authenticate this user against said KDC. After > briefly > > > > looking at > > > > > the documentation within the WSS4J code I think what we would > want > > > to > > > > do is > > > > > extend the WSDoAllHandler class (From the > > > > > org.apache.axis.security.handler package). Is this the > > > > > right direction to be going in? Has anybody looked at > this? I'm > > > > relatively > > > > > new to Axis/WSS4J and some guidance would be awesome! > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > Laurence > > > > > > > > > > > > > > > > > > > > Laurence Brockman > > > > > Server Specialist, Shaw Operations Centre > > > > > Shaw Communications Inc. > > > > > Phone : (403) 303-4805 > > > > > E-mail : [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > ACCOUNTABLE BALANCE CUSTOMER FOCUSED INTEGRITY > LOYALTY > > > > > POSITIVE, CAN DO ATTITUDE TEAM PLAYER > > > > > > > > > > > > > > > > > > > > > > -- > > > > Davanum Srinivas : http://wso2.com/blogs/ > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > -- > > > Davanum Srinivas : http://wso2.com/blogs/ > > > > > > > > > -- > > Davanum Srinivas : http://wso2.com/blogs/ > > > > > -- > Davanum Srinivas : http://wso2.com/blogs/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
