Hi Alessandro,
I'm sorry, but I cannot answer to your question. I'm new to wss4j
(about a week) and I'm trying now to do something programatically. All
I've managed to do is to set the parameter's through the wsdd
configuration files, and make it work.
I hope someone with more experience will read this thread and answer to you.
Regards,
Emanuel
On 2/9/06, Alessandro Gilardoni <[EMAIL PROTECTED]> wrote:
> Hi Emanuel,
> i'm trying to sign a message (programmatically with 2ss4j) and to send
> to a server that must verify it with wss4j.
> I sign the message programmatically while the server is deployed with a
> deployment descriptor. I always have a signature verification fault.
> To sign the message and verify it on the client side i need to set up
> the actor (WSSignEnvelope builder = new WSSignEnvelope("some sort of
> actor"); ) otherwise the verification fails also on the client side
> if i do on the client side:
>
> Document doc =
> unsignedEnvelope.getSOAPEnvelope().getAsDocument();
> WSSignEnvelope builder = new WSSignEnvelope();
> builder.setUserInfo(privateKeyAlias,
> privateKeyPass);
>
> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); // This
> does embed the certificate.
> Document signedDoc = builder.build(doc, crypto);
> Message signedMsg = (Message)
> SOAPUtil.toSOAPMessage(signedDoc);
> Document Doc1 =
> signedMsg.getSOAPEnvelope().getAsDocument();
> verify(Doc1);
>
> i have a signature verification fault, but if a put an actor
> (WSSignEnvelope builder = new WSSignEnvelope("client");) the signature
> verification it's ok .....but not on the server side....
> any hints ?
> sorry to send a very long e-mail but no one answer to my previous emails...
> best regards.
> last question: it's possible to decrypt a soapmessage programmatically ?
> HOW ?
>
>
> Alessandro
>
>
>
>
>
> Emanuel Haisiuc ha scritto:
> > I've managed to get it working by setting the user parameter in the
> > wsdd file to match the alias of the searched certificate in the
> > keystore. In the PWCallback class I'm setting the password for that
> > certificate. And it works fine :)
> >
> > Emanuel
> >
> >
> >
> > On 2/8/06, [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>*
> > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
> >
> >
> > I think the answer may depend on how you are using Axis/WSS4J.
> > I'm not using any config files, and doing everything in a
> > handler. Here's an example of my code, but I'm no expert so this
> > could be a really bad (but working) example ;-)
> >
> > You can see I set the cert alias and password both in my
> > Properties object for the Crypto, and via the
> > WSSignEnvelope.setKeyIdentifier() method. Not sure if this is
> > necessary or the best way, but it works for me. I haven't made
> > time for "code cleanup" yet.
> >
> > [...snip...]
> > Message requestMessage =
> > msgContext.getRequestMessage();
> > SOAPEnvelope unsignedEnvelope =
> > requestMessage.getSOAPEnvelope();
> > Document doc =
> > unsignedEnvelope.getAsDocument ();
> >
> > // WSS4J Start
> > ---------------------------------------------
> >
> > /*
> > * Instantiate Crypto for WSS4J via
> > dynamic methods. Domino agents
> > * can't see file resources, plus we need
> > to compute the keystore
> > * location anyway.
> > */
> > String cryptoClassName = "
> > org.apache.ws.security.components.crypto.BouncyCastle"; //
> > "org.apache.ws.security.components.crypto.Merlin"
> > Properties properties = new Properties();
> >
> > properties.put("org.apache.ws.security.crypto.provider",
> > cryptoClassName);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.keystore.type",
> > keystoreType);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.keystore.password
> > ", keystorePass);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.keystore.alias",
> > privateKeyAlias);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.alias.password",
> > privateKeyPass);
> >
> > properties.put("org.apache.ws.security.crypto.merlin.file ",
> > keystoreFile);
> > Crypto crypto =
> > CryptoFactory.getInstance(cryptoClassName, properties);
> >
> > WSSignEnvelope builder = new
> > WSSignEnvelope();
> > builder.setUserInfo(privateKeyAlias,
> > privateKeyPass);
> > // builder.setKeyIdentifierType
> > (WSConstants.ISSUER_SERIAL); // Doesn't embed the certificate.
> >
> > builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); //
> > This does embed the certificate.
> > WSSAddUsernameToken usernameToken = new
> > WSSAddUsernameToken();
> > builder.setUsernameToken (usernameToken);
> > Document signedDoc = builder.build(doc,
> > crypto);
> >
> > /*
> > * Convert the resulting document into a
> > message first. The
> > * toSOAPMessage() method performs the
> > necessary c14n call to
> > * properly set up the signed document and
> > convert it into a SOAP
> > * message.
> > */
> > Message signedMsg = (Message)
> > SOAPUtil.toSOAPMessage(signedDoc);
> > if ( logger.isDebugEnabled()) {
> > logger.debug("Signed message:");
> >
> > XMLUtils.PrettyElementToWriter(signedMsg.getSOAPEnvelope().getAsDOM(),
> > new PrintWriter(System.out));
> > }
> >
> > /*
> > * Extract as a document again if need
> > further processing. signedDoc =
> > * signedMsg.getSOAPEnvelope
> > ().getAsDocument();
> > */
> >
> > /*
> > * Set signed message as current message.
> > */
> > msgContext.setCurrentMessage(signedMsg);
> >
> > // WSS4J End
> > ---------------------------------------------
> > [...snip...]
> >
> >
> >
> >
> > *Emanuel Haisiuc <[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>>*
> >
> > 02/08/2006 11:31 AM
> >
> >
> > To
> > "[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>" <
> > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>,
> > [email protected] <mailto:[email protected]>
> > cc
> >
> > Subject
> > Re: Exception: General security error (Unexpected number of
> > X509Data: for Signature)
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > I have the same sense about this one.
> >
> > My question is: how do I indicate to the client which key to use
> > from the keystore?
> >
> > Is the "user" parameter from the handler in the client's
> > configuration wsdd file used to identify the certificate to be
> > used from the keystore?
> >
> > Hope my questins make sense.
> >
> > Thank you!
> >
> > Emanuel
> >
> >
> > On 2/8/06, [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> > < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
> >
> > When I got that error, it was because the machine I was running on
> > didn't have the certificate in the keystore. In your case that
> > would be the cert " ehpubcert".
> >
> >
> >
> > *Emanuel Haisiuc <* [EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>*>*
> >
> > 02/08/2006 10:24 AM
> >
> >
> > To
> > [EMAIL PROTECTED] <mailto:[email protected]>
> > cc
> >
> >
> > Subject
> > Exception: General security error (Unexpected number of X509Data:
> > for Signature)
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Hi!
> >
> > I'm getting this exception when trying to run my client:
> >
> > 08.02.2006 18:16:30
> > org.apache.ws.security.components.crypto.CryptoFactory loadClass
> > INFO: Using Crypto Engine [
> > org.apache.ws.security.components.crypto.Merlin]
> > Unable to make the call to method: WSHandler: Signature: error during
> > message procesingorg.apache.ws.security.WSSecurity
> > Exception: General security error (Unexpected number of X509Data:
> > for Signature)
> >
> > My cliend's wsdd file is:
> >
> > <deployment xmlns=" _http://xml.apache.org/axis/wsdd/_";
> > xmlns:java=" _http://xml.apache.org/axis/wsdd/providers/java_";>
> > <transport name="http"
> > pivot="java:org.apache.axis.transport.http.HTTPSender " />
> > <globalConfiguration>
> > <requestFlow>
> > <handler
> > type="java: org.apache.ws.axis.security.WSDoAllSender ">
> >
> > <parameter name="action" value="Signature" />
> >
> > <parameter name="signaturePropFile" value=" cx509sign.props" />
> >
> > <parameter name="signatureKeyIdentifier" value="DirectReference" />
> >
> > <parameter name="passwordCallbackClass"
> > value="javawsx509signingclient.PWCallback" />
> >
> > <parameter name="user" value="manu" />
> > </handler>
> > </requestFlow>
> > </globalConfiguration>
> > </deployment>
> >
> > where cx509sign.props is:
> >
> >
> > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> >
> > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > org.apache.ws.security.crypto.merlin.keystore.password=foobar
> > org.apache.ws.security.crypto.merlin.keystore.alias=ehpubcert
> > org.apache.ws.security.crypto.merlin.alias.password=foobar
> > org.apache.ws.security.crypto.merlin.file=c:/publicks/pubkeystore
> >
> > Pubkeystore listing is:
> >
> > C:\publicks>keytool -list -keystore pubkeystore
> > Enter keystore password: foobar
> >
> > Keystore type: jks
> > Keystore provider: SUN
> >
> > Your keystore contains 1 entry
> >
> > ehpubcert, 08.02.2006, keyEntry,
> > Certificate fingerprint (MD5):
> > 5E:87:4F:3A:48:78:4C:33:1A:03:F9:7C:2E:DE:98:81
> >
> > What should I look for and what, to make it work?
> >
> > Thank you!
> >
> > Emanuel
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail: [EMAIL PROTECTED] _
> > <mailto:[EMAIL PROTECTED]>
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.375 / Virus Database: 267.15.3/254 - Release Date: 08/02/2006
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
