Hmmm, this message looks very strange. For example the is a digest tag embedded in an encrypted method tag. Also I can see a very long SignatureValue (for SHA1 it should be not longer then 28 base64 characters, 20bytes encoded).
Which WSS4J version do you use? To me it seems that you use some features from WSS Specification 1.1 - WSS4J does not yet support WSS 1.1 fully. AES245-cbc should not be a problem if you have BouncyCastle installed and in you classpath. Regards, Werner Sidhu Kiran IT312 wrote: > Werner, > Here is the request message from tcpmon : > > <?xml version="1.0" encoding="utf-8"?><soap:Envelope > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><wsa:Action > > wsu:Id="Id-573c8cf1-45fd-4cf1-83cb-abcbd25c8491">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</wsa:Action><wsa:MessageID > > wsu:Id="Id-d6833c13-13bc-45ab-936d-9798d75123e6">urn:uuid:8e69b12b-220f-4a71-b728-0214cd29df2c</wsa:MessageID><wsa:ReplyTo > > wsu:Id="Id-8e79a687-50f4-42dd-8bb0-9cc2183246b1"><wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:ReplyTo><wsa:To > > wsu:Id="Id-4f5a6ee6-7aa5-4842-b290-90f451357b30">http://localhost:8081/ws-time/axis/TimeSheetService</wsa:To><wsse:Security > soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="Timestamp-17d9e44e-3f 60-4533-9372-3f81ebded6e7"><wsu:Created>2006-03-06T17:57:15Z</wsu:Created><wsu:Expires>2006-03-06T18:02:15Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="SecurityToken-6a6765f5-6a50-4ee1-81f6-6f92d5a0550a">MIIDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgVComTANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQjEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQ4wDAYDVQQDDAVBbGljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoqi99By1VYo0aHrkKCNT4DkIgPL/SgahbeKdGhrbu3K2XG7arfD9tqIBIKMfrX4Gp90NJa85AV1yiNsEyvq+mUnMpNcKnLXLOjkTmMCqDYbbkehJlXPnaWLzve+mW0pJdPxtf3rbD4PS/cBQIvtpjmrDAU8VsZKT8DN5 Kyz+EZsCAwEAAaOBkzCBkDAJBgNVHRMEAjAAMDMGA1UdHwQsMCowKKImhiRodHRwOi8vaW50ZXJvcC5iYnRlc3QubmV0L2NybC9jYS5jcmwwDgYDVR0PAQH/BAQDAgSwMB0GA1UdDgQWBBQK4l0TUHZ1QV3V2QtlLNDm+PoxiDAfBgNVHSMEGDAWgBTAnSj8wes1oR3WqqqgHBpNwkkPDzANBgkqhkiG9w0BAQUFAAOCAQEABTqpOpvW+6yrLXyUlP2xJbEkohXHI5OWwKWleOb9hlkhWntUalfcFOJAgUyH30TTpHldzx1+vK2LPzhoUFKYHE1IyQvokBN2JjFO64BQukCKnZhldLRPxGhfkTdxQgdf5rCK/wh3xVsZCNTfuMNmlAM6lOAg8QduDah3WFZpEA0s2nwQaCNQTNMjJC8tav1CBr6+E5FAmwPXP7pJxn9Fw9OXRyqbRA4v2y7YpbGkG2GI9UvOHw6SGvf4FRSthMMO35YbpikGsLix3vAsXWWi4rwfVOYzQK0OFPNi9RMCUdSH06m9uLWckiCxjos0FQODZE9l4ATGy9s9hNVwryOJTw==</wsse:BinarySecurityToken><xenc:EncryptedKey Id="SecurityToken-8833da7d-03b8-44c7-bf20-f9b5835d3e45" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";><ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /></xenc:EncryptionMethod><KeyInfo xmlns="http://www.w3.org/ 2000/09/xmldsig#"><wsse:SecurityTokenReference><wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>Xeg55vRyK3ZhAEhEf+YT0z986L0=</wsse:KeyIdentifier></wsse:SecurityTokenReference></KeyInfo><xenc:CipherData><xenc:CipherValue>miRJ8HeTchMW/IAUtNlhAFP9vRQQbc2Dg4242w6D6j0QVatdYn327NCtaUL4dxSrj0E/ITeUpdGcbscb2zfsUdraRgxmnOD+sId0rHcEu1ZniWkzz3ig1BKuoW7Pt0S2zu+3wFZdkwmeamK579RAzIOxJB56zRa9HnpBrtCiwQo=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#Enc-276d2c6c-d002-48ff-b8de-1a0157e02bf3" /></xenc:ReferenceList></xenc:EncryptedKey><Signature Id="Sig-dfdf17e1-2f0b-4c68-bdfb-0768b14af4a4" xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns:ds="http://www.w3.org/2000/09/xmldsi g#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /><Reference URI="#Id-573c8cf1-45fd-4cf1-83cb-abcbd25c8491"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /><DigestValue>He5gnu4lm7eFVXlS12OEb6whW4s=</DigestValue></Reference><Reference URI="#Id-d6833c13-13bc-45ab-936d-9798d75123e6"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /><DigestValue>pgWZzb5AlyeWZjcKQylrYKwMmeU=</DigestValue></Reference><Reference URI="#Id-8e79a687-50f4-42dd-8bb0-9cc2183246b1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /><DigestValue>UJebKSurE5cD5A35Tw2BNpTunVc=</DigestValue></Reference><Reference URI="#Id-4f5a6ee6-7aa5-4842-b290-90f451357b30"><Tran sforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /><DigestValue>rDYbxbJiUiGOQVQZfhIoh3yw3EE=</DigestValue></Reference><Reference URI="#Timestamp-17d9e44e-3f60-4533-9372-3f81ebded6e7"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /><DigestValue>4TZ08S95wR/NkfoxCR5Ahpj11Kg=</DigestValue></Reference><Reference URI="#Id-84ce6832-61bc-49d1-9a34-3904178c34ea"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /><DigestValue>N2w11rXFf1U10EAx5eYkfE4ajh0=</DigestValue></Reference></SignedInfo><SignatureValue>yyISShmfokh8gUYM2w7amwwe4wA=</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference URI="#SecurityToken-8833da7d-03b8-44c7-bf20-f9b5835d3e45" ValueType="htt p://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" /></wsse:SecurityTokenReference></KeyInfo></Signature><Signature xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /><Reference URI="#Sig-dfdf17e1-2f0b-4c68-bdfb-0768b14af4a4"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /><DigestValue>37FKLF+uTsQ40AWrzUDQ79iRFh0=</DigestValue></Reference></SignedInfo><SignatureValue>Fxgo37ZkpbmazouMn46PESDK6hJRc9GhtQRvZaRRIzArXvfsaZiM6d1pTxh6G6FI6JbKSTDImN6J5mDFF3ff+b6pKpZIfxytZf9Hq/38AeLuyrQnzRjwI/tlKJ3BXt/kt2efF8UVErutBsRv27brfEnJieJfzBFZ04qsF/tO9NU=</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference URI="#SecurityToken-6a6765f5-6a50-4e e1-81f6-6f92d5a0550a" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; /></wsse:SecurityTokenReference></KeyInfo></Signature></wsse:Security></soap:Header><soap:Body wsu:Id="Id-84ce6832-61bc-49d1-9a34-3904178c34ea"><xenc:EncryptedData Id="Enc-276d2c6c-d002-48ff-b8de-1a0157e02bf3" Type="http://www.w3.org/2001/04/xmlenc#Content"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"; /><xenc:CipherData><xenc:CipherValue>4NH12HQyhgoYuIsHJHC9FHhPTofzcCHRq7NCl7/FInXfqOJPcn/PsrlUUEJ+aUbHDxNPYlEp6dGEf7awvyL8qvVbeIbmMU1pEPXmyzc+dU1aeR60s/AO9xh13Z9wP+YaKdpDrUn/dvE1Kf/2wvNVU8A+DXIabgSS2Rjrlqn4PQqFnq+r/sZDYPMPVhdEfj60OZT0P0UxI4dPPqnj873N0qSsx6B49L6T03KIVRSPFjk51ZRjHQCug/RM+AH5hL+WzPckWchnML+WJ/rENcgQHP1w8uvrleO6rexE/IpkXAE7RP1snMw5kW85LgR8akzfUroPU+qCCMtw2sVNtbria7gTIcIm1YDBXU7Hx/GUPUB3uyNEX6D6i6SUgrcFCBGmLRwhIT7c4/e9AphrV6pxH73ZhzxyR4u62Wj+E8Dqn487xUaOe+SrBx4qwWFUSYyXE 8hBl39aFVnVpmiu1X2sp/4nBzSq8Bq0hhaeD4btbgxubU3PmzjkLlHGKY3MOgBieweKkEzhWNbDu3iJdWhJAmarptpbIJeQwRbJNk6dSbupfxCpwm7p0FPMfsqlHzBFoyQj9vU+oRtKKBMVqZX01mRqJtAKsxKcaX30+ljcO1E0tEjs8b6JUzVZ4jD2tzRecXYQcRgmJ9bDgl4EN6PPBGTQK4PJEKZIuxffrZj7WrSGcxcIqPWzi1H2NY4LZ1/Ta6bebb5mUtug5Lflvi7NwzIXcs9vWnQVzPm+mf8c3KxMkl9yvDl1JgM1PzYgK9q4a9vW8fFZTDVRpKkyHNPrR1cGa1zN1rfRf0cAp554P5k=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope> > > -----Original Message----- > From: Werner Dittmann [mailto:[EMAIL PROTECTED] > Sent: Monday, March 06, 2006 12:14 PM > To: Sidhu Kiran IT312 > Cc: Kosuru, Giri; [email protected]; [EMAIL PROTECTED] > Subject: Re: WSS4J interoperability > > > CAn you provide your deployment parameters? Even better if you could > show the message (using e.g tcpmon to monitor it). > > Regards, > Werner > > Sidhu Kiran IT312 wrote: > >>I am trying to test with .NET 2.0 client , WSE 3.0 and I am running into >>problems :( >> >>I am getting the following exception (I googled on this and installed >>local_policy.jar and Us_export_policy.jar as suggested by some posters, >>but it didn't help ) >> >> >>org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data; >>nested exception is: >> >>java.lang.SecurityException: Unsupported keysize or algorithm parameters >> >> -----Original Message----- >> *From:* Kosuru, Giri [mailto:[EMAIL PROTECTED] >> *Sent:* Monday, March 06, 2006 10:55 AM >> *To:* [email protected]; [EMAIL PROTECTED]; >> [EMAIL PROTECTED] >> *Subject:* WSS4J interoperability >> >> Hi all, >> >> >> >> We implemented WSS4J for securing one of our Web >> Services (Uses apache Axis). As the implementation seems to be >> simple and straight forward for basic requirements, we are planning >> to make it as a standard for other java/j2ee applications to >> implement WSS4J. But we are concerned about the interoperability of >> WSS4J with others, particularly .NET. The WSS4J web site says it is >> interoperable. But did any body did integrate WSS4J with .NET >> before? If yes, what are your experiences? Is it safe to assume >> interoperability and go ahead and make it a standard? You >> experiences will help me a lot on making a good decision. Mean while >> I will also try to test and if I find some thing I will share with you. >> >> >> >> Thanks >> >> Giri Kosuru >> >> >> >> >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
