Re: .NET client & Java web service interoperability --> Error: Unex pected number of X509Data: for decryption (KeyId)

Thu, 08 Jun 2006 03:42:44 -0700 

Hi Alberto,

Have you tried setting the DefaultSessionKeyAlgorithm = "TripleDES" in
your .Net client? I have it in my client code (C#) - see below - which
does work for my Axis service using a PKCS12 certificate generated by
keytool and imported into the windows certificate store.

Unfortunately I can't remember exactly what the problem was that I was
having which caused this problem for me, and exactly what fixed it. I do
remember I had numerous problems with the windows certificate stores,
and I vaguely remember that depending on how I obtained the certificate
from the store it refers to it differently in the SOAP message. In my
case, using "store.FindCertificateBySubjectString("richard");" worked.

using System;
using Microsoft.Web.Services2;
using Microsoft.Web.Services2.Security;
using Microsoft.Web.Services2.Security.Tokens;
using Microsoft.Web.Services2.Security.X509;
using System.Security.Cryptography;

namespace BiorsWSS4JClient
{
    /// <summary>
    /// Sample C# .NET 1.1 client for the Java Apache Axis
BiorsAdvancedQuery web service secured with WSS4J.
    /// A query is submited, and the results printed to the console.
    /// </summary>
    class Class1
    {
        /// <summary>
        /// The main entry point for the application.
        /// </summary>
        [STAThread]
        static void Main(string[] args)
        {
            try
            {
                X509SecurityToken token = null;
               
                // Open the CurrentUser Certificate Store and obtain
collection of certificates with the subject "richard".
                X509CertificateStore store =
X509CertificateStore.CurrentUserStore("Personal");
                store.OpenRead();
               
*Microsoft.Web.Services2.Security.X509.X509CertificateCollection col =
                                       
(Microsoft.Web.Services2.Security.X509.X509CertificateCollection)store.FindCertificateBySubjectString("richard");*

                // Obtain the 1st certificate from the collection and
create an X509SecurityToken.
                X509Certificate clientCert = null;
                try
                {
                    token = new X509SecurityToken( ((X509Certificate)
col[0]) );   
                }
                catch (Exception ex)
                {
                    throw new Exception("Certificate not found.
Certificate count:" + col.Count);
                }

                // Create instance of the web service proxy, get it's
request context.
                BiorsAdvRef.BiorsAdvancedQueryService ws = new
BiorsWSS4JClient.BiorsAdvRef.BiorsAdvancedQueryService();
                SoapContext requestContext = ws.RequestSoapContext;

                // Create X509 security token manager, and set the
encryption algorith.
                ISecurityTokenManager stm =
SecurityTokenManager.GetSecurityTokenManagerByTokenType(WSTrust.TokenTypes.X509v3);
                X509SecurityTokenManager x509tm = stm as
X509SecurityTokenManager;
               * x509tm.DefaultSessionKeyAlgorithm = "TripleDES";*
               
                // Add encryption element to the request context.
                requestContext.Security.Elements.Add( new
EncryptedData(token));

                // Create a UsernameToken with username "wss4j", and a
plain text password "security", and add to request context.
                UsernameToken userToken = new UsernameToken("wss4j",
"security", PasswordOption.SendPlainText);
                requestContext.Security.Tokens.Add(userToken);   

                // Define the input parameters required for the service
                BiorsAdvRef.formatType ft = new
BiorsWSS4JClient.BiorsAdvRef.formatType();
                ft = BiorsAdvRef.formatType.ELEMENTS;
                String user = null;
                String password = null;
                String query = "{uniprot_sprot}: [[AllText EQ text:lys4;]]";
                String[] requiredElements = {"_ID_", "AccNumber"};

                // Create Result instance
                BiorsAdvRef.result res = new
BiorsWSS4JClient.BiorsAdvRef.result();

                // Invoke the service and do something with the output
               res = ws.getBiorsEntry(user, password, query, ft,
requiredElements);
             .....
             ......
               
            }
            catch (System.Web.Services.Protocols.SoapException se)
            {
                Console.WriteLine(se.ToString());
            }
            Console.Read();
        }
    }
}

Hope this is of some help to you.

Richard.

Acevedo, Alberto RDECOM CERDEC SED wrote:
>
> Hello,
>
>  
>
> I have a java Web service running on Tomcat 1.5.15 and using wss4j
> version 1.5. The keystore I'm using is a pkcs12 generated with
> openssl. I'm able to encrypt/decrypt the usernameToken using a java
> web client. When I use a .NET client in Windows XP that is using the
> same keystore the web service fails to decrypt and I get the following
> error:
>
>  
>
> Unexpected number of X509Data: for decryption (KeyId)
>
>  
>
> I read all the messages in this newsgroup and I found other members
> having the same problem but no solutions. I suspect it has something
> to do with the .NET configuration especially the Default Session Key
> Algorithm. How do I configure .NET and the keystore to interoperate
> with a java web service?
>
>  
>
> After days trying to fix the problem I ran out of options. Hopefully
> it is something vary basic that I'm not seing.
>
>  
>
> Please help,
>
> *Alberto *
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to