Please see the TestWSSecurityNew* tests available here : https://svn.apache.org/repos/asf/webservices/wss4j/trunk/test/wssec
See how they use the WSSecurityEngine. Thanks, Ruchith On 11/9/06, Xinjun Chen <[EMAIL PROTECTED]> wrote:
Hi Ruchith, Thank you for your pointer. :-) security.provider.7=org.bouncycastle.jce.provider.BouncyCastleProvider is one of the reasons for the error. I have set the provider in JDK1.4.1 but forget to set in JDK1.5. After done that I also meet some other exceptions. Here I just list the exceptions I encountered and solutions I used for the reference of future newbies. 1. Unexpected number of X509Data: for Signature. For my test, the reason is because I didn't set username and password to the WSSecSignature signer. I had thought the alias and password in the crypto.property will be used. However it turns out not. So simply add one line in test code: signer.setUserInfo(alias, password); 2. Sorry, you supplied the wrong key type for this operation! You supplied a sun.security.provider.DSAPrivateKey but a javax.crypto.SecretKey is needed. This error is somehow clearer. It hits me that the Signature algorithm may not be set properly. I changed the signature algorithm to XMLSignature.ALGO_ID_SIGNATURE_DSA, then it is ok. The signature algorithm and the provided cert algorithm must match. The specific line is signer.setSignatureAlgorithm(XMLSignature.ALGO_ID_SIGNATURE_DSA); Now I am trying to verify the test signature generated. Is there any sample to do that? Regards, Xinjun On 11/9/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote: > Please try this : > > http://ws.apache.org/axis2/faq.html#a3 > > (General#3) > > thanks, > Ruchith > > On 11/9/06, Xinjun Chen <[EMAIL PROTECTED]> wrote: > > Hi > > > > I got the following new exception when I switch to JDK1.5. I have already > > include bouncycastle in the classpath. > > > > I feel it is some common error. Could you enlighten me on it? Do I missed > > some step? I am using the sample crypto.properties provided by WSS4J. > > > > > > java.io.IOException: failed to decrypt safe contents entry: > > javax.crypto.BadPaddingException: Given final block not > > properly padded > > at > > com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad (PKCS12KeyStore.java:1275) > > at java.security.KeyStore.load(KeyStore.java:1150) > > at > > org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:525) > > at > > org.apache.ws.security.components.crypto.AbstractCrypto .<init>( > > AbstractCrypto.java:121) > > at > > org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:62) > > > > Caused by: javax.crypto.BadPaddingException: Given final > > block not properly padded > > at com.sun.crypto.provider.SunJCE_h.b(DashoA12275) > > at com.sun.crypto.provider.SunJCE_h.b(DashoA12275) > > at com.sun.crypto.provider.SunJCE_ab.b (DashoA12275) > > at > > com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal(DashoA12275) > > at javax.crypto.Cipher.doFinal(DashoA12275) > > at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad > > (PKCS12KeyStore.java:1272) > > > > > > > > > > On 11/9/06, Xinjun Chen <[EMAIL PROTECTED]> wrote: > > > > > > Hi, > > > > > > I am trying to use WSS4J as API to do signature for a SOAPEnvelope. More > > specifically, I am using WSSecSignature with the following sample crypto > > provided by WSS4J to do the testing. > > > > > > > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin > > > > > org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 > > > > > org.apache.ws.security.crypto.merlin.keystore.password=security > > > > > org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e > > > > > org.apache.ws.security.crypto.merlin.alias.password=security > > > > > org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT > > > > > > However, I received the following exception: > > > > > > unknown attr1.3.6.1.4.1.311.17.1 > > > Doc after insert security header: <?xml version="1.0" encoding="UTF-8"?> > > > <SOAP-ENV:Envelope xmlns:SOAP-ENV=" > > http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi=" > > http://www.w3.org/2001/XMLSchema-instance";><SOAP-ENV:Header > > > > > > <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/></SOAP-ENV:Header><SOAP-ENV:Body><sayHello > > xmlns=" http://services/helloworld";><value>Hello > > world!</value></sayHello></SOAP-ENV:Body></SOAP-ENV:Envelope> > > > java.lang.NullPointerException > > > at > > com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineGetCertificateChain > > (DashoA6275) > > > at > > java.security.KeyStore.getCertificateChain(KeyStore.java :312) > > > at > > org.apache.ws.security.components.crypto.AbstractCrypto.getCertificates(AbstractCrypto.java:407) > > > at org.apache.ws.security.message.WSSecSignature.prepare > > (WSSecSignature.java :272) > > > at > > org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:643) > > > at tests.TestX509Signature.main(TestX509Signature.java:108) > > > Exception in thread "main" > > > > > > > > > I am using the WSS4J 1.5, Sun JDK1.4.2. > > > From google, I know that the message "unknown attr1.3.6.1.4.1.311.17.1" > > can be just ignored. > > > It seems that the NullPointerException is due to the empty cert chain. But > > there should be at least one cert in the chain, right? > > > > > > Could anyone suggest what I can do? Those who has managed to do signature > > using the sample crypto.propertie, could you help? Thank you. > > > > > > > > > Regards, > > > Xinjun > > > > > > > -- > www.ruchith.org >
-- www.ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
