Hi, I guess I can follow the TestWSSecurityNew11 code as the following:
...
WSSecEncrypt encrypt = new WSSecEncrypt();
WSSecSignature sign = new WSSecSignature();
encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
sign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e",
"security");
System.out.println("Before Encryption....");
Document doc = env.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
System.out.println(
EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15 );
Document encryptedDoc = encrypt.build(doc, crypto, secHeader);
Document encryptedSignedDoc = sign.build(encryptedDoc, crypto,
secHeader);
...
but I always got exception at the code "Document encryptedDoc =
encrypt.build(doc, crypto, secHeader);" as the following:
Exception in thread "main" org.apache.ws.security.WSSecurityException:
An unsupported signature or encryption algorithm was used (unsupported
key transport encryption algorithm: No such algorithm:
http://www.w3.org/2001/04/xmlenc#rsa-1_5)
at
org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityU
til.java:703)
at
org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEn
cryptedKey.java:189)
at
org.apache.ws.security.message.WSSecEncrypt.prepare(WSSecEncrypt.java:21
6)
at
org.apache.ws.security.message.WSSecEncrypt.build(WSSecEncrypt.java:253)
at
com.nortel.cdma.axis.Client.NEServiceClient.main(NEServiceClient.java:23
3)
I looked at the code of
org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(), it looks
as the following:
public static Cipher getCipherInstance(String cipherAlgo)
throws WSSecurityException {
Cipher cipher = null;
try {
if
(cipherAlgo.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSA15)) {
cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING");
} else if (cipherAlgo
.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSAOEP))
{
cipher = Cipher.getInstance("RSA/NONE/OAEPPADDING");
} else {
throw new WSSecurityException(
WSSecurityException.UNSUPPORTED_ALGORITHM,
"unsupportedKeyTransp", new Object[] {
cipherAlgo });
}
} catch (NoSuchPaddingException ex) {
throw new WSSecurityException(
WSSecurityException.UNSUPPORTED_ALGORITHM,
"unsupportedKeyTransp", new Object[] { "No such
padding: "
+ cipherAlgo });
} catch (NoSuchAlgorithmException ex) {
throw new WSSecurityException(
WSSecurityException.UNSUPPORTED_ALGORITHM,
"unsupportedKeyTransp",
new Object[] { "No such algorithm: " + cipherAlgo
});
}
return cipher;
}
I looked at the value of WSConstants.KEYTRANSPORT_RSA15, which is the
same as the passed in parameter cipherAlgo, which is
http://www.w3.org/2001/04/xmlenc#rsa-1_5. I just can't understand why it
thows such an exception.
I badly need your help.
Lule
-----Original Message-----
From: Ric Emery [mailto:[EMAIL PROTECTED]
Sent: Monday, February 19, 2007 4:42 PM
To: Chen, Lule (CAR:2Y83)
Subject: Re: How to set and process x509 security token header
Download the wss4j source code. There are some good examples in the unit
tests. That is how I figured it out.
Good luck.
On 2/19/07 2:15 PM, "Lule Chen" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I would like to know how to can create a x509 token profile head that
> encrypts the soap body. The sample code there creates several username
> tokens and adds them into the RequestSecurityToken. But I don't want
> any username token. Can some one show me how to do it?
>
> Thanks,
>
>
> Lule
>
> -----Original Message-----
> From: Davanum Srinivas [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 13, 2007 10:23 AM
> To: Chen, Lule (CAR:2Y83)
> Cc: [email protected]
> Subject: Re: How to set and process x509 security token header
>
>
> Louis,
>
> Check the svn. It has implementation for all the interop tests defined
> by OASIS.
>
> http://svn.apache.org/repos/asf/webservices/wss4j/trunk/interop/
>
> thanks,
> dims
>
> On 2/12/07, Lule Chen <[EMAIL PROTECTED]> wrote:
>>
>>
>>
>> Hi, I am trying to find an sample that showing how to use the X509
>> token profile, the sample server and client code that processing and
>> generating the X509 token profile, but could not find any. Can some
>> one help me by pointing me the way of doing that? Is there a link to
>> the sample code or introductions? Most of the samples out there are
>> showing how to use the username token profile.
>>
>>
>> Thanks
>>
>>
>>
>> Louis
>
