Thanks, actually, I only need to add Bouncy Castle jar file in my class
path. But now I got a different exception as the following:
Exception in thread "main" AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}MustUnderstand
faultSubcode:
faultString: Did not understand "MustUnderstand"
header(s):{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-secext-1.0.xsd}Security
...
Do you know why it does not recognize this MustUnderstand tag? I tried
to call WSSecHeader.setMustUnderstand( false ), but it does not help,
after WSSecEncrypt.build or WSSecSignature.build, it still has
SOAP-ENV:mustUnderstand="1". How can remove this tag?
Thanks,
Lule
-----Original Message-----
From: Ric Emery [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 21, 2007 5:23 PM
To: Chen, Lule (CAR:2Y83)
Cc: wss4j-dev
Subject: Re: How to set and process x509 security token header
I would guess that you do not have a JCE provider initialized
that supports RSA. You could use the Bouncy Castle JCE Provider that is
included with WSS4J. One way to initialize the provider is
Security.addProvider(new BouncyCastleProvider());
On 2/21/07 12:23 PM, "Lule Chen" <[EMAIL PROTECTED]> wrote:
Hi, I guess I can follow the TestWSSecurityNew11 code as
the following:
...
WSSecEncrypt encrypt = new WSSecEncrypt();
WSSecSignature sign = new WSSecSignature();
encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
sign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
System.out.println("Before Encryption....");
Document doc = env.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
System.out.println(
EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15 );
Document encryptedDoc = encrypt.build(doc,
crypto, secHeader);
Document encryptedSignedDoc =
sign.build(encryptedDoc, crypto,
secHeader);
...
but I always got exception at the code "Document
encryptedDoc = encrypt.build(doc, crypto, secHeader);" as the following:
Exception in thread "main"
org.apache.ws.security.WSSecurityException: An unsupported signature or
encryption algorithm was used (unsupported key transport encryption
algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5)
at
org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityU
til.java:703)
at
org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEn
cryptedKey.java:189)
at
org.apache.ws.security.message.WSSecEncrypt.prepare(WSSecEncrypt.java:21
6)
at
org.apache.ws.security.message.WSSecEncrypt.build(WSSecEncrypt.java:253)
at
com.nortel.cdma.axis.Client.NEServiceClient.main(NEServiceClient.java:23
3)
I looked at the code of
org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(), it looks
as the following:
public static Cipher getCipherInstance(String
cipherAlgo)
throws WSSecurityException {
Cipher cipher = null;
try {
if
(cipherAlgo.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSA15)) {
cipher =
Cipher.getInstance("RSA/NONE/PKCS1PADDING");
} else if (cipherAlgo
.equalsIgnoreCase(WSConstants.KEYTRANSPORT_RSAOEP)) {
cipher =
Cipher.getInstance("RSA/NONE/OAEPPADDING");
} else {
throw new WSSecurityException(
WSSecurityException.UNSUPPORTED_ALGORITHM,
"unsupportedKeyTransp", new
Object[] { cipherAlgo });
}
} catch (NoSuchPaddingException ex) {
throw new WSSecurityException(
WSSecurityException.UNSUPPORTED_ALGORITHM,
"unsupportedKeyTransp", new Object[]
{ "No such padding: "
+ cipherAlgo });
} catch (NoSuchAlgorithmException ex) {
throw new WSSecurityException(
WSSecurityException.UNSUPPORTED_ALGORITHM,
"unsupportedKeyTransp",
new Object[] { "No such algorithm: "
+ cipherAlgo });
}
return cipher;
}
I looked at the value of WSConstants.KEYTRANSPORT_RSA15,
which is the same as the passed in parameter cipherAlgo, which is
http://www.w3.org/2001/04/xmlenc#rsa-1_5. I just can't understand why it
thows such an exception.
I badly need your help.
Lule
-----Original Message-----
From: Ric Emery [mailto:[EMAIL PROTECTED]
Sent: Monday, February 19, 2007 4:42 PM
To: Chen, Lule (CAR:2Y83)
Subject: Re: How to set and process x509 security token
header
Download the wss4j source code. There are some good
examples in the unit tests. That is how I figured it out.
Good luck.
On 2/19/07 2:15 PM, "Lule Chen" <[EMAIL PROTECTED]>
wrote:
> Hi,
>
> I would like to know how to can create a x509 token
profile head that
> encrypts the soap body. The sample code there creates
several username
> tokens and adds them into the RequestSecurityToken.
But I don't want
> any username token. Can some one show me how to do it?
>
> Thanks,
>
>
> Lule
>
> -----Original Message-----
> From: Davanum Srinivas [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 13, 2007 10:23 AM
> To: Chen, Lule (CAR:2Y83)
> Cc: [email protected]
> Subject: Re: How to set and process x509 security
token header
>
>
> Louis,
>
> Check the svn. It has implementation for all the
interop tests defined
> by OASIS.
>
>
http://svn.apache.org/repos/asf/webservices/wss4j/trunk/interop/
>
> thanks,
> dims
>
> On 2/12/07, Lule Chen <[EMAIL PROTECTED]> wrote:
>>
>>
>>
>> Hi, I am trying to find an sample that showing how to
use the X509
>> token profile, the sample server and client code that
processing and
>> generating the X509 token profile, but could not
find any. Can some
>> one help me by pointing me the way of doing that? Is
there a link to
>> the sample code or introductions? Most of the samples
out there are
>> showing how to use the username token profile.
>>
>>
>> Thanks
>>
>>
>>
>> Louis
>
