Hello,
I am trying sign and encrypt with wss4j with symmetric key but found
that it is not doing it as expected so may be its kind of bug.. please
confirm.
I am sending encrypted symmetric in request which wss4j understands and
is able to do verify and decrypt using symmetric key.
Problem here is - wss4j doesn't use symmetric key that came in request
to encrypt and sign in response rather it generates symmetric key again
to encrypt response and also it signs using private key instead of using
symmetric key..
Is it a known issue? I debugged and found that messageContext has bag
(hashtable) which has all required data that came in request but wss4j
was not able to use it in response..
So here are 2 issues:-
1) wss4j doesn't use symmetric key to encrypt response that came in
request but rather generates key again
2) signing of response is also not performed with symmetric key that
came in request while response is signed by private key of service.
Please let me know if these issues can be addressed by some configuration
Thanks
Nitin
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
