WSSecEncrypt vs WSEncryptBody

Yang, Gang CTR US USA Wed, 11 Aug 2010 07:29:20 -0700

Hi,

I'm wondering if WSSecEncrypt is ready for use. I was trying to encrypt
a very simple SOAP message with a bare minumum wss4j code using either
1.5.6 or 1.5.8. Using WSEncryptBody, it worked. But when I switch over
to WSSecEncrypt since WSEncryptBody seems to be deprecated, I got the
following exception:




org.apache.ws.security.WSSecurityException: Cannot encrypt data; nested
exception is: 
        org.apache.xml.security.exceptions.XMLSecurityException: Cannot
create a http://www.w3.org/2000/09/xmldsig#:ds:KeyInfo from a
http://www.w3.org/2000/09/xmldsig#:KeyInfo element
        at
org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.ja
va:583)
        at
org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.ja
va:444)
        at
org.apache.ws.security.message.WSSecEncrypt.encryptForInternalRef(WSSecE
ncrypt.java:342)
        at
org.apache.ws.security.message.WSSecEncrypt.build(WSSecEncrypt.java:306)
        at
com.ibm.sample.SOAPEncryption.encryptSOAPEnvelope(SOAPEncryption.java:13
7)
        at com.ibm.sample.SOAPEncryption.main(SOAPEncryption.java:159)
Caused by: org.apache.xml.security.exceptions.XMLSecurityException:
Cannot create a http://www.w3.org/2000/09/xmldsig#:ds:KeyInfo from a
http://www.w3.org/2000/09/xmldsig#:KeyInfo element
        at
org.apache.xml.security.utils.ElementCheckerImpl$InternedNsChecker.guara
nteeThatElementInCorrectSpace(Unknown Source)
        at
org.apache.xml.security.utils.ElementProxy.guaranteeThatElementInCorrect
Space(Unknown Source)
        at org.apache.xml.security.utils.ElementProxy.<init>(Unknown
Source)
        at
org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown
Source)
        at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
        at
org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.ja
va:580)
        ... 5 more



Here's the relavent code segment:


        public SOAPMessage encryptSOAPEnvelope(SOAPEnvelope
unsignedEnvelope) throws Exception {
                // GY: Deprecated. Use WSSecEncrypt
//         WSEncryptBody wsEncrypt = new WSEncryptBody();
           WSSecEncrypt wsEncrypt = new WSSecEncrypt();
           Document doc = unsignedEnvelope.getOwnerDocument();
           
           String alias = "mykey"; 
           String password = "testit";
           wsEncrypt.setUserInfo(alias, password);

           Crypto crypto = CryptoFactory.getInstance();
//         Document encDoc = wsEncrypt.build(doc, crypto);
           Document encDoc = wsEncrypt.build(doc, crypto, null);
        
           DOMSource src = new DOMSource(encDoc);
           MessageFactory mf = MessageFactory.newInstance();
           SOAPMessage soapMsg = mf.createMessage();
           soapMsg.getSOAPPart().setContent(src);
        
           return soapMsg;
        }


I followed the WSSecEncrypt code to the point where it tries to clone
the KeyInfo when it generates the exception. It's at
WSSecEncrypt.java:595. This looks like all wss4j internal handling. Is
this a bug?

Thanks,
Gang

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org

WSSecEncrypt vs WSEncryptBody

Reply via email to