[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlrpc-user
Subject: Re: Decoding and Verfification in WSS4J - Need some help
From: Colm O hEigeartaigh <coheigea () apache ! org>
Date: 2014-08-08 9:59:31
Message-ID: CAB8XdGAuyFc7MJ9Y1MSzw9_TY1=z52S+CWVdda6UM=9B08aCRA () mail ! gmail ! com
[Download RAW message or body]
Why not just use a SOAP stack such as CXF or Axis which will take care of
all this for you? If you really insist on implementing your own parsing,
you could take a look at the WSS4JInInterceptor in CXF, to see how it sets
up the configuration + processing for WSS4J to parse the security header:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java;hb=HEAD
Colm.
On Thu, Aug 7, 2014 at 5:41 PM, Adrian Williamson <aw@octavo2.demon.co.uk>
wrote:
> Hi,
>
> Using "public class SecurityManager implements
> SOAPHandler<SOAPMessageContext>" and wsimport:
>
> I've now managed to get the remote server to send me back a SOAP message
> which has the timetamp and body signed and the body encrypted.
>
> So I've been looking around the internet and I've got to the point where I
> think I need to use:
>
> results =
>
> this.secEngine.processSecurityHeader(doc,null,this.callbackHandler,this.cryp
> to);
>
> But this is throwing an exception:
>
> "The private key for the supplied alias does not exist in the keystore"
>
> So I've got one keystore with all the certificates in it for the client and
> the remote server.
>
> I think I need to tell secEngine or the callbackhandler which alias and
> password to use - but I'm not sure - is it supposed to get this information
> from the security header returned in the SOAP message?
>
> I was looking at this for inspiration:
>
>
> http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/tes
>
> t/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revisi
> on=1503186&view=co
>
> But if anyone has a better source please point it out.
>
> Or you can tease me by suggesting some classes and method names and I'll
> join the dots.
>
> Thanks
>
> Adrian
>
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
[Attachment #3 (text/html)]
<div dir="ltr"><div><div><br></div>Why not just use a SOAP stack such as CXF or Axis \
which will take care of all this for you? If you really insist on implementing your \
own parsing, you could take a look at the WSS4JInInterceptor in CXF, to see how it \
sets up the configuration + processing for WSS4J to parse the security header:<br> \
<br><a href="https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=rt/ws/se \
curity/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java;hb=HEAD" \
>https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=rt/ws/security/src/m \
> ain/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java;hb=HEAD</a><br>
<br></div>Colm.<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On \
Thu, Aug 7, 2014 at 5:41 PM, Adrian Williamson <span dir="ltr"><<a \
href="mailto:aw@octavo2.demon.co.uk" \
target="_blank">aw@octavo2.demon.co.uk</a>></span> wrote:<br> <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hi,<br> <br>
Using "public class SecurityManager implements<br>
SOAPHandler<SOAPMessageContext>" and wsimport:<br>
<br>
I've now managed to get the remote server to send me back a SOAP message<br>
which has the timetamp and body signed and the body encrypted.<br>
<br>
So I've been looking around the internet and I've got to the point where \
I<br> think I need to use:<br>
<br>
results =<br>
this.secEngine.processSecurityHeader(doc,null,this.callbackHandler,this.cryp<br>
to);<br>
<br>
But this is throwing an exception:<br>
<br>
"The private key for the supplied alias does not exist in the keystore"<br>
<br>
So I've got one keystore with all the certificates in it for the client and<br>
the remote server.<br>
<br>
I think I need to tell secEngine or the callbackhandler which alias and<br>
password to use - but I'm not sure - is it supposed to get this information<br>
from the security header returned in the SOAP message?<br>
<br>
I was looking at this for inspiration:<br>
<br>
<a href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/tes
t/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revisi
on=1503186&view=co" \
target="_blank">http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/tes<br>
t/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revisi<br>
on=1503186&view=co</a><br>
<br>
But if anyone has a better source please point it out.<br>
<br>
Or you can tease me by suggesting some classes and method names and I'll<br>
join the dots.<br>
<br>
Thanks<br>
<span class="HOEnZb"><font color="#888888"><br>
Adrian<br>
<br>
<br>
<br>
<br>
</font></span></blockquote></div><br></div><br clear="all"><br>-- <br>Colm O \
hEigeartaigh<br><br>Talend Community Coder<br><a href="http://coders.talend.com" \
target="_blank">http://coders.talend.com</a><br>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic