[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlrpc-user
Subject: RE: Does anyone have an example of using WSSecEncrypt.setUseThisCert()
From: "Adrian Williamson" <aw () octavo2 ! demon ! co ! uk>
Date: 2014-08-08 10:09:38
Message-ID: 025301cfb2f0$de938a20$9bba9e60$ () demon ! co ! uk
[Download RAW message or body]
This is a multipart message in MIME format.
[Attachment #2 (multipart/alternative)]
Hi Colm,
This is what worked in the end for me, I'm now trying to work out how to get back to \
SOAP from the server response, i.e. I'm writing decodeSOAP.
private SOAPMessage encodeSOAP(SOAPMessage soapMessage) throws Exception {
SOAPPart soapPart = soapMessage.getSOAPPart();
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
//Might be a workaround to the fact the WSDL has ws.live.ie and we are using \
ws.test.ie etc
soapEnvelope.addNamespaceDeclaration( "dl","http://ws.live.ie/v1/DL-WS/");
WSSecEncrypt builder = new WSSecEncrypt();
WSSecTimestamp builderTS = new WSSecTimestamp();
WSSecSignature builderSig = new WSSecSignature();
java.security.cert.X509Certificate recipientCert = (X509Certificate) \
keysRSA.getks().getCertificate("wsstestservice");
java.security.cert.X509Certificate ourCert = (X509Certificate) \
keysRSA.getks().getCertificate("wsstest");
builder.setUseThisCert(recipientCert);
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
builderTS.setTimeToLive(5000);
Document doc = soapEnvelope.getOwnerDocument();
org.apache.wss4j.dom.message.WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
{//Sign the Timestamp and the body this block replaces builderSig.build(doc, \
crypto, secHeader)
builderSig.setX509Certificate(ourCert);
builderSig.setUserInfo("wsstest", "password1");
builderSig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
SOAPConstants soapConstants = \
org.apache.wss4j.dom.util.WSSecurityUtil.getSOAPConstants(doc.getDocumentElement()); \
List<WSEncryptionPart> wsEncryptionParts = new ArrayList<WSEncryptionPart>();
WSEncryptionPart wsEncryptionPart = new WSEncryptionPart( \
soapConstants.getBodyQName().getLocalPart(),
\
soapConstants.getEnvelopeURI(), "Content");
wsEncryptionParts.add(wsEncryptionPart);
builderTS.build(doc, secHeader);
wsEncryptionParts.add(new WSEncryptionPart(builderTS.getId()));
builderSig.setParts(wsEncryptionParts);
builderSig.setUseSingleCertificate(true);
builderSig.prepare(doc, this.crypto, secHeader);
builderSig.appendBSTElementToHeader(secHeader);
List<javax.xml.crypto.dsig.Reference> referenceList = \
builderSig.addReferencesToSign(wsEncryptionParts, secHeader);
builderSig.computeSignature(referenceList);
}
try
{
builder.build(doc, this.crypto, secHeader);
}
catch (WSSecurityException e)
{
System.err.println("Failed in builder block: " + e.getMessage());
e.printStackTrace();
System.exit(1);
}
return soapMessage;
}
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: 08 August 2014 10:56
To: Adrian Williamson
Cc: users@ws.apache.org
Subject: Re: Does anyone have an example of using WSSecEncrypt.setUseThisCert()
> builder.setKeyEnc(WSConstants.TRIPLE_DES);
> builder.setEncryptSymmKey(false);
This is not valid. Triple Des is a symmetric encryption algorithm, and not a key \
transport algorithm. Also, you want to encrypt the symmetric key here (using the \
X.509 Certificate). So just comment out the "setEncryptSymmKey(false)" call + change \
"setKeyEnc" to "setSymmetricEncAlgorithm" and it should work.
> Should the WSSecSignature.setX509Certificate method take care of that?
No, because you need to specify a username + password as well to access the private \
key required to sign the request.
Colm.
On Wed, Aug 6, 2014 at 4:57 PM, Adrian Williamson <aw@octavo2.demon.co.uk> wrote:
Hi,
I believe that I am using WSS4J 2.0.2, if you have a specific process for \
understanding the version please don't be shy – I'll use it then we both know that \
I will have given the correct info.
By core do you mean the JDK? If so then :
java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)
That error in particular I have avoided by using BST_DIRECT_REFERENCE, I'm afraid I \
was doing that two-year-old learning technique of pressing all the buttons at once, \
so I might have been the cause of the error – not knowing my apples from pears:
//This gives Error when calling DDOperation: An invalid security token was \
provided (Bad ValueType \
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")
java.security.cert.X509Certificate recipientCert = (X509Certificate) \
keysRSA.getks().getCertificate("wsstestservice");
Document doc = soapEnvelope.getOwnerDocument();
org.apache.wss4j.dom.message.WSSecHeader secHeader = new WSSecHeader();
builder.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
builder.setKeyEnc(WSConstants.TRIPLE_DES);
builder.setEncryptSymmKey(false);
builder.setUseThisCert(recipientCert);
try
{
secHeader.insertSecurityHeader(doc);
builder.build(doc, crypto, secHeader);
}
catch (WSSecurityException e)
So I am not too worried about that as I have moved on.
I did find another issue with the WSSecSignature, when using the \
WSSecSignature.setX509Certificate and then calling WSSecSignature.build it throw a \
null identifier (merlin.java:744) for the GetPrivateKey() as the calling context \
WSecSigniture.java:530 had this.user set to null, I worked out that if I used \
WSSecSignature.setUserInfo and passed in the alias and the JKS password then it \
stopped moaning and got on with it.
Should the WSSecSignature.setX509Certificate method take care of that?
My work in progress/prototype is below, I'm trying to mimic the SOAPUI WSS \
specification:
I'll go and look at those examples.
Cheers,
Adrian
PS Bonus points for identifying Cargo Cult sections….
private SOAPMessage encriptBody(SOAPMessage soapMessage) throws Exception {
SOAPPart soapPart = soapMessage.getSOAPPart();
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
WSSecEncrypt builder = new WSSecEncrypt();
WSSecTimestamp builderTS = new WSSecTimestamp();
WSSecSignature builderSig = new WSSecSignature();
Crypto crypto = null;
//Class constructor candidates
try {
//Where will I put the properties file?
crypto = CryptoFactory.getInstance("Ball.properties");
}
catch (WSSecurityException e)
{
System.err.println("Crypto crypto = \
CryptoFactory.getInstance(\"Ball.properties\"): " + e.getMessage());
}
java.security.cert.X509Certificate recipientCert = (X509Certificate) \
keysRSA.getks().getCertificate("wsstestservice");
java.security.cert.X509Certificate ourCert = (X509Certificate) \
keysRSA.getks().getCertificate("wsclientcert");
builder.setUseThisCert(recipientCert);
builderSig.setX509Certificate(ourCert);
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builderTS.setTimeToLive(5000);
builderSig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builderSig.setUserInfo("wsclientcert", "password1");
//End Class constructor candidates
Document doc = soapEnvelope.getOwnerDocument();
org.apache.wss4j.dom.message.WSSecHeader secHeader = new WSSecHeader();
try
{
secHeader.insertSecurityHeader(doc);
builderTS.build(doc, secHeader);
builderSig.build(doc, crypto, secHeader);
builder.build(doc, crypto, secHeader);
}
catch (WSSecurityException e)
{
System.err.println("Failed in builder block: " + e.getMessage());
e.printStackTrace();
System.exit(1);
}
return soapMessage;
}
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: 06 August 2014 15:48
To: users@ws.apache.org
Subject: Re: Does anyone have an example of using WSSecEncrypt.setUseThisCert()
Here are some:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revision=1503186 \
<http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/or \
g/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revision=1503186&view=co> \
&view=co
What version of WSS4J? What does the request look like that is generating that error \
+ what core are you using to generate it?
Colm.
On Wed, Aug 6, 2014 at 9:35 AM, Adrian Williamson <aw@octavo2.demon.co.uk> wrote:
Hi,
Has anyone got an example of how this method can be used?
I've trying different values for the WSSecEncrypt.setKeyIdentifierType() but
I keep getting application specific error messages back from the private
service I'm calling.
One of the error messages made me stop and ponder the extent of my
ignorance;
WSConstants.X509_KEY_IDENTIFIER it returned:
An invalid security token was provided (Bad ValueType
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile- \
<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-%0d%0a1.0#X509v3> \
1.0#X509v3")
So I thought if someone had a nice little test case that used an X509
certificate to encrypt it might help me along.
So I can see how it is supposed to be done.
Thanks
Adrian
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
[Attachment #5 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:x="urn:schemas-microsoft-com:office:excel" \
xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hi Colm,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>This is what worked in the end for me, I'm now trying to work
out how to get back to SOAP from the server response, i.e. I'm writing
decodeSOAP.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>private SOAPMessage encodeSOAP(SOAPMessage soapMessage) throws
Exception {<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> SOAPPart soapPart = \
soapMessage.getSOAPPart();<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> SOAPEnvelope soapEnvelope = \
soapPart.getEnvelope();<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> //Might be a workaround to the fact the WSDL has ws.live.ie
and we are using ws.test.ie etc <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> soapEnvelope.addNamespaceDeclaration(
"dl","http://ws.live.ie/v1/DL-WS/");<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> WSSecEncrypt builder = new \
WSSecEncrypt();<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> WSSecTimestamp builderTS = new \
WSSecTimestamp();<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> WSSecSignature builderSig = new \
WSSecSignature();<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> java.security.cert.X509Certificate recipientCert =
(X509Certificate)
keysRSA.getks().getCertificate("wsstestservice"); \
<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> java.security.cert.X509Certificate ourCert =
(X509Certificate) keysRSA.getks().getCertificate("wsstest");<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> builder.setUseThisCert(recipientCert); \
<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> \
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> builderTS.setTimeToLive(5000);<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> Document doc = \
soapEnvelope.getOwnerDocument();<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> org.apache.wss4j.dom.message.WSSecHeader secHeader = new
WSSecHeader();<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> secHeader.insertSecurityHeader(doc);<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> {//Sign the Timestamp and the body this block replaces
builderSig.build(doc, crypto, secHeader)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> \
builderSig.setX509Certificate(ourCert);<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> builderSig.setUserInfo("wsstest",
"password1");<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>
builderSig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> SOAPConstants soapConstants = \
org.apache.wss4j.dom.util.WSSecurityUtil.getSOAPConstants(doc.getDocumentElement()); \
<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> List<WSEncryptionPart> wsEncryptionParts = new
ArrayList<WSEncryptionPart>();<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> WSEncryptionPart wsEncryptionPart = new
WSEncryptionPart( soapConstants.getBodyQName().getLocalPart(),<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> \
soapConstants.getEnvelopeURI(), "Content");<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> wsEncryptionParts.add(wsEncryptionPart); \
<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> builderTS.build(doc, secHeader);<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> wsEncryptionParts.add(new
WSEncryptionPart(builderTS.getId())); <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> \
builderSig.setParts(wsEncryptionParts);<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> \
builderSig.setUseSingleCertificate(true);<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> builderSig.prepare(doc, this.crypto, \
secHeader);<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> builderSig.appendBSTElementToHeader(secHeader); \
<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> List<javax.xml.crypto.dsig.Reference>
referenceList = builderSig.addReferencesToSign(wsEncryptionParts, secHeader); \
<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> \
builderSig.computeSignature(referenceList);<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> } <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> try<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> { <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> builder.build(doc, this.crypto, secHeader); \
<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> }<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> catch (WSSecurityException e)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> {<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> System.err.println("Failed in builder block: \
" + e.getMessage());<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> e.printStackTrace();<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> System.exit(1); <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> }<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'> return soapMessage;<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>}<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Colm O hEigeartaigh \
[mailto:coheigea@apache.org] <br> <b>Sent:</b> 08 August 2014 10:56<br>
<b>To:</b> Adrian Williamson<br>
<b>Cc:</b> users@ws.apache.org<br>
<b>Subject:</b> Re: Does anyone have an example of using
WSSecEncrypt.setUseThisCert()<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>>
builder.setKeyEnc(WSConstants.TRIPLE_DES);<br>
> builder.setEncryptSymmKey(false);<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>This is not valid. Triple Des is a symmetric encryption
algorithm, and not a key transport algorithm. Also, you want to encrypt the
symmetric key here (using the X.509 Certificate). So just comment out the
"setEncryptSymmKey(false)" call + change "setKeyEnc" to
"setSymmetricEncAlgorithm" and it should work.<br>
<br>
> Should the WSSecSignature.setX509Certificate method take care of that?<br>
<br>
No, because you need to specify a username + password as well to access the
private key required to sign the request.<br>
<br>
Colm.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal>On Wed, Aug 6, 2014 at 4:57 PM, Adrian Williamson <<a
href="mailto:aw@octavo2.demon.co.uk" target="_blank">aw@octavo2.demon.co.uk</a>>
wrote:<o:p></o:p></p>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi,</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I
believe that I am using WSS4J 2.0.2, if you have a specific process for
understanding the version please don't be shy – I'll use it then we both know
that I will have given the correct info.</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>By
core do you mean the JDK? If so then :</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>java
version "1.7.0_55"</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Java(TM)
SE Runtime Environment (build 1.7.0_55-b13)</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Java
HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>That
error in particular I have avoided by using BST_DIRECT_REFERENCE, I'm afraid I
was doing that two-year-old learning technique of pressing all the buttons at
once, so I might have been the cause of the error – not knowing my apples from
pears:</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
//This gives Error when calling DDOperation: An invalid security token was
provided (Bad ValueType "<a
href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</a>")</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
java.security.cert.X509Certificate recipientCert = (X509Certificate) \
keysRSA.getks().getCertificate("wsstestservice"); \
</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
Document doc = soapEnvelope.getOwnerDocument();</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
org.apache.wss4j.dom.message.WSSecHeader secHeader = new \
WSSecHeader();</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
builder.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER); </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
builder.setKeyEnc(WSConstants.TRIPLE_DES);</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
builder.setEncryptSymmKey(false);</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
builder.setUseThisCert(recipientCert);</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
try</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
{ </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> \
secHeader.insertSecurityHeader(doc);</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> builder.build(doc, \
crypto, secHeader); </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
}</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
catch (WSSecurityException e)</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Courier \
New";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>So I
am not too worried about that as I have moved on.</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I did
find another issue with the WSSecSignature, when using the
WSSecSignature.setX509Certificate and then calling WSSecSignature.build it
throw a null identifier (merlin.java:744) for the GetPrivateKey() as the
calling context WSecSigniture.java:530 had this.user set to null, I worked out
that if I used WSSecSignature.setUserInfo and passed in the alias and the JKS
password then it stopped moaning and got on with it.</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Should
the WSSecSignature.setX509Certificate method take care of that?</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>My
work in progress/prototype is below, I'm trying to mimic the SOAPUI WSS
specification:</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><img
border=0 width=530 height=388 id="_x0000_i1025"
src="cid:image001.png@01CFB2F9.3823B9E0"></span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I'll
go and look at those examples.</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Cheers,</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Adrian</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>PS
Bonus points for identifying Cargo Cult sections…. </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>private
SOAPMessage encriptBody(SOAPMessage soapMessage) throws Exception \
{</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
SOAPPart soapPart = soapMessage.getSOAPPart();</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
WSSecEncrypt builder = new WSSecEncrypt();</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
WSSecTimestamp builderTS = new WSSecTimestamp();</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
WSSecSignature builderSig = new WSSecSignature();</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
Crypto crypto = null;</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
//Class constructor candidates </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
try {</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> //Where will I put the \
properties file?</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> crypto = \
CryptoFactory.getInstance("Ball.properties");</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
}</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
catch (WSSecurityException e)</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
{</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> \
System.err.println("Crypto crypto = \
CryptoFactory.getInstance(\"Ball.properties\"): " + \
e.getMessage()); </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
}</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
java.security.cert.X509Certificate recipientCert = (X509Certificate)
keysRSA.getks().getCertificate("wsstestservice");
</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
java.security.cert.X509Certificate ourCert = (X509Certificate)
keysRSA.getks().getCertificate("wsclientcert");</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
builder.setUseThisCert(recipientCert);</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
builderSig.setX509Certificate(ourCert); </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); \
</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
builderTS.setTimeToLive(5000);</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
builderSig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
builderSig.setUserInfo("wsclientcert", \
"password1");</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
//End Class constructor candidates </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
Document doc = soapEnvelope.getOwnerDocument();</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
org.apache.wss4j.dom.message.WSSecHeader secHeader = new \
WSSecHeader();</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'> \
</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
try</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
{ </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> \
secHeader.insertSecurityHeader(doc);</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> builderTS.build(doc, \
secHeader);</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> builderSig.build(doc, \
crypto, secHeader);</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> builder.build(doc, \
crypto, secHeader); </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
}</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
catch (WSSecurityException e)</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
{</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> \
System.err.println("Failed in builder block: " + \
e.getMessage());</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> \
e.printStackTrace();</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> \
System.exit(1); </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
}</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>
return soapMessage;</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>}</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p>
<div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0cm 0cm 0cm;
border-color:-moz-use-text-color -moz-use-text-color'>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Colm O hEigeartaigh
[mailto:<a href="mailto:coheigea@apache.org" target="_blank">coheigea@apache.org</a>]
<br>
<b>Sent:</b> 06 August 2014 15:48<br>
<b>To:</b> <a href="mailto:users@ws.apache.org" \
target="_blank">users@ws.apache.org</a><br> <b>Subject:</b> Re: Does anyone have an \
example of using WSSecEncrypt.setUseThisCert()</span><o:p></o:p></p>
</div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
<div>
<div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p>
</div>
<p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'>Here
are some:<br>
<br>
<a
href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/ja \
va/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revision=1503186&view=co"
target="_blank">http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/ \
src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revision=1503186&view=co</a><o:p></o:p></p>
</div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>What
version of WSS4J? What does the request look like that is generating that error
+ what core are you using to generate it?<br>
<br>
Colm.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'> <o:p></o:p></p>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On
Wed, Aug 6, 2014 at 9:35 AM, Adrian Williamson <<a
href="mailto:aw@octavo2.demon.co.uk" target="_blank">aw@octavo2.demon.co.uk</a>>
wrote:<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'>Hi,<br>
<br>
Has anyone got an example of how this method can be used?<br>
<br>
I've trying different values for the WSSecEncrypt.setKeyIdentifierType() but<br>
I keep getting application specific error messages back from the private<br>
service I'm calling.<br>
<br>
One of the error messages made me stop and ponder the extent of my<br>
ignorance;<br>
<br>
WSConstants.X509_KEY_IDENTIFIER it returned:<br>
<br>
An invalid security token was provided (Bad ValueType<br>
"<a
href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-%0d%0a1.0#X509v3"
target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-<br>
1.0#X509v3</a>")<br>
<br>
So I thought if someone had a nice little test case that used an X509<br>
certificate to encrypt it might help me along.<br>
<br>
So I can see how it is supposed to be done.<br>
<br>
Thanks<span style='color:#888888'><br>
<br>
Adrian<br>
<br>
<br>
</span><o:p></o:p></p>
</div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='color:#888888'> <o:p></o:p></span></p>
</div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='color:#888888'><br clear=all>
<br>
-- <br>
Colm O hEigeartaigh<br>
<br>
Talend Community Coder<br>
<a href="http://coders.talend.com" \
target="_blank">http://coders.talend.com</a><o:p></o:p></span></p>
</div>
</div>
</div>
<p class=MsoNormal><br>
<br clear=all>
<br>
-- <br>
Colm O hEigeartaigh<br>
<br>
Talend Community Coder<br>
<a href="http://coders.talend.com" \
target="_blank">http://coders.talend.com</a><o:p></o:p></p>
</div>
</div>
</div>
</body>
</html>
["image001.png" (image/png)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic