'RE: Does anyone have an example of using WSSecEncrypt.setUseThisCert()'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-user
Subject:    RE: Does anyone have an example of using WSSecEncrypt.setUseThisCert()
From:       "Adrian Williamson" <aw () octavo2 ! demon ! co ! uk>
Date:       2014-08-08 10:09:38
Message-ID: 025301cfb2f0$de938a20$9bba9e60$ () demon ! co ! uk
[Download RAW message or body]

This is a multipart message in MIME format.

[Attachment #2 (multipart/alternative)]


Hi Colm,

 

This is what worked in the end for me, I'm now trying to work out how to get back to \
SOAP from the server response, i.e. I'm writing decodeSOAP.

 

private SOAPMessage encodeSOAP(SOAPMessage soapMessage) throws Exception  {

    

    

    SOAPPart soapPart = soapMessage.getSOAPPart();

    SOAPEnvelope  soapEnvelope = soapPart.getEnvelope();

    

    //Might be a workaround to the fact the WSDL has ws.live.ie and we are using \
ws.test.ie etc    

    soapEnvelope.addNamespaceDeclaration( "dl","http://ws.live.ie/v1/DL-WS/");

    

    WSSecEncrypt builder  = new WSSecEncrypt();

    WSSecTimestamp builderTS = new WSSecTimestamp();

    WSSecSignature builderSig = new WSSecSignature();

       

 

    java.security.cert.X509Certificate recipientCert = (X509Certificate) \
keysRSA.getks().getCertificate("wsstestservice");     

    java.security.cert.X509Certificate ourCert = (X509Certificate) \
keysRSA.getks().getCertificate("wsstest");

    

    

    

    builder.setUseThisCert(recipientCert);        

    builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);

    builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);

    builderTS.setTimeToLive(5000);

 

 

    Document doc = soapEnvelope.getOwnerDocument();

    org.apache.wss4j.dom.message.WSSecHeader secHeader = new WSSecHeader();

    secHeader.insertSecurityHeader(doc);

    

    {//Sign the Timestamp and the body this block replaces builderSig.build(doc, \
crypto, secHeader)

        builderSig.setX509Certificate(ourCert);

        builderSig.setUserInfo("wsstest", "password1");

        builderSig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);

        

        SOAPConstants soapConstants = \
org.apache.wss4j.dom.util.WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());  \


        List<WSEncryptionPart> wsEncryptionParts = new ArrayList<WSEncryptionPart>();

        WSEncryptionPart wsEncryptionPart = new WSEncryptionPart( \
soapConstants.getBodyQName().getLocalPart(),

                                                                  \
soapConstants.getEnvelopeURI(), "Content");

        wsEncryptionParts.add(wsEncryptionPart);        

        builderTS.build(doc, secHeader);

        wsEncryptionParts.add(new WSEncryptionPart(builderTS.getId()));          

        builderSig.setParts(wsEncryptionParts);

        builderSig.setUseSingleCertificate(true);

        builderSig.prepare(doc, this.crypto, secHeader);

        builderSig.appendBSTElementToHeader(secHeader);        

        List<javax.xml.crypto.dsig.Reference> referenceList = \
builderSig.addReferencesToSign(wsEncryptionParts, secHeader); 

        builderSig.computeSignature(referenceList);

        

    } 

   

   

    

    try

    {  

        builder.build(doc, this.crypto, secHeader);        

    }

    catch (WSSecurityException e)

    {

        System.err.println("Failed in builder block: " + e.getMessage());

        e.printStackTrace();

        System.exit(1);       

    }

 

    return soapMessage;

}

 

 

From: Colm O hEigeartaigh [mailto:coheigea@apache.org] 
Sent: 08 August 2014 10:56
To: Adrian Williamson
Cc: users@ws.apache.org
Subject: Re: Does anyone have an example of using WSSecEncrypt.setUseThisCert()

 

 

> builder.setKeyEnc(WSConstants.TRIPLE_DES);
> builder.setEncryptSymmKey(false);

This is not valid. Triple Des is a symmetric encryption algorithm, and not a key \
transport algorithm. Also, you want to encrypt the symmetric key here (using the \
X.509 Certificate). So just comment out the "setEncryptSymmKey(false)" call + change \
"setKeyEnc" to "setSymmetricEncAlgorithm" and it should work.

> Should the WSSecSignature.setX509Certificate method take care of that?

No, because you need to specify a username + password as well to access the private \
key required to sign the request.

Colm.

 

On Wed, Aug 6, 2014 at 4:57 PM, Adrian Williamson <aw@octavo2.demon.co.uk> wrote:

Hi,

 

I believe that I am using WSS4J 2.0.2, if you have a specific process for \
understanding the version please don't be shy – I'll use it then we both know that \
I will have given the correct info.

 

By core do you mean the JDK? If so then :

 

java version "1.7.0_55"

Java(TM) SE Runtime Environment (build 1.7.0_55-b13)

Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)

 

That error in particular I have avoided by using BST_DIRECT_REFERENCE, I'm afraid I \
was doing that two-year-old learning technique of pressing all the buttons at once, \
so I might have been the cause of the error – not knowing my apples from pears:

 

    //This gives Error when calling DDOperation: An invalid security token was \
provided (Bad ValueType \
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")


 

 

    java.security.cert.X509Certificate recipientCert = (X509Certificate) \
keysRSA.getks().getCertificate("wsstestservice");     

    Document doc = soapEnvelope.getOwnerDocument();

    org.apache.wss4j.dom.message.WSSecHeader secHeader = new WSSecHeader();

    

    builder.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER); 

    builder.setKeyEnc(WSConstants.TRIPLE_DES);

    builder.setEncryptSymmKey(false);

    builder.setUseThisCert(recipientCert);

 

    try

    {   

        secHeader.insertSecurityHeader(doc);

        builder.build(doc, crypto, secHeader);        

    }

    catch (WSSecurityException e)

 

So I am not too worried about that as I have moved on.

 

I did find another issue with the WSSecSignature, when using the \
WSSecSignature.setX509Certificate and then calling WSSecSignature.build it throw a \
null identifier (merlin.java:744) for the GetPrivateKey() as the calling context \
WSecSigniture.java:530 had this.user set to null, I worked out that if I used \
WSSecSignature.setUserInfo and passed in the alias and the JKS password then it \
stopped moaning and got on with it.

 

Should the WSSecSignature.setX509Certificate method take care of that?

 

My work in progress/prototype is below, I'm trying to mimic the SOAPUI WSS \
specification:

 



 

I'll go and look at those examples.

 

Cheers,

 

Adrian

PS Bonus points for identifying Cargo Cult sections…. 

 

 

 

private SOAPMessage encriptBody(SOAPMessage soapMessage) throws Exception  {

    SOAPPart soapPart = soapMessage.getSOAPPart();

    SOAPEnvelope  soapEnvelope = soapPart.getEnvelope();

    

    WSSecEncrypt builder  = new WSSecEncrypt();

    WSSecTimestamp builderTS = new WSSecTimestamp();

    WSSecSignature builderSig = new WSSecSignature();

    

    

    Crypto crypto = null;

    //Class constructor candidates 

    try {

        //Where will I put the properties file?

        crypto = CryptoFactory.getInstance("Ball.properties");

    }

    catch (WSSecurityException e)

    {

        System.err.println("Crypto crypto = \
CryptoFactory.getInstance(\"Ball.properties\"): " + e.getMessage());    

    }

    java.security.cert.X509Certificate recipientCert = (X509Certificate) \
keysRSA.getks().getCertificate("wsstestservice");     

    java.security.cert.X509Certificate ourCert = (X509Certificate) \
keysRSA.getks().getCertificate("wsclientcert");

    

    builder.setUseThisCert(recipientCert);

    builderSig.setX509Certificate(ourCert);   

    

    builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); 

    builderTS.setTimeToLive(5000);

    builderSig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);

    builderSig.setUserInfo("wsclientcert", "password1");

    //End Class constructor candidates 

 

 

    Document doc = soapEnvelope.getOwnerDocument();

    org.apache.wss4j.dom.message.WSSecHeader secHeader = new WSSecHeader();

   

    try

    {   

        secHeader.insertSecurityHeader(doc);

        builderTS.build(doc, secHeader);

        builderSig.build(doc, crypto, secHeader);

        builder.build(doc, crypto, secHeader);        

    }

    catch (WSSecurityException e)

    {

        System.err.println("Failed in builder block: " + e.getMessage());

        e.printStackTrace();

        System.exit(1);       

    }

 

    return soapMessage;

}

 

 

 

From: Colm O hEigeartaigh [mailto:coheigea@apache.org] 
Sent: 06 August 2014 15:48
To: users@ws.apache.org
Subject: Re: Does anyone have an example of using WSSecEncrypt.setUseThisCert()

 

 

Here are some:

http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revision=1503186 \
<http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/or \
g/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revision=1503186&view=co> \
&view=co

What version of WSS4J? What does the request look like that is generating that error \
+ what core are you using to generate it?

Colm.

 

On Wed, Aug 6, 2014 at 9:35 AM, Adrian Williamson <aw@octavo2.demon.co.uk> wrote:

Hi,

Has anyone got an example of how this method can be used?

I've trying different values for the WSSecEncrypt.setKeyIdentifierType() but
I keep getting application specific error messages back from the private
service I'm calling.

One of the error messages made me stop and ponder the extent of my
ignorance;

WSConstants.X509_KEY_IDENTIFIER it returned:

An invalid security token was provided (Bad ValueType
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile- \
<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-%0d%0a1.0#X509v3> \
 1.0#X509v3")

So I thought if someone had a nice little test case that used an X509
certificate to encrypt it might help me along.

So I can see how it is supposed to be done.

Thanks

Adrian




 



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com




-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com


[Attachment #5 (text/html)]

<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:x="urn:schemas-microsoft-com:office:excel" \
xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page Section1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hi Colm,<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>This is what worked in the end for me, I'm now trying to work
out how to get back to SOAP from the server response, i.e. I'm writing
decodeSOAP.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>private SOAPMessage encodeSOAP(SOAPMessage soapMessage) throws
Exception   {<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       SOAPPart soapPart = \
soapMessage.getSOAPPart();<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       SOAPEnvelope   soapEnvelope = \
soapPart.getEnvelope();<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       //Might be a workaround to the fact the WSDL has ws.live.ie
and we are using ws.test.ie etc       <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       soapEnvelope.addNamespaceDeclaration(
&quot;dl&quot;,&quot;http://ws.live.ie/v1/DL-WS/&quot;);<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       WSSecEncrypt builder   = new \
WSSecEncrypt();<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       WSSecTimestamp builderTS = new \
WSSecTimestamp();<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       WSSecSignature builderSig = new \
WSSecSignature();<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>             <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       java.security.cert.X509Certificate recipientCert =
(X509Certificate)
keysRSA.getks().getCertificate(&quot;wsstestservice&quot;);         \
<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       java.security.cert.X509Certificate ourCert =
(X509Certificate) keysRSA.getks().getCertificate(&quot;wsstest&quot;);<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       builder.setUseThisCert(recipientCert);               \
<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>      
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       \
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       builderTS.setTimeToLive(5000);<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       Document doc = \
soapEnvelope.getOwnerDocument();<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       org.apache.wss4j.dom.message.WSSecHeader secHeader = new
WSSecHeader();<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       secHeader.insertSecurityHeader(doc);<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       {//Sign the Timestamp and the body this block replaces
builderSig.build(doc, crypto, secHeader)<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               \
builderSig.setX509Certificate(ourCert);<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               builderSig.setUserInfo(&quot;wsstest&quot;,
&quot;password1&quot;);<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>              
builderSig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               SOAPConstants soapConstants = \
org.apache.wss4j.dom.util.WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());  \
 <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               List&lt;WSEncryptionPart&gt; wsEncryptionParts = new
ArrayList&lt;WSEncryptionPart&gt;();<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               WSEncryptionPart wsEncryptionPart = new
WSEncryptionPart( soapConstants.getBodyQName().getLocalPart(),<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>                                                                       \
 soapConstants.getEnvelopeURI(), &quot;Content&quot;);<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               wsEncryptionParts.add(wsEncryptionPart);               \
<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               builderTS.build(doc, secHeader);<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               wsEncryptionParts.add(new
WSEncryptionPart(builderTS.getId()));                   <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               \
builderSig.setParts(wsEncryptionParts);<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               \
builderSig.setUseSingleCertificate(true);<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               builderSig.prepare(doc, this.crypto, \
secHeader);<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               builderSig.appendBSTElementToHeader(secHeader);         \
<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               List&lt;javax.xml.crypto.dsig.Reference&gt;
referenceList = builderSig.addReferencesToSign(wsEncryptionParts, secHeader); \
<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               \
builderSig.computeSignature(referenceList);<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       } <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>     <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>     <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       try<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       {   <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               builder.build(doc, this.crypto, secHeader);             \
<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       }<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       catch (WSSecurityException e)<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       {<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               System.err.println(&quot;Failed in builder block: \
&quot; + e.getMessage());<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               e.printStackTrace();<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>               System.exit(1);             <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       }<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>       return soapMessage;<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'>}<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>

<p class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Colm O hEigeartaigh \
[mailto:coheigea@apache.org] <br> <b>Sent:</b> 08 August 2014 10:56<br>
<b>To:</b> Adrian Williamson<br>
<b>Cc:</b> users@ws.apache.org<br>
<b>Subject:</b> Re: Does anyone have an example of using
WSSecEncrypt.setUseThisCert()<o:p></o:p></span></p>

</div>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<div>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<div>

<p class=MsoNormal style='margin-bottom:12.0pt'>&gt;
builder.setKeyEnc(WSConstants.TRIPLE_DES);<br>
&gt;&nbsp; builder.setEncryptSymmKey(false);<o:p></o:p></p>

</div>

<div>

<p class=MsoNormal>This is not valid. Triple Des is a symmetric encryption
algorithm, and not a key transport algorithm. Also, you want to encrypt the
symmetric key here (using the X.509 Certificate). So just comment out the
&quot;setEncryptSymmKey(false)&quot; call + change &quot;setKeyEnc&quot; to
&quot;setSymmetricEncAlgorithm&quot; and it should work.<br>
<br>
&gt; Should the WSSecSignature.setX509Certificate method take care of that?<br>
<br>
No, because you need to specify a username + password as well to access the
private key required to sign the request.<br>
<br>
Colm.<o:p></o:p></p>

</div>

<div>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<div>

<p class=MsoNormal>On Wed, Aug 6, 2014 at 4:57 PM, Adrian Williamson &lt;<a
href="mailto:aw@octavo2.demon.co.uk" target="_blank">aw@octavo2.demon.co.uk</a>&gt;
wrote:<o:p></o:p></p>

<div>

<div>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi,</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I
believe that I am using WSS4J 2.0.2, if you have a specific process for
understanding the version please don't be shy – I'll use it then we both know
that I will have given the correct info.</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>By
core do you mean the JDK? If so then :</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>java
version &quot;1.7.0_55&quot;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Java(TM)
SE Runtime Environment (build 1.7.0_55-b13)</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Java
HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>That
error in particular I have avoided by using BST_DIRECT_REFERENCE, I'm afraid I
was doing that two-year-old learning technique of pressing all the buttons at
once, so I might have been the cause of the error – not knowing my apples from
pears:</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
//This gives Error when calling DDOperation: An invalid security token was
provided (Bad ValueType &quot;<a
href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
 target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</a>&quot;)</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
java.security.cert.X509Certificate recipientCert = (X509Certificate) \
keysRSA.getks().getCertificate(&quot;wsstestservice&quot;);&nbsp;&nbsp;&nbsp;&nbsp; \
</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
Document doc = soapEnvelope.getOwnerDocument();</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
org.apache.wss4j.dom.message.WSSecHeader secHeader = new \
WSSecHeader();</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
builder.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER); </span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
builder.setKeyEnc(WSConstants.TRIPLE_DES);</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
builder.setEncryptSymmKey(false);</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
builder.setUseThisCert(recipientCert);</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
try</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
{&nbsp;&nbsp; </span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
secHeader.insertSecurityHeader(doc);</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; builder.build(doc, \
crypto, secHeader);&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
}</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
catch (WSSecurityException e)</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>So I
am not too worried about that as I have moved on.</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I did
find another issue with the WSSecSignature, when using the
WSSecSignature.setX509Certificate and then calling WSSecSignature.build it
throw a null identifier (merlin.java:744) for the GetPrivateKey() as the
calling context WSecSigniture.java:530 had this.user set to null, I worked out
that if I used WSSecSignature.setUserInfo and passed in the alias and the JKS
password then it stopped moaning and got on with it.</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Should
the WSSecSignature.setX509Certificate method take care of that?</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>My
work in progress/prototype is below, I'm trying to mimic the SOAPUI WSS
specification:</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><img
border=0 width=530 height=388 id="_x0000_i1025"
src="cid:image001.png@01CFB2F9.3823B9E0"></span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I'll
go and look at those examples.</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Cheers,</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Adrian</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>PS
Bonus points for identifying Cargo Cult sections…. </span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>private
SOAPMessage encriptBody(SOAPMessage soapMessage) throws Exception&nbsp; \
{</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
SOAPPart soapPart = soapMessage.getSOAPPart();</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
SOAPEnvelope&nbsp; soapEnvelope = soapPart.getEnvelope();</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
WSSecEncrypt builder&nbsp; = new WSSecEncrypt();</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
WSSecTimestamp builderTS = new WSSecTimestamp();</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
WSSecSignature builderSig = new WSSecSignature();</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
Crypto crypto = null;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
//Class constructor candidates </span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
try {</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Where will I put the \
properties file?</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; crypto = \
CryptoFactory.getInstance(&quot;Ball.properties&quot;);</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
}</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
catch (WSSecurityException e)</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
{</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
System.err.println(&quot;Crypto crypto = \
CryptoFactory.getInstance(\&quot;Ball.properties\&quot;): &quot; + \
e.getMessage());&nbsp;&nbsp;&nbsp; </span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
}</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
java.security.cert.X509Certificate recipientCert = (X509Certificate)
keysRSA.getks().getCertificate(&quot;wsstestservice&quot;);&nbsp;&nbsp;&nbsp;&nbsp;
</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
java.security.cert.X509Certificate ourCert = (X509Certificate)
keysRSA.getks().getCertificate(&quot;wsclientcert&quot;);</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
builder.setUseThisCert(recipientCert);</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
builderSig.setX509Certificate(ourCert);&nbsp;&nbsp; </span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); \
</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
builderTS.setTimeToLive(5000);</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
builderSig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
builderSig.setUserInfo(&quot;wsclientcert&quot;, \
&quot;password1&quot;);</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
//End Class constructor candidates </span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
Document doc = soapEnvelope.getOwnerDocument();</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
org.apache.wss4j.dom.message.WSSecHeader secHeader = new \
WSSecHeader();</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp; \
</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
try</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
{&nbsp;&nbsp; </span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
secHeader.insertSecurityHeader(doc);</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; builderTS.build(doc, \
secHeader);</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; builderSig.build(doc, \
crypto, secHeader);</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; builder.build(doc, \
crypto, secHeader);&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
}</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
catch (WSSecurityException e)</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
{</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
System.err.println(&quot;Failed in builder block: &quot; + \
e.getMessage());</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
e.printStackTrace();</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
System.exit(1);&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
}</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier New";color:#1F497D'>&nbsp;&nbsp;&nbsp;
return soapMessage;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:8.0pt;font-family:"Courier \
New";color:#1F497D'>}</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>&nbsp;</span><o:p></o:p></p>


<div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0cm 0cm 0cm;
border-color:-moz-use-text-color -moz-use-text-color'>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span
 style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Colm O hEigeartaigh
[mailto:<a href="mailto:coheigea@apache.org" target="_blank">coheigea@apache.org</a>]
<br>
<b>Sent:</b> 06 August 2014 15:48<br>
<b>To:</b> <a href="mailto:users@ws.apache.org" \
target="_blank">users@ws.apache.org</a><br> <b>Subject:</b> Re: Does anyone have an \
example of using WSSecEncrypt.setUseThisCert()</span><o:p></o:p></p>

</div>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p>


<div>

<div>

<div>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p>


</div>

<p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'>Here
are some:<br>
<br>
<a
href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/ja \
va/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revision=1503186&amp;view=co"
 target="_blank">http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/ \
src/test/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revision=1503186&amp;view=co</a><o:p></o:p></p>


</div>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>What
version of WSS4J? What does the request look like that is generating that error
+ what core are you using to generate it?<br>
<br>
Colm.<o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'>&nbsp;<o:p></o:p></p>


<div>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On
Wed, Aug 6, 2014 at 9:35 AM, Adrian Williamson &lt;<a
href="mailto:aw@octavo2.demon.co.uk" target="_blank">aw@octavo2.demon.co.uk</a>&gt;
wrote:<o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'>Hi,<br>
<br>
Has anyone got an example of how this method can be used?<br>
<br>
I've trying different values for the WSSecEncrypt.setKeyIdentifierType() but<br>
I keep getting application specific error messages back from the private<br>
service I'm calling.<br>
<br>
One of the error messages made me stop and ponder the extent of my<br>
ignorance;<br>
<br>
WSConstants.X509_KEY_IDENTIFIER it returned:<br>
<br>
An invalid security token was provided (Bad ValueType<br>
&quot;<a
href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-%0d%0a1.0#X509v3"
 target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-<br>
 1.0#X509v3</a>&quot;)<br>
<br>
So I thought if someone had a nice little test case that used an X509<br>
certificate to encrypt it might help me along.<br>
<br>
So I can see how it is supposed to be done.<br>
<br>
Thanks<span style='color:#888888'><br>
<br>
Adrian<br>
<br>
<br>
</span><o:p></o:p></p>

</div>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='color:#888888'>&nbsp;<o:p></o:p></span></p>

</div>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='color:#888888'><br clear=all>
<br>
-- <br>
Colm O hEigeartaigh<br>
<br>
Talend Community Coder<br>
<a href="http://coders.talend.com" \
target="_blank">http://coders.talend.com</a><o:p></o:p></span></p>

</div>

</div>

</div>

<p class=MsoNormal><br>
<br clear=all>
<br>
-- <br>
Colm O hEigeartaigh<br>
<br>
Talend Community Coder<br>
<a href="http://coders.talend.com" \
target="_blank">http://coders.talend.com</a><o:p></o:p></p>

</div>

</div>

</div>

</body>

</html>


["image001.png" (image/png)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic