verifying signature at proxy

["Vijay Chiniwar (HCL Financial Services)" <Vi...@hcl.in>]

DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------
The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. 
It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in 
this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. 
Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of 
this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have 
received this email in error please delete it and notify the sender immediately. Before opening any mail and 
attachments please check them for viruses and defect.
-----------------------------------------------------------------------------------------------------------------------

AW: verifying signature at proxy

["Dittmann, Werner" <we...@siemens.com>]

Hi,
 
WSS4J does not support proxy mode. A WSS4J server (the proxy has
a server and a client side) always tries to process _all_ security relevant
headers and information. Thus if the security header contains some
encryption related sub-headers WSS4J tries to decrypt it.
 
To support proxy mode WSS4J would need a specific driver similar
to the existion WSDoAll* drivers that would process only those parts
that are listed i the "action" parameters.
 
Currently WSS4J uses the action parameter at the server side to verify
if the actions match.
 
Regards,
Werner



________________________________

	Von: Vijay Chiniwar (HCL Financial Services) [mailto:Vijay.Chiniwar@hcl.in] 
	Gesendet: Donnerstag, 22. März 2007 16:19
	An: wss4j-dev@ws.apache.org
	Betreff: verifying signature at proxy
	
	
	Hi,
	I am having the following senarios
	 
	Senario1:  The client sends the message using the (signature encrypt) to the server directly
	Senario2: Client sends the message to the proxy server, the proxy server verifies only the signature and transfer the encrypted message to the webservice, where it is decrypted
	 
	I was successfully able to complete senario1
	 
	However while execution of senario2
	I am not able to verify only the signature, i cant have my private key at the proxy server as its used in banking transactions,  
	 
	When i try to verify the signature i get the error 
	"WSSecurityEngine: No crypto propery file supplied for decryption". I have not specified any keys for decryption. however if i include my private key in the keystore, things work smoothly. but i dont want to have the private key of webservice at the proxy server, is there any way of achieving this
	 
	 
	Thanks and Regards
	Vijay Chiniwar
	+49-69-910-61769

AW: verifying signature at proxy

["Dittmann, Werner" <we...@siemens.com>]

Hi,
 
WSS4J does not support proxy mode. A WSS4J server (the proxy has
a server and a client side) always tries to process _all_ security relevant
headers and information. Thus if the security header contains some
encryption related sub-headers WSS4J tries to decrypt it.
 
To support proxy mode WSS4J would need a specific driver similar
to the existion WSDoAll* drivers that would process only those parts
that are listed i the "action" parameters.
 
Currently WSS4J uses the action parameter at the server side to verify
if the actions match.
 
Regards,
Werner



________________________________

	Von: Vijay Chiniwar (HCL Financial Services) [mailto:Vijay.Chiniwar@hcl.in] 
	Gesendet: Donnerstag, 22. März 2007 16:19
	An: wss4j-dev@ws.apache.org
	Betreff: verifying signature at proxy
	
	
	Hi,
	I am having the following senarios
	 
	Senario1:  The client sends the message using the (signature encrypt) to the server directly
	Senario2: Client sends the message to the proxy server, the proxy server verifies only the signature and transfer the encrypted message to the webservice, where it is decrypted
	 
	I was successfully able to complete senario1
	 
	However while execution of senario2
	I am not able to verify only the signature, i cant have my private key at the proxy server as its used in banking transactions,  
	 
	When i try to verify the signature i get the error 
	"WSSecurityEngine: No crypto propery file supplied for decryption". I have not specified any keys for decryption. however if i include my private key in the keystore, things work smoothly. but i dont want to have the private key of webservice at the proxy server, is there any way of achieving this
	 
	 
	Thanks and Regards
	Vijay Chiniwar
	+49-69-910-61769