You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@ws.apache.org by Giriraj Bhojak <gi...@gmail.com> on 2014/03/14 04:08:42 UTC
Re: Using Bouncy Castle instead of Merlin in WSS4J 1.6.13
Hello Colm,
I created the keystore using standard java keytool command. I am not sure
how to create a BKS keystore.
When I tried using sha256 signature algorithm (by configuring
signatureAlgorithm in the interceptor via CXF)with Merlin, I ran into
algorithm not supported exception. sha1 signature algorithm worked properly.
Doesn't merlin support sha256 signature algorithm?
Do I need to use bouncy castle in this case?
Could you please help me out with it?
Thanks,
Giriraj.
On Feb 24, 2014 5:37 AM, "Colm O hEigeartaigh" <co...@apache.org> wrote:
>
> With BouncyCastle, the Keystore type must be "BKS", so:
>
> org.apache.ws.security.crypto.merlin.keystore.type=BKS
>
> Note that the keystore itself must be compatible with BouncyCastle JKS
> implementation.
>
> Colm.
>
>
> On Fri, Feb 21, 2014 at 10:44 PM, Giriraj Bhojak <gi...@gmail.com>wrote:
>
>> Hello Colm,
>>
>> I didn't have any success using above properties.
>> I got following:
>> ... 2 more
>> Caused by: org.apache.ws.security.components.crypto.CredentialException:
>> Failed to load credentials.
>> at
>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:376)
>> at
>> org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190)
>> at
>> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
>> at
>> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
>> ... 17 more
>> Caused by: java.security.KeyStoreException: KeyStore jks implementation
>> not found
>> at java.security.KeyStore.getInstance(KeyStore.java:122)
>> at
>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:362)
>> ... 20 more
>> Caused by: java.security.KeyStoreException: KeyStore jks implementation
>> not found
>> at java.security.KeyStore.getInstance(KeyStore.java:150)
>> at java.security.KeyStore.getInstance(KeyStore.java:120)
>> ... 21 more
>>
>> It was working with Merlin earlier. Here is my properties file:
>> org.apache.ws.security.crypto.merlin.keystore.file=sample.jks
>> org.apache.ws.security.crypto.merlin.keystore.password=password
>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>> org.apache.ws.security.crypto.merlin.keystore.alias=alias1
>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>
>> I have bcprov-jdk12-130.jar on the classpath.
>>
>> Could you please help me find out what I am doing wrong here?
>>
>> Thanks,
>> Giriraj.
>>
>>
>> On Tue, Feb 18, 2014 at 8:39 AM, Colm O hEigeartaigh <coheigea@apache.org
>> > wrote:
>>
>>> You can use BouncyCastle with the Merlin Crypto implementation. Simply
>>> add the property:
>>>
>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>
>>> Colm.
>>>
>>>
>>> On Tue, Feb 18, 2014 at 1:27 PM, Giriraj Bhojak <gi...@gmail.com>wrote:
>>>
>>>> We have a specific requirement to use Bouncy Castle in the project.
>>>> Does this mean we can't use Bouncy Castle at all in the latest version
>>>> of wss4j?
>>>>
>>>> Thanks,
>>>> Giriraj.
>>>> On Feb 18, 2014 4:51 AM, "Colm O hEigeartaigh" <co...@apache.org>
>>>> wrote:
>>>>
>>>>>
>>>>> From what I recall, there was essentially little difference between
>>>>> the Merlin and BouncyCastle Crypto implementations, hence the latter was
>>>>> removed in WSS4J 1.6.x. Why do you need to use the BouncyCastle
>>>>> implementation, i.e. what is the Merlin implementation not doing for you?
>>>>>
>>>>> Colm.
>>>>>
>>>>>
>>>>> On Mon, Feb 17, 2014 at 7:56 PM, Giriraj Bhojak <gi...@gmail.com>wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I need to use Bouncy Castle provider with WSS4J 1.6.13.
>>>>>> Merlin is used by default since 1.6.x.
>>>>>> Could anyone explain why this was done?
>>>>>> I mean was there something with Bouncy Castle that prompted this
>>>>>> change?
>>>>>>
>>>>>> And is following set of keys the right way to use Bouncy Castle with
>>>>>> WSS4J (found this from
>>>>>> https://community.oracle.com/thread/1529571?tstart=1872)?
>>>>>>
>>>>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.BouncyCastle
>>>>>> org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
>>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias
>>>>>> org.apache.ws.security.crypto.merlin.alias.password=password
>>>>>>
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Giriraj.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Colm O hEigeartaigh
>>>>>
>>>>> Talend Community Coder
>>>>> http://coders.talend.com
>>>>>
>>>>
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>>
Re: Using Bouncy Castle instead of Merlin in WSS4J 1.6.13
Posted by Giriraj Bhojak <gi...@gmail.com>.
That's bad on so many levels for me.
Really sorry to bother you with it Colm.
I was going through
org.apache.ws.security.handler.WSHandlerConstants.SIG_ALGO and I copied the
property for SIG_DIGEST_ALGO instead of the one above it.
Apologies again to bother you with it.
Thanks,
Giriraj.
On Fri, Mar 14, 2014 at 12:21 PM, Colm O hEigeartaigh
<co...@apache.org>wrote:
>
> >
>
> *<entry key="signatureAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#sha256
> <http://www.w3.org/2001/04/xmlenc#sha256>" />*
> That is not a valid value for "signatureAlgorithm" as it is a digest
> algorithm.
>
> Colm.
>
>
> On Fri, Mar 14, 2014 at 4:18 PM, Giriraj Bhojak <gi...@gmail.com>wrote:
>
>> I tried this through a junit after changing the algorithm. And here is
>> what I got:
>>
>> SEVERE: java.security.NoSuchAlgorithmException: unsupported algorithm
>> Mar 14, 2014 12:14:22 PM org.apache.cxf.phase.PhaseInterceptorChain
>> doDefaultLogging
>> WARNING: Interceptor for ....... has thrown exception, unwinding now
>> Throwable occurred: org.apache.cxf.binding.soap.SoapFault: Security
>> processing failed.
>> at
>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:280)
>> at
>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:141)
>> at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>> at
>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
>>
>> Caused by: org.apache.ws.security.WSSecurityException: Error during
>> Signature:
>> at
>> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:122)
>> at
>> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232)
>> at
>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
>> at
>> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265)
>>
>>
>> Here is the signature entry defined in the 'out' interceptor:
>> *<entry key="signatureAlgorithm"
>> value="http://www.w3.org/2001/04/xmlenc#sha256
>> <http://www.w3.org/2001/04/xmlenc#sha256>" />*
>>
>> I am not sure how to check for unlimited security policies. But since we
>> would be running this on WebSphere, I don't think I have the liberty to
>> have the unlimited security policies.
>>
>>
>> Thanks,
>> Giriraj.
>>
>>
>> On Fri, Mar 14, 2014 at 5:51 AM, Colm O hEigeartaigh <coheigea@apache.org
>> > wrote:
>>
>>>
>>> Yes, Merlin supports SHA-256. Do you have the unlimited security
>>> policies installed in the JDK?
>>>
>>> Colm.
>>>
>>>
>>>
>>> On Fri, Mar 14, 2014 at 3:08 AM, Giriraj Bhojak <gi...@gmail.com>wrote:
>>>
>>>> Hello Colm,
>>>>
>>>> I created the keystore using standard java keytool command. I am not
>>>> sure how to create a BKS keystore.
>>>> When I tried using sha256 signature algorithm (by configuring
>>>> signatureAlgorithm in the interceptor via CXF)with Merlin, I ran into
>>>> algorithm not supported exception. sha1 signature algorithm worked properly.
>>>> Doesn't merlin support sha256 signature algorithm?
>>>> Do I need to use bouncy castle in this case?
>>>> Could you please help me out with it?
>>>>
>>>> Thanks,
>>>> Giriraj.
>>>> On Feb 24, 2014 5:37 AM, "Colm O hEigeartaigh" <co...@apache.org>
>>>> wrote:
>>>>
>>>>>
>>>>> With BouncyCastle, the Keystore type must be "BKS", so:
>>>>>
>>>>> org.apache.ws.security.crypto.merlin.keystore.type=BKS
>>>>>
>>>>> Note that the keystore itself must be compatible with BouncyCastle JKS
>>>>> implementation.
>>>>>
>>>>> Colm.
>>>>>
>>>>>
>>>>> On Fri, Feb 21, 2014 at 10:44 PM, Giriraj Bhojak <gi...@gmail.com>wrote:
>>>>>
>>>>>> Hello Colm,
>>>>>>
>>>>>> I didn't have any success using above properties.
>>>>>> I got following:
>>>>>> ... 2 more
>>>>>> Caused by:
>>>>>> org.apache.ws.security.components.crypto.CredentialException: Failed to
>>>>>> load credentials.
>>>>>> at
>>>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:376)
>>>>>> at
>>>>>> org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190)
>>>>>> at
>>>>>> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
>>>>>> at
>>>>>> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
>>>>>> ... 17 more
>>>>>> Caused by: java.security.KeyStoreException: KeyStore jks
>>>>>> implementation not found
>>>>>> at java.security.KeyStore.getInstance(KeyStore.java:122)
>>>>>> at
>>>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:362)
>>>>>> ... 20 more
>>>>>> Caused by: java.security.KeyStoreException: KeyStore jks
>>>>>> implementation not found
>>>>>> at java.security.KeyStore.getInstance(KeyStore.java:150)
>>>>>> at java.security.KeyStore.getInstance(KeyStore.java:120)
>>>>>> ... 21 more
>>>>>>
>>>>>> It was working with Merlin earlier. Here is my properties file:
>>>>>> org.apache.ws.security.crypto.merlin.keystore.file=sample.jks
>>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>>>>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias1
>>>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>>>>
>>>>>> I have bcprov-jdk12-130.jar on the classpath.
>>>>>>
>>>>>> Could you please help me find out what I am doing wrong here?
>>>>>>
>>>>>> Thanks,
>>>>>> Giriraj.
>>>>>>
>>>>>>
>>>>>> On Tue, Feb 18, 2014 at 8:39 AM, Colm O hEigeartaigh <
>>>>>> coheigea@apache.org> wrote:
>>>>>>
>>>>>>> You can use BouncyCastle with the Merlin Crypto implementation.
>>>>>>> Simply add the property:
>>>>>>>
>>>>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>>>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>>>>>
>>>>>>> Colm.
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Feb 18, 2014 at 1:27 PM, Giriraj Bhojak <giriraj2k@gmail.com
>>>>>>> > wrote:
>>>>>>>
>>>>>>>> We have a specific requirement to use Bouncy Castle in the project.
>>>>>>>> Does this mean we can't use Bouncy Castle at all in the latest
>>>>>>>> version of wss4j?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Giriraj.
>>>>>>>> On Feb 18, 2014 4:51 AM, "Colm O hEigeartaigh" <co...@apache.org>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> From what I recall, there was essentially little difference
>>>>>>>>> between the Merlin and BouncyCastle Crypto implementations, hence the
>>>>>>>>> latter was removed in WSS4J 1.6.x. Why do you need to use the BouncyCastle
>>>>>>>>> implementation, i.e. what is the Merlin implementation not doing for you?
>>>>>>>>>
>>>>>>>>> Colm.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Feb 17, 2014 at 7:56 PM, Giriraj Bhojak <
>>>>>>>>> giriraj2k@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> I need to use Bouncy Castle provider with WSS4J 1.6.13.
>>>>>>>>>> Merlin is used by default since 1.6.x.
>>>>>>>>>> Could anyone explain why this was done?
>>>>>>>>>> I mean was there something with Bouncy Castle that prompted this
>>>>>>>>>> change?
>>>>>>>>>>
>>>>>>>>>> And is following set of keys the right way to use Bouncy Castle
>>>>>>>>>> with WSS4J (found this from
>>>>>>>>>> https://community.oracle.com/thread/1529571?tstart=1872)?
>>>>>>>>>>
>>>>>>>>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.BouncyCastle
>>>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
>>>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias
>>>>>>>>>> org.apache.ws.security.crypto.merlin.alias.password=password
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>> Giriraj.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Colm O hEigeartaigh
>>>>>>>>>
>>>>>>>>> Talend Community Coder
>>>>>>>>> http://coders.talend.com
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Colm O hEigeartaigh
>>>>>>>
>>>>>>> Talend Community Coder
>>>>>>> http://coders.talend.com
>>>>>>>
>>>>>>> --
>>>>>>> Colm O hEigeartaigh
>>>>>>>
>>>>>>> Talend Community Coder
>>>>>>> <http://coders.talend.com>http://coders.talend.com
>>>>>>>
>>>>>>>
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: Using Bouncy Castle instead of Merlin in WSS4J 1.6.13
Posted by Colm O hEigeartaigh <co...@apache.org>.
>
*<entry key="signatureAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#sha256
<http://www.w3.org/2001/04/xmlenc#sha256>" />*
That is not a valid value for "signatureAlgorithm" as it is a digest
algorithm.
Colm.
On Fri, Mar 14, 2014 at 4:18 PM, Giriraj Bhojak <gi...@gmail.com> wrote:
> I tried this through a junit after changing the algorithm. And here is
> what I got:
>
> SEVERE: java.security.NoSuchAlgorithmException: unsupported algorithm
> Mar 14, 2014 12:14:22 PM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for ....... has thrown exception, unwinding now
> Throwable occurred: org.apache.cxf.binding.soap.SoapFault: Security
> processing failed.
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:280)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:141)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
>
> Caused by: org.apache.ws.security.WSSecurityException: Error during
> Signature:
> at
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:122)
> at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265)
>
>
> Here is the signature entry defined in the 'out' interceptor:
> *<entry key="signatureAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#sha256
> <http://www.w3.org/2001/04/xmlenc#sha256>" />*
>
> I am not sure how to check for unlimited security policies. But since we
> would be running this on WebSphere, I don't think I have the liberty to
> have the unlimited security policies.
>
>
> Thanks,
> Giriraj.
>
>
> On Fri, Mar 14, 2014 at 5:51 AM, Colm O hEigeartaigh <co...@apache.org>wrote:
>
>>
>> Yes, Merlin supports SHA-256. Do you have the unlimited security policies
>> installed in the JDK?
>>
>> Colm.
>>
>>
>>
>> On Fri, Mar 14, 2014 at 3:08 AM, Giriraj Bhojak <gi...@gmail.com>wrote:
>>
>>> Hello Colm,
>>>
>>> I created the keystore using standard java keytool command. I am not
>>> sure how to create a BKS keystore.
>>> When I tried using sha256 signature algorithm (by configuring
>>> signatureAlgorithm in the interceptor via CXF)with Merlin, I ran into
>>> algorithm not supported exception. sha1 signature algorithm worked properly.
>>> Doesn't merlin support sha256 signature algorithm?
>>> Do I need to use bouncy castle in this case?
>>> Could you please help me out with it?
>>>
>>> Thanks,
>>> Giriraj.
>>> On Feb 24, 2014 5:37 AM, "Colm O hEigeartaigh" <co...@apache.org>
>>> wrote:
>>>
>>>>
>>>> With BouncyCastle, the Keystore type must be "BKS", so:
>>>>
>>>> org.apache.ws.security.crypto.merlin.keystore.type=BKS
>>>>
>>>> Note that the keystore itself must be compatible with BouncyCastle JKS
>>>> implementation.
>>>>
>>>> Colm.
>>>>
>>>>
>>>> On Fri, Feb 21, 2014 at 10:44 PM, Giriraj Bhojak <gi...@gmail.com>wrote:
>>>>
>>>>> Hello Colm,
>>>>>
>>>>> I didn't have any success using above properties.
>>>>> I got following:
>>>>> ... 2 more
>>>>> Caused by:
>>>>> org.apache.ws.security.components.crypto.CredentialException: Failed to
>>>>> load credentials.
>>>>> at
>>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:376)
>>>>> at
>>>>> org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190)
>>>>> at
>>>>> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
>>>>> at
>>>>> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
>>>>> ... 17 more
>>>>> Caused by: java.security.KeyStoreException: KeyStore jks
>>>>> implementation not found
>>>>> at java.security.KeyStore.getInstance(KeyStore.java:122)
>>>>> at
>>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:362)
>>>>> ... 20 more
>>>>> Caused by: java.security.KeyStoreException: KeyStore jks
>>>>> implementation not found
>>>>> at java.security.KeyStore.getInstance(KeyStore.java:150)
>>>>> at java.security.KeyStore.getInstance(KeyStore.java:120)
>>>>> ... 21 more
>>>>>
>>>>> It was working with Merlin earlier. Here is my properties file:
>>>>> org.apache.ws.security.crypto.merlin.keystore.file=sample.jks
>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>>>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias1
>>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>>>
>>>>> I have bcprov-jdk12-130.jar on the classpath.
>>>>>
>>>>> Could you please help me find out what I am doing wrong here?
>>>>>
>>>>> Thanks,
>>>>> Giriraj.
>>>>>
>>>>>
>>>>> On Tue, Feb 18, 2014 at 8:39 AM, Colm O hEigeartaigh <
>>>>> coheigea@apache.org> wrote:
>>>>>
>>>>>> You can use BouncyCastle with the Merlin Crypto implementation.
>>>>>> Simply add the property:
>>>>>>
>>>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>>>>
>>>>>> Colm.
>>>>>>
>>>>>>
>>>>>> On Tue, Feb 18, 2014 at 1:27 PM, Giriraj Bhojak <gi...@gmail.com>wrote:
>>>>>>
>>>>>>> We have a specific requirement to use Bouncy Castle in the project.
>>>>>>> Does this mean we can't use Bouncy Castle at all in the latest
>>>>>>> version of wss4j?
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Giriraj.
>>>>>>> On Feb 18, 2014 4:51 AM, "Colm O hEigeartaigh" <co...@apache.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> From what I recall, there was essentially little difference between
>>>>>>>> the Merlin and BouncyCastle Crypto implementations, hence the latter was
>>>>>>>> removed in WSS4J 1.6.x. Why do you need to use the BouncyCastle
>>>>>>>> implementation, i.e. what is the Merlin implementation not doing for you?
>>>>>>>>
>>>>>>>> Colm.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Feb 17, 2014 at 7:56 PM, Giriraj Bhojak <
>>>>>>>> giriraj2k@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> I need to use Bouncy Castle provider with WSS4J 1.6.13.
>>>>>>>>> Merlin is used by default since 1.6.x.
>>>>>>>>> Could anyone explain why this was done?
>>>>>>>>> I mean was there something with Bouncy Castle that prompted this
>>>>>>>>> change?
>>>>>>>>>
>>>>>>>>> And is following set of keys the right way to use Bouncy Castle
>>>>>>>>> with WSS4J (found this from
>>>>>>>>> https://community.oracle.com/thread/1529571?tstart=1872)?
>>>>>>>>>
>>>>>>>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.BouncyCastle
>>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
>>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias
>>>>>>>>> org.apache.ws.security.crypto.merlin.alias.password=password
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Giriraj.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Colm O hEigeartaigh
>>>>>>>>
>>>>>>>> Talend Community Coder
>>>>>>>> http://coders.talend.com
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Colm O hEigeartaigh
>>>>>>
>>>>>> Talend Community Coder
>>>>>> http://coders.talend.com
>>>>>>
>>>>>> --
>>>>>> Colm O hEigeartaigh
>>>>>>
>>>>>> Talend Community Coder
>>>>>> <http://coders.talend.com>http://coders.talend.com
>>>>>>
>>>>>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Using Bouncy Castle instead of Merlin in WSS4J 1.6.13
Posted by Giriraj Bhojak <gi...@gmail.com>.
I tried this through a junit after changing the algorithm. And here is what
I got:
SEVERE: java.security.NoSuchAlgorithmException: unsupported algorithm
Mar 14, 2014 12:14:22 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for ....... has thrown exception, unwinding now
Throwable occurred: org.apache.cxf.binding.soap.SoapFault: Security
processing failed.
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:280)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:141)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
Caused by: org.apache.ws.security.WSSecurityException: Error during
Signature:
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:122)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265)
Here is the signature entry defined in the 'out' interceptor:
*<entry key="signatureAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#sha256
<http://www.w3.org/2001/04/xmlenc#sha256>" />*
I am not sure how to check for unlimited security policies. But since we
would be running this on WebSphere, I don't think I have the liberty to
have the unlimited security policies.
Thanks,
Giriraj.
On Fri, Mar 14, 2014 at 5:51 AM, Colm O hEigeartaigh <co...@apache.org>wrote:
>
> Yes, Merlin supports SHA-256. Do you have the unlimited security policies
> installed in the JDK?
>
> Colm.
>
>
>
> On Fri, Mar 14, 2014 at 3:08 AM, Giriraj Bhojak <gi...@gmail.com>wrote:
>
>> Hello Colm,
>>
>> I created the keystore using standard java keytool command. I am not sure
>> how to create a BKS keystore.
>> When I tried using sha256 signature algorithm (by configuring
>> signatureAlgorithm in the interceptor via CXF)with Merlin, I ran into
>> algorithm not supported exception. sha1 signature algorithm worked properly.
>> Doesn't merlin support sha256 signature algorithm?
>> Do I need to use bouncy castle in this case?
>> Could you please help me out with it?
>>
>> Thanks,
>> Giriraj.
>> On Feb 24, 2014 5:37 AM, "Colm O hEigeartaigh" <co...@apache.org>
>> wrote:
>>
>>>
>>> With BouncyCastle, the Keystore type must be "BKS", so:
>>>
>>> org.apache.ws.security.crypto.merlin.keystore.type=BKS
>>>
>>> Note that the keystore itself must be compatible with BouncyCastle JKS
>>> implementation.
>>>
>>> Colm.
>>>
>>>
>>> On Fri, Feb 21, 2014 at 10:44 PM, Giriraj Bhojak <gi...@gmail.com>wrote:
>>>
>>>> Hello Colm,
>>>>
>>>> I didn't have any success using above properties.
>>>> I got following:
>>>> ... 2 more
>>>> Caused by:
>>>> org.apache.ws.security.components.crypto.CredentialException: Failed to
>>>> load credentials.
>>>> at
>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:376)
>>>> at
>>>> org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190)
>>>> at
>>>> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
>>>> at
>>>> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
>>>> ... 17 more
>>>> Caused by: java.security.KeyStoreException: KeyStore jks implementation
>>>> not found
>>>> at java.security.KeyStore.getInstance(KeyStore.java:122)
>>>> at
>>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:362)
>>>> ... 20 more
>>>> Caused by: java.security.KeyStoreException: KeyStore jks implementation
>>>> not found
>>>> at java.security.KeyStore.getInstance(KeyStore.java:150)
>>>> at java.security.KeyStore.getInstance(KeyStore.java:120)
>>>> ... 21 more
>>>>
>>>> It was working with Merlin earlier. Here is my properties file:
>>>> org.apache.ws.security.crypto.merlin.keystore.file=sample.jks
>>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias1
>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>>
>>>> I have bcprov-jdk12-130.jar on the classpath.
>>>>
>>>> Could you please help me find out what I am doing wrong here?
>>>>
>>>> Thanks,
>>>> Giriraj.
>>>>
>>>>
>>>> On Tue, Feb 18, 2014 at 8:39 AM, Colm O hEigeartaigh <
>>>> coheigea@apache.org> wrote:
>>>>
>>>>> You can use BouncyCastle with the Merlin Crypto implementation. Simply
>>>>> add the property:
>>>>>
>>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>>>
>>>>> Colm.
>>>>>
>>>>>
>>>>> On Tue, Feb 18, 2014 at 1:27 PM, Giriraj Bhojak <gi...@gmail.com>wrote:
>>>>>
>>>>>> We have a specific requirement to use Bouncy Castle in the project.
>>>>>> Does this mean we can't use Bouncy Castle at all in the latest
>>>>>> version of wss4j?
>>>>>>
>>>>>> Thanks,
>>>>>> Giriraj.
>>>>>> On Feb 18, 2014 4:51 AM, "Colm O hEigeartaigh" <co...@apache.org>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>> From what I recall, there was essentially little difference between
>>>>>>> the Merlin and BouncyCastle Crypto implementations, hence the latter was
>>>>>>> removed in WSS4J 1.6.x. Why do you need to use the BouncyCastle
>>>>>>> implementation, i.e. what is the Merlin implementation not doing for you?
>>>>>>>
>>>>>>> Colm.
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Feb 17, 2014 at 7:56 PM, Giriraj Bhojak <giriraj2k@gmail.com
>>>>>>> > wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I need to use Bouncy Castle provider with WSS4J 1.6.13.
>>>>>>>> Merlin is used by default since 1.6.x.
>>>>>>>> Could anyone explain why this was done?
>>>>>>>> I mean was there something with Bouncy Castle that prompted this
>>>>>>>> change?
>>>>>>>>
>>>>>>>> And is following set of keys the right way to use Bouncy Castle
>>>>>>>> with WSS4J (found this from
>>>>>>>> https://community.oracle.com/thread/1529571?tstart=1872)?
>>>>>>>>
>>>>>>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.BouncyCastle
>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>>>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias
>>>>>>>> org.apache.ws.security.crypto.merlin.alias.password=password
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Giriraj.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Colm O hEigeartaigh
>>>>>>>
>>>>>>> Talend Community Coder
>>>>>>> http://coders.talend.com
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Colm O hEigeartaigh
>>>>>
>>>>> Talend Community Coder
>>>>> http://coders.talend.com
>>>>>
>>>>> --
>>>>> Colm O hEigeartaigh
>>>>>
>>>>> Talend Community Coder
>>>>> <http://coders.talend.com>http://coders.talend.com
>>>>>
>>>>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: Using Bouncy Castle instead of Merlin in WSS4J 1.6.13
Posted by Colm O hEigeartaigh <co...@apache.org>.
Yes, Merlin supports SHA-256. Do you have the unlimited security policies
installed in the JDK?
Colm.
On Fri, Mar 14, 2014 at 3:08 AM, Giriraj Bhojak <gi...@gmail.com> wrote:
> Hello Colm,
>
> I created the keystore using standard java keytool command. I am not sure
> how to create a BKS keystore.
> When I tried using sha256 signature algorithm (by configuring
> signatureAlgorithm in the interceptor via CXF)with Merlin, I ran into
> algorithm not supported exception. sha1 signature algorithm worked properly.
> Doesn't merlin support sha256 signature algorithm?
> Do I need to use bouncy castle in this case?
> Could you please help me out with it?
>
> Thanks,
> Giriraj.
> On Feb 24, 2014 5:37 AM, "Colm O hEigeartaigh" <co...@apache.org>
> wrote:
>
>>
>> With BouncyCastle, the Keystore type must be "BKS", so:
>>
>> org.apache.ws.security.crypto.merlin.keystore.type=BKS
>>
>> Note that the keystore itself must be compatible with BouncyCastle JKS
>> implementation.
>>
>> Colm.
>>
>>
>> On Fri, Feb 21, 2014 at 10:44 PM, Giriraj Bhojak <gi...@gmail.com>wrote:
>>
>>> Hello Colm,
>>>
>>> I didn't have any success using above properties.
>>> I got following:
>>> ... 2 more
>>> Caused by: org.apache.ws.security.components.crypto.CredentialException:
>>> Failed to load credentials.
>>> at
>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:376)
>>> at
>>> org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190)
>>> at
>>> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
>>> at
>>> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
>>> ... 17 more
>>> Caused by: java.security.KeyStoreException: KeyStore jks implementation
>>> not found
>>> at java.security.KeyStore.getInstance(KeyStore.java:122)
>>> at
>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:362)
>>> ... 20 more
>>> Caused by: java.security.KeyStoreException: KeyStore jks implementation
>>> not found
>>> at java.security.KeyStore.getInstance(KeyStore.java:150)
>>> at java.security.KeyStore.getInstance(KeyStore.java:120)
>>> ... 21 more
>>>
>>> It was working with Merlin earlier. Here is my properties file:
>>> org.apache.ws.security.crypto.merlin.keystore.file=sample.jks
>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias1
>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>
>>> I have bcprov-jdk12-130.jar on the classpath.
>>>
>>> Could you please help me find out what I am doing wrong here?
>>>
>>> Thanks,
>>> Giriraj.
>>>
>>>
>>> On Tue, Feb 18, 2014 at 8:39 AM, Colm O hEigeartaigh <
>>> coheigea@apache.org> wrote:
>>>
>>>> You can use BouncyCastle with the Merlin Crypto implementation. Simply
>>>> add the property:
>>>>
>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC
>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC
>>>>
>>>> Colm.
>>>>
>>>>
>>>> On Tue, Feb 18, 2014 at 1:27 PM, Giriraj Bhojak <gi...@gmail.com>wrote:
>>>>
>>>>> We have a specific requirement to use Bouncy Castle in the project.
>>>>> Does this mean we can't use Bouncy Castle at all in the latest version
>>>>> of wss4j?
>>>>>
>>>>> Thanks,
>>>>> Giriraj.
>>>>> On Feb 18, 2014 4:51 AM, "Colm O hEigeartaigh" <co...@apache.org>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>> From what I recall, there was essentially little difference between
>>>>>> the Merlin and BouncyCastle Crypto implementations, hence the latter was
>>>>>> removed in WSS4J 1.6.x. Why do you need to use the BouncyCastle
>>>>>> implementation, i.e. what is the Merlin implementation not doing for you?
>>>>>>
>>>>>> Colm.
>>>>>>
>>>>>>
>>>>>> On Mon, Feb 17, 2014 at 7:56 PM, Giriraj Bhojak <gi...@gmail.com>wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I need to use Bouncy Castle provider with WSS4J 1.6.13.
>>>>>>> Merlin is used by default since 1.6.x.
>>>>>>> Could anyone explain why this was done?
>>>>>>> I mean was there something with Bouncy Castle that prompted this
>>>>>>> change?
>>>>>>>
>>>>>>> And is following set of keys the right way to use Bouncy Castle with
>>>>>>> WSS4J (found this from
>>>>>>> https://community.oracle.com/thread/1529571?tstart=1872)?
>>>>>>>
>>>>>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.BouncyCastle
>>>>>>> org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
>>>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password
>>>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias
>>>>>>> org.apache.ws.security.crypto.merlin.alias.password=password
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Giriraj.
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Colm O hEigeartaigh
>>>>>>
>>>>>> Talend Community Coder
>>>>>> http://coders.talend.com
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Colm O hEigeartaigh
>>>>
>>>> Talend Community Coder
>>>> http://coders.talend.com
>>>>
>>>> --
>>>> Colm O hEigeartaigh
>>>>
>>>> Talend Community Coder
>>>> <http://coders.talend.com>http://coders.talend.com
>>>>
>>>>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com