You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Laurent FLEIFEL <La...@asco.fr> on 2015/03/02 14:07:10 UTC
Apache CXF 3.0.4 and Wss4j, problem with KeyIdentifier
EncryptedKeySHA1
Hi everyone,
I'm not sure if it's the right place or if I need to ask my question in ws.apache.org mail list.
I'm using CXF 3.0.4 to encrypt a Webservice, and I want the KeyIdentifier to be set to EncryptedKeySHA1. To do so, I added the parameters <entry key="encryptionKeyIdentifier" value="EncryptedKeySHA1"></entry> to the context.xml in the WSS4JOutInterceptor bean.
But in the outbound request, I got that :
</wsse:SecurityTokenReference>
So weirdly I got a Thumbprint keyIdentifier. Is it a bug or do I need to configure it differently ?
Laurent Fleifel
PS. : here is the full applicationContext.xml :
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:util="http://www.springframework.org/schema/util" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation=" http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.0.xsd">
<context:property-placeholder location="classpath:test.properties" />
<bean id="ProjectServices" class="primavera.ws.ProjectPortType"
factory-bean="clientFactory" factory-method="create" />
<bean id="clientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
<property name="serviceClass" value="primavera.ws.ProjectPortType" />
<property name="address"
value="http://port-128:8206/p6ws/services/ProjectService" />
<property name="inInterceptors">
<list>
<ref bean="logIn" />
<ref bean="signResponse" />
</list>
</property>
<property name="outInterceptors">
<list>
<ref bean="logOut" />
<ref bean="saajOut" />
<ref bean="signRequest" />
</list>
</property>
</bean>
<bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
<bean id="saajOut" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean id="signRequest" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken Timestamp Signature Encrypt" />
<entry key="user" value="username" />
<entry key="passwordType" value="PasswordText" />
<entry key="signatureUser" value="serverwsalias" />
<entry key="encryptionUser" value="serverwsalias" />
<entry key="passwordCallbackClass" value="main.ClientPasswordCallback" />
<entry key="signaturePropFile" value="/crypt.properties"></entry>
<entry key="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;Body" />
<entry key="encryptionPropFile" value="/crypt.properties"></entry>
<entry key="encryptionParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken;Body" />
<entry key="encryptionKeyIdentifier" value="EncryptedKeySHA1"></entry>
</map>
</constructor-arg>
</bean>
<bean id="signResponse" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Encrypt" />
<entry key="encryptionUser" value="serverwsalias" />
<entry key="decryptionPropFile" value="/crypt.properties"></entry>
</map>
</constructor-arg>
</bean>
</beans>
And here is my pom.xml :
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>asco</groupId>
<artifactId>testPrimaveraWS</artifactId>
<version>1.0</version>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<cxf.version>3.0.4</cxf.version>
<spring.version>3.1.3.RELEASE</spring.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>4.1.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.ws</groupId>
<artifactId>spring-ws-security</artifactId>
<version>2.2.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-databinding-jaxb</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>${cxf.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.jvnet.jax-ws-commons</groupId>
<artifactId>jaxws-maven-plugin</artifactId>
<version>2.2</version>
<executions>
<execution>
<id>wsClient</id>
<phase>compile</phase>
<goals>
<goal>wsimport</goal>
</goals>
</execution>
</executions>
<configuration>
<sourceDestDir>src/main/java</sourceDestDir>
<packageName>primavera.ws</packageName>
<wsdlUrls>
<wsdlUrl>http://port-128:8206/p6ws/services/ProjectService?wsdl</wsdlUrl>
</wsdlUrls>
</configuration>
</plugin>
</plugins>
</build>
</project>
Re: Apache CXF 3.0.4 and Wss4j, problem with KeyIdentifier EncryptedKeySHA1
Posted by Colm O hEigeartaigh <co...@apache.org>.
The question is what is that SecurityTokenReference referring to?
EncryptedKeySHA1 is only applicable when referring to an EncryptedKey. This
should work fine when the EncryptedData structure is referring back to the
EncryptedKey. However, the EncryptedKey must refer to an X.509 certificate
/ public key, and encrypted key SHA-1 is not applicable here. In this case,
we fallback to Thumbprint SHA1.
Colm.
On Mon, Mar 2, 2015 at 1:07 PM, Laurent FLEIFEL <La...@asco.fr>
wrote:
> Hi everyone,
>
>
> I'm not sure if it's the right place or if I need to ask my question in
> ws.apache.org mail list.
>
>
> I'm using CXF 3.0.4 to encrypt a Webservice, and I want the KeyIdentifier
> to be set to EncryptedKeySHA1. To do so, I added the parameters <entry
> key="encryptionKeyIdentifier" value="EncryptedKeySHA1"></entry> to the
> context.xml in the WSS4JOutInterceptor bean.
>
>
> But in the outbound request, I got that :
>
> <wsse:SecurityTokenReference>
> <wsse:KeyIdentifier
> EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
> ">QgB9VjsaVwwYNx/MowOS058pegY=</wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
>
>
> So weirdly I got a Thumbprint keyIdentifier. Is it a bug or do I need to
> configure it differently ?
>
> Laurent Fleifel
>
> PS. : here is the full applicationContext.xml :
>
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="
> http://cxf.apache.org/jaxws"
> xmlns:util="http://www.springframework.org/schema/util" xmlns:context="
> http://www.springframework.org/schema/context"
> xsi:schemaLocation=" http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://cxf.apache.org/jaxws
> http://cxf.apache.org/schemas/jaxws.xsd
> http://www.springframework.org/schema/context
> http://www.springframework.org/schema/context/spring-context.xsd
> http://www.springframework.org/schema/util
> http://www.springframework.org/schema/util/spring-util-3.0.xsd">
>
> <!-- prendre en compte les parametres systemes de la jvm -->
> <context:property-placeholder location="classpath:test.properties" />
>
> <!-- endpointAddress est passe en parametre de la jvm -Dwsendpoint=
> http://localhost:8080/crm-batch/services/jobWS -->
> <bean id="ProjectServices" class="primavera.ws.ProjectPortType"
> factory-bean="clientFactory" factory-method="create" />
> <bean id="clientFactory"
> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
> <property name="serviceClass" value="primavera.ws.ProjectPortType" />
> <property name="address"
> value="http://port-128:8206/p6ws/services/ProjectService" />
> <property name="inInterceptors">
> <list>
> <ref bean="logIn" />
> <ref bean="signResponse" />
> </list>
> </property>
> <property name="outInterceptors">
> <list>
> <ref bean="logOut" />
> <ref bean="saajOut" />
> <ref bean="signRequest" />
> </list>
> </property>
> </bean>
> <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
> <bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor"
> />
> <bean id="saajOut"
> class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
>
> <bean id="signRequest"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken Timestamp Signature Encrypt" />
> <entry key="user" value="username" />
> <entry key="passwordType" value="PasswordText" />
> <entry key="signatureUser" value="serverwsalias" />
> <entry key="encryptionUser" value="serverwsalias" />
> <entry key="passwordCallbackClass" value="main.ClientPasswordCallback" />
> <entry key="signaturePropFile" value="/crypt.properties"></entry>
> <entry key="signatureParts"
> value="{Element}{
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;Body"
> />
> <entry key="encryptionPropFile" value="/crypt.properties"></entry>
> <entry key="encryptionParts"
> value="{Element}{
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken;Body"
> />
> <entry key="encryptionKeyIdentifier" value="EncryptedKeySHA1"></entry>
> </map>
> </constructor-arg>
> </bean>
> <bean id="signResponse"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="Encrypt" />
> <entry key="encryptionUser" value="serverwsalias" />
> <entry key="decryptionPropFile" value="/crypt.properties"></entry>
> </map>
> </constructor-arg>
> </bean>
> </beans>
>
> And here is my pom.xml :
>
> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/xsd/maven-4.0.0.xsd">
> <modelVersion>4.0.0</modelVersion>
> <groupId>asco</groupId>
> <artifactId>testPrimaveraWS</artifactId>
> <version>1.0</version>
> <properties>
> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
> <cxf.version>3.0.4</cxf.version>
> <spring.version>3.1.3.RELEASE</spring.version>
> </properties>
> <dependencies>
> <dependency>
> <groupId>org.springframework</groupId>
> <artifactId>spring-context</artifactId>
> <version>4.1.5.RELEASE</version>
> </dependency>
> <dependency>
> <groupId>org.springframework.ws</groupId>
> <artifactId>spring-ws-security</artifactId>
> <version>2.2.0.RELEASE</version>
> </dependency>
> <dependency>
> <groupId>org.apache.cxf</groupId>
> <artifactId>cxf-rt-ws-security</artifactId>
> <version>${cxf.version}</version>
> </dependency>
> <dependency>
> <groupId>org.apache.cxf</groupId>
> <artifactId>cxf-rt-databinding-jaxb</artifactId>
> <version>${cxf.version}</version>
> </dependency>
> <dependency>
> <groupId>org.apache.cxf</groupId>
> <artifactId>cxf-rt-frontend-jaxws</artifactId>
> <version>${cxf.version}</version>
> </dependency>
> <dependency>
> <groupId>org.apache.cxf</groupId>
> <artifactId>cxf-rt-transports-http</artifactId>
> <version>${cxf.version}</version>
> </dependency>
> </dependencies>
> <build>
> <plugins>
> <plugin>
> <groupId>org.jvnet.jax-ws-commons</groupId>
> <artifactId>jaxws-maven-plugin</artifactId>
> <version>2.2</version>
> <executions>
> <execution>
> <id>wsClient</id>
> <phase>compile</phase>
> <goals>
> <goal>wsimport</goal>
> </goals>
> </execution>
> </executions>
> <configuration>
> <sourceDestDir>src/main/java</sourceDestDir>
> <packageName>primavera.ws</packageName>
> <wsdlUrls>
> <wsdlUrl>http://port-128:8206/p6ws/services/ProjectService?wsdl</wsdlUrl>
> </wsdlUrls>
> </configuration>
> </plugin>
> </plugins>
> </build>
> </project>
>
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com