You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Stephanie Dammann <St...@mpag.eu> on 2014/07/29 12:09:15 UTC

WS-Security Encryption and Signature

Hello there,

I have got a problem to implement the Encryption and Signature.

I already created a client-keystore, client-truststore, server-keystore and server-truststore.
Imported the client-certificate into the server-truststore and vice versa.
I added the correct action parameters and encryptionPropFiles etc.
                outProps.put("user", "clientx509v1");

             outProps.put("passwordCallbackClass",
                           ".... .client.UTPasswordCallback");

       outProps.pu("encryptionUser", "serverx509v1");
       outPropsput("encryptionPropFile", "etc/Client_Encrypt.properties");
       outPropsput("encryptionKeyIdentifier", "IssuerSerial");
       outPropsput("encryptionParts",
                   "{Element}{" + WSSE_NS + "}UsernameToken;"
                   + "{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body");
       outPropsput("encryptionKeyTransportAlgorithm",
               http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");

       outPropsput("signatureUser", "clientx509v1");
       outPropsput("signaturePropFile", "etc/Client_Sign.properties");
       outPropsput("signatureKeyIdentifier", "DirectReference");
       outPropsput("signatureParts",
                          "{Element}{" + WSU_NS + "}Timestamp;"
                           + "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
       outPropsput("signatureAlgorithm", "http://www.w3.org/2000/09/xmldsig#rsa-sha1");

Even after I was using the imported stores and property-files from the wssec_sign_enc example from apache-cxf,
The encryption and signature is still not working.
I am getting this excetion:
org.apache.wss4j.common.ext.WSSecurityException: The private key for the supplied alias does not exist in the keystore

So what can I do to find out what is missing? I am pretty sure I have exchanged the certificates or imported the keystores/property-files etc correctly.

Regards

Re: WS-Security Encryption and Signature

Posted by Colm O hEigeartaigh <co...@apache.org>.

Have you set the password for the private (signature) key in the
CallbackHandler ('passwordCallbackClass' property)?

Colm.


On Tue, Jul 29, 2014 at 11:09 AM, Stephanie Dammann <
Stephanie.Dammann@mpag.eu> wrote:

> Hello there,
>
> I have got a problem to implement the Encryption and Signature.
>
> I already created a client-keystore, client-truststore, server-keystore
> and server-truststore.
> Imported the client-certificate into the server-truststore and vice versa.
> I added the correct action parameters and encryptionPropFiles etc.
>                 outProps.put("user", "clientx509v1");
>
>              outProps.put("passwordCallbackClass",
>                            ".... .client.UTPasswordCallback");
>
>        outProps.pu("encryptionUser", "serverx509v1");
>        outPropsput("encryptionPropFile", "etc/Client_Encrypt.properties");
>        outPropsput("encryptionKeyIdentifier", "IssuerSerial");
>        outPropsput("encryptionParts",
>                    "{Element}{" + WSSE_NS + "}UsernameToken;"
>                    + "{Content}{
> http://schemas.xmlsoap.org/soap/envelope/}Body");
>        outPropsput("encryptionKeyTransportAlgorithm",
>                http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
>
>        outPropsput("signatureUser", "clientx509v1");
>        outPropsput("signaturePropFile", "etc/Client_Sign.properties");
>        outPropsput("signatureKeyIdentifier", "DirectReference");
>        outPropsput("signatureParts",
>                           "{Element}{" + WSU_NS + "}Timestamp;"
>                            + "{Element}{
> http://schemas.xmlsoap.org/soap/envelope/}Body;");
>        outPropsput("signatureAlgorithm", "
> http://www.w3.org/2000/09/xmldsig#rsa-sha1");
>
> Even after I was using the imported stores and property-files from the
> wssec_sign_enc example from apache-cxf,
> The encryption and signature is still not working.
> I am getting this excetion:
> org.apache.wss4j.common.ext.WSSecurityException: The private key for the
> supplied alias does not exist in the keystore
>
> So what can I do to find out what is missing? I am pretty sure I have
> exchanged the certificates or imported the keystores/property-files etc
> correctly.
>
> Regards
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: WS-Security Encryption and Signature

Posted by Stephanie <st...@gmail.com>.

I have solved the issue, I needed to provide the encryptionUser etc. for the
outgoing-interceptors +
the password for the user, which is provided by the callback, must be the
same as the Keystore password..
(I dont know why, but, now I am able to see the Encryption- and
Signatureheaders, at least for the client)

Now I am getting an other error, but at least this error seems like it has
nothing to do with the last encryption/signature problem.

Thanks for your help!



--
View this message in context: http://cxf.547215.n5.nabble.com/WS-Security-Encryption-and-Signature-tp5747015p5747328.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: WS-Security Encryption and Signature

Posted by Stephanie <st...@gmail.com>.

Here is a test-case,

hopefully it will be uploaded... 

I am using the Server.java and ImageClient.java to test the application.

Thanks for your help! ImageService_Example.zip
<http://cxf.547215.n5.nabble.com/file/n5747284/ImageService_Example.zip>  



--
View this message in context: http://cxf.547215.n5.nabble.com/WS-Security-Encryption-and-Signature-tp5747015p5747284.html
Sent from the cxf-user mailing list archive at Nabble.com.