You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Stephanie Dammann <St...@mpag.eu> on 2014/07/29 12:09:15 UTC
WS-Security Encryption and Signature
Hello there,
I have got a problem to implement the Encryption and Signature.
I already created a client-keystore, client-truststore, server-keystore and server-truststore.
Imported the client-certificate into the server-truststore and vice versa.
I added the correct action parameters and encryptionPropFiles etc.
outProps.put("user", "clientx509v1");
outProps.put("passwordCallbackClass",
".... .client.UTPasswordCallback");
outProps.pu("encryptionUser", "serverx509v1");
outPropsput("encryptionPropFile", "etc/Client_Encrypt.properties");
outPropsput("encryptionKeyIdentifier", "IssuerSerial");
outPropsput("encryptionParts",
"{Element}{" + WSSE_NS + "}UsernameToken;"
+ "{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body");
outPropsput("encryptionKeyTransportAlgorithm",
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
outPropsput("signatureUser", "clientx509v1");
outPropsput("signaturePropFile", "etc/Client_Sign.properties");
outPropsput("signatureKeyIdentifier", "DirectReference");
outPropsput("signatureParts",
"{Element}{" + WSU_NS + "}Timestamp;"
+ "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
outPropsput("signatureAlgorithm", "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
Even after I was using the imported stores and property-files from the wssec_sign_enc example from apache-cxf,
The encryption and signature is still not working.
I am getting this excetion:
org.apache.wss4j.common.ext.WSSecurityException: The private key for the supplied alias does not exist in the keystore
So what can I do to find out what is missing? I am pretty sure I have exchanged the certificates or imported the keystores/property-files etc correctly.
Regards
Re: WS-Security Encryption and Signature
Posted by Colm O hEigeartaigh <co...@apache.org>.
Have you set the password for the private (signature) key in the
CallbackHandler ('passwordCallbackClass' property)?
Colm.
On Tue, Jul 29, 2014 at 11:09 AM, Stephanie Dammann <
Stephanie.Dammann@mpag.eu> wrote:
> Hello there,
>
> I have got a problem to implement the Encryption and Signature.
>
> I already created a client-keystore, client-truststore, server-keystore
> and server-truststore.
> Imported the client-certificate into the server-truststore and vice versa.
> I added the correct action parameters and encryptionPropFiles etc.
> outProps.put("user", "clientx509v1");
>
> outProps.put("passwordCallbackClass",
> ".... .client.UTPasswordCallback");
>
> outProps.pu("encryptionUser", "serverx509v1");
> outPropsput("encryptionPropFile", "etc/Client_Encrypt.properties");
> outPropsput("encryptionKeyIdentifier", "IssuerSerial");
> outPropsput("encryptionParts",
> "{Element}{" + WSSE_NS + "}UsernameToken;"
> + "{Content}{
> http://schemas.xmlsoap.org/soap/envelope/}Body");
> outPropsput("encryptionKeyTransportAlgorithm",
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
>
> outPropsput("signatureUser", "clientx509v1");
> outPropsput("signaturePropFile", "etc/Client_Sign.properties");
> outPropsput("signatureKeyIdentifier", "DirectReference");
> outPropsput("signatureParts",
> "{Element}{" + WSU_NS + "}Timestamp;"
> + "{Element}{
> http://schemas.xmlsoap.org/soap/envelope/}Body;");
> outPropsput("signatureAlgorithm", "
> http://www.w3.org/2000/09/xmldsig#rsa-sha1");
>
> Even after I was using the imported stores and property-files from the
> wssec_sign_enc example from apache-cxf,
> The encryption and signature is still not working.
> I am getting this excetion:
> org.apache.wss4j.common.ext.WSSecurityException: The private key for the
> supplied alias does not exist in the keystore
>
> So what can I do to find out what is missing? I am pretty sure I have
> exchanged the certificates or imported the keystores/property-files etc
> correctly.
>
> Regards
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: WS-Security Encryption and Signature
Posted by Stephanie <st...@gmail.com>.
I have solved the issue, I needed to provide the encryptionUser etc. for the
outgoing-interceptors +
the password for the user, which is provided by the callback, must be the
same as the Keystore password..
(I dont know why, but, now I am able to see the Encryption- and
Signatureheaders, at least for the client)
Now I am getting an other error, but at least this error seems like it has
nothing to do with the last encryption/signature problem.
Thanks for your help!
--
View this message in context: http://cxf.547215.n5.nabble.com/WS-Security-Encryption-and-Signature-tp5747015p5747328.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: WS-Security Encryption and Signature
Posted by Stephanie <st...@gmail.com>.
Here is a test-case,
hopefully it will be uploaded...
I am using the Server.java and ImageClient.java to test the application.
Thanks for your help! ImageService_Example.zip
<http://cxf.547215.n5.nabble.com/file/n5747284/ImageService_Example.zip>
--
View this message in context: http://cxf.547215.n5.nabble.com/WS-Security-Encryption-and-Signature-tp5747015p5747284.html
Sent from the cxf-user mailing list archive at Nabble.com.