You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Yann <ya...@yahoo.fr> on 2006/11/10 17:31:47 UTC
RE : Encryption without certificate's file
Sorry for my wrong copy/paste in the subject line.
Yann <ya...@yahoo.fr> a écrit :
Date: Fri, 10 Nov 2006 17:29:00 +0100 (CET)
De: Yann <ya...@yahoo.fr>
Objet: p m [mp.professionnel@gmail.com]
À: wss4j-dev@ws.apache.org
Hello,
I'm not sure to understand what you want. Sorry if my answer is irrelevant.
You said: "I would like to know if it is possible to use WSS4J for encrypting and decrypting without using a certificate".
Messages are encrypted using a session key (a symmetric key). The certificate is used the encrypt this key and send it to the recipient along with the encrypted message. You can avoid encrypting the session key with the certificate's public key by using EMBEDDED_KEYNAME instead of BST_DIRECT_REFERENCE. In that case, as the session key is not encrypted, it won't be sent. Then, you'll have to define an identifier with builder.setUserInfo("my_identifier"); and manually find this (secret) key at the other endpoint.
Yann
-----Message d'origine-----
De : p m [mailto:mp.professionnel@gmail.com]
Envoyé : vendredi 10 novembre 2006 16:49
À : wss4j-dev@ws.apache.org
Objet : Encryption without certificate's file
Hello,
First, i'm french, so excuse me for my bad english.
I would like to know if it is possible to use WSS4J for encrypting and decrypting without using a certificate which would be stored in a file, i generate them programmaticaly... there are stored in the JVM...
i do this :
public class ChiffrementHandler extends WSS4JHandler {
public boolean handleRequest(MessageContext context) {
chiffrer(context);
return false;
}
protected void chiffrer(MessageContext context) {
try {
SOAPMessageContext messageContext = (SOAPMessageContext) context;
SOAPMessage message = messageContext.getMessage();
SOAPPart soap = message.getSOAPPart();
SOAPEnvelope envelope = soap.getEnvelope();
org.apache.axis.message.SOAPEnvelope e = (org.apache.axis.message.SOAPEnvelope) envelope;
Document doc = e.getAsDocument ();
KeyStore ks = KeyStore.getInstance("PKCS12");
Properties properties = null;
AbstractCrypto crypto = (AbstractCrypto) CryptoFactory.getInstance(
" org.apache.ws.security.components.crypto.Merlin",
properties);
instancierKeyStore(ks, ALIAS, PASSWORD, CLE_PUBLIQUE, CLE_PRIVEE,
SERIAL_NUMBER);
instancierCrypto(crypto, ks);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
WSSecEncrypt builder = new WSSecEncrypt();
builder.setKeyIdentifierType (WSConstants.BST_DIRECT_REFERENCE);
builder.setEncCanonicalization(WSConstants.C14N_EXCL_OMIT_COMMENTS);
builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
builder.setUserInfo(ALIAS, PASSWORD);
/*
* Set parts to sign
*/
Vector parts = new Vector();
// SOAP 1.2 <-> http://www.w3.org/2001/XMLSchema(-instance)
// SOAP 1.1 <-> http://schemas.xmlsoap.org/soap/envelope/(-instance)
String element = SOAPConstants.SOAP11_CONSTANTS.getBodyQName().getLocalPart();
String namespace = SOAPConstants.SOAP11_CONSTANTS.getEnvelopeURI();
String modifier = "Element";
WSEncryptionPart encP;
encP = new WSEncryptionPart(element, namespace, modifier);
parts.add(encP);
builder.setParts(parts);
Document encrypted = builder.build(doc, crypto, secHeader);
try {
WSSecurityEngine.getInstance().processSecurityHeader(encrypted , null,
null, crypto);
} catch (WSSecurityException e) {
System.out.println ("KO");
}
ks.deleteEntry(ALIAS);
} catch (Exception e) {
e.printStackTrace();
}
private void instancierKeyStore(KeyStore ks, String alias, String password,
String clePublique, String clePrivee, BigInteger serialNumber) {
try {
// Generate a public key with a framework
PublicKey subject_public_key = null;
// Generate a private key with a framework
PrivateKey issuer_private_key = null;
Key key = issuer_private_key;
X509V3CertificateGenerator generator = new X509V3CertificateGenerator();
X509Name x509Name = new X509Name("CN=Test");
generator.setSerialNumber(serialNumber);
generator.setIssuerDN(x509Name); // obligatoire
generator.setNotBefore(new Date(
System.currentTimeMillis() - 86400000));
// obligatoire
generator.setNotAfter(new Date(
System.currentTimeMillis () + 86400000));
// aussi
generator.setSubjectDN(x509Name); // obligatoire
generator.setPublicKey(subject_public_key); // obligatoire
generator.setSignatureAlgorithm ("SHA1withRSAEncryption");
// obligatoire
X509Certificate certificate = generator.generateX509Certificate(
issuer_private_key, "BC");
ks.load(null, null);
ks.setCertificateEntry(alias, certificate); // cle publique
Certificate[] certs = { certificate };
ks.setKeyEntry(alias, key, password.toCharArray(), certs);
// cle privee
} catch (Exception e) {
e.printStackTrace();
}
}
private void instancierCrypto(AbstractCrypto crypto, KeyStore ks) {
crypto.setKeyStore (ks);
}
private static final String ALIAS = "alias";
private static final String CLE_PUBLIQUE = "";
private static final String CLE_PRIVEE = "";
private static final String PASSWORD = "password";
private static final BigInteger SERIAL_NUMBER = new BigInteger("1162310427422");
}
The encryption metho works fine : my SOAP message is encrypted.
When i try to uncrypt this SOAP, i have a NullPointeurException :
org.apache.ws.security.components.crypto.AbstractCrypto.getCertificateFactory(AbstractCrypto:140) :
String provider = properties.getProperty(" org.apache.ws.security.merlin.certin.provider")
but properties is null.
I don't know how i can do?
I have to manage dynamicaly my certificates.
This framework works fine with WSSecSignature.... and not with WSSecEncrypt : why?
Thanks for your help et sorry for my bad english.
BR
Matthieu
---------------------------------
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses.
---------------------------------
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses.