You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by "Diaz, Luis (GE Comm Fin, non-ge)" <di...@ge.com> on 2007/03/16 20:32:55 UTC
An unsupported token was provided (Problem with SKI information: Support for RSA key only)
Hello, As you can see I'm new to Axis2, with rampart to Encrypt a
Service.
I'm trying to use the Axis2, with rampart Im getting the following
error:
WSHandler: Signature: error during message
procesingorg.apache.ws.security.WSSecurityException: An unsupported
token was provided (Problem with SKI information: Support for RSA key
only) , does any one has a clue on it or a better way to generate a key
and/or Encrypt a Service?
This is a link to a sample im doing sample to Encrypt
(http://www-128.ibm.com/developerworks/edu/ws-dw-ws-understand-web-servi
ces4.html?S_TACT=105AGX52&S_CMP=cn-t-ws)
My key was generated as follows
keytool -genkey -keystore mykeys.jks -alias gene
--
C:\sign>keytool -genkey -keystore mykeys.jks -alias gene
Enter keystore password: password
What is your first and last name?
[Unknown]: Gene Telluride
What is the name of your organizational unit?
[Unknown]: Information technologies
What is the name of your organization?
[Unknown]: The Daily Moon
What is the name of your City or Locality?
[Unknown]: NY
What is the name of your State or Province?
[Unknown]: US
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Gene Telluride, OU=Information technologies, O=The Daily Moon,
L=NY, ST=US, C=US correct?
[no]: yes
Enter key password for <gene>
(RETURN if same as keystore password):password
--
The following is my security properties file:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components
.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.file=mykeys.jks
This is part of my axis code Client code: (Axis2.xml)
<module ref="rampart"/>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature</items>
<user>gene</user>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
<signatureParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-2
00401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>gene</user>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionUser>gene</encryptionUser>
<signatureParts>{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body
</signatureParts>
<optimizeParts>//xenc:EncryptedData/xenc:CipherValue/xenc:CipherData</op
timizeParts>
</action>
</parameter>
Server: (Services.xml)
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature</items>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>gene</user>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionUser>bob</encryptionUser>
<signatureParts>{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body
</signatureParts>
<optimizeParts>//xenc:EncryptedData/xenc:CipherValue/xenc:CipherData</op
timizeParts>
</action>
</parameter>
RE: An unsupported token was provided (Problem with SKI information: Support for RSA key only)
Posted by "Diaz, Luis (GE Comm Fin, non-ge)" <di...@ge.com>.
Hey Jorge,
It worked, it was the parameter when generating the certificate.
Thanks
Luis
________________________________
From: Jorge Fernandez [mailto:informaticu007-pfc@yahoo.es]
Sent: Sunday, March 18, 2007 7:21 AM
To: axis-user@ws.apache.org
Subject: RE: An unsupported token was provided (Problem with SKI information: Support for RSA key only)
Hi Luis,
I'm unsure but maybe the problem is the algorithm with which you generate the keystore. Default algorithm is DSA and as your error seems to say: Support for RSA key only as it is really. So I think if you add -keyalg RSA option to the command to generate the keystore, this problem will dissapear.
This is a tutorial about how keytool works:
http://publib.boulder.ibm.com/html/as400/v5r1/ic2931/index.htm?info/rzaha/keytool.htm
Regards,
Jorge Fernández
"Diaz, Luis (GE Comm Fin, non-ge)" <di...@ge.com> escribió:
Hello, As you can see I'm new to Axis2, with rampart to Encrypt a Service.
I'm trying to use the Axis2, with rampart Im getting the following error:
WSHandler: Signature: error during message procesingorg.apache.ws.security.WSSecurityException: An unsupported token was provided (Problem with SKI information: Support for RSA key only) , does any one has a clue on it or a better way to generate a key and/or Encrypt a Service?
This is a link to a sample im doing sample to Encrypt (http://www-128.ibm.com/developerworks/edu/ws-dw-ws-understand-web-services4.html?S_TACT=105AGX52&S_CMP=cn-t-ws <http://www-128.ibm.com/developerworks/edu/ws-dw-ws-understand-web-services4.html?S_TACT=105AGX52&S_CMP=cn-t-ws> )
My key was generated as follows
keytool -genkey -keystore mykeys.jks -alias gene
--
C:\sign>keytool -genkey -keystore mykeys.jks -alias gene
Enter keystore password: password
What is your first and last name?
[Unknown]: Gene Telluride
What is the name of your organizational unit?
[Unknown]: Information technologies
What is the name of your organization?
[Unknown]: The Daily Moon
What is the name of your City or Locality?
[Unknown]: NY
What is the name of your State or Province?
[Unknown]: US
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Gene Telluride, OU=Information technologies, O=The Daily Moon, L=NY, ST=US, C=US correct?
[no]: yes
Enter key password for <gene>
(RETURN if same as keystore password):password
--
The following is my security properties file:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.file=mykeys.jks
This is part of my axis code Client code: (Axis2.xml)
<module ref="rampart"/>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature</items>
<user>gene</user>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
<signatureParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>gene</user>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionUser>gene</encryptionUser>
<signatureParts>{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body</signatureParts>
<optimizeParts>//xenc:EncryptedData/xenc:CipherValue/xenc:CipherData</optimizeParts>
</action>
</parameter>
Server: (Services.xml)
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature</items>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>gene</user>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionUser>bob</encryptionUser>
<signatureParts>{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body</signatureParts>
<optimizeParts>//xenc:EncryptedData/xenc:CipherValue/xenc:CipherData</optimizeParts>
</action>
</parameter>
________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com <http://us.rd.yahoo.com/mail/es/tagline/messenger/*http://es.voice.yahoo.com/>
RE: An unsupported token was provided (Problem with SKI information: Support for RSA key only)
Posted by Jorge Fernandez <in...@yahoo.es>.
Hi Luis,
I'm unsure but maybe the problem is the algorithm with which you generate the keystore. Default algorithm is DSA and as your error seems to say: Support for RSA key only as it is really. So I think if you add -keyalg RSA option to the command to generate the keystore, this problem will dissapear.
This is a tutorial about how keytool works:
http://publib.boulder.ibm.com/html/as400/v5r1/ic2931/index.htm?info/rzaha/keytool.htm
Regards,
Jorge Fernández
"Diaz, Luis (GE Comm Fin, non-ge)" <di...@ge.com> escribió: An unsupported token was provided (Problem with SKI information: Support for RSA key only) Hello, As you can see I'm new to Axis2, with rampart to Encrypt a Service.
I'm trying to use the Axis2, with rampart Im getting the following error:
WSHandler: Signature: error during message procesingorg.apache.ws.security.WSSecurityException: An unsupported token was provided (Problem with SKI information: Support for RSA key only) , does any one has a clue on it or a better way to generate a key and/or Encrypt a Service?
This is a link to a sample im doing sample to Encrypt (http://www-128.ibm.com/developerworks/edu/ws-dw-ws-understand-web-services4.html?S_TACT=105AGX52&S_CMP=cn-t-ws)
My key was generated as follows
keytool -genkey -keystore mykeys.jks -alias gene
--
C:\sign>keytool -genkey -keystore mykeys.jks -alias gene
Enter keystore password: password
What is your first and last name?
[Unknown]: Gene Telluride
What is the name of your organizational unit?
[Unknown]: Information technologies
What is the name of your organization?
[Unknown]: The Daily Moon
What is the name of your City or Locality?
[Unknown]: NY
What is the name of your State or Province?
[Unknown]: US
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Gene Telluride, OU=Information technologies, O=The Daily Moon, L=NY, ST=US, C=US correct?
[no]: yes
Enter key password for <gene>
(RETURN if same as keystore password):password
--
The following is my security properties file:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.file=mykeys.jks
This is part of my axis code Client code: (Axis2.xml)
<module ref="rampart"/>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature</items>
<user>gene</user>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
<signatureParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>gene</user>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionUser>gene</encryptionUser>
<signatureParts>{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body</signatureParts>
<optimizeParts>//xenc:EncryptedData/xenc:CipherValue/xenc:CipherData</optimizeParts>
</action>
</parameter>
Server: (Services.xml)
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature</items>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>gene</user>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionUser>bob</encryptionUser>
<signatureParts>{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body</signatureParts>
<optimizeParts>//xenc:EncryptedData/xenc:CipherValue/xenc:CipherData</optimizeParts>
</action>
</parameter>
---------------------------------
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com