You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Acevedo, Alberto RDECOM CERDEC SED" <Al...@us.army.mil> on 2006/06/08 00:14:31 UTC
.NET client & Java web service interoperability --> Error: Unex
pected number of X509Data: for decryption (KeyId)
Hello,
I have a java Web service running on Tomcat 1.5.15 and using wss4j version 1.5. The keystore I'm using is a pkcs12 generated with openssl. I'm able to encrypt/decrypt the usernameToken using a java web client. When I use a .NET client in Windows XP that is using the same keystore the web service fails to decrypt and I get the following error:
Unexpected number of X509Data: for decryption (KeyId)
I read all the messages in this newsgroup and I found other members having the same problem but no solutions. I suspect it has something to do with the .NET configuration especially the Default Session Key Algorithm. How do I configure .NET and the keystore to interoperate with a java web service?
After days trying to fix the problem I ran out of options. Hopefully it is something vary basic that I'm not seing.
Please help,
Alberto
Re: .NET client & Java web service interoperability --> Error:
Unex pected number of X509Data: for decryption (KeyId)
Posted by Richard Gregory <ri...@gsf.de>.
Hi Alberto,
Have you tried setting the DefaultSessionKeyAlgorithm = "TripleDES" in
your .Net client? I have it in my client code (C#) - see below - which
does work for my Axis service using a PKCS12 certificate generated by
keytool and imported into the windows certificate store.
Unfortunately I can't remember exactly what the problem was that I was
having which caused this problem for me, and exactly what fixed it. I do
remember I had numerous problems with the windows certificate stores,
and I vaguely remember that depending on how I obtained the certificate
from the store it refers to it differently in the SOAP message. In my
case, using "store.FindCertificateBySubjectString("richard");" worked.
using System;
using Microsoft.Web.Services2;
using Microsoft.Web.Services2.Security;
using Microsoft.Web.Services2.Security.Tokens;
using Microsoft.Web.Services2.Security.X509;
using System.Security.Cryptography;
namespace BiorsWSS4JClient
{
/// <summary>
/// Sample C# .NET 1.1 client for the Java Apache Axis
BiorsAdvancedQuery web service secured with WSS4J.
/// A query is submited, and the results printed to the console.
/// </summary>
class Class1
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main(string[] args)
{
try
{
X509SecurityToken token = null;
// Open the CurrentUser Certificate Store and obtain
collection of certificates with the subject "richard".
X509CertificateStore store =
X509CertificateStore.CurrentUserStore("Personal");
store.OpenRead();
*Microsoft.Web.Services2.Security.X509.X509CertificateCollection col =
(Microsoft.Web.Services2.Security.X509.X509CertificateCollection)store.FindCertificateBySubjectString("richard");*
// Obtain the 1st certificate from the collection and
create an X509SecurityToken.
X509Certificate clientCert = null;
try
{
token = new X509SecurityToken( ((X509Certificate)
col[0]) );
}
catch (Exception ex)
{
throw new Exception("Certificate not found.
Certificate count:" + col.Count);
}
// Create instance of the web service proxy, get it's
request context.
BiorsAdvRef.BiorsAdvancedQueryService ws = new
BiorsWSS4JClient.BiorsAdvRef.BiorsAdvancedQueryService();
SoapContext requestContext = ws.RequestSoapContext;
// Create X509 security token manager, and set the
encryption algorith.
ISecurityTokenManager stm =
SecurityTokenManager.GetSecurityTokenManagerByTokenType(WSTrust.TokenTypes.X509v3);
X509SecurityTokenManager x509tm = stm as
X509SecurityTokenManager;
* x509tm.DefaultSessionKeyAlgorithm = "TripleDES";*
// Add encryption element to the request context.
requestContext.Security.Elements.Add( new
EncryptedData(token));
// Create a UsernameToken with username "wss4j", and a
plain text password "security", and add to request context.
UsernameToken userToken = new UsernameToken("wss4j",
"security", PasswordOption.SendPlainText);
requestContext.Security.Tokens.Add(userToken);
// Define the input parameters required for the service
BiorsAdvRef.formatType ft = new
BiorsWSS4JClient.BiorsAdvRef.formatType();
ft = BiorsAdvRef.formatType.ELEMENTS;
String user = null;
String password = null;
String query = "{uniprot_sprot}: [[AllText EQ text:lys4;]]";
String[] requiredElements = {"_ID_", "AccNumber"};
// Create Result instance
BiorsAdvRef.result res = new
BiorsWSS4JClient.BiorsAdvRef.result();
// Invoke the service and do something with the output
res = ws.getBiorsEntry(user, password, query, ft,
requiredElements);
.....
......
}
catch (System.Web.Services.Protocols.SoapException se)
{
Console.WriteLine(se.ToString());
}
Console.Read();
}
}
}
Hope this is of some help to you.
Richard.
Acevedo, Alberto RDECOM CERDEC SED wrote:
>
> Hello,
>
>
>
> I have a java Web service running on Tomcat 1.5.15 and using wss4j
> version 1.5. The keystore I'm using is a pkcs12 generated with
> openssl. I'm able to encrypt/decrypt the usernameToken using a java
> web client. When I use a .NET client in Windows XP that is using the
> same keystore the web service fails to decrypt and I get the following
> error:
>
>
>
> Unexpected number of X509Data: for decryption (KeyId)
>
>
>
> I read all the messages in this newsgroup and I found other members
> having the same problem but no solutions. I suspect it has something
> to do with the .NET configuration especially the Default Session Key
> Algorithm. How do I configure .NET and the keystore to interoperate
> with a java web service?
>
>
>
> After days trying to fix the problem I ran out of options. Hopefully
> it is something vary basic that I'm not seing.
>
>
>
> Please help,
>
> *Alberto *
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: .NET client & Java web service interoperability --> Error: Unex pected number of X509Data: for decryption (KeyId)
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Alberto,
Seems like the .NET client uses a key reference mechanism that is not
supported by WSS4J.
Can you please post the request message generated by the .NET client.
Thanks,
Ruchith
On 6/8/06, Acevedo, Alberto RDECOM CERDEC SED
<Al...@us.army.mil> wrote:
>
>
>
>
> Hello,
>
>
>
> I have a java Web service running on Tomcat 1.5.15 and using wss4j version
> 1.5. The keystore I'm using is a pkcs12 generated with openssl. I'm able to
> encrypt/decrypt the usernameToken using a java web client. When I use a .NET
> client in Windows XP that is using the same keystore the web service fails
> to decrypt and I get the following error:
>
>
>
> Unexpected number of X509Data: for decryption (KeyId)
>
>
>
> I read all the messages in this newsgroup and I found other members having
> the same problem but no solutions. I suspect it has something to do with the
> .NET configuration especially the Default Session Key Algorithm. How do I
> configure .NET and the keystore to interoperate with a java web service?
>
>
>
> After days trying to fix the problem I ran out of options. Hopefully it is
> something vary basic that I'm not seing.
>
>
>
> Please help,
>
> Alberto
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: .NET client & Java web service interoperability --> Error: Unex pected number of X509Data: for decryption (KeyId)
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Alberto,
Seems like the .NET client uses a key reference mechanism that is not
supported by WSS4J.
Can you please post the request message generated by the .NET client.
Thanks,
Ruchith
On 6/8/06, Acevedo, Alberto RDECOM CERDEC SED
<Al...@us.army.mil> wrote:
>
>
>
>
> Hello,
>
>
>
> I have a java Web service running on Tomcat 1.5.15 and using wss4j version
> 1.5. The keystore I'm using is a pkcs12 generated with openssl. I'm able to
> encrypt/decrypt the usernameToken using a java web client. When I use a .NET
> client in Windows XP that is using the same keystore the web service fails
> to decrypt and I get the following error:
>
>
>
> Unexpected number of X509Data: for decryption (KeyId)
>
>
>
> I read all the messages in this newsgroup and I found other members having
> the same problem but no solutions. I suspect it has something to do with the
> .NET configuration especially the Default Session Key Algorithm. How do I
> configure .NET and the keystore to interoperate with a java web service?
>
>
>
> After days trying to fix the problem I ran out of options. Hopefully it is
> something vary basic that I'm not seing.
>
>
>
> Please help,
>
> Alberto
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: .NET client & Java web service interoperability --> Error:
Unex pected number of X509Data: for decryption (KeyId)
Posted by Richard Gregory <ri...@gsf.de>.
Hi Alberto,
Have you tried setting the DefaultSessionKeyAlgorithm = "TripleDES" in
your .Net client? I have it in my client code (C#) - see below - which
does work for my Axis service using a PKCS12 certificate generated by
keytool and imported into the windows certificate store.
Unfortunately I can't remember exactly what the problem was that I was
having which caused this problem for me, and exactly what fixed it. I do
remember I had numerous problems with the windows certificate stores,
and I vaguely remember that depending on how I obtained the certificate
from the store it refers to it differently in the SOAP message. In my
case, using "store.FindCertificateBySubjectString("richard");" worked.
using System;
using Microsoft.Web.Services2;
using Microsoft.Web.Services2.Security;
using Microsoft.Web.Services2.Security.Tokens;
using Microsoft.Web.Services2.Security.X509;
using System.Security.Cryptography;
namespace BiorsWSS4JClient
{
/// <summary>
/// Sample C# .NET 1.1 client for the Java Apache Axis
BiorsAdvancedQuery web service secured with WSS4J.
/// A query is submited, and the results printed to the console.
/// </summary>
class Class1
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main(string[] args)
{
try
{
X509SecurityToken token = null;
// Open the CurrentUser Certificate Store and obtain
collection of certificates with the subject "richard".
X509CertificateStore store =
X509CertificateStore.CurrentUserStore("Personal");
store.OpenRead();
*Microsoft.Web.Services2.Security.X509.X509CertificateCollection col =
(Microsoft.Web.Services2.Security.X509.X509CertificateCollection)store.FindCertificateBySubjectString("richard");*
// Obtain the 1st certificate from the collection and
create an X509SecurityToken.
X509Certificate clientCert = null;
try
{
token = new X509SecurityToken( ((X509Certificate)
col[0]) );
}
catch (Exception ex)
{
throw new Exception("Certificate not found.
Certificate count:" + col.Count);
}
// Create instance of the web service proxy, get it's
request context.
BiorsAdvRef.BiorsAdvancedQueryService ws = new
BiorsWSS4JClient.BiorsAdvRef.BiorsAdvancedQueryService();
SoapContext requestContext = ws.RequestSoapContext;
// Create X509 security token manager, and set the
encryption algorith.
ISecurityTokenManager stm =
SecurityTokenManager.GetSecurityTokenManagerByTokenType(WSTrust.TokenTypes.X509v3);
X509SecurityTokenManager x509tm = stm as
X509SecurityTokenManager;
* x509tm.DefaultSessionKeyAlgorithm = "TripleDES";*
// Add encryption element to the request context.
requestContext.Security.Elements.Add( new
EncryptedData(token));
// Create a UsernameToken with username "wss4j", and a
plain text password "security", and add to request context.
UsernameToken userToken = new UsernameToken("wss4j",
"security", PasswordOption.SendPlainText);
requestContext.Security.Tokens.Add(userToken);
// Define the input parameters required for the service
BiorsAdvRef.formatType ft = new
BiorsWSS4JClient.BiorsAdvRef.formatType();
ft = BiorsAdvRef.formatType.ELEMENTS;
String user = null;
String password = null;
String query = "{uniprot_sprot}: [[AllText EQ text:lys4;]]";
String[] requiredElements = {"_ID_", "AccNumber"};
// Create Result instance
BiorsAdvRef.result res = new
BiorsWSS4JClient.BiorsAdvRef.result();
// Invoke the service and do something with the output
res = ws.getBiorsEntry(user, password, query, ft,
requiredElements);
.....
......
}
catch (System.Web.Services.Protocols.SoapException se)
{
Console.WriteLine(se.ToString());
}
Console.Read();
}
}
}
Hope this is of some help to you.
Richard.
Acevedo, Alberto RDECOM CERDEC SED wrote:
>
> Hello,
>
>
>
> I have a java Web service running on Tomcat 1.5.15 and using wss4j
> version 1.5. The keystore I'm using is a pkcs12 generated with
> openssl. I'm able to encrypt/decrypt the usernameToken using a java
> web client. When I use a .NET client in Windows XP that is using the
> same keystore the web service fails to decrypt and I get the following
> error:
>
>
>
> Unexpected number of X509Data: for decryption (KeyId)
>
>
>
> I read all the messages in this newsgroup and I found other members
> having the same problem but no solutions. I suspect it has something
> to do with the .NET configuration especially the Default Session Key
> Algorithm. How do I configure .NET and the keystore to interoperate
> with a java web service?
>
>
>
> After days trying to fix the problem I ran out of options. Hopefully
> it is something vary basic that I'm not seing.
>
>
>
> Please help,
>
> *Alberto *
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org