You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by "Long, Hai" <ha...@sap.com> on 2006/07/19 19:34:28 UTC

Encryption problem with WSS4J

Hello Folks,

I am quite new in WSS4J and I think this is probably a newbie question.

Short description of my scenario. I send from one web client (jsp) one SOAP
request to my Webservice and on the client side I use wss4j to sign and
encrypt my SOAP request message. On the receiver side I use the same key to
Decrypt and Validate the Message. If I only Sign the message everything
works fine, but if I encrypt the message I get always in log file

- Found encrypted key element
- X509 SKI alias: d044451_cert0
- cert:   [0]         Version: 3
...
  Signature Algorithm: MD5WithRSAEncryption
            Signature: 4c8b08f6b6663a3e343c38106478f9416f00ad37
                       d5d42a4795d68303c35d0c2cb5585f84c666f2c5
                       068d9c2638ed02978e76057a6b3243ef99255659
                       6c56f2bca3869af70016f7b09918e69ee17a3e9d
                       d08ec74b8ec8bbc2c2ec3040833f2f739cc58d63
                       412dfe8d97a2e2112e23892742e801d28e27cc8c
                       e869dfc5e378fe9a
       Extensions:
                       critical(false) 2.5.29.14 value = DER Octet
String[20]

- KeyIdentifier Alias: d044451_cert0

- Cannot find key for alias: d044451_cert0
org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
nested exception is:
        java.lang.Exception: Cannot find key for alias: d044451_cert0
        at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(En
cryptedKeyProcessor.java:283)
        at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(En
cryptedKeyProcessor.java:84)

The key (format PKCS12)is self-signed and I use the same one on both client
and server side.

As far as I understand the certificate should be used for verification the
signature, but somehow it works with the key, I do not specify any
certificate on the server side. 

I use the SKIKeyIdentifier in the client.wsdd file
    <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />

I do not understand how this _cert0 come from. I do not have this key alias
at all.

If I send this signed and encrypted SOAP message to SAP Netweaver Component
XI and configure the same key for decryption and the certificate for
verification the Signature, the message get decrypted and validated
successfully. It seems that the encryption and signing works on the client
side. If I send the request directly to WebService running on AXIS with
wss4j for security. I get mentioned error.  Please see also the attached
configuration at the end of mail.

Any Help are appreciate. Many thanks.

Best regards,

Hai


----
Client Configuration
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
 <transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
  <globalConfiguration >
   <requestFlow>
   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
    <parameter name="user" value="d044451"/>
    <parameter name="passwordType" value="PasswordText"/>
    <parameter name="signatureKeyIdentifier" value="DirectReference" />
    <parameter name="passwordCallbackClass" 
      value="com.apache.axis.sample.PWCallback"/>
    <parameter name="action" value="Signature Encrypt"/> 
    <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />
    <parameter name="encryptionUser" value="d044451"/>
    <parameter name="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
    <parameter name="signaturePropFile" value="crypto.properties" />
    <parameter name="encryptionPropFile" value="crypto.properties" />	
   </handler>
  </requestFlow>  
  </globalConfiguration >
</deployment>

Server Configuration
 <service name="CreditServiceSOAP" provider="java:RPC" style="document"
use="literal">
 <requestFlow>
   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
    <parameter name="passwordCallbackClass"
value="com.apache.axis.sample.PWCallback"/>
    <parameter name="action" value="Signature Encrypt"/>
    <parameter name="decryptionKeyIdentifier" value="SKIKeyIdentifier " />
    <parameter name="signaturePropFile" value="crypto.properties" />
    <parameter name="encryptionUser" value="d044451"/>
    <parameter name="decryptionPropFile" value="crypto.properties" />
   </handler>
  </requestFlow>

Crypto.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
org.apache.ws.security.crypto.merlin.keystore.password=wss4j
org.apache.ws.security.crypto.merlin.keystore.alias=d044451
org.apache.ws.security.crypto.merlin.alias.password=wss4j
org.apache.ws.security.crypto.merlin.file=../keys/longh.pfx