You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by p m <mp...@gmail.com> on 2006/11/10 16:49:04 UTC
Encryption without certificate's file
Hello,
First, i'm french, so excuse me for my bad english.
I would like to know if it is possible to use WSS4J for encrypting and
decrypting without using a certificate which would be stored in a file, i
generate them programmaticaly... there are stored in the JVM...
i do this :
public class ChiffrementHandler extends WSS4JHandler {
public boolean handleRequest(MessageContext context) {
chiffrer(context);
return false;
}
protected void chiffrer(MessageContext context) {
try {
SOAPMessageContext messageContext = (SOAPMessageContext)
context;
SOAPMessage message = messageContext.getMessage();
SOAPPart soap = message.getSOAPPart();
SOAPEnvelope envelope = soap.getEnvelope();
org.apache.axis.message.SOAPEnvelope e = (
org.apache.axis.message.SOAPEnvelope) envelope;
Document doc = e.getAsDocument();
KeyStore ks = KeyStore.getInstance("PKCS12");
Properties properties = null;
AbstractCrypto crypto = (AbstractCrypto)
CryptoFactory.getInstance(
"org.apache.ws.security.components.crypto.Merlin",
properties);
instancierKeyStore(ks, ALIAS, PASSWORD, CLE_PUBLIQUE,
CLE_PRIVEE,
SERIAL_NUMBER);
instancierCrypto(crypto, ks);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
WSSecEncrypt builder = new WSSecEncrypt();
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setEncCanonicalization(
WSConstants.C14N_EXCL_OMIT_COMMENTS);
builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
builder.setUserInfo(ALIAS, PASSWORD);
/*
* Set parts to sign
*/
Vector parts = new Vector();
// SOAP 1.2 <-> http://www.w3.org/2001/XMLSchema(-instance)
// SOAP 1.1 <->
http://schemas.xmlsoap.org/soap/envelope/(-instance)
String element = SOAPConstants.SOAP11_CONSTANTS.getBodyQName
().getLocalPart();
String namespace = SOAPConstants.SOAP11_CONSTANTS.getEnvelopeURI
();
String modifier = "Element";
WSEncryptionPart encP;
encP = new WSEncryptionPart(element, namespace, modifier);
parts.add(encP);
builder.setParts(parts);
Document encrypted = builder.build(doc, crypto, secHeader);
try {
WSSecurityEngine.getInstance().processSecurityHeader(encrypted ,
null,
null, crypto);
} catch (WSSecurityException e) {
System.out.println("KO");
}
ks.deleteEntry(ALIAS);
} catch (Exception e) {
e.printStackTrace();
}
private void instancierKeyStore(KeyStore ks, String alias, String password,
String clePublique, String clePrivee, BigInteger serialNumber) {
try {
// Generate a public key with a framework
PublicKey subject_public_key = null;
// Generate a private key with a framework
PrivateKey issuer_private_key = null;
Key key = issuer_private_key;
X509V3CertificateGenerator generator = new
X509V3CertificateGenerator();
X509Name x509Name = new X509Name("CN=Test");
generator.setSerialNumber(serialNumber);
generator.setIssuerDN(x509Name); // obligatoire
generator.setNotBefore(new Date(
System.currentTimeMillis() - 86400000));
// obligatoire
generator.setNotAfter(new Date(
System.currentTimeMillis() + 86400000));
// aussi
generator.setSubjectDN(x509Name); // obligatoire
generator.setPublicKey(subject_public_key); // obligatoire
generator.setSignatureAlgorithm("SHA1withRSAEncryption");
// obligatoire
X509Certificate certificate = generator.generateX509Certificate(
issuer_private_key, "BC");
ks.load(null, null);
ks.setCertificateEntry(alias, certificate); // cle publique
Certificate[] certs = { certificate };
ks.setKeyEntry(alias, key, password.toCharArray(), certs);
// cle privee
} catch (Exception e) {
e.printStackTrace();
}
}
private void instancierCrypto(AbstractCrypto crypto, KeyStore ks) {
crypto.setKeyStore(ks);
}
private static final String ALIAS = "alias";
private static final String CLE_PUBLIQUE = "";
private static final String CLE_PRIVEE = "";
private static final String PASSWORD = "password";
private static final BigInteger SERIAL_NUMBER = new
BigInteger("1162310427422");
}
The encryption metho works fine : my SOAP message is encrypted.
When i try to uncrypt this SOAP, i have a NullPointeurException :
org.apache.ws.security.components.crypto.AbstractCrypto.getCertificateFactory(AbstractCrypto:140)
:
String provider = properties.getProperty("
org.apache.ws.security.merlin.certin.provider")
but properties is null.
I don't know how i can do?
I have to manage dynamicaly my certificates.
This framework works fine with WSSecSignature.... and not with WSSecEncrypt
: why?
Thanks for your help et sorry for my bad english.
BR
Matthieu