You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by p m <mp...@gmail.com> on 2006/11/10 16:49:04 UTC

Encryption without certificate's file

Hello,
First, i'm french, so excuse me for my bad english.
I would like to know if it is possible to use WSS4J for encrypting and
decrypting without using a certificate which would be stored in a file, i
generate them programmaticaly... there are stored in the JVM...

i do this :
public class ChiffrementHandler extends WSS4JHandler {
public boolean handleRequest(MessageContext context) {
        chiffrer(context);
        return false;
    }

protected void chiffrer(MessageContext context) {
        try {
            SOAPMessageContext messageContext = (SOAPMessageContext)
context;
            SOAPMessage message = messageContext.getMessage();
            SOAPPart soap = message.getSOAPPart();
            SOAPEnvelope envelope = soap.getEnvelope();
            org.apache.axis.message.SOAPEnvelope e = (
org.apache.axis.message.SOAPEnvelope) envelope;

            Document doc = e.getAsDocument();

            KeyStore ks = KeyStore.getInstance("PKCS12");
            Properties properties = null;
            AbstractCrypto crypto = (AbstractCrypto)
CryptoFactory.getInstance(
                    "org.apache.ws.security.components.crypto.Merlin",
                    properties);

            instancierKeyStore(ks, ALIAS, PASSWORD, CLE_PUBLIQUE,
CLE_PRIVEE,
                    SERIAL_NUMBER);
            instancierCrypto(crypto, ks);

            WSSecHeader secHeader = new WSSecHeader();
            secHeader.insertSecurityHeader(doc);

            WSSecEncrypt builder = new WSSecEncrypt();


            builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);

            builder.setEncCanonicalization(
WSConstants.C14N_EXCL_OMIT_COMMENTS);

            builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
            builder.setUserInfo(ALIAS, PASSWORD);

            /*
             * Set parts to sign
             */
            Vector parts = new Vector();
            // SOAP 1.2 <-> http://www.w3.org/2001/XMLSchema(-instance)
            // SOAP 1.1 <->
http://schemas.xmlsoap.org/soap/envelope/(-instance)
            String element = SOAPConstants.SOAP11_CONSTANTS.getBodyQName
().getLocalPart();
            String namespace = SOAPConstants.SOAP11_CONSTANTS.getEnvelopeURI
();
            String modifier = "Element";
            WSEncryptionPart encP;
            encP = new WSEncryptionPart(element, namespace, modifier);
            parts.add(encP);

            builder.setParts(parts);

            Document encrypted = builder.build(doc, crypto, secHeader);

           try {
            WSSecurityEngine.getInstance().processSecurityHeader(encrypted ,
null,
                    null, crypto);

        } catch (WSSecurityException e) {
            System.out.println("KO");
        }

            ks.deleteEntry(ALIAS);

        } catch (Exception e) {
            e.printStackTrace();
        }

private void instancierKeyStore(KeyStore ks, String alias, String password,
            String clePublique, String clePrivee, BigInteger serialNumber) {

        try {

            // Generate a public key with a framework
            PublicKey subject_public_key = null;
            // Generate a private key with a framework
            PrivateKey issuer_private_key = null;
            Key key = issuer_private_key;

            X509V3CertificateGenerator generator = new
X509V3CertificateGenerator();
            X509Name x509Name = new X509Name("CN=Test");
            generator.setSerialNumber(serialNumber);

            generator.setIssuerDN(x509Name); // obligatoire
            generator.setNotBefore(new Date(
                    System.currentTimeMillis() - 86400000));
            // obligatoire
            generator.setNotAfter(new Date(
                    System.currentTimeMillis() + 86400000));
            // aussi
            generator.setSubjectDN(x509Name); // obligatoire

            generator.setPublicKey(subject_public_key); // obligatoire
            generator.setSignatureAlgorithm("SHA1withRSAEncryption");
            // obligatoire
            X509Certificate certificate = generator.generateX509Certificate(
                    issuer_private_key, "BC");


            ks.load(null, null);
            ks.setCertificateEntry(alias, certificate); // cle publique
            Certificate[] certs = { certificate };
            ks.setKeyEntry(alias, key, password.toCharArray(), certs);
            // cle privee
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

private void instancierCrypto(AbstractCrypto crypto, KeyStore ks) {

        crypto.setKeyStore(ks);
    }

    private static final String ALIAS = "alias";

    private static final String CLE_PUBLIQUE = "";

    private static final String CLE_PRIVEE = "";

    private static final String PASSWORD = "password";

    private static final BigInteger SERIAL_NUMBER = new
BigInteger("1162310427422");

    }

The encryption metho works fine : my SOAP message is encrypted.
When i try to uncrypt this SOAP, i have a NullPointeurException :
org.apache.ws.security.components.crypto.AbstractCrypto.getCertificateFactory(AbstractCrypto:140)
:
String provider = properties.getProperty("
org.apache.ws.security.merlin.certin.provider")
but properties is null.

I don't know how i can do?
I have to manage dynamicaly my certificates.

This framework works fine with WSSecSignature.... and not with WSSecEncrypt
: why?
Thanks for your help et sorry for my bad english.
BR
Matthieu