You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by An...@mro.com on 2006/02/20 21:10:41 UTC

observation on xml encryption using wss4j handlers

Hi
I had a few observations trying to do a test on xml Encrytion using the
handlers/wsdd files. I am not sure if these are bugs or my bad.
My test is really simple - I have a keystore for server and a separate
keystore for the client where I have imported the server certificate.
I have the bouncycastle provider in my classpath/java.security file for
both the client and the server

1> RSA Only Default???
-------------------------------------
I generated the key pairs using suns keytool without specifying the keyalg
and as per keytool doc the default algorithm is DSA. When I tried to do the
test I got the following exception in the client [the tcpmon didnt show
anything].

{http://xml.apache.org/axis/}stackTrace:java.lang.IllegalArgumentException:
not an RSA key!
      at
org.bouncycastle.jce.provider.JCERSACipher.engineGetKeySize(Unknown Source)
      at javax.crypto.Cipher.init(DashoA6275)
      at javax.crypto.Cipher.init(DashoA6275)
      at
org.apache.ws.security.message.WSEncryptBody.build(WSEncryptBody.java:339)

So is it that the DSA is not supported or is that RSA is the default algo
and if I am using DSA I have to specify it some where in the server/client
config? If so how do I specify that?

After I used the keyalg when generating the key as as RSA it worked

2>Password Call back class needed though crypto.properties has password?
-------------------------------------------------------------------------------------------------------------------
 In the server side I had this in the server cfg

  <requestFlow>
   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
    <parameter name="action" value="Encrypt"/>
    <parameter name="decryptionPropFile" value="mycrypto.properties" />
   </handler>
  </requestFlow>

And it gave an error like "WSHandler: no reference in callback property"
even though mycrypto.props had the store and the key passwords.

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=testsp1
org.apache.ws.security.crypto.merlin.keystore.alias=testalias1
org.apache.ws.security.crypto.merlin.alias.password=testkp1
org.apache.ws.security.crypto.merlin.file=teststore1

So I added this passwd call back class and then it worked.

    <parameter name="passwordCallbackClass"
value="psdi.iface.wssec.PWCallBack"/>


thanks
Anamitra




---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org