You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Yang, Gang CTR US USA" <ga...@us.army.mil> on 2010/08/11 16:28:00 UTC
WSSecEncrypt vs WSEncryptBody
Hi,
I'm wondering if WSSecEncrypt is ready for use. I was trying to encrypt
a very simple SOAP message with a bare minumum wss4j code using either
1.5.6 or 1.5.8. Using WSEncryptBody, it worked. But when I switch over
to WSSecEncrypt since WSEncryptBody seems to be deprecated, I got the
following exception:
org.apache.ws.security.WSSecurityException: Cannot encrypt data; nested
exception is:
org.apache.xml.security.exceptions.XMLSecurityException: Cannot
create a http://www.w3.org/2000/09/xmldsig#:ds:KeyInfo from a
http://www.w3.org/2000/09/xmldsig#:KeyInfo element
at
org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.ja
va:583)
at
org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.ja
va:444)
at
org.apache.ws.security.message.WSSecEncrypt.encryptForInternalRef(WSSecE
ncrypt.java:342)
at
org.apache.ws.security.message.WSSecEncrypt.build(WSSecEncrypt.java:306)
at
com.ibm.sample.SOAPEncryption.encryptSOAPEnvelope(SOAPEncryption.java:13
7)
at com.ibm.sample.SOAPEncryption.main(SOAPEncryption.java:159)
Caused by: org.apache.xml.security.exceptions.XMLSecurityException:
Cannot create a http://www.w3.org/2000/09/xmldsig#:ds:KeyInfo from a
http://www.w3.org/2000/09/xmldsig#:KeyInfo element
at
org.apache.xml.security.utils.ElementCheckerImpl$InternedNsChecker.guara
nteeThatElementInCorrectSpace(Unknown Source)
at
org.apache.xml.security.utils.ElementProxy.guaranteeThatElementInCorrect
Space(Unknown Source)
at org.apache.xml.security.utils.ElementProxy.<init>(Unknown
Source)
at
org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown
Source)
at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
at
org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.ja
va:580)
... 5 more
Here's the relavent code segment:
public SOAPMessage encryptSOAPEnvelope(SOAPEnvelope
unsignedEnvelope) throws Exception {
// GY: Deprecated. Use WSSecEncrypt
// WSEncryptBody wsEncrypt = new WSEncryptBody();
WSSecEncrypt wsEncrypt = new WSSecEncrypt();
Document doc = unsignedEnvelope.getOwnerDocument();
String alias = "mykey";
String password = "testit";
wsEncrypt.setUserInfo(alias, password);
Crypto crypto = CryptoFactory.getInstance();
// Document encDoc = wsEncrypt.build(doc, crypto);
Document encDoc = wsEncrypt.build(doc, crypto, null);
DOMSource src = new DOMSource(encDoc);
MessageFactory mf = MessageFactory.newInstance();
SOAPMessage soapMsg = mf.createMessage();
soapMsg.getSOAPPart().setContent(src);
return soapMsg;
}
I followed the WSSecEncrypt code to the point where it tries to clone
the KeyInfo when it generates the exception. It's at
WSSecEncrypt.java:595. This looks like all wss4j internal handling. Is
this a bug?
Thanks,
Gang
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSSecEncrypt vs WSEncryptBody
Posted by "Yang, Gang CTR US USA" <ga...@us.army.mil>.
Thanks, Colm and others, for the pointers and replies. I was using Axis tools to create the testing SOAP message. After switching to Sun's implementation, the problem went away. I got everything working and the test code was helpful. Thanks again.
Gang
-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: Monday, August 16, 2010 3:14 PM
To: Yang, Gang CTR US USA
Cc: wss4j-dev@ws.apache.org
Subject: Re: WSSecEncrypt vs WSEncryptBody
That looks like a problem caused by interned namespaces in XML Security and Axis SAAJ not being able to handle them. Are you using the Axis SAAJ implementation? If so I suggest either use Sun's SAAJ implementation, or else change from using the SAAJ API's to Axis API's.. Take a look at the methods in SOAPUtil:
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/test/wssec/SOAPUtil.java
Colm.
On Wed, Aug 11, 2010 at 3:28 PM, Yang, Gang CTR US USA <ga...@us.army.mil> wrote:
> Hi,
>
> I'm wondering if WSSecEncrypt is ready for use. I was trying to
> encrypt a very simple SOAP message with a bare minumum wss4j code
> using either
> 1.5.6 or 1.5.8. Using WSEncryptBody, it worked. But when I switch over
> to WSSecEncrypt since WSEncryptBody seems to be deprecated, I got the
> following exception:
>
>
>
> org.apache.ws.security.WSSecurityException: Cannot encrypt data;
> nested exception is:
> org.apache.xml.security.exceptions.XMLSecurityException: Cannot
> create a http://www.w3.org/2000/09/xmldsig#:ds:KeyInfo from a
> http://www.w3.org/2000/09/xmldsig#:KeyInfo element
> at
> org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.
> ja
> va:583)
> at
> org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.
> ja
> va:444)
> at
> org.apache.ws.security.message.WSSecEncrypt.encryptForInternalRef(WSSe
> cE
> ncrypt.java:342)
> at
> org.apache.ws.security.message.WSSecEncrypt.build(WSSecEncrypt.java:30
> 6)
> at
> com.ibm.sample.SOAPEncryption.encryptSOAPEnvelope(SOAPEncryption.java:
> 13
> 7)
> at com.ibm.sample.SOAPEncryption.main(SOAPEncryption.java:159)
> Caused by: org.apache.xml.security.exceptions.XMLSecurityException:
> Cannot create a http://www.w3.org/2000/09/xmldsig#:ds:KeyInfo from a
> http://www.w3.org/2000/09/xmldsig#:KeyInfo element
> at
> org.apache.xml.security.utils.ElementCheckerImpl$InternedNsChecker.gua
> ra nteeThatElementInCorrectSpace(Unknown Source)
> at
> org.apache.xml.security.utils.ElementProxy.guaranteeThatElementInCorre
> ct
> Space(Unknown Source)
> at org.apache.xml.security.utils.ElementProxy.<init>(Unknown
> Source)
> at
> org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown
> Source)
> at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
> at
> org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.
> ja
> va:580)
> ... 5 more
>
>
>
> Here's the relavent code segment:
>
>
> public SOAPMessage encryptSOAPEnvelope(SOAPEnvelope
> unsignedEnvelope) throws Exception {
> // GY: Deprecated. Use WSSecEncrypt //
> WSEncryptBody wsEncrypt = new WSEncryptBody();
> WSSecEncrypt wsEncrypt = new WSSecEncrypt();
> Document doc = unsignedEnvelope.getOwnerDocument();
>
> String alias = "mykey";
> String password = "testit";
> wsEncrypt.setUserInfo(alias, password);
>
> Crypto crypto = CryptoFactory.getInstance(); //
> Document encDoc = wsEncrypt.build(doc, crypto);
> Document encDoc = wsEncrypt.build(doc, crypto, null);
>
> DOMSource src = new DOMSource(encDoc);
> MessageFactory mf = MessageFactory.newInstance();
> SOAPMessage soapMsg = mf.createMessage();
> soapMsg.getSOAPPart().setContent(src);
>
> return soapMsg;
> }
>
>
> I followed the WSSecEncrypt code to the point where it tries to clone
> the KeyInfo when it generates the exception. It's at
> WSSecEncrypt.java:595. This looks like all wss4j internal handling. Is
> this a bug?
>
> Thanks,
> Gang
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSSecEncrypt vs WSEncryptBody
Posted by Colm O hEigeartaigh <co...@apache.org>.
That looks like a problem caused by interned namespaces in XML
Security and Axis SAAJ not being able to handle them. Are you using
the Axis SAAJ implementation? If so I suggest either use Sun's SAAJ
implementation, or else change from using the SAAJ API's to Axis
API's.. Take a look at the methods in SOAPUtil:
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/test/wssec/SOAPUtil.java
Colm.
On Wed, Aug 11, 2010 at 3:28 PM, Yang, Gang CTR US USA
<ga...@us.army.mil> wrote:
> Hi,
>
> I'm wondering if WSSecEncrypt is ready for use. I was trying to encrypt
> a very simple SOAP message with a bare minumum wss4j code using either
> 1.5.6 or 1.5.8. Using WSEncryptBody, it worked. But when I switch over
> to WSSecEncrypt since WSEncryptBody seems to be deprecated, I got the
> following exception:
>
>
>
> org.apache.ws.security.WSSecurityException: Cannot encrypt data; nested
> exception is:
> org.apache.xml.security.exceptions.XMLSecurityException: Cannot
> create a http://www.w3.org/2000/09/xmldsig#:ds:KeyInfo from a
> http://www.w3.org/2000/09/xmldsig#:KeyInfo element
> at
> org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.ja
> va:583)
> at
> org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.ja
> va:444)
> at
> org.apache.ws.security.message.WSSecEncrypt.encryptForInternalRef(WSSecE
> ncrypt.java:342)
> at
> org.apache.ws.security.message.WSSecEncrypt.build(WSSecEncrypt.java:306)
> at
> com.ibm.sample.SOAPEncryption.encryptSOAPEnvelope(SOAPEncryption.java:13
> 7)
> at com.ibm.sample.SOAPEncryption.main(SOAPEncryption.java:159)
> Caused by: org.apache.xml.security.exceptions.XMLSecurityException:
> Cannot create a http://www.w3.org/2000/09/xmldsig#:ds:KeyInfo from a
> http://www.w3.org/2000/09/xmldsig#:KeyInfo element
> at
> org.apache.xml.security.utils.ElementCheckerImpl$InternedNsChecker.guara
> nteeThatElementInCorrectSpace(Unknown Source)
> at
> org.apache.xml.security.utils.ElementProxy.guaranteeThatElementInCorrect
> Space(Unknown Source)
> at org.apache.xml.security.utils.ElementProxy.<init>(Unknown
> Source)
> at
> org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown
> Source)
> at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
> at
> org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.ja
> va:580)
> ... 5 more
>
>
>
> Here's the relavent code segment:
>
>
> public SOAPMessage encryptSOAPEnvelope(SOAPEnvelope
> unsignedEnvelope) throws Exception {
> // GY: Deprecated. Use WSSecEncrypt
> // WSEncryptBody wsEncrypt = new WSEncryptBody();
> WSSecEncrypt wsEncrypt = new WSSecEncrypt();
> Document doc = unsignedEnvelope.getOwnerDocument();
>
> String alias = "mykey";
> String password = "testit";
> wsEncrypt.setUserInfo(alias, password);
>
> Crypto crypto = CryptoFactory.getInstance();
> // Document encDoc = wsEncrypt.build(doc, crypto);
> Document encDoc = wsEncrypt.build(doc, crypto, null);
>
> DOMSource src = new DOMSource(encDoc);
> MessageFactory mf = MessageFactory.newInstance();
> SOAPMessage soapMsg = mf.createMessage();
> soapMsg.getSOAPPart().setContent(src);
>
> return soapMsg;
> }
>
>
> I followed the WSSecEncrypt code to the point where it tries to clone
> the KeyInfo when it generates the exception. It's at
> WSSecEncrypt.java:595. This looks like all wss4j internal handling. Is
> this a bug?
>
> Thanks,
> Gang
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSSecEncrypt vs WSEncryptBody
Posted by "Dittmann, Werner (NSN - DE/Munich)" <we...@nsn.com>.
Hi,
you cannot simply replace WSEncryptBody with WSSecEncrypt, you need
to add a few lines of code. Please have a look at the test cases
that use WSSecEncrypt in the same way that you try to use.
Regards,
Werner
-----Original Message-----
From: ext Yang, Gang CTR US USA [mailto:gang.yang@us.army.mil]
Sent: Wednesday, August 11, 2010 4:28 PM
To: wss4j-dev@ws.apache.org
Subject: WSSecEncrypt vs WSEncryptBody
Hi,
I'm wondering if WSSecEncrypt is ready for use. I was trying to encrypt
a very simple SOAP message with a bare minumum wss4j code using either
1.5.6 or 1.5.8. Using WSEncryptBody, it worked. But when I switch over
to WSSecEncrypt since WSEncryptBody seems to be deprecated, I got the
following exception:
org.apache.ws.security.WSSecurityException: Cannot encrypt data; nested
exception is:
org.apache.xml.security.exceptions.XMLSecurityException: Cannot
create a http://www.w3.org/2000/09/xmldsig#:ds:KeyInfo from a
http://www.w3.org/2000/09/xmldsig#:KeyInfo element
at
org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.ja
va:583)
at
org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.ja
va:444)
at
org.apache.ws.security.message.WSSecEncrypt.encryptForInternalRef(WSSecE
ncrypt.java:342)
at
org.apache.ws.security.message.WSSecEncrypt.build(WSSecEncrypt.java:306)
at
com.ibm.sample.SOAPEncryption.encryptSOAPEnvelope(SOAPEncryption.java:13
7)
at com.ibm.sample.SOAPEncryption.main(SOAPEncryption.java:159)
Caused by: org.apache.xml.security.exceptions.XMLSecurityException:
Cannot create a http://www.w3.org/2000/09/xmldsig#:ds:KeyInfo from a
http://www.w3.org/2000/09/xmldsig#:KeyInfo element
at
org.apache.xml.security.utils.ElementCheckerImpl$InternedNsChecker.guara
nteeThatElementInCorrectSpace(Unknown Source)
at
org.apache.xml.security.utils.ElementProxy.guaranteeThatElementInCorrect
Space(Unknown Source)
at org.apache.xml.security.utils.ElementProxy.<init>(Unknown
Source)
at
org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown
Source)
at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
at
org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.ja
va:580)
... 5 more
Here's the relavent code segment:
public SOAPMessage encryptSOAPEnvelope(SOAPEnvelope
unsignedEnvelope) throws Exception {
// GY: Deprecated. Use WSSecEncrypt
// WSEncryptBody wsEncrypt = new WSEncryptBody();
WSSecEncrypt wsEncrypt = new WSSecEncrypt();
Document doc = unsignedEnvelope.getOwnerDocument();
String alias = "mykey";
String password = "testit";
wsEncrypt.setUserInfo(alias, password);
Crypto crypto = CryptoFactory.getInstance();
// Document encDoc = wsEncrypt.build(doc, crypto);
Document encDoc = wsEncrypt.build(doc, crypto, null);
DOMSource src = new DOMSource(encDoc);
MessageFactory mf = MessageFactory.newInstance();
SOAPMessage soapMsg = mf.createMessage();
soapMsg.getSOAPPart().setContent(src);
return soapMsg;
}
I followed the WSSecEncrypt code to the point where it tries to clone
the KeyInfo when it generates the exception. It's at
WSSecEncrypt.java:595. This looks like all wss4j internal handling. Is
this a bug?
Thanks,
Gang
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org