You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Kosuru, Giri" <Gi...@associates.dhs.gov> on 2005/12/05 15:51:28 UTC

RE: Help(urgent) : My Keypair did not work for wss4j project (wss 4j\interop example)

Nagaraj,

 

            I was having the same problem like the one you have when I was
applying WSS4J security for my Web Service. The WSS4J documentation does not
talk about how to create keys and other infrastructure stuff (It will be
nice if they can put this documentation in there, which is important for new
guys for Security).I followed an article from devx.com and implemented WSS4J
for web Service Security. 

 

            http://www.devx.com/Java/Article/28816/0/page/2
<http://www.devx.com/Java/Article/28816/0/page/2> 

 

 

I guess you are missing the self signing and importing part from this
article.  I followed this article 100% and implemented security. But even I
follow this article 100%, I was still having problem with two keys. So for
now I am using single key (private) at both client and server (and this
worked). You may give a try that way.

 

Mean while I am also troubleshooting. If any one can point us to a good
documentation on these infrastructure (Keys and Key Stores) stuff, that will
be helpful.

 

Hope if helps.

 

Thanks

Giri

 

-----Original Message-----
From: Elilvannan Nagarajah [mailto:elilvannan@affno.lk] 
Sent: Sunday, December 04, 2005 1:53 AM
To: wss4j-dev@ws.apache.org
Subject: Help(urgent) : My Keypair did not work for wss4j project
(wss4j\interop example)

 

Hi all,

       I tried to use the wss4j project for adding security for my web
services. For my web service I want to add signature and encryption type of
security.  First I tested the interop example (tested with 'bob' and 'alice'
entries) in the wss4j project. That works fine.

               Then I tried to create my key store (using keytool) and
generated 2 keypairs one for server and one for client. I configured
correctly all properties ( I replace the entries 'bob' and 'alice' with my
own aliases name 'affnoserver' and 'affnoclinet'). But for my case client
side is working fine (encrypt the request and sign and send) but in the
serverside I got an exception (when decrypting).

 

This is the exception trace ----

 

org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
nested

exception is:

        java.security.UnrecoverableKeyException: Cannot recover key

        at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte

dKey(EncryptedKeyProcessor.java:268)

        at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte

dKey(EncryptedKeyProcessor.java:81)

        at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(En

cryptedKeyProcessor.java:75)

        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur

ityEngine.java:252)

        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur

ityEngine.java:179)

        at
org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.ja

va:159)

   

 

 

 

this is my key store : 

 

 

 

Keystore type: jks

Keystore provider: SUN

 

Your keystore contains 2 entries

 

Alias name: affnoserver

Creation date: Dec 2, 2005

Entry type: keyEntry

Certificate chain length: 1

Certificate[1]:

Owner: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl

Issuer: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl

Serial number: 43900be2

Valid from: Fri Dec 02 14:54:58 LKT 2005 until: Thu Mar 02 14:54:58 LKT 2006

Certificate fingerprints:

         MD5:  23:92:DD:B9:D5:CA:66:5B:AD:92:27:0E:48:11:8C:75

         SHA1: AB:13:03:92:32:FD:EA:51:DE:DD:9E:7C:DD:90:DD:35:96:52:25:08

 

 

*******************************************

*******************************************

 

 

Alias name: affnoclient

Creation date: Dec 2, 2005

Entry type: keyEntry

Certificate chain length: 1

Certificate[1]:

Owner: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL

Issuer: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL

Serial number: 43904844

Valid from: Fri Dec 02 19:12:36 LKT 2005 until: Thu Mar 02 19:12:36 LKT 2006

Certificate fingerprints:

         MD5:  B3:76:5E:F5:81:1A:80:9E:0A:9A:FA:A3:36:8E:D7:C3

         SHA1: 51:D7:04:8F:4C:5D:4F:F9:21:B0:41:B3:58:8B:E9:FB:FA:98:6A:D2

 

 

*******************************************

*******************************************

 

I used following commands for creating this key store.

 

keytool -genkey -keyalg RSA -alias affnoserver -keystore affnoserver.jks
-keypass XXXXXXX  -storepass password  

keytool -genkey -keyalg RSA -alias affnoclient -keystore affnoserver.jks
-keypass XXXXXXX  -storepass password 

 

 

Should I use some other commands to create this key store (like openssl or
PKCS12 format ...)

 

Please anybody can help me how to create my own keystore and keypairs for
this wss4j project?

 

 

Thanks and best regards,

N.Elilvannan