You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by "Lee, Insoo" <In...@gs.com> on 2004/03/16 20:23:16 UTC
setting up WSDOAllReceiver
Hello,
I wish there was fx-user mailing list to get help with wss4j - apologies for
posting questions here.
We are trying to receive an encrypted and signed message.
Using WSSSignEnvelope, we were able to sign the message and verify it from
the server side.
// Client Side
Object[] paramValue = new Object[]{"myMessage"};
RPCElement re = new RPCElement("http://www.mycompany.com/am/funds/ws/wss4j",
"processMessage", paramValue);
env.addBodyElement(re);
Document doc = null;
WSSignEnvelope builder = new WSSignEnvelope();
doc = builder.build(env.getAsDocument(), CryptoFactory.getInstance());
env = (org.apache.axis.message.SOAPEnvelope)
AxisUtil.toSOAPMessage(doc).getSOAPPart().getEnvelope();
call.invoke(env);
Now, with encryption,
WSEncryptBody builder = new WSEncryptBody();
seems to do the encryption for us, which generates a SOAP message attached
to the end of this email. (please see below)
However, this results in no such method Axis exception.
I see that our method call itself is encrypted within the SOAP message and
I'm trying to get it decrypted on the server side by WSDoAllReceiver.
My question is:
1) How would I set up WSDoAllReceiver on the server side to handle
decryption?
This is my current setup. is there such action 'Decrypt'?
<handler name="DoSecurityReceiver"
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.samples.wssec.doall.PWCallback"/>
<parameter name="action" value="Encrypt"/>
<parameter name="decryptionPropFile" value="crypto.properties" />
<!--<parameter name="action" value="Signature"/> -->
<!-- <parameter name="signaturePropFile" value="crypto.properties" /> -->
<!-- <parameter name="signatureKeyIdentifier" value="DirectReference" />
-->
<!-- <parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier"
/> -->
</handler>
2) Once I get the encryption working, if we want to encrypt and sign, I
guess
Client performs i) encryption ii) then signing
Then, Server performs i) signature checking ii) then decryption.
Is this correct? should we do then,
<parameter name="action" value="Signature Encrypt"/>
on server's handler?
3) Lastly, our client side likes to avoid using Axis if possible. In that
case, they can't use WSDoAllSender.
Thanks for your time.
Lee
FYI...
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd">
<xenc:EncryptedKey>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509IssuerSerial>
<ds:X509IssuerName>
CN=Insoo Lee,OU=Funds Distribution,O=Goldman Sachs,L=NY,ST=NY,C=US
</ds:X509IssuerName>
<ds:X509SerialNumber>
1079457291 </ds:X509SerialNumber>
</ds:X509IssuerSerial>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
bJHTvDpMVgvhA8Z7An0HX8rGLx1y1g2Mxp/IWqQc122vtDBoJ3dUrz2BAQEXzezLUMwhBTkERIL3
XT2gxc1npbV+tbCv6l60uQA+mH2lkaVpst6ajzkjkIoeaOq1bnys46SenzrtxtnitCR4umGPmf/7
MOGrE2Jb9h3XxcZUYxA= </xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#id-23763868"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsu:Timestamp
xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd">
<wsu:Created>
2004-03-16T19:05:09Z </wsu:Created>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<xenc:EncryptedData Id="id-23763868"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<xenc:CipherData>
<xenc:CipherValue>
ieopT0NZBYzUyXvxo6JKR/y42UcPjGJ0r8MysuwEp7++wUBT1zcTMtZrvzLd/5BiQ0yus3Mue6ay
gpJ++6cEpsPC0TzLdTA85qFPnXtDIUI4dunRetcs3N7WdBjelJV6YiMqu9AKYgv8yDmOgf592dcc
BRhv/7yFNlAujZKLYcAmMIlVnIqmPwviPo7SnM78VSqTcPjiSYLQjwOMWO//68QGgYJCzr1lKuBF
jdDC7jzuT2CW3Ci73LI73CweASyvExxs9a9oiB8GUvDtjjjm/9oAHvjGZ4Sc9ZoqGCiUDbo17SO3
lckiW++lncfpVdatzyepl7idPQTBucJeb1kW665POmS6qjE48+QtG9GsjRRrKFQZUn6CFzkoCO/R
DHIUTEsrMZBxkCls2GakUh3L+w4a/uI8W6akZwiefkfvMdc3FmfEyXZMldYV8wZGC/EAMAAHknZ6
QFLzCdeLQgfTdJCEh4liGixHxxMcAfefVcc= </xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
Re: setting up WSDOAllReceiver
Posted by Werner Dittmann <We...@t-online.de>.
Lee,
pls refer to the package documentation of
org.apache.ws.axis.security. The package.html,
that is also part of the javadoc gives some
introduction. Just generate the javadoc
and look for the package description.
About WSDoAllReceiver:
If you set "action=Encrypt" then the receiver expects an
encrypted message (or part of a message).
If you send a message that is first signed, then encrypted
the specify "action=Signature Encrypt" at the receiver side.
The receiver know that the actions must be reversed at
the receiver side.
What is the method Axis complains about?
If your client want to use anoter SOAP implementation
with OASIS WSS compliant security that's ok. We
just have very good success with interoperability tests
with various other venders such as Microsoft, Betrust, Sun.
Regards,
Werner
----- Original Message -----
From: "Lee, Insoo" <In...@gs.com>
To: <fx...@ws.apache.org>
Sent: Tuesday, March 16, 2004 8:23 PM
Subject: setting up WSDOAllReceiver
>
> Hello,
> I wish there was fx-user mailing list to get help with wss4j - apologies
for
> posting questions here.
>
> We are trying to receive an encrypted and signed message.
>
> Using WSSSignEnvelope, we were able to sign the message and verify it from
> the server side.
>
> // Client Side
> Object[] paramValue = new Object[]{"myMessage"};
> RPCElement re = new
RPCElement("http://www.mycompany.com/am/funds/ws/wss4j",
> "processMessage", paramValue);
> env.addBodyElement(re);
> Document doc = null;
>
> WSSignEnvelope builder = new WSSignEnvelope();
> doc = builder.build(env.getAsDocument(), CryptoFactory.getInstance());
> env = (org.apache.axis.message.SOAPEnvelope)
> AxisUtil.toSOAPMessage(doc).getSOAPPart().getEnvelope();
> call.invoke(env);
>
>
> Now, with encryption,
>
> WSEncryptBody builder = new WSEncryptBody();
>
> seems to do the encryption for us, which generates a SOAP message attached
> to the end of this email. (please see below)
> However, this results in no such method Axis exception.
> I see that our method call itself is encrypted within the SOAP message and
> I'm trying to get it decrypted on the server side by WSDoAllReceiver.
>
> My question is:
> 1) How would I set up WSDoAllReceiver on the server side to handle
> decryption?
> This is my current setup. is there such action 'Decrypt'?
>
> <handler name="DoSecurityReceiver"
> type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> <parameter name="passwordCallbackClass"
> value="org.apache.ws.axis.samples.wssec.doall.PWCallback"/>
> <parameter name="action" value="Encrypt"/>
> <parameter name="decryptionPropFile" value="crypto.properties" />
> <!--<parameter name="action" value="Signature"/> -->
> <!-- <parameter name="signaturePropFile" value="crypto.properties"
/> -->
> <!-- <parameter name="signatureKeyIdentifier" value="DirectReference"
/>
> -->
> <!-- <parameter name="encryptionKeyIdentifier"
value="X509KeyIdentifier"
> /> -->
> </handler>
>
>
> 2) Once I get the encryption working, if we want to encrypt and sign, I
> guess
> Client performs i) encryption ii) then signing
>
> Then, Server performs i) signature checking ii) then decryption.
> Is this correct? should we do then,
> <parameter name="action" value="Signature Encrypt"/>
> on server's handler?
>
>
> 3) Lastly, our client side likes to avoid using Axis if possible. In that
> case, they can't use WSDoAllSender.
>
>
>
> Thanks for your time.
> Lee
>
>
>
> FYI...
>
> <soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>
> <soapenv:Header>
>
> <wsse:Security soapenv:mustUnderstand="1"
>
xmlns:wsse="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
> curity-secext-1.0.xsd">
>
> <xenc:EncryptedKey>
>
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
>
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>
> <wsse:SecurityTokenReference>
> <ds:X509IssuerSerial>
>
> <ds:X509IssuerName>
> CN=Insoo Lee,OU=Funds Distribution,O=Goldman Sachs,L=NY,ST=NY,C=US
> </ds:X509IssuerName>
>
>
> <ds:X509SerialNumber>
> 1079457291 </ds:X509SerialNumber>
>
> </ds:X509IssuerSerial>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
>
> <xenc:CipherData>
> <xenc:CipherValue>
>
bJHTvDpMVgvhA8Z7An0HX8rGLx1y1g2Mxp/IWqQc122vtDBoJ3dUrz2BAQEXzezLUMwhBTkERIL3
>
XT2gxc1npbV+tbCv6l60uQA+mH2lkaVpst6ajzkjkIoeaOq1bnys46SenzrtxtnitCR4umGPmf/7
> MOGrE2Jb9h3XxcZUYxA= </xenc:CipherValue>
> </xenc:CipherData>
>
> <xenc:ReferenceList>
> <xenc:DataReference URI="#id-23763868"/>
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <wsu:Timestamp
>
xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> urity-utility-1.0.xsd">
> <wsu:Created>
> 2004-03-16T19:05:09Z </wsu:Created>
> </wsu:Timestamp>
> </wsse:Security>
> </soapenv:Header>
>
> <soapenv:Body>
> <xenc:EncryptedData Id="id-23763868"
> Type="http://www.w3.org/2001/04/xmlenc#Content">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
> <xenc:CipherData>
> <xenc:CipherValue>
>
ieopT0NZBYzUyXvxo6JKR/y42UcPjGJ0r8MysuwEp7++wUBT1zcTMtZrvzLd/5BiQ0yus3Mue6ay
>
gpJ++6cEpsPC0TzLdTA85qFPnXtDIUI4dunRetcs3N7WdBjelJV6YiMqu9AKYgv8yDmOgf592dcc
>
BRhv/7yFNlAujZKLYcAmMIlVnIqmPwviPo7SnM78VSqTcPjiSYLQjwOMWO//68QGgYJCzr1lKuBF
>
jdDC7jzuT2CW3Ci73LI73CweASyvExxs9a9oiB8GUvDtjjjm/9oAHvjGZ4Sc9ZoqGCiUDbo17SO3
>
lckiW++lncfpVdatzyepl7idPQTBucJeb1kW665POmS6qjE48+QtG9GsjRRrKFQZUn6CFzkoCO/R
>
DHIUTEsrMZBxkCls2GakUh3L+w4a/uI8W6akZwiefkfvMdc3FmfEyXZMldYV8wZGC/EAMAAHknZ6
> QFLzCdeLQgfTdJCEh4liGixHxxMcAfefVcc= </xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </soapenv:Body>
>
> </soapenv:Envelope>
>
>
>